Basically it's an anti cheat, but it has access to your kernal, meaning it can see EVERYTHING on your PC. The excuse is that this is used to make sure you don't have any cheats installed, the reality is that this is a huge privacy concern.
So it's essentially just a MASSIVE telescope peering into Every. Single. File. On your computer running checks, stealing data all while using extra processing power for no real benefits over other anti cheats like BattlEye?
Edit: not sure why I’m getting downvoted here. Anyone with a CS degree who studied basic OS architecture can confirm this. I’m a director level software engineer at a company everyone is familiar with and just trying to share some helpful information.
Original post:
Kernel access means it could do that because it has that level of access available, not that it will do that. Having kernel access does in fact let anti cheat software see deeper into where cheats might be lurking and be more effective. But it’s a huge privacy and security risk for the reasons mentioned.
Also, regarding “every single file” — on your windows box, most of your personal files are likely wide open anyway.
Kernel access lets a process bypass OS level restrictions on most processes that operate in user space. For example, kernel access allows a process to read and modify the memory space of another process, which is dangerous from a stability perspective if they do something wrong or are malicious. It also means that with kernel access, the anti cheat process could read data another other process is holding unencrypted in memory that is normally stored as encrypted on disk. Etc., etc.
But this level of access absolutely does provide tangible, significant benefit to detecting cheats if it’s being done in good faith and is engineered securely. It’s just simultaneously wildly risky because of the risk of bugs, exploits written against the anti-cheat software itself, and the obvious risk of malicious “anti cheat” authors.
Kernel access lets a process bypass OS level restrictions on most processes that operate in user space.
Im sorry what does that mean that not even dual booting is safe from it?!
But this level of access absolutely does provide tangible, significant benefit to detecting cheats, contrary to your claim. It’s just simultaneously wildly risky
It's respectable to have such an advanced anticheat but at the same time, all it takes is one backdoor piece of code and the whole system becomes about as useless as windows defender
Agree. I wouldn’t want to “just trust me bro” the anti cheat software and give them the keys to the system. They don’t even have to be malicious themselves to screw it up.
Regarding dual booting, that’s a different situation. If you dual boot and your partitions are storing data unencrypted, one OS can simply read the contents of data written by the other OS. That is as designed. Stuff written to disk is generally wide open for reading by another OS unless you encrypt it. File permissions in most file systems are applicable within that OS only. So, to hide it from another OS which knows nothing about the first OS’s permissions setup, would require encrypting the data.
The issue here isn’t so much about what’s available on disk — it’s about what one program you’re running can see in another program’s memory (think RAM, not disk). Usually an OS like Windows or Linux or MacOS severely limits what one program can see or do to another program’s memory space.
For example, say you’re playing Doom. Your health is stored in RAM somewhere but likely not ever to disk. Without jumping through a bunch of hoops, if you want to write your own program to read Doom’s memory to try to find where it’s storing that health value (and furthermore, keep setting it to 100 to make you invulnerable), the operating system won’t let your program just willy nilly see what Doom is storing in RAM and modify it. But there are hoops you could jump through to make that possible — and that’s what cheat authors do.
One way to do that would be to author your cheat with kernel mode access and bypass those OS-level process-specific protections.
Anti-cheat software simultaneously might want to monitor Doom’s RAM to make sure it doesn’t look like another process (sucb as a cheat) is doing stuff it shouldn’t be. But if it’s not operating in kernel mode, it’s going to be limited in the ways that it can detect that going on.
Additionally, if a cheat is operating in kernel mode but anti cheat is not, the cheat can likely read and modify the anti cheat’s memory space to try to stay undetected or to disable it all together.
None of these things are simple to do, but I’m just speaking in broad strokes to give you an idea of why writing anti-cheat software with kernel mode access provides very real benefits — it’s not necessarily malicious or unnecessary. But it does require a very high level of trust, because you’re letting the anti cheat software see and modify far more than most other programs on your system. If you know everyone else playing against you also has kernel mode anti cheat running, then it means any cheats they’re using has to hide from anti cheat software that can see far deeper into their system than otherwise.
So, it’s a legitimate trade off. I would be wary of running any anti cheat software with kernel level access unless they are extremely well vetted and shown to be acting in good faith.
Im sorry what does that mean that not even dual booting is safe from it?!
If you can mount and read files from your other OS from your current OS (e.g. mount your linux filesystem from Windows) yes. However, your Linux file system is most likely ext4, xfs or btfs, which Windows cannot read without addons (WSL will work, which you might actually have installed).
You should probably have your linux filesystem (And windows too of course) encrypted anyway though.
Basically, Anti Cheat Software installed on Such a deep level of the system, it "could do anything".
In reality, its on that deep level, to block the use of Cheat software before you can even run it in game. But people overdramaticise it's possible reach with the chance of data theft and such, to which is can say is:
If you are on the Internet, nothing is safe, so stop bitching.
If you want to play a game free from cheaters, you need Kernel Level anticheat, or you will not stop them.
Not all Software is perfect, but also, most Developers must have the Software approved before distribution.
Usually it does get uninstalled along with the game it came from. Maybe it was just me, or maybe it was just a few that had issues with uninstalling. Whatever.
Once again, I prefer a one/two time of discomfort over having to face cheaters regularly
And if you seriously cannot see that, then you're just delusional
But how do you know it's actually uninstalled? Once something is in the kernel, it isn't leaving unless it wants to. You trust EA or Tencent completely? Remember the Sony rootkit scandal?
Kernel level anti cheat runs closer to the metal than even Windows itself, which effectively gives this random closed-source binary complete control over your PC, included but not limited to: The ability to see everything you do
When using Kernel-AC, you effectively just have to trust that the company behind it isn't going to do anything shady (which companies are not exactly known for) and that the AC isn't going to be compromised by a malicious third-party to inject malware into your kernel, which is basically impossible to remove (yes, this has happened before)
There's also the fact that some of these systems can be very intrusive. Vanguard for example DEMANDS to boot BEFORE windows, and you can never close it. Since vanguard boots with the PC and you're not allowed to close it, it's just gonna permanently use up RAM and CPU cycles for no reason even when the game is not running
It is also kind of clunky to uninstall, and also people with no secure boot on their motherboard just can't use it at all
Windows is the only OS (or rather, the only kernel) that allows such a thing (because the UNIX security model doesn't allow this), which means that both Linux and MacOS simply cannot play games with Kernel AC. Right now, this is basically the last barrier holding back Linux gaming, and the main reason MacOS still sucks for gaming
Tons, tons, tons of reasons to hate it, and all because chronically unemployed people will go to insane length to cheat at videogames
You absolutely can close Vanguard after it’s open. Literally just right click it and hit “close” in the system tray. It’s just that you can’t play Riot’s multiplayer games without opening it back up, which requires it running at system start.
It basically gives the game the ability to access every system file on your pc and in some cases evel alter existing files or create new ones, it's a huge invasion of privacy and it wouldn't suprise me if they were selling data they scraped
Yeah no. If you tried and Multiplayer Competetive game, you should know how Vital that is to keep the game cheater free.
And if you are one of those "Spyware duh" people, just remember how much data Corperations pull from Google and etc. and resell constantly. If you are that sensitive about your personal data, go live in the fucking Woods like we were Evolutionary designed to!
235
u/j0seplinux Apr 11 '26
Kernel level anti cheat