Wow, what a bad article. “Companies can spy on you anyway so just give them kernel access” is interesting logic… They tout the effectiveness of kernel-level anti-cheat by claiming they’ve never encountered a cheater in Valorant. This is either a lie or ignorance that demonstrates the author isn’t qualified to write on the topic. A websearch will return pages of results and examples of working cheats for Valorant. Valorant is actually one of the easier games to write cheats for.
The majority of cheats used today are not impacted or detected in any way by kernel-level anti-cheat. At all. This is because most cheats are not even run on the machine that is used to run the game. Its wild that the author just doesn’t address this reality.
Cheaters use a 2nd computer, outside the reach of anti-cheat, that receives and processes the video-output of the game. The kernel-level anti-cheat can only monitor the system that the game actually runs on, which is completely clean. The 2nd computer runs either a colorbot (especially trivial and effective for games like Valorant that outline enemies in a solid color) or an AI object-recognition model (a quick search will return loads of specialized models trained for various online shooters) to identify the location of enemies on screen. It then generates mouse movements and inputs that are sent back to the 1st computer running the game, while the kernel-level anti-cheat is completely unaware.
These cheats are so efficient that they are commonly run on cheap hardware like an arduino or raspberry pi, and the code is often very simple, sometimes just ~100 lines of python. They can also be subtle and hard to notice by other players (probably why the author may believe they don’t play with cheaters in Valorant), providing aim-assist or click-assist that works with the cheater’s authentic mouse movements, and sometimes only kicks in when an enemy is already close to the cheater’s crosshair.
The author also cherry-picks examples to lead the reader into believing that all multiplayer games require Windows anti-cheat to be successful, while conveniently not mentioning the many competitive multiplayer games that do support Linux and are a perfectly normal online experience, eg Marvel Rivals, Overwatch, Halo Infinite, or Dota 2. Can the author explain why these games are completely fine without Windows anti-cheat?
They don’t challenge, and misrepresent, the invalid reasoning given by some of these game companies for why they arbitrarily chose to block access from Linux, for example Apex Legends claimed the majority of their cheaters use Linux. But wait, how could they know that if cheaters cannot be detected on Linux? So they must be successfully detecting Linux cheaters. Apex Legends’ actual reasoning for disallowing Linux directly contradicts the claims that the author is trying to make. It’s not true that the majority of their cheaters run Linux, of course. The majority of cheaters fly under the radar by running Windows and allowing the anti-cheat to verify a clean system, while just running the cheat software on a 2nd computer.
Thank you for writing this, it has saved me from having to write it myself :) also I believe you have explained it much better than I ever could. As I was reading the article I was just scratching my head… Is the author oblivious of actual cheating options? Why is he talking of direct memory manipulation only? Is he trying to sell some idea here or is it just ignorance?
Also, security through obscurity… If the kernel side anticheat code is so safe and good at catching cheaters surely they can share the source of what it does… Unless sharing it would mean it can be circumvented so kernel anticheat is actually just as useless, just a matter of finding how to get past it.
There was so much wrong in the article but somehow written with enough truth to it that it’d be easy for most readers to not realize the flaws in the logic it has. But the very worst you also pointed it out, “companies can spy on you already with superuser access so having code on kernel level must mean it is only done for good, no reason to fear it”. Wow, such horrible logic.
And the last point you raise that the majority of cheaters in Apex used Linux reminded me of some absurd logic these companies keep using. When a game could be run on linux they will say that there’s not enough users to justify supporting Linux, so it’s OK to force anticheat that only runs on windows. But at the same time the majority of cheaters were using Linux… OK so what is it, how can there be a majority of users cheating on Linux if there is not enough users in Linux to support it? If there’s so few and cheating is mostly happening in Linux, how is cheating so prevalent? So yeah, the cheaters are not using Linux or there is a huge market of hidden Linux players.
not the author, but it is interesting that instead of staying on topic, you diverge the reader to some contraption that as you say doesnt even run code on the machine we are hypothetically talking about.
i believe the article i brought forward was from an earnest, non-cheating gamer, sounds even like a dev to me, trying to clear up to non-dev gamers or devs-who-havent-touched-AC-tech-so-far-as-a-dev (like myself) why (some) anti cheat protected games dont play on linux.
and, pardon my french but you seem to be trying to be a dick. the article was only relevant in so far as it’s about anti-cheat and was not in response to this lemmy post. look at the date.
and i clearly stated it as only kinda relevant. so, like, chill out dude.
How can you read from his comment that he is trying to be a dick? He is clearly criticizing and reasoning against the point in the article you shared. The author in that article is being disingenuous or naive at best or misleading on purpose at worst. It feels like you are the one in need of chilling out.
That’s not to say the author of the article is lying, that’s the biggest issue, the article is written with enough truth to make it seem like it makes sense. But the reality is that the article only describes why kernel anticheat is not useful in linux, disregarding entirely the fact that kernel anticheat is an absolutely terrible solution that truly only causes more trouble than it helps catching cheaters. It’s like someone trying to sell you the idea of why this or that lock for your house’s door is bad or good as it can easily be picked by an expert while ignoring the fact that most thieves won’t pick the lock and just break a window or something. Using kernel anticheat won’t stop cheaters, which should be obvious by now with so many real life examples, so it’s just extra software running impacting negatively and increasing the risk for security issues.
You were the only one calling someone a dick just because they didn’t agree with an article you shared. No one is fighting with you, we are criticizing the article as being misrepresentative of reality, you are taking all this weirdly personally while we were commenting on the topic of that article.
i said “you seem to be trying to be a dick”. now you are misrepresenting what i said.
ok then, here we go: how do you think COULD anti cheat catch such a contraption?
how is such a contraption relevant to a kernel driver on another machine?
the article isnt about “how to cheat nowadays effectively” but “why dont these games work on linux?” and also what joyjoy above correctly took away: “gamedevs COULD do better and not need to rely on kernel level anticheat like valorant does and yet here we are.”
how do you think COULD anti cheat catch such a contraption?
Server-side analysis of player behavior. It’s difficult and a mostly losing battle, but that’s really the only option that could be effective.
“why dont these games work on linux?”
The games do work on Linux. Many of the games the author described were working with Linux perfectly until the companies arbitrarily made a policy decision to block Linux players from the games. The anti-cheat is what does not work on Linux, for the reasons the author described, however the anti-cheat also does not actually work on Windows either, because it does not lessen cheating in these games. It doesn’t even prevent cheats that use traditional methods that kernel-level anti-cheat was designed to stop, for example there are many videos of cheaters showing off wallhacks and on-device aimbots in Battlefield 6 on launch day. The anti-cheat was defeated in less than 24 hours.
how is such a contraption relevant to a kernel driver on another machine?
Such a “contraption” is relevant because it is what people actually use for cheats in 2025, and because it defeats the anti-cheat described by the author, which they falsely claim is effective at stopping cheaters.
instead of staying on topic, you diverge the reader to some contraption that as you say doesnt even run code on the machine we are hypothetically talking about
This is simply the current state of video game cheats. It’s not “as I say”; it is. To not even mention it while making claims like “anti-cheat is effective in games like Valorant (one of the most popular games for cheats)” is completely disingenous. Go ahead and search “valorant colorbot” in your choice of search engine.
Wow, what a bad article. “Companies can spy on you anyway so just give them kernel access” is interesting logic… They tout the effectiveness of kernel-level anti-cheat by claiming they’ve never encountered a cheater in Valorant. This is either a lie or ignorance that demonstrates the author isn’t qualified to write on the topic. A websearch will return pages of results and examples of working cheats for Valorant. Valorant is actually one of the easier games to write cheats for.
The majority of cheats used today are not impacted or detected in any way by kernel-level anti-cheat. At all. This is because most cheats are not even run on the machine that is used to run the game. Its wild that the author just doesn’t address this reality.
Cheaters use a 2nd computer, outside the reach of anti-cheat, that receives and processes the video-output of the game. The kernel-level anti-cheat can only monitor the system that the game actually runs on, which is completely clean. The 2nd computer runs either a colorbot (especially trivial and effective for games like Valorant that outline enemies in a solid color) or an AI object-recognition model (a quick search will return loads of specialized models trained for various online shooters) to identify the location of enemies on screen. It then generates mouse movements and inputs that are sent back to the 1st computer running the game, while the kernel-level anti-cheat is completely unaware.
These cheats are so efficient that they are commonly run on cheap hardware like an arduino or raspberry pi, and the code is often very simple, sometimes just ~100 lines of python. They can also be subtle and hard to notice by other players (probably why the author may believe they don’t play with cheaters in Valorant), providing aim-assist or click-assist that works with the cheater’s authentic mouse movements, and sometimes only kicks in when an enemy is already close to the cheater’s crosshair.
The author also cherry-picks examples to lead the reader into believing that all multiplayer games require Windows anti-cheat to be successful, while conveniently not mentioning the many competitive multiplayer games that do support Linux and are a perfectly normal online experience, eg Marvel Rivals, Overwatch, Halo Infinite, or Dota 2. Can the author explain why these games are completely fine without Windows anti-cheat?
They don’t challenge, and misrepresent, the invalid reasoning given by some of these game companies for why they arbitrarily chose to block access from Linux, for example Apex Legends claimed the majority of their cheaters use Linux. But wait, how could they know that if cheaters cannot be detected on Linux? So they must be successfully detecting Linux cheaters. Apex Legends’ actual reasoning for disallowing Linux directly contradicts the claims that the author is trying to make. It’s not true that the majority of their cheaters run Linux, of course. The majority of cheaters fly under the radar by running Windows and allowing the anti-cheat to verify a clean system, while just running the cheat software on a 2nd computer.
Thank you for writing this, it has saved me from having to write it myself :) also I believe you have explained it much better than I ever could. As I was reading the article I was just scratching my head… Is the author oblivious of actual cheating options? Why is he talking of direct memory manipulation only? Is he trying to sell some idea here or is it just ignorance?
Also, security through obscurity… If the kernel side anticheat code is so safe and good at catching cheaters surely they can share the source of what it does… Unless sharing it would mean it can be circumvented so kernel anticheat is actually just as useless, just a matter of finding how to get past it.
There was so much wrong in the article but somehow written with enough truth to it that it’d be easy for most readers to not realize the flaws in the logic it has. But the very worst you also pointed it out, “companies can spy on you already with superuser access so having code on kernel level must mean it is only done for good, no reason to fear it”. Wow, such horrible logic.
And the last point you raise that the majority of cheaters in Apex used Linux reminded me of some absurd logic these companies keep using. When a game could be run on linux they will say that there’s not enough users to justify supporting Linux, so it’s OK to force anticheat that only runs on windows. But at the same time the majority of cheaters were using Linux… OK so what is it, how can there be a majority of users cheating on Linux if there is not enough users in Linux to support it? If there’s so few and cheating is mostly happening in Linux, how is cheating so prevalent? So yeah, the cheaters are not using Linux or there is a huge market of hidden Linux players.
not the author, but it is interesting that instead of staying on topic, you diverge the reader to some contraption that as you say doesnt even run code on the machine we are hypothetically talking about.
i believe the article i brought forward was from an earnest, non-cheating gamer, sounds even like a dev to me, trying to clear up to non-dev gamers or devs-who-havent-touched-AC-tech-so-far-as-a-dev (like myself) why (some) anti cheat protected games dont play on linux.
and, pardon my french but you seem to be trying to be a dick. the article was only relevant in so far as it’s about anti-cheat and was not in response to this lemmy post. look at the date.
and i clearly stated it as only kinda relevant. so, like, chill out dude.
How can you read from his comment that he is trying to be a dick? He is clearly criticizing and reasoning against the point in the article you shared. The author in that article is being disingenuous or naive at best or misleading on purpose at worst. It feels like you are the one in need of chilling out.
That’s not to say the author of the article is lying, that’s the biggest issue, the article is written with enough truth to make it seem like it makes sense. But the reality is that the article only describes why kernel anticheat is not useful in linux, disregarding entirely the fact that kernel anticheat is an absolutely terrible solution that truly only causes more trouble than it helps catching cheaters. It’s like someone trying to sell you the idea of why this or that lock for your house’s door is bad or good as it can easily be picked by an expert while ignoring the fact that most thieves won’t pick the lock and just break a window or something. Using kernel anticheat won’t stop cheaters, which should be obvious by now with so many real life examples, so it’s just extra software running impacting negatively and increasing the risk for security issues.
i already stated my intentions. now you are picking fights. gbye
You were the only one calling someone a dick just because they didn’t agree with an article you shared. No one is fighting with you, we are criticizing the article as being misrepresentative of reality, you are taking all this weirdly personally while we were commenting on the topic of that article.
i said “you seem to be trying to be a dick”. now you are misrepresenting what i said.
ok then, here we go: how do you think COULD anti cheat catch such a contraption?
how is such a contraption relevant to a kernel driver on another machine?
the article isnt about “how to cheat nowadays effectively” but “why dont these games work on linux?” and also what joyjoy above correctly took away: “gamedevs COULD do better and not need to rely on kernel level anticheat like valorant does and yet here we are.”
im done with you two.
Server-side analysis of player behavior. It’s difficult and a mostly losing battle, but that’s really the only option that could be effective.
The games do work on Linux. Many of the games the author described were working with Linux perfectly until the companies arbitrarily made a policy decision to block Linux players from the games. The anti-cheat is what does not work on Linux, for the reasons the author described, however the anti-cheat also does not actually work on Windows either, because it does not lessen cheating in these games. It doesn’t even prevent cheats that use traditional methods that kernel-level anti-cheat was designed to stop, for example there are many videos of cheaters showing off wallhacks and on-device aimbots in Battlefield 6 on launch day. The anti-cheat was defeated in less than 24 hours.
Such a “contraption” is relevant because it is what people actually use for cheats in 2025, and because it defeats the anti-cheat described by the author, which they falsely claim is effective at stopping cheaters.
I’m responding to the article you posted.
This is simply the current state of video game cheats. It’s not “as I say”; it is. To not even mention it while making claims like “anti-cheat is effective in games like Valorant (one of the most popular games for cheats)” is completely disingenous. Go ahead and search “valorant colorbot” in your choice of search engine.
that was not claiming that you were misrepresenting something. read it again if you must. gbye