cross-posted from: https://programming.dev/post/35893414
Comments
Anti-cheat engines are now requiring users to have Secure Boot and a fTPM enabled in order to play online multiplayer games. Will this decrease the amount of cheating, or is it a futile attempt at curbing an ever-growing problem?
You must log in or register to comment.
I’ve basically told my friends I wont play games that require secure boot and kernel anti cheat. I don’t use windows anymore, and I dont want to support these studios anyways.
Interesting so they’re using secure boot to hardware ban but I could see used hardware being an issue now :/
While I don’t doubt that’s part of the reason. I would assume ensuring only the microsoft key was used to create a trusted boot path to a clean windows install. At which point during the boot process these invasive anti-cheat engines take over and are then watching everything loading makes it a bit harder to cheat.
But I think there’s a lot of hardware options available that could still remain invisible here. Maybe it makes software options close to impossible though. Not too sure, there’s always inventive workarounds people come up with.
I always find it amusing the lengths people will go to, to cheat… Just short of, learning to play the game better.
It’s the hardware cheats that are used in commercial operations (boosting, account leveling, etc).
Secure Boot will prevent EFI cheats which load before Windows, that’s about the only new feature as far as anti-cheat.
It’ll let them ban a CPU by Endorsement Key so you’ll need a new CPU to get around the ban. Because of this, used CPUs could come with bans already attached.
Imagine buying a used CPU and then getting your account banned the instant you try to login.
It’s a combination of hardware, not a single motherboard ban. Unless you buy a whole used PC, there’s no issue
I never got interested how anti cheat software works but article claims kernel level anti cheat relies on hardware fingerprint. They say people can buy new game and cheat again, I think it’s cheaper now for people to buy new hard drive and change fingerprint and don’t even bother with this shit. This is stupid.
Interesting article on how secure boot functions. Thanks!
Agreed, a good article and I learned a lot from it. One thing I learned is that while secure boot and tpm are neat, I’m more confident than ever that they are just overkill and unnecessary for an average user.
Whether intentional or not - they DO get in the way of using other OSs or bootable flash drives like ventoy. Either by by malicious intent, accidental non signing or delayed signing, or just general complexity of coordinating signing everything with all the manufacturers.
It’s just a lot of hoopla for…. What?
Anti cheating? There’s been cheaters in online gaming forever and that will never change. Give me the option to make friends and play private games with them and I don’t care who cheats.
Security? I mean I guess…. but “don’t boot shady crap and make sure you’re downloading the right stuff” goes pretty far.
I dunno - secure boot and tpm are the first things I turn off and I’m not interested in using software that insists I turn them on. The juice ain’t worth the squeeze.
It does seem a bit overkill especially for home desktop use. I think with laptops an argument could be made that there may be some benefit even for home users.
But for gaming anti-cheat specifically, it’s definitely overkill.
Question. What is wrong with ip ban? Is it because a vpn can get around it? Isn’t a vpn slow to game on?
You can often change your IP by rebooting your router. So the only way an IP ban can really work is when you start banning blocks of IPs, but that can hit other people who have no reason to be banned.
VPNs also aren’t always slower, though they often are. They change the route your packets take, which could have fewer hops to get to their destination, or could have faster connections in some places compared to your standard route.
Also users behind large NAT gateways (colleges/dorms, apartment complexes with ISP contracts) or CGNAT (most mobile users including 5G hotspots which could be a primary internet connection for a household) will often appear to be behind one or a handful of IPs, and not only does blocking one block them all, but blocking a gateway IP that is part of a pool might not necessarily block the intended user at all. Also as was stated, it’s trivial to get a new IP either via VPN or, sometimes, resetting your modem.
IP bans are often not effective.
I figured it wasn’t feasible now. Darn. It sucks there’s no better option theyre offering other than kernel anti cheat which means gaming on linux will be dead again in 4 years
This just came up for me yesterday. League would not start without ftpm enabled.
Great article.
Probably a dumb question, but my mobo has an option in the setup utility to “enroll hash” and it seems to let me pick an .efi executable.
Can I just use that to sign any bootloader (or efi executable for that matter) I want, e.g. HackBGRT, GRUB2, and if so, would that allow me to play Battlefield 6, or would the other features like TPM attestated logs indicate the chain loading and flag me for a ban (or simply not let me launch the game) ?
No, Windows anti-cheats will check specifically for Microsoft’s keys in use.
None of this is actually about cheating. All of these companies want control over as many people as they can get their grubby fat fingers around.
