> "The researchers investigated the techniques used in online game cheating, as well as those deployed by ‘anti-cheat’ technologies. Most modern anti-cheat engines run in the Windows kernel, alongside applications such as anti-virus, at the highest levels of privilege. Software can only run in the Windows kernel if it has been approved and signed by Microsoft. This makes it more powerful than software run normally by the user. An example of kernel level software is the Crowdstrike system that recently failed, bringing down large parts of the internet."
> "While the anti-cheats are allowed in the kernel by Microsoft, the study also revealed that cheat software commonly uses weaknesses in Windows protections to ‘inject’ itself into the kernel and gain higher privileges. Many techniques mirror what is commonly seen in the domains of malware and anti-virus, with a difference in motivation."
> "This kernel injection technique has previously been observed in advanced ransomware attacks to disable anti-malware protections before the main attack."
In the current state of things, YOU have to provide the proof a kernel anti-cheat is not weaponized by hackers (yet...). It is now common knowledge, kernel level anti-cheats are leveraged by hackers.
And we all know this is fully hypocrit. "Computer security" does not exist, but for sure, adding a "gaming" _kernel module_ won't improve anything there... (irony).
> "While the anti-cheats are allowed in the kernel by Microsoft, the study also revealed that cheat software commonly uses weaknesses in Windows protections to ‘inject’ itself into the kernel and gain higher privileges. Many techniques mirror what is commonly seen in the domains of malware and anti-virus, with a difference in motivation."
> "This kernel injection technique has previously been observed in advanced ransomware attacks to disable anti-malware protections before the main attack."
https://www.eurekalert.org/news-releases/1061994