I am genuinely curious how anti-cheat works on an open source OS. I don’t know a whole lot about how it works to be honest, but is there no problem with cheaters being able to manipulate the entire stack down to the kernel level?
Like I’m aware cheaters can decompile code so closed source isn’t necessarily that much better. Did I just answer my own question or is there more to it?
This is why client-side anti-cheat is a terrible idea. It gives you the illusion of control, but really it doesn’t prevent a motivated party from cheating, and it opens up everyone else to kernel-level vulnerabilities when the anti-cheat software inevitably has a bug.
Client side anti-cheat should merely discourage low effort attacks, and the real cheat detection should always be server side looking at patterns of behavior. Unfortunately, it’s a lot easier to reach for client side anti-cheat than build an effective server side anti-cheat.
This is a really good answer, thanks! I like to imagine what a fully open-source future would look like and I imagine server-side anti cheat is the solution.
I don’t think popular games will ever be fully open source, but our operating systems could be.
I have very little proprietary software on my system outside of games, and it’s mostly limited to a handful of firmware blobs (e.g. GPU and WiFi firmware, CPU microcode, etc), with the clear exception bring browser DRM for streaming services. Everything proprietary on my system is sandboxed in some way, so I’m reasonably protected from most of that nonsense, but it’s still there and probably always will be.
Having proprietary software isn’t the issue IMO, as long as I can sandbox it. I can’t sandbox kernel level anti-cheat, so I’m never going to install a game that requires it. That’s my line in the sand.
One thing that I hope becomes more common is open source game code + proprietary art, sound and narrative. Game devs, artists, writers, etc deserve to get paid for their work, and we deserve to know what’s running on our computers. The more game devs use open source engines, the closer we get.
Maybe it’s because I am an amateur dev and not just a user but I like the freedom with assess that are creative commons and am put off when an open source game uses (edit) proprietary assests. Don’t see why they can’t get paid the same way open source dev would.
I don’t think we need open source games, we just need to be able to sandbox them so they don’t cause security or privacy issues. As long as they don’t need control over the kernel, I can containerize them and only give access to the things they need.
Mostly profit motive. Most open source software is free, mostly because it’s really hard to profit from something anyone can build for free. As soon as the source is released, someone will make a free build of it available and undercut the devs.
Devs, artists, etc all need to eat, so the game needs to be profitable enough to cover that.
It’s not like games can’t be open source, and I’ve played plenty that are, they just won’t likely be profitable.
I aim to one day make money via a pateron model like Godot: getting paid before development… that requires a good reputation via what I have already made. If paid enough at that point then it doesn’t matter if I don’t get more at distribution. Before that hopefully some donate (⌒_⌒;)
I also hope gamers one day have their equivalent of the recent Unity devs moment. See the potential for abuse of power and no longer tolerate untrustworthy proprietary options - thus moving profit motivate to open source/free software.
I also want to make games and distribute them for free. I want to follow something like the Dwarf Fortress model where development is funded by fans and I build it because I love it. However, I’m not at the point of my life where I can do that, so for now it’s a motivator for me to retire early.
But that model is highly unlikely to become the most common distribution method for games, just like it isn’t the most common distribution method for other end user software. People just don’t donate nearly as much as they’re willing to pay for equivalent software. Building software is expensive, so if you’re in it to make back your investment, propriety software is the way to go.
Devs, artists, etc all need to eat, so the game needs to be profitable enough to cover that.
And yet the devs, artists, etc of FOSS programs also need to eat, and the software is still FOSS.
(Sure we should all be donating, or rather, they should get their income from our taxes since oftentimes they literally are the backbone of the world, but that’s one more convo to the pile)
But that’s not at all how things work. Most FOSS devs do it as a hobby or as part of a day job working on proprietary software. Very few FOSS projects employ full time developers, and for those that do, it’s rarely a majority of the code changes for the project.
But let’s say we somehow convince governments to fund FOSS development, they’re not going to want to fund game development, they’ll fund one Linux distro and the software needed to fill government needs.
If a large game engine like Unreal Engine suddenly switched to the GPL, game devs wouldn’t touch it with a10 foot pole. They’d either develop their own engine, switch to a different proprietary engine, or use something like Godot where they can keep their project under a proprietary license.
Not all anti-cheats are kernel-level though, only the most invasive ones are. BattlEye, the one used in this game, is not one of them, though I don’t know the specifics of how it works.
Sure, and I don’t have issues with those, provided they are happy living in a sandbox. I think clientside anti-cheat is stupid for other reasons, but I won’t actively avoid a game just because it has it, provided I can separate it from the rest of my system.
Firstly, not all code executed on an open source OS needs to be open source. For example: Epic Anti-Cheat, which comes with a Linux-compatible mode, is fully closed source. So right off the bat we’re going to put to bed the notion that somehow the platform of choice makes it easier for bad actors to pull apart and examine anticheat software.
Secondly, yes, there is a problem with cheaters being able to hide from anticheats on Linux. This is because on Windows it’s relatively easy to run kernel-level code via drivers – this is why most anticheats require admin permission to install a monitoring driver before the game will run. The anticheat is effectively rootkitting your system in order to circumvent other rootkits that may be concealing epic cheatz.
On GNU/Linux, almost all device drivers come prepackaged in the Linux kernel, so there’s no direct equivalent to the Windows approach of allowing users to install third-party code into the most protected rings of the OS. It’s still possible through the use of kernel modules (see NVIDIA drivers), but as evidenced by how annoying it is to use NVIDIA devices on Linux, this is a huge PITA for both the developer & the user to deal with.
So that’s the rub. On Linux, anticheats just have to trust that the kernel isn’t lying. This has been a perpetual thorn in the side of developers like Google, who’d really really like it if they could prove beyond a shadow of a doubt that a given Android device is not rooted (see SafetyNet). Google’s solution to this has been to introduce hardware-backed attestation – basically a special hardware chip on the device that can prove that the kernel software has not been tainted in any way.
It’s also true that the ease with which a program can interact with kernel level drivers in Windows opens up a whole host of potential exploits including but not limited to recording all internet traffic, all keystrokes, listing all files & programs, accessing memory of other programs and more. AAA client-side anticheats require some pretty incredible trust in the vendor to not be either evil or incompetent.
Right so on a technical level it is actually harder to do client side anti-cheat?
Thanks for the information. That hardware backed attestation reminds me of Little Brother by Cory Doctorow, where hardware DRM was introduced and then forcibly deprecated when it was found to be vulnerable… so of course the vulnerable hardware was now worthless except on the black market where it was worthwhile to pirates because it was known to be already cracked.
That’s a good point. I realise my question partly plays into a misconception about the security of closed source software, that it’s somehow harder to mess with.
I mean people are training neural nets to look at the screen and aimbot by modifying the mouse inputs, which is just an impossible thing to detect.
I am genuinely curious how anti-cheat works on an open source OS. I don’t know a whole lot about how it works to be honest, but is there no problem with cheaters being able to manipulate the entire stack down to the kernel level?
Like I’m aware cheaters can decompile code so closed source isn’t necessarily that much better. Did I just answer my own question or is there more to it?
This is why client-side anti-cheat is a terrible idea. It gives you the illusion of control, but really it doesn’t prevent a motivated party from cheating, and it opens up everyone else to kernel-level vulnerabilities when the anti-cheat software inevitably has a bug.
Client side anti-cheat should merely discourage low effort attacks, and the real cheat detection should always be server side looking at patterns of behavior. Unfortunately, it’s a lot easier to reach for client side anti-cheat than build an effective server side anti-cheat.
This is a really good answer, thanks! I like to imagine what a fully open-source future would look like and I imagine server-side anti cheat is the solution.
I don’t think popular games will ever be fully open source, but our operating systems could be.
I have very little proprietary software on my system outside of games, and it’s mostly limited to a handful of firmware blobs (e.g. GPU and WiFi firmware, CPU microcode, etc), with the clear exception bring browser DRM for streaming services. Everything proprietary on my system is sandboxed in some way, so I’m reasonably protected from most of that nonsense, but it’s still there and probably always will be.
Having proprietary software isn’t the issue IMO, as long as I can sandbox it. I can’t sandbox kernel level anti-cheat, so I’m never going to install a game that requires it. That’s my line in the sand.
One thing that I hope becomes more common is open source game code + proprietary art, sound and narrative. Game devs, artists, writers, etc deserve to get paid for their work, and we deserve to know what’s running on our computers. The more game devs use open source engines, the closer we get.
Maybe it’s because I am an amateur dev and not just a user but I like the freedom with assess that are creative commons and am put off when an open source game uses (edit) proprietary assests. Don’t see why they can’t get paid the same way open source dev would.
I don’t think we need open source games, we just need to be able to sandbox them so they don’t cause security or privacy issues. As long as they don’t need control over the kernel, I can containerize them and only give access to the things they need.
What makes games different to other types of software that it can’t become the norm for them to be open source?
Mostly profit motive. Most open source software is free, mostly because it’s really hard to profit from something anyone can build for free. As soon as the source is released, someone will make a free build of it available and undercut the devs.
Devs, artists, etc all need to eat, so the game needs to be profitable enough to cover that.
It’s not like games can’t be open source, and I’ve played plenty that are, they just won’t likely be profitable.
Making profit is certainly easier by artificially limiting distribution (©️) but I am unwilling to deny my users their software freedoms to do it. Seems counter intuitive too; it’s never been easily for the average person to copy media.
I aim to one day make money via a pateron model like Godot: getting paid before development… that requires a good reputation via what I have already made. If paid enough at that point then it doesn’t matter if I don’t get more at distribution. Before that hopefully some donate (⌒_⌒;)
I also hope gamers one day have their equivalent of the recent Unity devs moment. See the potential for abuse of power and no longer tolerate untrustworthy proprietary options - thus moving profit motivate to open source/free software.
I also want to make games and distribute them for free. I want to follow something like the Dwarf Fortress model where development is funded by fans and I build it because I love it. However, I’m not at the point of my life where I can do that, so for now it’s a motivator for me to retire early.
But that model is highly unlikely to become the most common distribution method for games, just like it isn’t the most common distribution method for other end user software. People just don’t donate nearly as much as they’re willing to pay for equivalent software. Building software is expensive, so if you’re in it to make back your investment, propriety software is the way to go.
And yet the devs, artists, etc of FOSS programs also need to eat, and the software is still FOSS.
(Sure we should all be donating, or rather, they should get their income from our taxes since oftentimes they literally are the backbone of the world, but that’s one more convo to the pile)
But that’s not at all how things work. Most FOSS devs do it as a hobby or as part of a day job working on proprietary software. Very few FOSS projects employ full time developers, and for those that do, it’s rarely a majority of the code changes for the project.
But let’s say we somehow convince governments to fund FOSS development, they’re not going to want to fund game development, they’ll fund one Linux distro and the software needed to fill government needs.
If a large game engine like Unreal Engine suddenly switched to the GPL, game devs wouldn’t touch it with a10 foot pole. They’d either develop their own engine, switch to a different proprietary engine, or use something like Godot where they can keep their project under a proprietary license.
Not all anti-cheats are kernel-level though, only the most invasive ones are. BattlEye, the one used in this game, is not one of them, though I don’t know the specifics of how it works.
Sure, and I don’t have issues with those, provided they are happy living in a sandbox. I think clientside anti-cheat is stupid for other reasons, but I won’t actively avoid a game just because it has it, provided I can separate it from the rest of my system.
The important part is: Never Trust User Input!
I’ll do my best to explain:
Firstly, not all code executed on an open source OS needs to be open source. For example: Epic Anti-Cheat, which comes with a Linux-compatible mode, is fully closed source. So right off the bat we’re going to put to bed the notion that somehow the platform of choice makes it easier for bad actors to pull apart and examine anticheat software.
Secondly, yes, there is a problem with cheaters being able to hide from anticheats on Linux. This is because on Windows it’s relatively easy to run kernel-level code via drivers – this is why most anticheats require admin permission to install a monitoring driver before the game will run. The anticheat is effectively rootkitting your system in order to circumvent other rootkits that may be concealing epic cheatz.
On GNU/Linux, almost all device drivers come prepackaged in the Linux kernel, so there’s no direct equivalent to the Windows approach of allowing users to install third-party code into the most protected rings of the OS. It’s still possible through the use of kernel modules (see NVIDIA drivers), but as evidenced by how annoying it is to use NVIDIA devices on Linux, this is a huge PITA for both the developer & the user to deal with.
So that’s the rub. On Linux, anticheats just have to trust that the kernel isn’t lying. This has been a perpetual thorn in the side of developers like Google, who’d really really like it if they could prove beyond a shadow of a doubt that a given Android device is not rooted (see SafetyNet). Google’s solution to this has been to introduce hardware-backed attestation – basically a special hardware chip on the device that can prove that the kernel software has not been tainted in any way.
I’m sure you agree with this, just wanted to add:
It’s also true that the ease with which a program can interact with kernel level drivers in Windows opens up a whole host of potential exploits including but not limited to recording all internet traffic, all keystrokes, listing all files & programs, accessing memory of other programs and more. AAA client-side anticheats require some pretty incredible trust in the vendor to not be either evil or incompetent.
Buuut there is nothing stopping a person from using virtualization.
There’s generally other checks around virtualization. Both VMs and even dedicated KVMs result in triggering the AC generally
AC somehow aren’t triggered when virtualization is disabled in bios.
Alternatively binary translation or custom processors.
EDIT: there are some public info suggesting that most of detection caused by misconfiguration.
Right so on a technical level it is actually harder to do client side anti-cheat?
Thanks for the information. That hardware backed attestation reminds me of Little Brother by Cory Doctorow, where hardware DRM was introduced and then forcibly deprecated when it was found to be vulnerable… so of course the vulnerable hardware was now worthless except on the black market where it was worthwhile to pirates because it was known to be already cracked.
I am geniunely curious how anti-cheat works on an PC with physical access, where user can plug their mouse loaded with cheats.
For every malware anti-cheat there will be sandboxing cheat.
That’s a good point. I realise my question partly plays into a misconception about the security of closed source software, that it’s somehow harder to mess with.
I mean people are training neural nets to look at the screen and aimbot by modifying the mouse inputs, which is just an impossible thing to detect.