People seem oddly optimistic about all of this, but I wouldn’t be surprised if the solution they came up with still wouldn’t work in Linux. I don’t know how exactly they’d do it, but I can imagine some encryption key or hardware nonsense that Linux can’t replicate.
Either way, making all the software developers who insist on messing with the kernel on windows, stop, will be a good thing.
Yeah, “kernel level anticheat” has become a bit of buzzword in the competitive game scene and people just think it’s better without really understanding what that means. Microsoft could do one good thing here and begin blocking that shit.
look at the TF2 bot crisis, some people thought (btw I’m so glad I can say thought and not think) that making VAC kernal level would fix it when in reality like 2 employees could’ve fixed a ton of the botting issues
@savvywolf I imagine that they would instead force them to use a certain API that wouldn’t be so easy to replicate on Linux.
Paving the way for Linux gaming is a bit of a stretch here, but yes, userspacing security in Windows could enable Linux compatibility better.
There was an article not too long ago about how windows 11 was gaining in market share for gamers. But my guess is a lot of them are like me and bought a handheld that can dual boot Bazzite and Windows (because they have games that only windows can play). Most of the games I have are older so no incorporating anti-cheat anything at the kernel level. But I still had to turn off secure boot in order to get Bazzite up and running.
I wonder how long this will continue to be the case once they end support for windows 10 next year.
Definitely not “Crowdstrike tarnished their brand so much because no one understands what kernel level is that no one is going to get kernel level access”
Kernel level anti cheat is still bypassed so why do so many people just accept a literal ring-0 rootkit if it doesn’t even axcomplish its intended goal?
Microsoft aren’t kicking people out of kernel space but expanding the capabilities in user space to minimize the reasons to need to run security components in kernel mode so they can develop and deploy solutions with minimal risk (no security vendor wants that risk when they’re running on business/enterprise machines like CrowdStrike).
Kicking everyone out of the kernel is a long journey and even Apple, who are much further along this path, still haven’t completely closed the door on kernel extensions. It’ll be several Windows versions yet before kernel drivers are no longer a thing.
