If you have recently played online competitive games, you might know a lot of games are now requiring you to install Kernal Anti-Cheat (e.g Valorant, Delta Force, etc) to play the game.

But what is Kernal Anti-Cheat?⌗

Kernal Anti-Cheat (AC) is a type of Anti-Cheat that runs on the Kernal level of your computer. By installing them, you are giving the game (or AC) Hardware level access to your computer, which is basically allowing the game to install a rootkitRootkit is a software (that is usally malicious) that allows access to a area which is normally protected by the operating system. on your computer.

Those Kernal Anti-Cheat are originally designed to prevent cheaters from cheating in the game, but they are also causing a lot more problems than they solve. I will later explain why.

Why I hate Kernal Anti-Cheat so much?⌗

Those AC claimed to never connect to the internet nor scan your computer, but how can you trust them? Even ESEA was caught mining bitcoin using player’s pc Afterall, They are running on your computer, they can do whatever they want with elevated permission. For example, Valorant’s AC Vanguard was caught capturing user’s screenshot and they even implemented a feature that bypass Kaspersky protection.

If a player are determined to cheat, they will.

In my perspective, Kernal AntiCheat only hurts the legitimate players more than the cheaters. Cheaters will always find a way to cheat with tools like DMA (Direct Memory Access)DMA is a technology that alloww a PCIe device to access the memory directly without going through the CPU. where the cheat is not running on the player’s computer, but on another computer, utilizing with other hardware, you can even show wallhack on the screen directly without the main computer knowing it.

Moreover, Remember CrowdStrike IT Outage? a misconfigured patch was pushed to estmated 85 million windows computers, If CrowdStrike can cause such an impact, so does the Anti-Cheat. If the Anti-Cheat is not properly configured, it can cause a lot of damage to the player’s computer.

You might think well this is a rare case, how about the time when Apex Legends esports player got hacked remotely to his computer during ALGS tournament? (Side note: Easy Anti-Cheat claimed this is not their fault) Now, Imagine instead of injecting cheat, what if the hacker inject a malware to the player’s computer?

We’re all one exploit away from any of those rootkit creating a major security breach.

Redemption & Conclusion⌗

So, what can we do to prevent this? The best way is to avoid playing games that require you to install Kernal Anti-Cheat.

However if you are using newer CPU, Windows Security has a feature called “Core Isolation” which is designed to protect your computer from malware. If a game requires you to disable these to play, I would definitely avoid it. Any game that requires you to disable these features will allow malware and code to infect your computer. Enabling such features would protect your PC from Anti-Cheat establishing a trusted root, However, it does not block memory access (Which is still a big problem as AC can read all your application memory).

If you want to know more about How cheater bypass Kernal AntiCheat, Ryscu has a great video on this topic. (Not sponsored), If there’s any mistake in this article, please let me know via email, thanks :P