EA Announces New Anti-Cheat Tech That Operates At The Kernel Level
from the red-flags dept
It seems anti-cheat technology is the new DRM. By that I mean that, with the gaming industry diving headfirst into the competitive online gaming scene, the concern over piracy has shifted into a concern over cheating making those online games less attractive to gamers. And because the anti-cheat tech that companies are using is starting to make the gaming public every bit as itchy as it was over DRM.
Consider that Denuvo’s own anti-cheat tech has already started following its DRM path in getting ripped out of games shortly after release after one game got review-bombed over just how intrusive it was. And then consider that Valve had to reassure gamers that its own anti-cheat technology wasn’t watching user’s browsing habits, given that the VAC platform was designed to sniff out kernel-level cheats. One notable Reddit thread had gamers comparing Valve to Electronic Arts as a result.
Which makes it perhaps more interesting that EA recently announced new anti-cheat technology that, yup, operates at the kernel level.
The new kernel-level EA Anti-Cheat (EAAC) tools will roll out with the PC version of FIFA 23 this month, EA announced, and will eventually be added to all of its multiplayer games (including those with ranked online leaderboards). But strictly single-player titles “may implement other anti-cheat technology, such as user-mode protections, or even forgo leveraging anti-cheat technology altogether,” EA Senior Director of Game Security & Anti-Cheat Elise Murphy wrote in a Tuesday blog post.
Unlike anti-cheat methods operating in an OS’s normal “user mode,” kernel-level anti-cheat tools provide a low-level, system-wide view of how cheat tools might mess with a game’s memory or code from the outside. That allows anti-cheat developers to detect a wider variety of cheating threats, as Murphy explained in an extensive FAQ.
The concern from gamers came quickly. You have to keep in mind that none of this occurs without the context of history. There’s a reason why, even today, a good chunk of the gaming public knows all about the Sony rootkit fiasco. They’re aware of the claims that DRM like Denuvo’s affects PC performance. They’ve heard plenty of horror stories about gaming companies, or other software companies, coopting security tools like this in order to slurp up all kinds of PII or user activity for non-gaming purposes. Hell, one of the more prolific antivirus companies recently announced a plan to also use customer machines for crypto-mining.
So it’s in that context that hearing that EA would please like to access the most base-level and sensitive parts of a customer’s PC just to make sure that fewer people can cheat online in FIFA.
Privacy aside, some users might also worry that a new kernel-level driver could destabilize or hamper their system (à la Sony’s infamous music DRM rootkits). But Murphy promised that EAAC is designed to be “as performant and lightweight as possible. EAAC will have negligible impact on your gameplay.”
Kernel-level tools can also provide an appealing new attack surface for low-level security exploits on a user’s system. To account for that, Murphy said her team has “worked with independent, 3rd-party security and privacy assessors to validate EAAC does not degrade the security posture of your PC and to ensure strict data privacy boundaries.” She also promised daily testing and constant report monitoring to address any potential issues that pop up.
Gamers have heard these promises before. Those promises have been broken before. Chiding the public for being concerned at granting kernel-level access to their machines just to keep online gaming less ridden with cheaters is a tough sell.
Filed Under: anti-cheat, kernel, security, video games
Companies: ea
Comments on “EA Announces New Anti-Cheat Tech That Operates At The Kernel Level”
Bloodsuckers
It’s not just DRM with these guys. As soon as I read “EA” I knew I wasn’t going to buy it.
“EAAC will have negligible impact on your gameplay.”
Wrong. It will have a serious impact, because we aren’t going to play games that subject OUR hardware and software to such compromise.
On the other hand, we will have a lot of fun cracking whatever crap game companies attempt to insert beyond the application memory space. Likely to be much more interesting than the game itself.
Re:
Oh hey, Riot tried this with their Valorant anti-cheat tool.
It was derided, then cracked in 3 weeks.
I get the concerns, but reminder: kernel-level anti-cheat uses the same code as malware. While it’s one use of malware that I reluctantly allow, due to the needs of online competitive gaming, I’m not too happy about it too.
Whenever someone says “PC”, I assume (and most likely correctly) that they are speaking of the Windows portion of that world. I have to express my wonder at how the Linux community will react to this kind of news. Or if EA (and others) will just ignore that segment.
WINe, nearly all VM systems, and Plays On Linux will all be highly impacted, I’m sure. I don’t see this going smoothly, not at all.
Re:
Not to mention the ever growing Steam Deck market.
Re:
It’ll be a cold day in **** before crap like that makes it into the Linux kernel.
Re:
No chance in hell that this stuff cpu even be attempted in the Linux, BSSd, or Apple. With some rare hand-compiled exceptions, you simply can’t do it without going to the extreme in changing settings.
Nope, these games just won’t come to non-windows computing.
Re: Re:
Cpu-> couls
Kernel level is for kernel coders, not games.
There is already a barrier to getting support if you’ve made modifications to your operating system. The Windows UAC and TPM and Bitlocker and other tools make it very difficult to mess with the OS. That allows a trust relationship between software consumers and vendors… so that a consumer that reports an issue with software isn’t victim blamed.
Unfortunately, any modifications made to the running kernel will only hurt that trust. Instead of “what version of Windows are you running” the vendor will want to ensure the kernel is untouched.
In the Linux world, if you install something that is unverified as being superawesome it flags its presence. For example, loading the NVIDIA binary blob driver wins you this:
Fundamentally altering how the operating system works is a legitimate goal, but doing so in a way that is unverifiable (e.g. no source code and no inspection by trusted parties) is not.
E
Would that make them Murphy’s Laws?
One would hope that the gamers would give EA the finger, but after watching Nintendo shitting on its fans with no great outcry, I have little hope of seeing this.
We’re doing this to protect the fun!
No one likes cheaters!
Yep and the only possible way to do this is to give us unfettered, unrestricted access to your system at a deep level that we “can’t” tell you about or the cheaters will win!!
Of course they would NEVER EVER misuse this to their benefit, look at all of those sensitive databases LEO’s have access to and promise to not abuse… oh wait.
We can’t trust fscking cops to not abuse their access and we are to expect that some drone inside EA won’t take a peek to see what they can see?
Re:
I didn’t even watch the last Nintendo Direct. You know what finally broke the camel’s back? Getting a Steam Deck. I didn’t need Nintendo anymore.
Re:
One would hope that the gamers would give EA the finger, but after watching Nintendo shitting on its fans with no great outcry, I have little hope of seeing this.
I’ve been flipping EA and Nintendo both birds for over a decade now. Any games I buy for my Nintendo consoles are pre-owned, as were the consoles themselves, and unless they come for one of those consoles (such as The Sims 2 and The Sims: Castaway) because the carts are clean of malware, then I don’t buy games from EA at all.
In as few words as possible
Linux world laughs at you for suggesting this. Windows world eyes you skeptically. Apple just tells you to get the fuck out.
Who at EA thought this was a good idea?
I’ve said it before, I say it again: If you want anti-cheat tools? Run them server side. Or make them otherwise optional for leaderboards or what not.
EA stands for 'Everything's Accessable', who knew?
EA: Give us complete and total access to your computer, what could possibly go wrong?
Re:
Hackers breaking the anti-cheat in 3 weeks or less.
I mean, Riot Games fucking tried…
Re: Re:
Hackers figuring out how to detect and exploit the anti-cheat module to take over your machine.
Re: Re: Re:
Well, modern anti-cheat software is basically repurposed malware in terms of principles and sometimes code…
Re:
Right. It’s not like we had any issues, after all. Oh, wait…
Irony
Is it funny how I trust online pirates more than I trust EA?
Re: Trust the "crook" except the "crook" is more honest than the "cop."
You make a great point. Let’s face it, we read about lots of stories of corrupt cops ruining people’s lives. Today there was a piece Tim wrote up right here on TD about redactions in a case where cops lost their qualified immunity to COMPLETELY F UP some woman’s life who was cooperating with them and in the right.
Speeders are people who exceed the speed limit. I’m one of them. In my home state exceeding 85MPH or the posted speed limit by 15MPH is criminal. So I am a criminal. My friends are criminals.
My ex-business partner spent $5K to plead a criminal traffic citation down to no jail no “other fines”.
My adopted son spent about that for the same thing. Same freeway-haunted jurisdiction. Don’t speed on I-10 near Eloy, AZ!
My other friend in an SUV had her car impounded, license taken, jail for the night, then pled down to “careless driving.”
Another smashed into a barrier… was smashed herself… and because of her job refused to take a plea… so ended up doing 3 days in jail and $250 fines and 20 hours community service.
AND YET I trust all these “criminals” more than the cops who steal money from veterans, cars from poor people, houses from landlords who rent to pot-users, and then cover their tracks, cover for each other, get the court to give them qualified immunity, and continue this vicious cycle.
So YEAH, it is FUNNY how you trust online pirates more than EA. Pirates give you stuff. They don’t destroy your stuff. EA, who knows. All the DRM in the world won’t make me trust them.
Re: Re:
Yeah, it’s like Valve is the only big company who understands all this (as telling by their “Piracy is a service problem” statement a while back and their current Steam Deck which is open AF).
Re: Re:
In my home state, exceeding 85MPH or the posted speed limit by 15MPH is criminal.
Dude, you just doxxed yourself. I now know you’re a Texan.
Re: Re: Re: Texas doesn't criminalize speeding in and of itself.
No, but you just outed yourself as being utterly unable to complete a Google search.
Re: Re: Re:2
No, but you just outed yourself as a liar. First result in Google, fuckball.
I'm skeptical about EA as a company
The very first thing to think when you hear the letters E and A is their gameplay-affecting microtransactions. We all remember the Staw Wars: Battlefront 2 controversy. I predict this anticheat will be mostly focused on its pay2win scheme to defend its microtransactions, the same way Grand Turismo 7 requiring an internet connection (despite being a ps4/5 exclusive) not because of piracy, but because of the same reason and also plan to be a live service.
Also, it’s FIFA 23, the series that are infested with microtransactions and these games barely get any major update from the previous years.
Your choice, my choice
I get that a lot of these anti-cheat systems are designed and installed to keep casual gamers from getting frustrated when faced with potential cheaters.
What I don’t get is how most titles require me to install these things when I only want to play solo/offline…
At least give me the option to not install the anti-cheat, even if that means that competitive play and things like achievements are disabled/limited.
At this point, the arms-race has gotten to the point that I rather not install the anti-cheat software (and possibly the entire game) because of security concerns.
Consider it a lost sale 🙂
Re: Option to not use anti-cheat software.
I have only ever seen one game do this as an option. It is a smaller indie game called Unturned
Anti-cheat software is essentially DRM, so…
…here’s a quick reminder:
DRM (initialism for “Digital Rights Management”) — noun — closed-source “black box” spyware that acts as the digital equivalent of an ankle bracelet tracking device for paying customers but does nothing to prevent copyright infringement carried out by non-paying customers; colloquially known as “Digital Restrictions Management”; a stupid fucking idea
Re:
It’s worse when you realize that modern kernel-level anticheat software operates on a similar principle to malware.
So it’s basically akin to swallowing a poison to not cheat, and getting the antidote as long as you don’t cheat, while playing.
Re: Not quite...
…colloquially known as “Digital Restrictions Malware”…
FTFY. 🙂
Re: Re: Not Quite
DRM = Digital Rights MisManagement
Legitimate Owners/users Inconvenienced, but not the pirates.
Re:
Digital Rogue Militarism
Stop blaming cheaters
It wasn’t cheaters that forced me out of multiplayer games. It was the terrible mechanics, a reskinned game I already bought, narrow kill boxes, limited player base and microtransactions. Instead of rolling out quality games that can retain players, studios seem to go out of their way to piss of as many people as they can.
Stick to consoles
If they are really so concerned about security, and not say, all of the business opportunities this might open up for them, stick with console gaming. Consoles are already fairly locked down and it’s already more difficult to cheat with one than a bog standard PC.
Want a locked down ‘gaming‘ machine, Sony, Microsoft, Nintendo are all more than willing to sell you one.
….but, last time I checked, they don’t have all of that juicy PII, and the console makers somewhat limit your opportunities for making additional money on the side.
Time to stop buying EA games.
So, when is the exploit that allows this going to be oatched out of the kernel?
Oh wait, it’s allowed because someone paid enough to be a “trusted provider” never mind.
Buy the game?
One word!
Nope.
Moving on now.
Re:
Ah but you see you’ve stumbled upon the truth behind their masterful anti-cheat strategy, as no-one is less likely to cheat than someone who isn’t even playing the game.
By reducing the number of suckers buying their games they reduce the number of potential cheaters, making this one of the most effective anti-cheat moves in gaming history.
Amazing
Wow It’s Really Amazing game.
Let’s go ahead and pre-applaud the throngs of idiots that will buy these infected games anyway because: gotta have the latest version. As infected game sales numbers go unaffected, more and more publishers will attempt to follow EA’s example until some class action lawsuits smack the house of cards down.
Mixed feelings
On one hand, I get the concerns people are having about this (especially in terms of playability on platforms outside Windows – most notably Steam Deck). On the other hand, cheats have been abusing kernel mode themselves to get around the previous user-mode anticheat systems and wreak havoc in online multiplayer (Riot pretty much said exactly this when they announced their anticheat kernel mode driver) so I understand devs/publishers wanting to move anticheat into kernel mode themselves to stop those cheats and protect the online MP experience from cheaters.
Re: YOU understand
Anonymous Coward, you wrote:
Was there a minute you were thinking ANYONE IN THE WORLD CARES what a self-described NOBODY LIKE YOU cares about anything?
I don’t give a rat’s ass what you claim to understand. You can post anonymously, but you have ZERO credibility. You understand nothing. You care about nothing. You know nothing. You are nothing but ALL THE ANONYMOUS POSTER guy together.
You have the power to speak anonymously. It comes with no credibility, no care, no trust. Act accordingly, Fido.
Re:
Understandable, but wise?
One of the things that made old games fun was the options.
The ability to play normal. Play with cheats. And when you get bored and are finished, go back and hack the game with clipping codes and explore.
Internal exploration has been replaced with user interactions.
That’s good for many users. But not good for many too!
Many gamers don’t like user interaction at all. And some simply hate it.
And then we get stuff like this. Of all the methods to stop those “cheaters”…
Just no!
And in this there’s a loss of psychology in understanding what is happening.
You have those who feel crushed by being new and being totalled by long time users. There’s no fun in that.
You have trolls who just like to cause trouble. Just like real life.
You have bigots and activists who have agendas.
And You have users that just want to explore.
Can I frag myself to the top of that hill? I see a hole, can I get in?
Is that really an alien?
And as long as these companies continue to target everyone the same they will slowly loose players.
But to start toying with the kernel and installing lower level functionality… that’s beyond bad. Because not once has such an approach or ended in catastrophe!
Re: Re:
Those options died when companies moved away from the user-generated servers/server browser model to centralised matchmaking systems. On PC (and also consoles where games have cross play), this shift has resulted in increased exposure to cheaters and that, in turn, results in criticism about the dev/publisher not doing enough to stop cheaters (which in turn results in the game losing players as word gets around).
rfx leather
Fantastic post with really emotional and enlightening content. Please keep it up.
Leather Shearling Coat”
B3 Bomber Shearling Jackets
Biker Leather Vests”
Shearling Leather Jackets”
Ah but you see you’ve stumbled upon the truth behind their masterful anti-cheat strategy, as no-one is less likely to cheat than someone who isn’t even playing the game.
By reducing the number of suckers buying their games they reduce the number of potential cheaters, making this one of the most effective anti-cheat moves in gaming history.
What's this?
Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »