Activision's new anti-cheat system for COD includes kernel level driver. driver already leaked.

d3athf1sh

[H]ard|Gawd
Joined
Dec 16, 2015
Messages
1,216
So people were already up in arms over a kernel level driver being required to play COD warzone and vanguard after an upcoming update.
according to activision: “RICOCHET Anti-Cheat’s backend anti-cheat security features will launch alongside Call of Duty: Vanguard, and later this year with the Pacific update coming to Call of Duty: Warzone. In addition to server enhancements coming with RICOCHET Anti-Cheat is the launch of a new PC kernel-level driver, developed internally for the Call of Duty franchise, and launching first for Call of Duty: Warzone…The kernel-level driver will subsequently release for Call of Duty: Vanguard at a later date.”
https://www.denofgeek.com/games/war...oversy-kernel-explained-details-release-date/

but the funny thing is, is one of the employees already leaked it to hackers.
https://www.gamepressure.com/newsro...leaked-call-of-duty-cheatmakers-alread/zc3af2
 
It's amazes me that people will knowingly install this sort of intrusive malware on their systems.

Sadly, if a game is a PC multiplayer title, it needs this level of anti cheat. These games are otherwise enjoyable experiences. Warzone being free to play and having 900 million players needed this on launch.

The only thing that amazes me is how long it's taking them compared to the revenue the game has been generating for them.
 
Sadly, if a game is a PC multiplayer title, it needs this level of anti cheat. These games are otherwise enjoyable experiences. Warzone being free to play and having 900 million players needed this on launch.

The only thing that amazes me is how long it's taking them compared to the revenue the game has been generating for them.
Unfortunately with so many SP games tacking on a MP mode I still end up with garbage like this on my system, it seems like I'm constantly removing punkbuster(sometimes multiple versions) from my PC and I haven't played any MP stuff in years.
 
Crotan TrevorR
If you're not familiar with the term, kernel level is the highest level of access priority a program can get on your computer, any program with that level of access has full control over the entierety of your OS and your computer.
To put it simply, this is a MAJOR security concern for you, as even if ricochet has no malicious intents whatsoever, a security breach would still mean that someone else could have full control over your computer.

and it's already in the hands of hackers. so you still think this is "necessary" and you still wouldn't flinch installing it on your computer??? wow
 
Crotan TrevorR
If you're not familiar with the term, kernel level is the highest level of access priority a program can get on your computer, any program with that level of access has full control over the entierety of your OS and your computer.
To put it simply, this is a MAJOR security concern for you, as even if ricochet has no malicious intents whatsoever, a security breach would still mean that someone else could have full control over your computer.

and it's already in the hands of hackers. so you still think this is "necessary" and you still wouldn't flinch installing it on your computer??? wow
Well if you want to play the game in question you kinda have to. I don't like this trash either but I don't have much of a choice....
 
Worst part is, that this is unlikely to prevent cheating for more than a few weeks. Sure, at first it will seem to. Then the people that make money off of cheaters, having devoted time and resources to the task, will find a way around it, and then promptly sell it to cheaters.
Same as it's always been.

Is the game worth the possible security compromise this represents though? When proper in game moderation is the best anti cheat, but nobody wants to spend the cheddar on that. Yeah, some smart ones that are really down low about it will slip through, but eventually you will prolly catch even them with active moderation. But with private servers a thing of the past, the community can not police itself either anymore. So we get anti-cheat software that can easily compromise our PC. From a company I don't exactly have much faith in. So...... well, it's not for me then.
 
Worst part is, that this is unlikely to prevent cheating for more than a few weeks. Sure, at first it will seem to. Then the people that make money off of cheaters, having devoted time and resources to the task, will find a way around it, and then promptly sell it to cheaters.
Same as it's always been.

Is the game worth the possible security compromise this represents though? When proper in game moderation is the best anti cheat, but nobody wants to spend the cheddar on that. Yeah, some smart ones that are really down low about it will slip through, but eventually you will prolly catch even them with active moderation. But with private servers a thing of the past, the community can not police itself either anymore. So we get anti-cheat software that can easily compromise our PC. From a company I don't exactly have much faith in. So...... well, it's not for me then.

Yea but everything you just said is just pissing in the wind. Old man shakes cane at clouds. Private servers and game moderation allow people to enjoy games past their intended period of profitability. Proper game moderation isn't coming back. These are corporations chasing profits.

Kernel level anti cheat is the best outcome given the current circumstances of there being a population of people who get their kicks from ruining the game experience for others, and willing to pay to make that happen. It's a huge problem in Warzone right now. It's been a massively successful title in all regards except for that.

Yea it's not going to be perfect, nothing is. It's going to take time and effort, and they haven't done it up until now because they were a business that chose not to invest there. But it's been enough that chunks of the gaming population moved on.

Valorant is still going strong and has the same level of anti-cheat. The only thing you need to trust is that a corporation want's to make money off of you, and they will do everything in their power to continue to do that.
 
Here's a thought. Make two types of servers. Free servers are anything goes. Pay servers are curated/reviewed with an admin always online to weed out cheaters.
 
Crotan TrevorR
If you're not familiar with the term, kernel level is the highest level of access priority a program can get on your computer, any program with that level of access has full control over the entierety of your OS and your computer.
To put it simply, this is a MAJOR security concern for you, as even if ricochet has no malicious intents whatsoever, a security breach would still mean that someone else could have full control over your computer.

and it's already in the hands of hackers. so you still think this is "necessary" and you still wouldn't flinch installing it on your computer??? wow

Already knew all that, still wouldn't flinch. I like to play games without hackers.

The chance of dying while driving my car to work every morning is probably ~ < 1% but I still drive my car to work everyday.
The chance of my SSN being stolen while applying for say a mortgage is probably ~ < 1% but I'll still apply for a mortgage.
The chance of a hacker targeting my computer is ~ < 1% but I still use my computer.
The chance of a security breach and a hacker gaining access to my computer through kernel level drivers is ~ < 1% but I'll still play the game.

Nothing in life is ever 100%.

I will mention that not everyone thinks like me, this is me personally. I hold an advanced degree in statistics so I think of everything in life statistically lol
 
Already knew all that, still wouldn't flinch. I like to play games without hackers.

The chance of dying while driving my car to work every morning is probably ~ < 1% but I still drive my car to work everyday.
The chance of my SSN being stolen while applying for say a mortgage is probably ~ < 1% but I'll still apply for a mortgage.
The chance of a hacker targeting my computer is ~ < 1% but I still use my computer.
The chance of a security breach and a hacker gaining access to my computer through kernel level drivers is ~ < 1% but I'll still play the game.

Nothing in life is ever 100%.

I will mention that not everyone thinks like me, this is me personally. I hold an advanced degree in statistics so I think of everything in life statistically lol
I think this is why it makes sense to have a PC that's dedicated to gaming (aka a powerful game console) and then you use another machine to do your business on. With computers being ubiquitous as they are anyone can totally do this.

My two cents.
 
Forfeit your liberties now, then the rest of the gaming industry will follow. Everyone will have firmware, then hacking will be everywhere. And cheaters still will cheat with hacked firmware. It's an arms race where security will be the loser.


And I don't like how this stuff trickles down to single player gaming.
 
I think this is why it makes sense to have a PC that's dedicated to gaming (aka a powerful game console) and then you use another machine to do your business on. With computers being ubiquitous as they are anyone can totally do this.

My two cents.
Hard for all gamers to purchase two decent computers both in price and supply. Also wouldn't want your steam account being hacked in the unsafe sandbox computer.
 
Well if you want to play the game in question you kinda have to. I don't like this trash either but I don't have much of a choice....
If no one bought software from trash companies not only admitting they are installing a root kit on your machine in order to play a video game... they are also incompetent enough to have the code leaked before they even launch it. Then guess what those trash companies would have to choose.... make a game, or build a root kit ?

Yes there are plenty of ways to implement anti cheat without rooting peoples systems. lmao

Its not like its harder to perform basic game file checks between map loads... to scan the games mem foot print constantly comparing proper hashes to the one in mem isn't even high over head. There are 100s of ways to implement anti cheat that don't require scans of non related storage and ram space. Giving software ANY software kernel level access if FUCKING insane. Don't accept it as a consumer and perhaps it changes.

If you really really really must have a Call of duty game... I would suggest building a purpose built game machine that has nothing but local level MS accounts... never ever ever is logged into anything you value. Install the game and nothing else... when your done with that game nuke that drive from orbit and reinstall an OS. Cause ya this shit is cancer.
 
Already knew all that, still wouldn't flinch. I like to play games without hackers.

The chance of dying while driving my car to work every morning is probably ~ < 1% but I still drive my car to work everyday.
The chance of my SSN being stolen while applying for say a mortgage is probably ~ < 1% but I'll still apply for a mortgage.
The chance of a hacker targeting my computer is ~ < 1% but I still use my computer.
The chance of a security breach and a hacker gaining access to my computer through kernel level drivers is ~ < 1% but I'll still play the game.

Nothing in life is ever 100%.

I will mention that not everyone thinks like me, this is me personally. I hold an advanced degree in statistics so I think of everything in life statistically lol
The statistics of someone exploiting your system with a remote kernel-level access vulnerability is far higher than all of those combined. In fact, in today's world, it's 100% certainty past a certain amount of users. Something like COD is going to be installed on millions of PCs. This is so tempting your own government is now likely looking at that driver for exploit use.
Gamers aren't all low-level employees and most upper management are less active in data security. While yes you personally won't be affected beyond becoming part of illegal activity to breach someone else's systems... it's not something you want to tempt.

Also, kernel-level doesn't stop cheating. It stops YOU cheating.
The only way to stop a hacker is not to play with hackers.
 
You get this game is installing a root kit right. The code is also already in the wild. Good security... this is a kernel driver with root access. It can just delete your security. haha
If your security is vulnerable against rootkits then you have the wrong security.
 
Your security doesn't work if you WILLINGLY install the root kit. Anti root kit security stops them from being installed. Once a program has kernel level access your security really isn't secure anymore.
The problem is the cheaters gladly and willingly pay to install rootkits on their machines as most of these cheats are modified network and GPU drivers, many with spoofed credentials; so they can actually pass the validations on Windows 7 and 10.

As stupid as many think it is there is big money in these online games and individuals can make money doing them between Twitch, Youtube, Tournaments it's now a numbers game, and with that comes the need to drastically improve the cheating problem.

Your gaming computer is at the mercy of the company developing the games you play, just like my accounting servers are at the mercy of the software developers, and my Student information systems are at the mercy of Fujitsu. I can go on about how it's my hardware and blah blah blah but at the end of the day if I want them to do what I need them to do then they are going to tell me exactly what I can and can't do with that hardware.
 
So the "leaked" version is a pre-release from more than 2 weeks ago that was sent to select third-paries, where each 3'rd party got a slightly different version, for feature testing. So now they know which third-party leaked the code, and that code isn't complete and will not be the same as the one implemented on the back end.


Smells like Red Herring more than anything else to me.
 
If no one bought software from trash companies not only admitting they are installing a root kit on your machine in order to play a video game... they are also incompetent enough to have the code leaked before they even launch it. Then guess what those trash companies would have to choose.... make a game, or build a root kit ?
Kernel drivers are not rootkits. That is silly drama. Want to know something else that uses a kernel driver? All anti-virus software. So if you run AV software, including MS's own, it has a kernel mode driver on your system. They are not rootkits (look up the definition) just because they run in the kernel.

Now you certainly want to be careful what you install in your kernel (you also want to be careful what you install in userspace) but just because it runs in the kernel doesn't make it bad. The concern with this should be if it is well programmed, if it makes your system vulnerable to be exploited. Just the fact that it runs in the kernel alone isn't something to get all up in arms about.
 
If no one bought software from trash companies not only admitting they are installing a root kit on your machine in order to play a video game... they are also incompetent enough to have the code leaked before they even launch it. Then guess what those trash companies would have to choose.... make a game, or build a root kit ?

Yes there are plenty of ways to implement anti cheat without rooting peoples systems. lmao

Its not like its harder to perform basic game file checks between map loads... to scan the games mem foot print constantly comparing proper hashes to the one in mem isn't even high over head. There are 100s of ways to implement anti cheat that don't require scans of non related storage and ram space. Giving software ANY software kernel level access if FUCKING insane. Don't accept it as a consumer and perhaps it changes.

If you really really really must have a Call of duty game... I would suggest building a purpose built game machine that has nothing but local level MS accounts... never ever ever is logged into anything you value. Install the game and nothing else... when your done with that game nuke that drive from orbit and reinstall an OS. Cause ya this shit is cancer.
I don't play CoD but I do play Apex and it uses easy anti-cheat which I assume is similar. Lots of people who do play CoD have really become tired of the cheaters so I bet they will welcome anything that will cut down on the quantity of douchebag cheaters.
 
I don't play CoD but I do play Apex and it uses easy anti-cheat which I assume is similar. Lots of people who do play CoD have really become tired of the cheaters so I bet they will welcome anything that will cut down on the quantity of douchebag cheaters.
I understand where players wanting competitive fair game play could welcome stuff like this. Sometimes the cure isn't any better.... I really hope this doesn't turn ugly. As I understand the code has already leaked which can lead to a couple issues... one the cheaters are likely going to find away to spoof it as the code is out. On the scarier end if said cheat makers find the way into this kernel driver they are now in your system. Not that I feel too badly for cheaters... BUT I can see this being an interesting haha on you when some of these people get bank info stolen ect.
 
I'm unwilling to risk my computers stability or use for a game.
Kernel drivers are not rootkits. That is silly drama. Want to know something else that uses a kernel driver? All anti-virus software. So if you run AV software, including MS's own, it has a kernel mode driver on your system. They are not rootkits (look up the definition) just because they run in the kernel.

Now you certainly want to be careful what you install in your kernel (you also want to be careful what you install in userspace) but just because it runs in the kernel doesn't make it bad. The concern with this should be if it is well programmed, if it makes your system vulnerable to be exploited. Just the fact that it runs in the kernel alone isn't something to get all up in arms about.
From the article:
"Besides, those concerns are more than hypothetical. In 2013, the ESEA revealed that a rogue employee was using their kernel-level software to turn users’ computers into Bitcoin mining machines. Valorant‘s Vanguard anti-cheat software was unintentionally blocking certain outside programs that shouldn’t have been blocked. Studies have also suggested that this kind of software could still be exploited by outsiders in order to turn a user’s OS against them or access sensitive information in other ways. We know that it is possible to exploit this kind of program."

That doesn't sound very silly to me. The risk sounds very real. If anything the most insidious kind of infection that tries to be as stealthy as possible until it's too late. My favorite virus found was one that stayed completely memory resident and didn't even write to the hard disk. Was found in a banking system.

There's enough nasty stuff out there. Installing anything like this is just asking for trouble.
 
Yes there are plenty of ways to implement anti cheat without rooting peoples systems. lmao

Its not like its harder to perform basic game file checks between map loads... to scan the games mem foot print constantly comparing proper hashes to the one in mem isn't even high over head. There are 100s of ways to implement anti cheat that don't require scans of non related storage and ram space. Giving software ANY software kernel level access if FUCKING insane. Don't accept it as a consumer and perhaps it changes.
I never played game at any level so I do not know any cheating system and how they work but I am not sure that sound right at all in 2021.

What if the cheating system is something that look at the video output and help move the mouse and click for example, how anything directly related to the game storage and ram space could detect that ? There must be a list of ways to cheat that do not involve changing anything to the game executable,
 
How many Kernel level drivers can you install until Windows bootup slows down?
 
Well if you want to play the game in question you kinda have to. I don't like this trash either but I don't have much of a choice....
Your choice is to stop supporting this developer and stop playing the game at the risk of your own computer / data and everything else on your network.

People need to stop being so god dam passive about what they let companies get away with...you are the reason they keep doing this crap and getting away with it...And dont give me the "i got nothing to hide" BS line either, because it is not even about that.
 
I never played game at any level so I do not know any cheating system and how they work but I am not sure that sound right at all in 2021.

What if the cheating system is something that look at the video output and help move the mouse and click for example, how anything directly related to the game storage and ram space could detect that ? There must be a list of ways to cheat that do not involve changing anything to the game executable,
Almost no cheats modify the game at all. They use graphics “hacks” paired with input macro’s. They don’t modify the game to see through walls much easier to modify the GPU driver to change the render order, then map a macro and a snap to using the readily available stuff from Logitech or Corsair. Many others use spoofed streaming overlays to watch the feed and render player positions or item drops and such to a customized map. Lots of stuff like that almost nothing bothers trying to modify the game or directly interface with it because that is too easy to detect.
 
Your choice is to stop supporting this developer and stop playing the game at the risk of your own computer / data and everything else on your network.

People need to stop being so god dam passive about what they let companies get away with...you are the reason they keep doing this crap and getting away with it...And dont give me the "i got nothing to hide" BS line either, because it is not even about that.
And what do you propose they do to stop the cheaters instead? Your not wrong but your not offering anything constructive.
 
I never played game at any level so I do not know any cheating system and how they work but I am not sure that sound right at all in 2021.

What if the cheating system is something that look at the video output and help move the mouse and click for example, how anything directly related to the game storage and ram space could detect that ? There must be a list of ways to cheat that do not involve changing anything to the game executable,
Well both easy anti cheat and battle eye have both been updated to work under Linux. Where we know without a doubt neither will be getting kernel access.

I won't claim to be a super expert in the area of anti cheat. However it seems at least 2 of the major players are saying they don't actually need kernel level access... as there is no way they get kernel level access under Linux. (and ya Valve has said the changes for both will work on any Linux install not just some custom kernel or something)

Clearly when pushed these types of companies seem to be able to get the job done without root access. (and as far as overlays go... yes there are ways for developers to disable directhook and other overlay methods... in some games it is even recommended to turn things like Steams FPS counter off so you don't end up getting banned for cheating) those types of protections have no need of root access.
 
Well both easy anti cheat and battle eye have both been updated to work under Linux. Where we know without a doubt neither will be getting kernel access.

I won't claim to be a super expert in the area of anti cheat. However it seems at least 2 of the major players are saying they don't actually need kernel level access... as there is no way they get kernel level access under Linux. (and ya Valve has said the changes for both will work on any Linux install not just some custom kernel or something)

Clearly when pushed these types of companies seem to be able to get the job done without root access. (and as far as overlays go... yes there are ways for developers to disable directhook and other overlay methods... in some games it is even recommended to turn things like Steams FPS counter off so you don't end up getting banned for cheating) those types of protections have no need of root access.
Until the cheat developers release their cheats for the Linux variants and users gladly run those all as root with the needed credentials hard coded in plain text in an ini file and start providing their own AMD and NVidia graphic drivers. If enough gamers switch to Linux it will happen there too.
 
Until the cheat developers release their cheats for the Linux variants and users gladly run those all as root with the needed credentials hard coded in plain text in an ini file and start providing their own AMD and NVidia graphic drivers. If enough gamers switch to Linux it will happen there too.
I'm not sure it will. At least I hope not. lol

You make a good point about stream cheats and the like. I mean kernel level doesn't account for any of that anyway right ? Unless I'm missing something.

Realistically unless valve unloads a ton of steam decks I don't really expect great long term support from the dirty version anti cheat using developers. I mean issues of Metal/Vulcan/DX aside Mac kernel security policy is also why the popular shooters don't get Mac support. (not the only reason obviously just one of them)
 
I'm not sure it will. At least I hope not. lol

You make a good point about stream cheats and the like. I mean kernel level doesn't account for any of that anyway right ? Unless I'm missing something.

Realistically unless valve unloads a ton of steam decks I don't really expect great long term support from the dirty version anti cheat using developers. I mean issues of Metal/Vulcan/DX aside Mac kernel security policy is also why the popular shooters don't get Mac support. (not the only reason obviously just one of them)
It does, to a degree, it can verify the data being fed too and from GPU drivers and stuff like that. Honestly it’s a stop gap measure until TPM2 and other processes can be standardized and enforced. Once Microsoft and the game studios have everything sandboxed and TPM verifying the boot sequences and such it will make for a much harder time. But we are a good 5 years from that.
 
  • Like
Reactions: ChadD
like this
Your choice is to stop supporting this developer and stop playing the game at the risk of your own computer / data and everything else on your network.

People need to stop being so god dam passive about what they let companies get away with...you are the reason they keep doing this crap and getting away with it...And dont give me the "i got nothing to hide" BS line either, because it is not even about that.
I wouldn't say "I don't have anything to hide" because I don't agree with that. But again I enjoy playing the game with my friends and if it's helpful at stopping the amount of cheaters then I'm not 100% opposed. There are always trade-offs with this kind of thing.
 
If such games could be run in a VM with hardware passthrough, one might have some degree of control over this, though have read various games with similarly kernel-level anti-cheat middleware ban users using VMs.
 
Back
Top