I'll preface this with that I'm not affiliated with any AC software nor am I working for gaming industry, though I do know some ordinary game devs. With the recent outrage over Riot's Vanguard and Denuvo's Anti-Cheat (which many people mistake for the Anti-Tamper software) I thought to look more into AC software.
If there's anything good coming out of this whole issue - it's that some people are getting more aware about computer security. As with everything there is a lot of false information, whether intentionally spread or not.
What is the issue with the Vanguard and Denuvo AC?
People do not trust Riot and Denuvo. Now don't get me wrong - every piece of software that is essentially a rootkit is a
potential security risk. It is. No way around it. That said, a skilled attacker can fuck up your PC without a kernel level rootkit.
However these are not the only things that run at kernel level. Many of your hardware drivers are likely running on kernel level. To explain: drivers can run in kernel mode (ring 0) or user mode (ring 3). Kernel mode drivers introduce lower latency as there is way less overhead. At the same time when it fucks up it's more likely to produce a BSOD. User mode drivers should be more stable and less likely to produce BSOD on fail, but there's the overhead of running it in user mode.
And what may be the issue here? Well, maybe we could take a look at how many people are still running a
Spectre or a
Meltdown vulnerability. You may remember them as the big security issue two years ago. You may also have noticed Foreshadow and Spoiler around the same time, though they gathered less notice.
My question here for those with vulnerable hardware is: are you equally concerned about Meltdown attack as you're with the anti-cheat software? If you're - good on you! If you're
not - why?
Why do people not trust Riot and Denuvo?
Riot
For Riot the most common answer would be "they are owned by Tencent who is in bed with Chinese Government and I don't want China to spy on me". From my point of view there is a few things to unpack here. First yes, Tencent absolutely owns Riot. However there is no evidence that the Chinese government is using Tencent to spy on you. Again, don't get me wrong - Tencent is a Chinese conglomerate. When the Party asks them for help they understand it's not really a request. But they're way more likely to spy on their own citizens. In fact, attempting to spy on let's say EU or US citizens via this very high profile route would be a road to diplomatic hell.
Another argument is that it's always running - which is fair and you
should ask why that's the way.
Denuvo
But what about Denuvo? Denuvo started with their Anti-Tamper software that almost immediately had some hoaxes surrounding it. Remember the "Denuvo kills SSDs" fiasco? Never proven, in fact trying to locate source leads to disbanded Russian warez site as far as I am aware, which is not the most trustworthy source in the first place. IIRC the issue itself was in the specific game (Dragon Age: Inquisition) and didn't have anything to do with Denuvo.
However Denuvo is based in Austria and owned by Irdeto a fairly old company (50+ years) actually specializing in security. And again, it's based in Austria so their stuff needs to be EU compliant, including GDPR. Originally Denuvo was formed from part of Sony DADC who also came up with SecuROM way back.
So why exactly people do not trust Denuvo? Personally I don't think it's about trust. It's about the bad image the Anti-Tamper has in gaming communities - after all it's some overhead that does reduce performance. That said, their Anti-Tamper has a very friendly implementation as removing it is a very simple process and that's why we see many games having it removed after they get cracked.
What am I missing here?
Other anti-cheat software is doing the same thing. And has been doing the same thing for quite a while now.
nProtect GameGuard
I'm starting slowly, with something you might not particularly know unless you're into a certain genre. GameGuard is a Korean anti-cheat software and therefore mainly popular among Korean MMORPGs.
Still you'll probably recognize couple of them... Like Lineage 2, MU Online or Metin2.
PunkBuster
This may be mostly a blast from the past, but yes, PunkBuster is also using a rootkit.
Only still somewhate relevant game I can think of would be Battlefield 4, but it used to cover some high profile games back in the day.
BattlEye
BatllEye describes itself as "Fully proactive kernel-based protection system". Sound similar? Yeah.
What games are protected by it? Take your pick:
- Bohemia Interactive games like Arma 3 and DayZ
- Planetside 2
- Rainbow Six: Siege
- PUBG
- Fortnite
- Ghost Recon: Breakpoint
- Escape from Tarkov
- and many more...
Easy Anti-Cheat
Easy Anti-Cheat is owned by Epic Games (hey, Tencent right?).
Games you can see EAC in... Apex Legends, Squad, Gears 5, Rust, War Thunder, Fornite (yes, it uses two ACs though IIRC only one is active at a time), Division 2, ...
What about other Anti-Cheat software
You may be noticing some software is missing...
FairFight
FF works on server-side with stats. It reacts to abnormalities in stats like super high accuracy or headshot ratio. It's not intrusive, but also will generally catch only the stupid cheaters.
Valve Anti-Cheat (VAC)
VAC is notoriously not kernel level and still had several controversies regarding privacy - for example when people thought it checked your browser history. What it did in reality was checking DNS cache for partial match for when cheat software "calls home" to verify the cheater has paid for it (turns out cheaters are not stellar examples of morality, who could've guessed). And yes, cheat software has DRM. That particular measure was active for about 13 days when cheat makers figured it out and basically scrambled the DNS cache... with their typically kernel level access.
Conclusion
What I don't want you to take away from this is that these pieces of software are not a potential issue.
But you need to take into account what is already an industry standard in many ways. If you're complaining about Vanguard spying on your for China, then turn around and "back to Apex Legends!" it makes you look like someone who only reads headlines and gets outraged based on them.
If this made you more conscious about cyber security? Great. Look more into it. You'll probably be terrified how many potential attack vectors there are. Hell, cheating on current consoles is a thing even though Sony and Microsoft did a pretty good job keeping the consoles a closed environment - someone just realized they can use the controllers as attack vector and there we go, you have cheaters on consoles using mouse and keyboard while tricking the console into thinking they're using a controller, therefore giving them aim assist.
As far as future goes... Ideally you'd have no trust on clients. You just send the server inputs and server tells you what happens. The problem is that network would probably blew up and it still doesn't cover issues like wallhack where you can possibly intercept data packets to see what it says about other players.
So be vigilant and think hard about what you're installing. Chances are you have BattlEye and EAC already on your PC, but you never cared until you read a headline.
