Competent cheat makers don't have much difficulty in defeating in-kernel anticheats on Windows. With the amount of insight and control available on Linux anticheat makers stand little chance.
The best Valve could do is offer a special locked down kernel with perhaps some anticheat capabilities and lock down the hardware with attestation. If they offer the sources and do verified builds it might even be accepted by some.
Doubt it would be popular or even successful on non-Valve machines. But I'm not an online gamer and couldn't care less about anticheats.
Anticheat is one of those things where I probably sound really old, but man it’s just a game. If you hate cheating, don’t play on pub servers with randoms or find a group of people you can play with, like how real life works.
For competitive gaming, I think attested hardware & software actually is the right way to go. Don’t force kernel-level malware on everyone.
Yeah, that's hilariously impractical if you like these games.
> pub servers
Most of these popular competitive games probably don't even have community servers of any kind. Maybe some games like RTSes have custom matches, but they're not used much for the standard game mode, at least not for public lobbies.
Sorry but you're just old IMO :) PUBG or Arc Raiders have over 100 players in a game. Even Valorant or League have 10 players in a match. It's definitely not easy to find 9 friends to play the same game at the same time as you. And playing any of these games with a cheater can completely wreck the match. If the cheaters go unchecked, over time they start to dominate games where like 30% might be cheaters who can see through walls and insta headshot you and the entire multiplayer mode of the game is ruined. Even worse some cheaters are sneaky, they might have a wallhack or a map showing all players but use it cautiously and it can be quite hard to prove they're cheating but they build up a huge advantage nonetheless. Most of us are happy to have effective anti-cheat, and it's not forced upon us. I understand the tradeoff to having mostly cheater-free games is having to trust the game maker more and am fine with that. Riot for example is quite transparent about what their anti-cheat does, how it works and I don't consider it "malware" anymore than I consider a driver for my graphics card to be "malware" even if they do operate in kernel mode.
This was never an issue 20 years ago when we had 64 player servers, but the 64 player servers also generally had a few people online with referee access to kick/ban people at any given time. That seemed like it worked well to me.
Exactly 20 years ago I was both a competitive CS player and I also liked reverse engineering so I was somewhat interested in the cheating community and even programmed a custom injector and cheat for CS (it was surprisingly easy if you knew a bit about Windows APIs).
Cheats were a problem. Not even a nascent problem, but already established. Bad enough that VAC was released in 2002, Punkbuster in 2000...
In competitive gaming you cannot just find a stable friends group to play against: you need competition, and a diverse one. We somewhat palliated this by physically playing in LAN, but that still limits to a radius around you and it's cumbersome when you can just find an opponent online (we had manual matchmaking on IRC before modern matchmaking existed).
The problem is that cheating can be very subtle if done correctly. The difference between "that guy is better that me" and "that guy can see through walls" is pretty much undetectable through non-technical means if the cheater is not an idiot. This poisons the competitive scene.
Competitive gaming is huge. It was big back in the day but now it's a monster. Just check the largest categories on Twitch: LoL, TFT, WoW, CS, Valorant...
Competitive gaming cannot possibly be huge. Like literally it is impossible for 99% of gamers to be competitive in any meaningful sense (if you play a game with 1M players and are in the top 1%, congrats, there are 10,000 people who are better than you. You are still unremarkable). It never was huge; it was just a niche you were in. There's massively more people that are just playing the game too blow off steam.
People play competition sports. They except no, or minimal amounts of cheating. Your personal feelings about it don't matter. The kid that plays basketball with 12 years olds on saturday mornings has the right to not have to deal with cheaters, and it doesn't matter if he's in the top .0001% or a shitty player that cannot distinguish his hands from his ears.
Have a quick look at the ladder on Counter Strike, or Faceit, or ranked play on League of Legends/Valorant/Whatever: it's not a niche. These games requiring kernel AC no matter the type of play is another subject, but people play to compare themselves to other, massively.
The kid that plays basketball with 12 year olds on Saturday mornings has the right to just go use the court at the park without being strip searched and drug tested because it's just a game and he's there to have fun. He actually does not have some right to demand no one else cheat, or even that they use the court to specifically play with some established rules. If other people are there playing HORSE or "what time is it Mr Fox", that's fine.
People who get intensely serious about 12 year olds playing basketball because their kid will be in the NBA some day so everyone needs to take the game very seriously so their kid can practice have rightly always been mocked. The entire point is to have fun.
I've played in Friday night sports leagues where people were drinking during the tournaments (and sometimes that's the point, c.f. sloshball). There are absolutely tons of people that do not take even the "competitions" seriously, and even more that aren't even serious enough to join a league.
Video games being something people play at home, I'd probably be surprised if there weren't more people that regularly play any given esports title under the influence of marijuana or alcohol than there are those who take it as a serious thing[0].
On competitive coding, Advent of Code removed the global leaderboard exactly because "people took things too seriously, going way outside the spirit of the contest".
Congratulations on living in a country that doesn't take playing sports with integrity I guess. I've been playing handball, soccer, swimming, from age 8+ on, in a club. Every single saturday game was taken seriously by players. Yes, we fucked around on other games, but competition has always been on every player's mind. If you don't want the pressure of competition, you just tell the coach, and you're not put in for those games.
And no, it's not "parents who think their kid will be in the NBA", it's that children who register in a club want to play competitively. On a country of 70 million, we have about 5 million registered players in different sports, the majority of which take integrity to heart.
[0] A poll on a subreddit, on a dead game with absolutely zero serious competitive scene does not count as "serious research". Yes, players play shitfaced also. The vast majority do not queue for competitive games and just fuck around in normals. Whether that's on modern games with dedicated queues for comp play, or games with dedicated leagues like ETF2L, Faceit and others.
It invalidates the idea that we need to take it seriously and have locked down computers with remote attestation to play games. People who take games seriously are a very small niche. You are in a bubble if you think otherwise.
This is like saying we need to institute drug testing at all parks to play football. Cheating in sports is a problem that very few players are concerned with. Caring about who wins isn't even common. Most are just kicking a ball around with their mates.
Those players can have their own solutions. They should recognize they are a tiny bubble and not insist the other 999,000 players need the same.
And they don't even need it all the time either. I did once participate in a CS:S tournament, so I guess I was "competitive", but half the time I was on gun game or ice world or surf maps. My friends and I played normal Warcraft 3 against each other, but otherwise I pretty much only played custom maps, which were apparently popular enough to spawn an entire new genre. I never ran into problems queueing for something like preschool wars or wintermaul. When we did queue for ladder sometimes it was like 10 minutes to find a match.
To your earlier point about e.g. Valorant: my mom invited me to play on weekends with her and my sister. I know my mom is 0% competitive. This was not some serious thing. I couldn't play with them because I'm not going to buy another computer just to run it. That's the absurdity here.
I have been watching this thread and you are triple downing on a point that you have no real experience with. Competitive e-sports is a real thing. There are e-sports arenas. (How are people even arguing this on HN?)
The International (a DOTA 2 competition) has like $40m in prizes. EWC in 2025 was $70m. 99.6 million people watched the League of Legends World Championship final. And we're not even talking about the millions of dollars of sponsorship involved.
That's great your mom isn't competitive in Valorant, but massively irrelevant. It's like me saying "I play flag football with friends, there is no competitive football."
Anti-cheat is important because this is how the best players are discovered, this is how they're recruited. If a game is 50%+ cheaters, the game will die... DOTA2 would cease to exist today as a big deal. Same with Valorant.
Aside from competitive gaming, GTA V online makes $1 BILLION in ARR. That would be $0 if the game was flooded with cheaters.
Now this isn't me defending kernel level anti-cheat, I think there are better ways to do it and some games do a great job here.
But man, calling GTA V online and competitive e-sports a "tiny bubble" is like calling the NFL a "tiny bubble".
I didn't say there's no competitive e-sports; I said basically no players are part of it, and that's true. The amount of money around a tournament is irrelevant to the fact that 99.99% of players do not participate in such tournaments.
Millions of people play American football casually vs a couple thousand in the NFL, and football isn't a very popular sport to actually play. We don't need to drug test everyone at the park. We don't need to require everyone to play with official league equipment. Again, >99.9% of football players are not in the NFL. The NFL is a tiny bubble in the world of people who play football.
And it's trivial for e-sports tournament organizations with millions of dollars in prizes to spend $50k on a set of standard, controlled computers to play on. Cheating shouldn't be a problem when money is on the line because the only time a player touches the machine is at the tournament. You use standard league equipment during league games. Otherwise who cares?
As far as I know, GTA V does have cheaters and has since the beginning, so it's apparently an example of how it doesn't matter.
Even so, no game ever is 50% cheaters, or anywhere near that. Even games like Gunz: The Duel where the netcode was so garbage that hits were decided on the computer of the person being shot still didn't have many cheaters. Probably less than 1% of players. The overwhelming majority are just having fun. Cheats are boring after like 5 minutes.
That's really the paradigm shift - communities were self-organizing and self-moderating before. Now game publishers want to control all aspects of the online experience so they can sell you content and skins, so that means matchmaking and it means they have to shoulder the moderation burden.
> communities were self-organizing and self-moderating before
This led to legit players that were just good being banned by salty mods, or cheaters that were subtle enough to only gain a slight edge not being banned.
And now, you have false anticheat bans. If you get banned from a server you can just join another server. (or even start your own!) If you get falsely banned from the game by anti cheat your money was in some sense stolen.
It was still an issue enough that some developers made BattlEye for anti-cheat 20 years ago for Battlefield games. It's still one of the more popular anticheats today.
Other games did similarly. Quake 3 Arena added Punkbuster in a patch. Competitive 3rd party Starcraft 1 server ICCUP had an "anti-hack client" as a requirement.
> Most of us are happy to have effective anti-cheat
I could almost get on board with the idea of invasive kernel anti-cheat software if it actually was effective, but these games still have cheaters. So you get the worst of both worlds--you have to accept the security and portability problems as a condition for playing the game AND there are still cheaters!
It's kind of like when people say Google is getting worse and has too many spam results even while I suspect they're actually improving, but the volume and quality of spam has gone up 100x so it looks like they're doing worse. The question is what is the base rate of attempts to cheat and how many of those attempts does kernel anti-cheat prevent vs. conventional mechanisms. I don't have the answer, but my intuition is cheating is more accessible and viral in many ways now with professional level marketplaces and actors working to build and sell cheats. I also don't think the industry would dedicate so much effort into invasive anti-cheat which is difficult, risky and gets them negative PR unless they felt it truly necessary. Counter Strike a few years ago had huge, huge numbers of cheaters and the super popular games like that attract a lot of attention. But ultimately, this is a cat and mouse game like search & SEO, so you're right there are still cheaters and getting that number to 0 is probably impossible.
Worst of both worlds? In theory this is accurate, in practice, it isn’t. The crux of why people are fine with it as far as I can identify is “but these games still have cheaters” - people aren’t looking for 0 cheaters so much as < X% are cheaters, keeping the odds low than any given match they are in has a cheater.
Valorant really is the only FPS where I was never once suspicious that someone may be hacking. I mean, I don’t play it and the anti-cheat is part of the reason, but it does absolutely work.
> I don't consider it "malware" anymore than I consider a driver for my graphics card to be "malware" even if they do operate in kernel mode.
the bloggers/journalists calling it malware is doing the conversation a disservice. The problem is only really the risk of bugs or problems with kernel level anti-cheat, which _could_ be exploited in the worst case, and in the best case, cause outages.
The classic example recently is the crowdstrike triggered outtage of computers worldwide due to kernel level antivirus/malware scanning. Anti-cheat could potentially have the exact same outcome (but perhaps smaller in scale as only gamers would have it).
If windows created a better framework, it is feasible that such errors are recoverable from and fixable without outages.
I'm not giving a small time software vendor proprietary access to my machine at that level. I honestly think that anyone who accepts it must be woefully uninformed about the risks involved.
I'm already salty about the binary blobs required by various pieces of firmware.
People just don't care. Even Stallman is okay with a microwave with closed-source firmware as long as it doesn't try to update its firmware.
For most people, a computer is just another appliance. They don't consider the security implications that this appliance can leak credit cards and such.
But I think they ought to. I also suspect that the current state of affairs is largely due to lack of understanding.
> as long as it doesn't try to update its firmware
I agree. But that isn't what we're talking about here. Things that can't update their firmware generally don't need you to upload a binary blob to them on startup.
I play a lot of dota 2 and never really notice anything that is obvious cheat wise. IMO league would probably be fine to do valve level anti cheat, it's even a less twitchy of a game than dota.
FPSs can just say 'the console is the competitive ranked' machine, add mouse + keyboard support and call it a day. But in those games cheaters can really ruin things with aimbots, so maybe it is necessary for the ecosystem, I dunno.
Nobody plays RTSs competitively anymore and low-twitch MMOs need better data hiding for what they send clients so 'cheating' is not relevant.
We are at the point where camera + modded input devices are cheap and easy enough I dunno if anti-cheat matters anymore.
I think the problem comes when someone makes a cool, fun, silly little game that is otherwise great when played with randoms, and cheating just sorta spoils it.
Case in point from a few years back - Fall Guys. Silly fun, sloppy controls, a laugh. And then you get people literally flying around because they've installed a hack, so other players can't progress as they can't make the top X players in a round.
So to throw it back - it is just a game, it's so sad that a minority think winning is more important than just enjoying things, or think their own enjoyment is more important than everyone else's.
As an old-timer myself, we thought it was despicable when people replaced downloaded skins in QuakeWorld with all-fullbright versions in their local client, so they could get an advantage spotting other players... I suppose that does show us that multiplayer cheating is almost as old as internet gaming.
You clearly don’t play competitive shooters and thus aren’t qualified to opine on the matter.
Competition vs other human beings is the entire point of that genre, and the intensity when you’re in the top .1% of the playerbase in Overwatch/Valorant/CSGO is really unmatched.
Not a gamer, but it seems like super competitive games should be played on locked down consoles not custom-built PCs where the players have full control?
Also, for more casual play, don't players have rankings so that you play with others about your level? Cheaters would alll end up just playing with other cheaters in that case, wouldn't they?
At one point I recall that Valve implemented a rating system so that cheaters who got reported would all end up playing in the same pool with each other.
This seems both semi probably but also like maybe a bit of a critical moral hazard for Valve. Right now folks love Valve. They do good things for Linux.
Making a Valve-only Linux solution would take a lot of the joy of this moment away for many. But it would also help Valve significantly. It's very uncomfortable to consider, imo.
> Competent cheat makers don't have much difficulty in defeating in-kernel anticheats on Windows. With the amount of insight and control available on Linux anticheat makers stand little chance.
The issue isn’t binary, but a spectrum. Studios clearly believe that there is less cheating when using kernel level anti-cheats. They have the data so they would know. This is an existential threat to their profit so we can trust they use the most effective tool. Anecdotally, I and many others also experience less cheating in games using kernel level anti-cheat. I’m not saying no cheating. I’m saying less cheating. That’s very important for me and many others.
Valve has stated they are working on kernel level anti-cheat “tools”, but they haven’t yet revealed a method. The entire concept is antithetical to the Linux security model so it requires significant refactoring. That’s a huge investment in not just capex and opex because the fork becomes much more difficult to maintain over time. I think they’ll do their best to work in user space, but I don’t think they’ll succeed and will have to bite the bullet. SteamOS will become more and more its own fork, including consumer-friendly features which Linux fans typically don’t care about.
Sure you can secure boot the kernel and the game binary itself but then you have all the surrounding support from the OS that also need to interop without being tamperable. Screenshots, network and input devices for example are routed through user space before reaching the game, and they can be used to make cheats. Now some of those layers are getting more isolated, for example with Wayland. Even so, that means your secure boot chain must go all the way up to include a non tampered window manager too, taking you closer and closer into reinventing a Android like console OS.
> that means your secure boot chain must go all the way up to include a non tampered window manager too,
Yeah, that's the entire point. The whole distro in this scenario would be signed reproducible FOSS builds. No untrusted binaries would be permitted to run. State of entire filesystem verified except specific directories. Think Android without the app store and no user provided APKs permitted.
Valve already manages SteamOS so this isn't as crazy as it might initially sound.
Although it does occur to me now that one of the newer GPLs has an anti-tivo provision. Not sure if this would run afoul of that. It's access to a subset of a service that would be restricted (competitive matches), everything else would still work.
The best Valve could do is offer a special locked down kernel with perhaps some anticheat capabilities and lock down the hardware with attestation. If they offer the sources and do verified builds it might even be accepted by some.
Doubt it would be popular or even successful on non-Valve machines. But I'm not an online gamer and couldn't care less about anticheats.