ENSIKLOPEDIA

Kembali ke Ensiklopedia Arsip Wikipedia Indonesia

Kernel-level anti-cheat

Kernel-level anti-cheats are a type of anti-cheat that run at a lower system level, making it harder for cheats to avoid detection. Kernel-level monitoring has received much criticism from cybersecurity experts since they require the highest level of trust.^[1] Supporters argue that kernel-level access is necessary to detect sophisticated cheats that operate at the same privilege level.

Technology

Kernel-level anti-cheat systems are software mechanisms that operate within an operating system's kernel space (Ring 0) in order to detect and prevent unauthorized modification of video game processes. Unlike user-mode anti-cheat systems, which operate at the same privilege level as standard applications (Ring 3), kernel-level implementations use privileged drivers to monitor system activity at a lower level.^[2]^[3]

Kernel-level anti-cheat systems have historically had limited support on Linux. Differences in driver signing requirements, kernel module policies, and the decentralized nature of Linux distributions can complicate the deployment of proprietary kernel drivers^{[citation needed]} compared to Windows, where driver signing and distribution are centrally managed by Microsoft.^[4]

Because kernel-level systems have such a high level of trust, any software that wants to enter kernel space (running Windows) must be digitally signed according to Microsoft's driver signing requirements.^[5] It is possible to disable these requirements, but anti-cheats detect this and prevent the game from running.^[6]

Security

Code signed drivers are susceptible to vulnerabilities like any other software. However, the elevated privilege afforded to kernel-level anti-cheats amplifies the impact of any vulnerability found in the software.^[2] In one reported case, the anti-cheat driver mhyprot2.sys used by Genshin Impact was abused by ransomware actors to disable antivirus software.^[7]

Kernel-level drivers, the same technology, were also the cause of the 2024 CrowdStrike-related IT outages.^[8]

Support and rationale

Conventional anti-cheats run in user mode with limited access. These anti-cheats may be unable to reliably detect and intercept kernel-mode cheats. By running in Ring 0, kernel-level systems can observe low-level system calls, drivers, and memory interactions that would otherwise be inaccessible to user-mode applications.^[9]

Game developers have stated that kernel-level anti-cheat mechanisms are intended to preserve competitive integrity, particularly in online multiplayer environments where cheating can undermine matchmaking systems, ranked play, and esports competition.^[10]

References

↑ Litchfield, Ted. "According to experts on kernel level anticheat, two things are abundantly clear: 1) It's not perfect and 2) It's not going anywhere". pcgamer.com. Retrieved 13 February 2026.
1 2 3 Orland, Kyle. "Ring 0 of fire: Does Riot Games' new anti-cheat measure go too far?". Retrieved 13 February 2026.
↑ smellington, smelly. "Why do video games use kernel-mode anti-cheats?". malware source code. Retrieved 13 February 2026.
↑ Demenais, Lucas. "A History of Anti-Cheat Techniques in Video Games, from Server-Side Code to Kernel Level". Retrieved 13 February 2026.
↑ "Digital Signatures for Kernel Modules on x64-based Systems Running Windows Vista". WHDC. Microsoft. 19 May 2006. Archived from the original on 12 April 2006. Retrieved 13 February 2026.
↑ "[PC] How to Resolve Easy Anti-Cheat Errors". Fatshark. 9 December 2025. Retrieved 22 April 2026.
↑ Soliven, Ryan; Kimura, Hitomi. "Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus". Retrieved 13 February 2026.
↑ Ionescu, Alex; Petrbok, Milos; O’Brien, Martin; Shaw, Johnny. "Tech Analysis: CrowdStrike's Kernel Access and Security Architecture". CrowdStrike.com. Retrieved 22 April 2026.
↑ Babur, Yousaf; Tahir, Saqib. "How Far Is Too Far: War Against Cheaters". Retrieved 13 February 2026.
↑ "/dev/null: Anti-Cheat Kernel Driver". leagueoflegends.com. Retrieved 14 February 2026.