this post was submitted on 02 Nov 2025
815 points (98.2% liked)

Technology

76646 readers
3417 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
815
Nearly 90% of Windows Games now run on Linux, latest data shows (www.tomshardware.com)
submitted 4 days ago by herseycokguzelolacak@lemmy.ml to c/technology@lemmy.world
163 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] FreedomAdvocate 1 points 2 days ago* (last edited 2 days ago) (1 children)

For this type of anti-cheat yes, they do.

You can choose not to let them, it just means you can't play the games. Do you believe they're installing malicious code or something in the anti-cheat?

[–] cyberpunk007@lemmy.ca 1 points 1 day ago

Exactly. This is not a type I need. My kernel does not need to be invaded. It's literally enabling spyware and you'd never know it.

Do I believe it? I don't know. But it's possible and I'd never know, so fuck that.

  1. ESEA Bitcoin miner incident (2013) In April 2013 ESEA (a third-party matchmaking + anti-cheat service) had a built-in bitcoin-miner component in their client. It was discovered by users in May. � XDA Developers +1 Because the ESEA client ran with high privileges (as a driver/anti-cheat style client), the mining component was harder to detect and harder to remove compared to normal user-mode software. � XDA Developers The company settled for a $1 M payout. � Lesson: Granting deep OS access to a client means if it goes rogue (or is malicious) you get real damage (mining, rootkit-like behaviour, etc). XDA Developers
  2. Riot Vanguard (for VALORANT) and related complaints Vanguard is the kernel-level anti-cheat used by Riot Games in VALORANT. � Wikipedia +1 It has drawn criticism for its always-running behaviour (some users report it loads at boot even before the game). � Gist +1 Some users report system instability (blue screens) after installation. � Lesson: Even if the anti-cheat isn’t malicious per se, because it’s so deep, any defect or compatibility issue can cause system-wide pain (crashes, instability). XDA Developers
  3. Theoretical/privacy risk: drivers acting like rootkits Academic work (“If It Looks Like a Rootkit…”) analyses KLAC and finds that some solutions behave very similarly to rootkits: intercepting kernel calls, hiding modules, monitoring broad system activity. � arXiv Articles note that allowing game companies to insert drivers at boot time that monitor “outside the game” sets a “potentially dangerous precedent”. � Lesson: Even when everything is “legal”, the architectural model has intrinsic risk: trusted code has extremely high privileges; if trust is misplaced (malicious dev, insider threat, compromise) you have huge exposure. How-To Geek
  4. Example of “residual services” / bad uninstall behaviour A Steam forum post (for game “Delta Force (2025 video game)”) reported that the anti-cheat driver “ACE-BASE / AntiCheatExpert” remained active even after game uninstall, caused conflicts, etc. � Lesson: When kernel-level drivers aren’t cleanly managed/uninstalled, they can linger as “shadow” privileged components, increasing risk surface. Steam Community
  5. Corporate/State concerns & data-privacy An article points out that KLAC by its nature has full system visibility (“what this means is that this type of spyware can exfiltrate sensitive information…”) and calls out potential misuse—especially worrying when combined with acquisitions or state-influence (e.g., the purchase of a KLAC-provider by a sovereign entity). � Lesson: Beyond just “can it crash my PC”, there’s question of what else the driver could observe (system activity, other processes, telemetry) and whether user has meaningful control.