Electronics Arts (EA) is establishing a new anti-cheat kernel-level system for its PC games. The EA AntiCheat (EAAC) will debut in FIFA 23 this fall and is a custom anti-cheat system designed in-house by EA developers.
It’s intended to protect EA games from tampering and cheaters, and EA says it won’t count anti-cheat to each match and treat its execution on a case-by-case rationale.
PC cheat developers deliver increasingly moved into the kernel, so we must kernel-mode protections to provide fair play and attack PC cheat developers on an even playing field. Furthermore, as tech-inclined video gamers, it is essential to ensure that any kernel anti-cheat included in the games acts with a substantial focus on the privacy and security of the gamers that use a PC.”
Anti-cheat kernel-level systems have drawn criticism from security and privacy advocates, as the systems’ drivers are complex and conducted at such a high level. As a result, if there are security problems, developers must quickly address them.
The kernel is the soul of the operating system, and it operates at the lowest level possible. Essentially, it’s a computer program with complete control over your system.
When you switch on your computer, the kernel loads instantly after the bootloader. It is because the kernel’s code has its area in memory, and it’s protected from application programs. So the kernel and the apps you have installed can perform in parallel without interference or problems like a browser accessing kernel memory and transforming how your operating system works.
If we were to split system privileges into four rings, from Ring 0 to Ring 3, the kernel’s help would belong to Ring 0 and Ring 1, and device drivers would occupy 2. All other apps on the computer would belong to Ring 3, the least privileged program on your computer. Something on a kernel level has high privileges, and you don’t want to go wrong or have your system fried.
Well, many game developers are propelling anti-cheat kernel-level drivers. Apart from the standard anti-cheat client, active while you play the game and scan what you have operating on your computer, the kernel-level driver will pack during startup and block specific drivers from loading or driving on your computer.
Various programs on your computer can turn on these drivers, so playing a video game will control you from using other applications. In addition, such anti-cheat tools often target drivers and software that have access to your hardware, such as overclocking tools, temperature monitors, fan controllers, and, of course, game cheats that also operate on the kernel level.
It will also block drivers with security vulnerabilities that allow cheat developers to load their cheats in the kernel of memory. Your regular anti-cheat client can’t see a fraud located in a part of memory it can’t access.
EA states kernel-level security is “absolutely vital” for competitive games like FIFA 23. Existing cheats act in the kernel space, so games running in standard user mode can’t detect tampering or cheating. “Unfortunately, the last infrequent years have seen a big boost in cheats and cheat techniques driving in kernel-mode, so the only trustworthy way to see and block these is to have anti-cheat operate there as well,” explains Murphy.
EA’s anti-cheat system will run at the kernel level and only runs when a game with EAAC protection is running. EA says its anti-cheat processes shut down once a game does and that the anti-cheat will be limited to what data it collects on a system. “EAAC does not gather any information about your browsing history, applications that are not connected to EA games, or anything that is not directly related to anti-cheat protection,” says Murphy.
Kernel-level anti-cheat systems are becoming increasingly common these days. Last year, Activision launched its custom Ricochet anti-cheat system in Call of Duty with a kernel-level driver. In recent years, the world’s most significant PC games have been using comparable techniques to fight a ripple in hackers and cheaters.