this post was submitted on 14 Nov 2025
631 points (99.2% liked)
Linux
10190 readers
751 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
is kernel level anti cheat even doing anything? or like can you still just go to some sketchy forum/ whatever and buy a cheat , or maybe even download one for free for these games
Gta added it to remove linux players thinking they were the cheaters. Cheaters got around it the same day.
To answer your question, anti cheat is used to stop other operating systems from running their games, not cheaters.
It's an arms race, the arms just keep moving deeper into the stack system. Used to happen entirely in usermode, one process poking in and reading/writing memory of the game, so anti-cheat started keeping an eye out for malicious processes. Then at some point someone patched their kernel to cheat in a way the game couldn't possibly detect from usermode, so someone made an anti-cheat that ran at the kernel level too.
Modern KLA is basically a fully fledged rootkit, living in your system from boot, doing absolutely anything they can to try and make sure nothing has been tampered with. Validating signatures on bins, hooking memory mappings, watching for anything that might try to read/write the kernel or game's memory space unexpectedly.
Kernel-level anti-cheat can indeed be bypassed. I don't know which methods have been packaged up and made easy for just anyone to use, but when there's a demand, that's generally just a matter of time.
You might find this interesting:
https://www.youtube.com/watch?v=RwzIq04vd0M
There is software that you can run on a Raspberry pi, you can set a second monitor HDMI output to the pi with HDMI input hat and feed your USB peripherals through the pi. It acts as an aim corrector, and also can take hints from the game output that can help show characters through walls, etc. External input devices have nothing to do with your kernel. Cheaters are going to cheat, kernel access is just a way that game makers can say they're trying to combat them without actually doing anything and exposing your kernel to third-party programs at the same time.
I run Linux, so I didn't really play any first person shooters that require kernel level access, and even if they were available I wouldn't install them on my system. I would really see the solution more as something to use as a layer on an immutable distribution instead of trying to give external software full access to the kernel on your system.
Cheaters probably pay monthly get caught then spend money to buy the game again then pay for more cheats.
So those cheaters seem to have moved onto some more sophisticated setup running something called a DMA device so their main PC has no cheats and is running on a separate machine.