I think the moment you accept data from the client as truth you've lost the battle already, everything else is just damage control. Loads of games have realized this and kept checking game rules on the serverside and reveal data on a need-to-know basis. This makes it nearly impossible for cheats to be made because anything you know you should know, and everythin you act is parsed by the backend according to rules already present

A trusted entity (probably Valve) could provide a locked down distro where kernel integrity is enforced through secure boot and TPM attestation, but that would mean giving up some control over your own system. There's no guarantee that anything client-side is impossible to bypass of course, but the goal would be to more or less match what Windows offers, which isn't perfect either.

There is no way to make anticheat that can't be bypassed, regardless of OS. All of the anticheat games today have cheaters.

Reliable anticheat is serverside. Clientside anticheat sounds like a fool's errand to me. You need to control the client, so that means the user cannot be in control of their own computer, which is contrary to the idea of Linux.

Linux is resistant to rootkits, which is what these things are, and allows you to remove them, yes.

The correct solution is to verify everything server side, or actually have humans watch replays and ban cheaters, but both of those would reduce profits, so will obviously never happen.

Yeah. It’s an erosion of rights that doesn’t solve the problem. You only need one cheater to make a game feel bad and DMA devices or pixel tracking can’t be stopped with these anti-cheats.

There’s just no way to stop cheating client side despite what devs love to think. But server side anti cheat is much harder and requires more work; it’s much simpler to just install spyware / rootkits on the client and call it a day.

You can run a VM using trusted computing extensions for the game. If the VM encrypts traffic, that stops network level cheats. You can still fake inputs/outputs to the machine if you put the work in, but then you can also use a vision model and faked input with actual consoles, so that hole is never going to get patched.

I think the most stringent types of Windows anti-cheat rely on remote attestation of the operating system. It's theoretically possible to design a Linux-based OS that supports such a capability, but the sort of people who choose Linux are unlikely to accept a third party having the final say over their computer.

I, for one am disappointed that anyone has accepted it. Once it's widespread, service providers can demand it, as we're seeing with mobile banking apps and game anticheat.

Server-authoritative games. Basically the client does stuff, gives the list of moves to the server along with a checksum/end result. Then the server runs the same commands on the same starting state and checks if it got the same result.

If a==b, then everything moves on as normal. If not, the client gets a synchronisation error and has to rewind back to the last known good state.

Completely unfeasible for anything real-time pretty much.

You are looking completely wrong at this. There is no anti-cheat that cannot be bypassed. Period.

You can always run things in a VM, you can always replace your keyboard and mouse with a different device, you can always have your a camera instead of human eyes and have something that recognizes enemies.

Even cheat detection in the real physical world (sports, chess, etc.) is not a completely solved topic.

You can connect computers to other computers so other computers will always be able to control them.

The idea that any (currently realistic) cheat prevention is unbypassable is silly.

Linux explicitely allows you to do things that makes cheating *really* easy.

There is also complete lack of secure boot and a way to validate that your kernel hasn't been compromised.

I mean seriously, making a cheat for a proton supported game that no anticheat has any hopes of detecting are in 100 lines of a kmod driver and 1 console command: insmod.

On windows you at least need to use scuffed tools like KDU to bypass signature verification requirements and every anticheat can detect you with a simple physical memory scan.

I mean kernel level anti-cheat doesn't really work on Windows either, its just security theater.