If It Looks Like a Rootkit and Deceives Like a Rootkit: A Critical Examination of Kernel-Level Anti-Cheat Systems

TL;DR

This paper critically examines kernel-level anti-cheat systems in online gaming, revealing that some mimic rootkits and pose privacy risks, emphasizing the need for ethical and transparent security solutions.

Contribution

It introduces a framework for defining and evaluating rootkit-like behavior in anti-cheat software, and assesses four popular solutions against these criteria.

Findings

Two anti-cheat solutions exhibit rootkit-like behavior

Some anti-cheat systems threaten user privacy

Highlights ethical concerns in kernel-level security tools

Abstract

Addressing a critical aspect of cybersecurity in online gaming, this paper systematically evaluates the extent to which kernel-level anti-cheat systems mirror the properties of rootkits, highlighting the importance of distinguishing between protective and potentially invasive software. After establishing a definition for rootkits (making distinctions between rootkits and simple kernel-level applications) and defining metrics to evaluate such software, we introduce four widespread kernel-level anti-cheat solutions. We lay out the inner workings of these types of software, assess them according to our previously established definitions, and discuss ethical considerations and the possible privacy infringements introduced by such programs. Our analysis shows two of the four anti-cheat solutions exhibiting rootkit-like behaviour, threatening the privacy and the integrity of the system. This paper thus provides crucial insights for researchers and developers in the field of gaming security and software engineering, highlighting the need for informed development practices that carefully consider the intersection of effective anti-cheat mechanisms and user privacy.