List of models affected?
It’s all motherboard models for certain Intel chipsets, AMD looks to be unaffected: https://thehackernews.com/2025/12/new-uefi-flaw-enables-early-boot-dma.html?
Thanks!
Yet another nail in the coffin of client-side anti-cheat. If you’re seriously affected by people using these kinds of cheats on their PCs (this one requires specialised hardware) then no amount of client-side anti-cheat is going to make a difference anyway.
Its already made a difference there is no debating that it does reduce cheaters. If you force people to buy specialised hardware to cheat less people will do it. Cheaters dont need to be 0 for it to be worth it. All you need is for players to not regularly run into cheaters and perceive there to be competitive integrity inthier online games.
They could always bring back paid in game mods, spend money on ppl actively checking games for cheaters and banning them, but nah then theyd make slightly less
Well the most popular cheats can’t properly* be detected on server side so I guess nothing can be done then.
(* some of those you can use metrics to guess but tuning that to catch all cheaters but never any real players is impossible)
Fair to say you can never prevent false positives entirely, but you can get asymptotically close. Server-side is the way to go even if it’ll never be perfect.
Ironically, League of Legends was formerly one of the crowning examples of a competitive game that effectively managed cheats without aggressive client-side AC. In >5000 hours of gameplay, I saw one probable cass scripter and maybe one person scripting dodges on Vayne.
League of legends didnt effectively manage cheats at all.
I would guess that type of game is much easier to do more comprehensive anti cheat for then the kind I was thinking of(i.e shooters) but I can’t be sure as I’ve never worked on one. The prime thing that I think makes it easier is that the game has a clear “no you cannot see or hear this person at all” state.
Yeah, shooters are definitely harder but not impossible. Some games are starting to implement occlusion culling (i.e. the vision detection strategy you’re describing), but that’s impossible or hard to pull off in certain contexts.
Overwatch 1 is probably the best case study in that genre: while it absolutely had cheaters, their player report system took action pretty fast, and anyone banned had to pay $30 for a new account. In practice, that was a strong enough deterrent to keep people from doing anything game-breaking that ruined the fun for other players.
It does become basically impossible if there aren’t strict limits on the art and level though(i.e ensuring walls or other blockers do not have small openings in them). Especially if you also want to use bushes as a thing to normally block sight as well. Though even then it’s still less effective then people think as you still need to replicate players not yet visible but could be if the local player moved a bit.
Let’s also not forget that you still need to deal with replicating things such as footsteps sounds through walls. Even if you replicate those as individual sound events instead of part of a replicated character that still gives a cheater enough information to know someone is there.
amazing, I approve of this. People should get locked out of playing if they have old systems that no longer receive BIOS updates. And also if they don’t even know what BIOS is. Once this kind of inconvenience gets more broad and companies will start losing players then maybe this BS with intrusive anti-cheats will stop… I hope
if they have old systems that no longer receive BIOS updates
You just went the Microsoft route there: “their system is too old and doesn’t have TPM, they need a new system to stay secure”
Or the BF6 route “you need to have Secure Boot enabled to play our game”
This just creates more e-waste and doesn’t really solve the problem as their user base will happily follow them for much longer than you’d probably think.
BF6 requires secure boot? …fuck outta here…
Huh? Why? That’s none of the game’s concern.
I think they were being facetious.
The point was that alienating their main player base this way will lead to the demise of companies that use kernel level anti-cheat and those companies will deserve it because they did it to themselves.
Fair point. Tone was hard to read
sorry, i’ll use italic next time
It was very clearly a combination of sarcasm and dark humor.
Make bios illegal.
UEFI gang rise up!
So like, no more going to the bathroom while gaming?
How does the AC check the BIOS version? If you have DMA you should be able to spoof that, even against the kernel I assume. I guess its a cat and mouse of spoofing detection by the AC versus the cheat devs?
Possibly TPM backed remote attestation. Having said that, once you are at the point of being worried about hardware DMA attacks, TPM attestation is not as full proof as you might think.
The bios flaw they were exploring was the bios having flawed anti DMA protections.
From the article
According to the company, the Input-Output Memory Management Unit (IOMMU), which protects system RAM from Direct Memory Access (DMA) devices, is not fully initializing upon boot in some motherboard models. This means that even though the BIOS might indicate that Pre-Boot DMA Protection is active, it’s not actually protecting the entire system.
stumbled over this a couple days ago, kinda relevant in case one wants to know more about ac and why its as it is on linux
At the end of the article, my takeaway is “anti-cheat is a tool used by bad developers to fix their security issues.” Properly written games are more resistant to bad clients, regardless of anti-cheat usage.
I’m also reminded of a Microsoft blog: What if two programs did this? which leads to being unable to play Battlefield 6 while Valorant is installed.
Wow, what a bad article. “Companies can spy on you anyway so just give them kernel access” is interesting logic… They tout the effectiveness of kernel-level anti-cheat by claiming they’ve never encountered a cheater in Valorant. This is either a lie or ignorance that demonstrates the author isn’t qualified to write on the topic. A websearch will return pages of results and examples of working cheats for Valorant. Valorant is actually one of the easier games to write cheats for.
The majority of cheats used today are not impacted or detected in any way by kernel-level anti-cheat. At all. This is because most cheats are not even run on the machine that is used to run the game. Its wild that the author just doesn’t address this reality.
Cheaters use a 2nd computer, outside the reach of anti-cheat, that receives and processes the video-output of the game. The kernel-level anti-cheat can only monitor the system that the game actually runs on, which is completely clean. The 2nd computer runs either a colorbot (especially trivial and effective for games like Valorant that outline enemies in a solid color) or an AI object-recognition model (a quick search will return loads of specialized models trained for various online shooters) to identify the location of enemies on screen. It then generates mouse movements and inputs that are sent back to the 1st computer running the game, while the kernel-level anti-cheat is completely unaware.
These cheats are so efficient that they are commonly run on cheap hardware like an arduino or raspberry pi, and the code is often very simple, sometimes just ~100 lines of python. They can also be subtle and hard to notice by other players (probably why the author may believe they don’t play with cheaters in Valorant), providing aim-assist or click-assist that works with the cheater’s authentic mouse movements, and sometimes only kicks in when an enemy is already close to the cheater’s crosshair.
The author also cherry-picks examples to lead the reader into believing that all multiplayer games require Windows anti-cheat to be successful, while conveniently not mentioning the many competitive multiplayer games that do support Linux and are a perfectly normal online experience, eg Marvel Rivals, Overwatch, Halo Infinite, or Dota 2. Can the author explain why these games are completely fine without Windows anti-cheat?
They don’t challenge, and misrepresent, the invalid reasoning given by some of these game companies for why they arbitrarily chose to block access from Linux, for example Apex Legends claimed the majority of their cheaters use Linux. But wait, how could they know that if cheaters cannot be detected on Linux? So they must be successfully detecting Linux cheaters. Apex Legends’ actual reasoning for disallowing Linux directly contradicts the claims that the author is trying to make. It’s not true that the majority of their cheaters run Linux, of course. The majority of cheaters fly under the radar by running Windows and allowing the anti-cheat to verify a clean system, while just running the cheat software on a 2nd computer.
Thank you for writing this, it has saved me from having to write it myself :) also I believe you have explained it much better than I ever could. As I was reading the article I was just scratching my head… Is the author oblivious of actual cheating options? Why is he talking of direct memory manipulation only? Is he trying to sell some idea here or is it just ignorance?
Also, security through obscurity… If the kernel side anticheat code is so safe and good at catching cheaters surely they can share the source of what it does… Unless sharing it would mean it can be circumvented so kernel anticheat is actually just as useless, just a matter of finding how to get past it.
There was so much wrong in the article but somehow written with enough truth to it that it’d be easy for most readers to not realize the flaws in the logic it has. But the very worst you also pointed it out, “companies can spy on you already with superuser access so having code on kernel level must mean it is only done for good, no reason to fear it”. Wow, such horrible logic.
And the last point you raise that the majority of cheaters in Apex used Linux reminded me of some absurd logic these companies keep using. When a game could be run on linux they will say that there’s not enough users to justify supporting Linux, so it’s OK to force anticheat that only runs on windows. But at the same time the majority of cheaters were using Linux… OK so what is it, how can there be a majority of users cheating on Linux if there is not enough users in Linux to support it? If there’s so few and cheating is mostly happening in Linux, how is cheating so prevalent? So yeah, the cheaters are not using Linux or there is a huge market of hidden Linux players.
not the author, but it is interesting that instead of staying on topic, you diverge the reader to some contraption that as you say doesnt even run code on the machine we are hypothetically talking about.
i believe the article i brought forward was from an earnest, non-cheating gamer, sounds even like a dev to me, trying to clear up to non-dev gamers or devs-who-havent-touched-AC-tech-so-far-as-a-dev (like myself) why (some) anti cheat protected games dont play on linux.
and, pardon my french but you seem to be trying to be a dick. the article was only relevant in so far as it’s about anti-cheat and was not in response to this lemmy post. look at the date.
and i clearly stated it as only kinda relevant. so, like, chill out dude.
How can you read from his comment that he is trying to be a dick? He is clearly criticizing and reasoning against the point in the article you shared. The author in that article is being disingenuous or naive at best or misleading on purpose at worst. It feels like you are the one in need of chilling out.
That’s not to say the author of the article is lying, that’s the biggest issue, the article is written with enough truth to make it seem like it makes sense. But the reality is that the article only describes why kernel anticheat is not useful in linux, disregarding entirely the fact that kernel anticheat is an absolutely terrible solution that truly only causes more trouble than it helps catching cheaters. It’s like someone trying to sell you the idea of why this or that lock for your house’s door is bad or good as it can easily be picked by an expert while ignoring the fact that most thieves won’t pick the lock and just break a window or something. Using kernel anticheat won’t stop cheaters, which should be obvious by now with so many real life examples, so it’s just extra software running impacting negatively and increasing the risk for security issues.
i already stated my intentions. now you are picking fights. gbye
You were the only one calling someone a dick just because they didn’t agree with an article you shared. No one is fighting with you, we are criticizing the article as being misrepresentative of reality, you are taking all this weirdly personally while we were commenting on the topic of that article.
i said “you seem to be trying to be a dick”. now you are misrepresenting what i said.
ok then, here we go: how do you think COULD anti cheat catch such a contraption?
how is such a contraption relevant to a kernel driver on another machine?
the article isnt about “how to cheat nowadays effectively” but “why dont these games work on linux?” and also what joyjoy above correctly took away: “gamedevs COULD do better and not need to rely on kernel level anticheat like valorant does and yet here we are.”
im done with you two.
I’m responding to the article you posted.
instead of staying on topic, you diverge the reader to some contraption that as you say doesnt even run code on the machine we are hypothetically talking about
This is simply the current state of video game cheats. It’s not “as I say”; it is. To not even mention it while making claims like “anti-cheat is effective in games like Valorant (one of the most popular games for cheats)” is completely disingenous. Go ahead and search “valorant colorbot” in your choice of search engine.
as you say
that was not claiming that you were misrepresenting something. read it again if you must. gbye
Awesome article, thanks!
deleted by creator
