Microsoft looking to restrict kernel level access after CrowdStrike incident might help us with our current Anti-Cheat dilemma
Microsoft looking to restrict kernel level access after CrowdStrike incident might help us with our current Anti-Cheat dilemma
Microsoft drops subtle hints about the future direction of Windows security.
CrowdStrike’s Falcon software uses a special driver that allows it to run at a lower level than most apps so it can detect threats across a Windows system. Microsoft tried to restrict third parties from accessing the kernel in Windows Vista in 2006 but was met with pushback from cybersecurity vendors and EU regulators. However, Apple was able to lock down its macOS operating system in 2020 so that developers could no longer get access to the kernel.
Now, it looks like Microsoft wants to reopen the conversations around restricting kernel-level access inside Windows.
You're viewing a single thread.
@mudle somehow, I don't think that's the way to resolve future problems, it just looks like Apple's way, which sometimes isn't great for customers
You have a point, but if Microsoft completely locks down the kernel, preventing any third party software/driver from running at the kernel-level, Anti-Cheat developers will have to find a new way to implement Anti-Cheat. This may open up the possibility of some newer form of Anti-Cheat being user-space; or at the very least NOT ring 0, which in-turn may open up the possibility of this new form of Anti-Cheat working underneath Linux.
Or maybe we're all still screwed because this new form of Anti-Cheat will perform on a basis that trusts that there is no third party access to the Windows kernel because of how restricted it is, therefore nullifying the need to be ring 0, but it still might not work under Linux due to the freedom/access users have to the kernel.
But then again, in order to implement any third party driver into the Windows kernel, it has to be signed and/or approved by Microsoft first (IIRC). But cheaters get around this through various means. So maybe nothing changes; but if Microsoft DOES restrict kerne-level access, this leads me to think that Anti-Cheat will have to change in some form or another, which may lead to it working on Linux.
TBH, The only way(s) I see Anti-Cheat moving forward at all, is:
- Hardware level Anti-Cheat (similar to a DMA card. Maybe it requires a certain type firmware that is universally used across all/most major video game companies)
- Some form of emulated environment. Maybe like a specific kernel that is used for each game.
@mudle btw afaik Valve's working on AI anticheat, which analyzes player's behaviour, I think nowadays that would be the most viable direction for non-kernel anticheats
I completely forgot about AI Anti-Cheat, lol. But yes, this is another form of Ant-Cheat that seems to be very effective. (Although I don't much like the idea)
@mudle well, AIs are usually controversial because they are trained on scraped data, but I don't think that this may be an option for video games
Facts. But, at the same time... 3rd party vendors who have that access should be held liable in court and have their pocketbooks pounded like a $5k sex worker.
At least if it's a commercial service, or SaaS, which should hold a ton more livability behind it.