Sure. That also means it doesn't have to be kernel-level rootkits that fundamentally break the security model of my operating system and risk my bank account. Most people will be stopped by userland anticheat, right? It's inconvenient. So ... put it *there.*

And if someone does the kernel bypass thing, well, rely on server-side heuristics (which are imperfect, but also unknowable to the attacker) and you'll discourage enough of that with account bans.

Helpfully eSports players tend to have video captures of their gameplay, and most of these "undetectable" cheats are real obvious if you actually watch the footage. That catches most of the serious stuff at the upper level. It's why video verification has been a thing in the speedrunning scene for such a long time.