WINE
Is
Not
(an)
EmulatorWhat makes you think they are referring to Wine in that particular case, and not the emulation of the kernel level anticheat on userland? It’s also arguably not an entirely correct use of the word there either, but it’s fine.
tldr for anyone:
They aren’t fixing it. fuck y’all.
Also - it’s not a rootkit - it just loads at boot and has higher privileges than the userspace that you can’t contr… oh. it’s a rootkit. They don’t want you to call it that though. It’s not cancer… it’s a growth.
at this point i want to cheat on an approved, bare-metal windows machine, just as a fuck you.
but then i remember this game is awful and i dont wanna touch it anyway.
Funnily enough that’s how a lot of modern cheats work. it’s on a separate box. Good luck catching that automatically vanguard. Hard to out-ring the hardware layer.
If it’s not server based detection it’s exploitable.
I’m not in that line of work but make no mistake if it hasn’t been yet: a cheat vector will probably involve patching the anti cheat software or attacking how it communicates.
there are arduino-based cheats now, you dont even need an expensive box, it hijacks your mouse for aimbots and such. thinking of putting one of mine to use.
Stop stealing our CPU cycles for high risk rootkits and start mitigating and detecting cheating on the server.
It’s that easy.
I stopped playing games that want this bullshit. Don’t need that shit in my life.
It’s that easy.
I’m guessing you’re not a programmer yourself? Because it’s really really not that east to /just/ detect in the server side, hacks can be super sofisticsted these days and there are often many client side exploits that you simply cannot detect serverside.
It’s not easy, but it’s really not worth the massive gaping security vulnerability you are giving your users. One disgruntled employee giving out the keys to the castle or one programmer plugging in an infected USB, and every user now has a persistent malicious rootkit. The only way to fix an issue that deep after it gets exploited is to literally throw away your hard drive.
The only way to fix an issue that deep after it gets exploited is to literally throw away your hard drive.
This can’t be right.
Don’t throw your hard drive in the trash. Quarantine the infected computer, and then wipe that hoe and slap your choice of OS back on it and scan/monitor to see if any issues arise.
Edit: since folks may or may not read though the rest of the conversation: I am wrong, throw that SSD/HDD in the garbage like barbarian said.
I’m sorry to disappoint, but with rootkits, that is very real. With that level of permissions, it can rewrite HDD/SSD drivers to install malware on boot.
There’s even malware that can rewrite BIOS/UEFI, in which case the whole motherboard has to go in the bin. That’s much less likely due to the complexity though, but it does exist.
not all rootkits are made to do that. So yes in some cases, throw it in the trash. In others, remediate your machine and move on.
Outside of monitoring individual packets outside of your computer (as in, man in the middle yourself with a spare computer and hoping the malware phones home right when you’re looking) there’s no way of knowing.
Once ring 0 is compromised, nothing your computer says can be trusted. A compromised OS can lie to anti-malware scanners, hide things from the installed software list and process manager, and just generally not show you what it doesnt want to show you. “Just remediate” does not work with rootkits.
Dude… That’s fucked. They should really go a little more in depth on rootkits in the CompTIA A+ study material. I mean, I get that it’s supposed to be a foundational over view of most IT concepts, but it would have helped me not look dumb.
Actually, I am.
Using rootkit anti-cheat is a shortcut that reduces cost for both dev time and hosting time at the expense of your customers’ security and CPU. You also have to lay your cards on the table for those who are attacking you. It is not the right solution for this problem.
Authoritative servers. Never trust the client, especially with information the player shouldn’t have right now. Look at behaviors and group players based on if you think they cheat or not - let the cheaters play together, no need to spoil their fun and let them realize you know they cheat.
People do some or all of this on the server now, but root kitting all machines to try to solve this problem to play video games is one of the dumbest approaches ever and we will realize it one day when a state level actor pops their zero day against a big install base.
Never trust the client, especially with information the player shouldn’t have right now.
This is a big part of the problem, but it’s not the only problem. If you do all of that stuff right, you can’t build a responsive first person shooter. There’s some level of trust you need to put in the client.
Disclaimer: This is based on my experience playing shooters and as a programmer. I have not worked on anticheat systems hands on.
We see less and less of the “god mode” hacks where players can send the packet for a carpet bomb and the server just blindly trusts it. Or the ludicrous spinbots that spin at an extreme speed and headshot anyone that comes into line of sight.
What we’re seeing is increasingly sophisticated cheats that provide “buffs” to a player’s ability. An AI enhanced aimbot that when you click gently nudges your hand to “auto correct” the shot and then clicks is borderline impossible to detect server side. It looks just like a player moved the mouse and fired.
The “best” method to prevent these folks from cheating seems to be to detect the system or the game has been tampered with.
Maybe the way to deal with that is to just let it happen and deal with smurfs down ranking… So these “soft” cheaters just exist in the “pro tier” where the pros can possibly stand a chance.
One strategy I have seen that I wish more developers would do is sending “honeypot” information to the game client (like a player on the other side of the wall that isn’t really there but an aimbot or a wall hack might incorrectly expose).
Maybe the increasing presence of hardware cheats will result in new strategies that make these things unnecessary. I keep wondering if a TPM could be used to solve this problem someday… But I’m not sure exactly how/we may need faster TPMs.
I think by the end of your message you were starting to arc around a little bit to the right way you need to think about clients: as outside your security envelope. (TPM is a joke in my mind, just like client side anti-cheat.)
There are many ways to try to identify and stop cheating on the server side that have not been explored because executives have directed use of off-the-shelf anti-cheat because they do not understand why it is snake oil.
So … do we have any evidence that rootkits actually decrease the amount of cheating? Like… At all?
it totally decreases the amount of cheating by a lot. Like the biggest decrease in history. That’s right. It’s huge. /trumpvoice
Also
trust me bro
I wouldn’t trust you if you were a valid SSL cert, bro
Come oooon. I’m google.com. really! Would I lie to you?
The “distributions” argument always smells like bullshit. Developers actually interested on supporting Linux usually stick to one or two distros of their choice. (Typically Ubuntu.)
Beyond that: I don’t play LoL, but the fact that they need such an aggressive rootkit as anti-cheat hints poor game design. As in, why are your players so eager to cheat?
Typical for a group of people that probably dedicated their whole careers to Windows. Could have just put it plainly that they don’t want to pay engineers that have the skills to do this on Linux.
It’s more likely an admission they have to trampoline every gpl function in the kernel which isn’t really easy to do and would let that kernel module run on any other kernel. Otherwise they would have to do a shim like nvidia which would mean a whole other level of issues like saying we support Linux but only Ubuntu which as a non Ubuntu user would mean to me they do not in fact support Linux. I’d vote with walle here but I already don’t own this game as my friends said the user base is terrible years ago but this just means there is no reason to buy any of their games.
My main issue with this blog post is that rather than properly addressing concerns, they make fun of them.
It’s not a rootkit, journalists just spread misinformation for clicks
Why is it not a rootkit, then??
Because journalists.
I guess the difference is in whether or not the victim was complicit with installing spyware in the kernel.
Fuck Riot. Never playing their games again. If you’re going to have a shitty anticheat at least give people the option to play in anticheat disabled lobbies. Besides, they should be doing anticheat at the server level not spying on the boot sequence of client PCs. That shit is unnecessary for a fucking banking app let alone a goddamn game. It’s just a game, let us enjoy it rather than making such a ridiculously over the top response to cheating.
I don’t believe that only 800 people played on Linux. It makes no sense to me in the grand scheme of things. I have a personal YT channel with only 108 subs and my random low effort video on how to get League running on Steam Deck has almost 70k views which is nuts and there are many other much better videos than mine with many more views. If only 0.1% of those people are active players that would still make a lot more than “800” figure. I know this is just a random speculation but 800 is just waaaay too low.
The devil is in the details: 800 on a single day.
Those 70k views are probably people like me:
Want to try it and bounce violently off of the toxic ass community
So that 800 might actually be a believable number given you go through some hurdles just to get, well, LOL players
Honestly, i don’t get why people are bitching about it so much. A company, that makes a game with intention to make money off it, that never supported linux neither promised to support linux some time in the future, clarifies that it sees no purpose in supporting linux because of monetary reasons.
Okay, that may be your favorite game, you might have spend tons of money on in - but idea that it may never be supported on your favorite platform has never crossed your mind? It’s like whining that PS exclusive game is not getting ported to Xbox.
So basically, “it’s too hard, and our engineers are not good at their jobs.”
Imagine this: you have a cheater problem. Your team of developers have only ever worked on gameplay-related stuff - graphics, game engine, etc. You can:
- Make them pull solution out of their butts, somehow gain expertise in topic they have never worked on
- Pour ALOT of money in HR and hire specialists that have experience in anticheat software
- Pay 3rd party for solution that you can use RIGHT NOW and that works (at least somehow)
When money is involved, you make decision by counting them. You give somebody (tech lead, probably) task to evaluate your options - and give you approximate numbers. And i’m not surprised they chose 3rd option.
Stop stealing our CPU cycles for high risk rootkits and start mitigating and detecting cheating on the server. It’s that easy.
I’m currently working on bot detection for web resources - and trust me, it’s extremely hard to distinguish them from people without some client-side analysis. Sure, you can use behavioral analysis, but you need lots of data and, again, expertise in that. Okay, they have the data - thousands of games played daily. Have you ever seen job listing for “game patterns analyst for LoL”? Again, you have to find someone capable - highly payed experts, who will spend some time testing their theories, with no guaranteed success.
“How do you separate good players from cheaters? This low ranked player who just got his second pentakill - is he cheating or smurfing? This weird behaviour - is it because of missing fog of war or are they just communicating over voice chat?”
It’s just… really NOT that easy.
The “distributions” argument always smells like bullshit. Developers actually interested on supporting Linux usually stick to one or two distros of their choice. (Typically Ubuntu.)
There’s your answer - they are not interested. And there is nothing wrong with that! It’s just business! Remember the “a times b times c” scene from fight club? They’ve calculated their x - and it’s not worth pursuing (for them).
Rootkits are bad, m’kay. Wanna avoid them? Don’t install them. Just don’t be surprised when company adds them - it’s their product, they do whatever the fuck they want.
While yes the company can certainly do what they want - that isn’t to say that everything they want to do is correct.
In an isolated bubble their decision looks… fine… ish. The reasons they provide are mostly excuses- but for arguments sake let’s say it is actually making a meaningful difference. (It isn’t and won’t: TPM is flawed and has already seen demonstrations of exploits.) So we now have a platform that has locked out users based on OS version, hardware support (TPM), in addition to os. They are actively culling users that otherwise were viable customers. Smart.
Let’s expand on this outside the bubble: what os is growing rapidly in usage with gaming? Linux. Riot is actively making a shortsighted decision (historically this tracks) which will cause them grief in the long run. Remember: their games worked on these platforms prior to this decision. The support was all free labor done by the community. Let’s say they want to release a game that takes advantage of the handheld platforms that are rising in popularity- they now need two separate anti cheat systems. Oops. They now need to try to claw back the early adopters and free community support they burned. Good luck.. Factoring in the cost of limiting future flexibility and growth… I can only imagine the game experience must have improved 2-3x by the addition of this anti cheat … except it hasn’t. By their own admission: cheat developers move faster. Objectively? It was a terrible decision.
let’s say it is actually making a meaningful difference. (It isn’t and won’t: TPM is flawed and has already seen demonstrations of exploits.)
I dare to say their solution is “good enough” to stop ordinary user from cheating - not to solve cheating problem entirely - it may be impossible - but to raise bar of cheating without getting banned
They are actively culling users that otherwise were viable customers. Smart.
They may lose some users who won’t play anymore because they won’t install rootkit, but keep those who would leave because of cheaters. Maybe their situation is dire enough so they would apply such drastic measures?
Let’s expand on this outside the bubble: what os is growing rapidly in usage with gaming? Linux. Riot is actively making a shortsighted decision (historically this tracks) which will cause them grief in the long run.
I mean, i’m all in for that, but year of linux desktop
201120122013201420152016201720182019202020212022202320242025?Linux is my favorite OS (i use arch btw) and i use it since… 2007, i think? But i sorta gave up on that belief - it’s a niche OS, and if gaming is ever coming to linux - it’s not coming to linux, it’s coming to ChromeOS or SteamOS.
To sum things up - i’m not saying rootkit anticheat is a good thing. It’s a solution to some problem, which people chose by comparing it to alternatives. Contrary to popular belief, CEOs don’t just sit around and think how to make players more miserable - those decisions are not made in one day. I’d drop a game if it forces me to install rootkit - i value my privacy more and i’d advice anyone to do the same. I’m just really annoyed by all the whining and comments “boohooo my favorite game developers suck and don’t value me enough”.
I hear Dota is better anyways and I think it runs natively.
Makes business sense. Why bother developing for 800 users when you have hundreds of thousands, if not millions, to worry about? The software company I work for has to make this kind of decision all the time.
But it was nice of them to include a viable strategy for cheaters via VMs.
Edit: I should clarify that “business sense” is almost always a poor excuse, and considering the potential growth in the Linux market thanks to handhelds, Proton, and NVK, seems dumb to thumb your nose at that potential.
800 feels like a number they cherry picked considering the overall community size.
Speaking personally: their vm detection is hot garbage and they know it. Detecting a VM is easy enough for anyone- detecting cheating via it is far more difficult. They flag a VM as such and wait for a report to roll in then blindly ban it… only to reverse it when pressured. This isn’t the behavior of an org with concrete evidence. It’s a smokescreen.
Good riddance, spent several years hooked to League. That being said, the fragmentation argument is bullshit, they could ship a read-only container in a flatpak and it’d run everywhere.
Kernel level is a huge risk and it doesn’t guarantee anything, especially in the age of Ai cheats and network mitm cheats
You can’t do shit with flatpak as a kernel level anti cheat.
That’s the point. A read only container to keep low hanging fruit at bay, and flatpak to distribute without having to repackage to every distro under the sun.
I don’t fuck with the game, the game doesn’t fuck with my system.
That doesn’t protect the game in any way, that’s the issue. If you don’t fuck with it, it doesn’t mean that everyone else doesn’t as well.
Their anti cheat rootkit doesn’t protect the game either.
How do you know?
