EA Announces New Anti-Cheat Tech That Operates At The Kernel Level
from the red-flags dept
It seems anti-cheat technology is the new DRM. By that I mean that, with the gaming industry diving headfirst into the competitive online gaming scene, the concern over piracy has shifted into a concern over cheating making those online games less attractive to gamers. And because the anti-cheat tech that companies are using is starting to make the gaming public every bit as itchy as it was over DRM.
Consider that Denuvo’s own anti-cheat tech has already started following its DRM path in getting ripped out of games shortly after release after one game got review-bombed over just how intrusive it was. And then consider that Valve had to reassure gamers that its own anti-cheat technology wasn’t watching user’s browsing habits, given that the VAC platform was designed to sniff out kernel-level cheats. One notable Reddit thread had gamers comparing Valve to Electronic Arts as a result.
Which makes it perhaps more interesting that EA recently announced new anti-cheat technology that, yup, operates at the kernel level.
The new kernel-level EA Anti-Cheat (EAAC) tools will roll out with the PC version of FIFA 23 this month, EA announced, and will eventually be added to all of its multiplayer games (including those with ranked online leaderboards). But strictly single-player titles “may implement other anti-cheat technology, such as user-mode protections, or even forgo leveraging anti-cheat technology altogether,” EA Senior Director of Game Security & Anti-Cheat Elise Murphy wrote in a Tuesday blog post.
Unlike anti-cheat methods operating in an OS’s normal “user mode,” kernel-level anti-cheat tools provide a low-level, system-wide view of how cheat tools might mess with a game’s memory or code from the outside. That allows anti-cheat developers to detect a wider variety of cheating threats, as Murphy explained in an extensive FAQ.
The concern from gamers came quickly. You have to keep in mind that none of this occurs without the context of history. There’s a reason why, even today, a good chunk of the gaming public knows all about the Sony rootkit fiasco. They’re aware of the claims that DRM like Denuvo’s affects PC performance. They’ve heard plenty of horror stories about gaming companies, or other software companies, coopting security tools like this in order to slurp up all kinds of PII or user activity for non-gaming purposes. Hell, one of the more prolific antivirus companies recently announced a plan to also use customer machines for crypto-mining.
So it’s in that context that hearing that EA would please like to access the most base-level and sensitive parts of a customer’s PC just to make sure that fewer people can cheat online in FIFA.
Privacy aside, some users might also worry that a new kernel-level driver could destabilize or hamper their system (à la Sony’s infamous music DRM rootkits). But Murphy promised that EAAC is designed to be “as performant and lightweight as possible. EAAC will have negligible impact on your gameplay.”
Kernel-level tools can also provide an appealing new attack surface for low-level security exploits on a user’s system. To account for that, Murphy said her team has “worked with independent, 3rd-party security and privacy assessors to validate EAAC does not degrade the security posture of your PC and to ensure strict data privacy boundaries.” She also promised daily testing and constant report monitoring to address any potential issues that pop up.
Gamers have heard these promises before. Those promises have been broken before. Chiding the public for being concerned at granting kernel-level access to their machines just to keep online gaming less ridden with cheaters is a tough sell.