Update, May 20: After receiving a deluge of complaints, the makers of Doom Eternal have announced plans to reverse course on its kernel-level anti-cheat system.
There is one issue if i remove EasyAntiCheat (which is an anti cheat software for a lot of games) I cannot run any games that are powered by it for example: Fortnite, Apex Legends etc. I tried to remove it but then it says that the game can't run because I don't have EAC installed. Easy Anti Cheat is probably the most popular kernel mode anticheat, it is used in many games and is owned by Epic Games. It is better than Battleye and is therefore harder to bypass. If you want to bypass it you must also have a kernel driver. If a game has easy anticheat you will not be able.
As our first article addressing the various methods of detecting the presence of VMMs, whether commercial or custom, we wanted to be thorough and associate it with our research on popular anti-cheat vendors. To kick off the article it’s important for those outside of the game hacking arena to understand the usage of hypervisors for cheating, and the importance of anti-cheats staying on top. VAC is a component of Steamworks and the Steam client, and works by scanning the users system for cheats while your game is running. It works a lot like a virus scanner, and has a database of known cheats to detect. Once a cheat has been detected, the user's account is marked for a delayed ban.
In a Wednesday post at Reddit's Doom community, Doom Eternal executive producer Marty Stratton confirmed that the game's next patch will strip Denuvo Anti-Cheat from the game in its entirety. 'Despite our best intentions, feedback from players has made it clear that we must re-evaluate our approach to anti-cheat integration,' Stratton wrote. 'As we examine any future of anti-cheat in Doom Eternal, at a minimum we must consider giving campaign-only players the ability to play without anti-cheat software installed, as well as ensure the overall timing of any anti-cheat integration better aligns with player expectations around clear initiatives—like ranked or competitive play—where demand for anti-cheat is far greater.'
Anti-cheat update:Since launch, the team has banned over 200,000 accounts for cheating across #Warzone and #ModernWarfare, including a new wave this week. We also know that in-game. Dunno whats more pathetic. The fact a year ago this game diddnt have anticheat. Or the fact they chose to go with easy anticheat this is the biggest joke in the world of anticheat proticals/software. Litterally the only developers i see use this are the ones who are sick and tired of people complaining about cheaters. And want a quick way to shut them up. If you think easy anticheat is.
Stratton also claimed that the latest patch's issues with 'performance and frame rate drops' were in no way due to the new Denuvo system but rather issues with 'customizable skins' and 'a code change we made around VRAM allocation.' id Software has yet to date this upcoming patch.
Original report:
Doom Eternal has become the latest game to use a kernel-level driver to aid in detecting cheaters in multiplayer matches.
The game's new driver and anti-cheat tool come courtesy of Denuvo parent Irdeto, a company once known for nearly unbeatable piracy protection and now known for somewhat effective but often cracked piracy protection. But the new Denuvo Anti-Cheat protection is completely separate from the company's Denuvo Anti-Tamper technology, which uses code obfuscation to hinder crackers (and which was already mooted for Doom Eternal
anyway shortly after launch).The new Denuvo Anti-Cheat tool rolls out to Doom Eternal players after 'countless hours and millions of gameplay sessions' during a two-year early access program, Irdeto said in a blog post announcing its introduction. But unlike Valorant's similar Vanguard system, the Denuvo Anti-Cheat driver 'doesn’t have annoying tray icons or splash screens' letting players monitor its use on their system.
Advertisement'This invisibility could raise some eyebrows,' Irdeto concedes.
No running outside the game
To assuage any potential fears, Irdeto writes that Denuvo Anti-Cheat only runs when the game is active, and Bethesda's patch notes similarly say that 'use of the kernel-mode driver starts when the game launches and stops when the game stops for any reason.' That's a major difference from Valorant's Vanguard system, which requires the driver to be loaded from system startup in order to 'monitor system state for integrity.''No monitoring or data collection happens outside of multiplayer matches,' Denuvo Anti-Cheat Product Owner Michail Greshishchev told Ars via email. 'Denuvo does not attempt to maintain the integrity of the system. It does not block cheats, game mods, or developer tools. Denuvo Anti-Cheat only detects cheats.'
Greshishchev added that the company's driver has received 'certification from renown[ed] kernel security researchers, completed regular whitebox and blackbox audits, and was penetration-tested by independent cheat developers.' He said Irdeto is also setting up a bug bounty program to discover any flaws they might have missed.
And because of Denuvo Anti-Cheat's design, Greshishchev says the driver is more secure than others that might have more exposure to the Internet. 'Unlike existing anti-cheats, Denuvo Anti-Cheat does not stream shell code from the Web,' Greshishchev told Ars. 'This means that, if compromised, attackers can't send down arbitrary malware to gamers' machines.
'These same gaming machines already have a sea of subpar (security-wise) administrative services with active Internet connections,' he continued. 'Drivers from mouse and keyboard vendors, lighting and overclocking services, etc. If attackers really wanted to compromise gamers' machines, they would go through them—not through the world's strongest anti-tamper software.'
If a driver exploit is discovered in the wild, Greshishchev told Ars that revocable certificates and self-expiring network keys can be used as 'kill switches' to cut them off. 'No security expert can claim their solution is infallible, but our penetration testing, certification, and security auditing is significantly higher than any reasonable standard,' he said.
AdvertisementTime to kernel panic?
The use of kernel-mode drivers is actually pretty common in multiplayer game anti-cheat tools, helping to ensure that lower-privileged 'user-mode' tools that try to modify the game code can be detected and stopped. While cheaters can still get around this by using code-signing exploits to install their own kernel-level cheat tools, the process is more difficult.
How To Tell If A Game Has Anti Cheated
Loading a kernel-mode anti-cheat driver only when a game is running, as Denuvo does, is also very different from running a rootkit-style anti-cheat driver from startup, from a security perspective. The latter introduces much more exposure for system-level exploits that can run without the user's knowledge, creating 'a large attack surface for little benefit,' as independent security researcher Saleem Rashid told Ars regarding Valorant's Vanguard security driver.
Still, some members of the Doom Eternal community are not happy about the way the Denuvo Anti-Cheat tool was rolled out, or with the security risks they feel it creates on their systems.
How To Tell If A Game Has Anti Cheat Engine
'No piece of software, especially an anti-cheat, should have kernel-level access to your system and if it is we should have been informed before purchasing it,' Reddit user extant_dinero wrote in a popular thread on the Doom subreddit urging people to delete the game. 'I would not have purchased it had I known it would be added. Just because other pieces of software do it doesn't make it right.'
But Greshishchev tells Ars such fear is misplaced. Denuvo Anti-Cheat is 'designed to be no different than Nvidia's graphic drivers or Steam's Client Service,' he said. 'Unlike anti-cheats of the past, there are no filesystem hooks, no requirement to start with the OS, no annoying tray icons or splash screens.'
How To Tell If A Game Has Anti Cheating
'It's human nature to have a fear of the unknown, and no amount of technical claims by us could address that. Trust is built up over time, and we think that when Denuvo Anti-Cheat bans a player in your favorite game, we will gain your trust.'