r/techsupport • u/CrimsonAndGrover • 16h ago
Open | Windows How to handle kernel level anti-cheat software?
I've only recently become aware of this potential security problem. Some of my favorite games (which I have already played on my current Windows 11 installation) use it.
I've seen a lot of disagreement online about how big of a problem this actually is.
I've read talk along the lines of "A program with kernel level access could burrow in, such that uninstalling the software that it came from wouldn't fix the problem".
Is that true?
What should I do now, and in the future regarding security and gaming?
Thank you!
(below are details about my PC):
Processor AMD Ryzen 5 7600X3D 6-Core Processor (4.10 GHz)
Installed RAM 32.0 GB (31.7 GB usable)
Device ID D6116061-3A98-4603-928E-903E4EE520DE
Product ID 00342-20731-62825-AAOEM
System type 64-bit operating system, x64-based processor
Edition Windows 11 Home
Version 24H2
OS build 26100.4652
3
u/UltraChip 16h ago
Yes it's true. Once something is integrated in to the kernel it's basically part of your operating system - the only way to guarantee it's gone is to format your drive and reinstall from scratch.
There's not much you can really do about it, other than deciding whether or not the game is important enough to you to deserve that level of access.
1
u/Tempires 10h ago
How does one know whether game or other software installs something kernel level?
1
u/SaltDeception 8h ago
This isn't really true for the way kernel-level anti-cheat works though. They're drivers conforming to a specification, not byte code that gets patched into the kernel itself with arbitrary control over your system. They're still limited by the kernel's API on what they can and can't do. The driver could prevent itself from being unloaded while active (as AV kernel drivers typically do), but you'd still be able to prevent the driver from loading in the first place through other means.
0
u/CrimsonAndGrover 15h ago
Thank you. In most cases I don't expect the game company to behave maliciously. It's more a matter of the potential that (as Arthur said in this thread) software gets hacked or runs a bad patch.
1
u/UltraChip 15h ago
Yeah I agree with Arthur's stance. And for what it's worth, it's not a hypothetical threat - "security" measures for media have unintentionally left holes open for malicious actors before. The example I like using is the Sony DRM rootkit scandal .
But I also agree with Arthur that ultimately it's your decision. Only you know what kind of data your computer is storing and only you get to decide how private it should be. I know plenty of people for whom their gaming PC is literally just for gaming and nothing else so they don't really care. But then you have people like me who use their computers for damn near everything and so we need to be a little more careful.
1
u/DGC_David 15h ago
software gets hacked or runs a bad patch.
This is the main threat yes, but this and it doesn't actually prevent cheaters. So you are basically giving up the security of your computer for really nothing.
And this type of thing isn't uncommon, just the other year infamously Crowdstrike released a bad patch that BSoD whole airports for weeks, and this was with professionals around the world working to solve it. That could be your computer.
1
u/CrimsonAndGrover 14h ago
I was trying to reply to u/ArthurLeywinn but his post was suddenly gone from this thread. I don't know enough about how Reddit works to know if he, UltraChip, DGC_David, jamvanderloeff would see this post without me pinging them like this. Sorry if it's considered rude. Intended reply:
Thank you. I was wondering about doing something like that. I have 2 SSDs in my PC. If I were to install separate Windows 11 installations on each:
Would I still need to encrypt (given that they are physically separate drives?)
Would it be safe to have the smaller secondary drive (B) used only for the games that have kernel access and put everything else, including non-kernel games, on the other drive (A)?
What consequences would likely occur if kernel trouble happens on drive B?
What do you do (personally) to mitigate that? Having zero personal information (or even close to zero) sounds difficult. I'd have to login to Steam and some other things. Thank you.
1
u/UltraChip 9h ago
If your current OS install is already encrypted then it will stay encrypted, if that's what you're asking.
Yes it would be safer, I guess.
Your system would be vulnerable whenever you're running on OS B.
I don't play games with kernel-level anticheat. Granted, I don't like the types of games that need that kind of anti-cheat in the first place so it wasn't a big sacrifice for me, but still.
4a. I don't know if it's worth mentioning but I'm also running an all-Linux environment so my security posture is a little different: what I personally do likely isn't going to be relevant to you.
1
1
u/jamvanderloeff 16h ago
If you don't trust the publisher don't install it, and if you don't install it you can't play their game.
"A program with kernel level access could burrow in, such that uninstalling the software that it came from wouldn't fix the problem".
Is possible but fairly unlikely, it's the same kind of risk as installing a driver.
1
•
u/AutoModerator 16h ago
Making changes to your system BIOS settings or disk setup can cause you to lose data. Always test your data backups before making changes to your PC.
For more information please see our FAQ thread: https://www.reddit.com/r/techsupport/comments/q2rns5/windows_11_faq_read_this_first/
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.