alt Hacker News> The Linux kernel has eBPF now so if they wanted to start spying on everything you do they can just do it.
Sure, except that anyone can just compile a Linux kernel that doesn't allow that.
Anti-cheat systems on Windows work because Windows is hard(er) to tamper with.
Replies
tapoxi • yesterday at 10:02 PM
The interesting solution here is secure boot, only allow users to play from a set of trusted kernels.
➕ show 5 replies
ffsm8 • yesterday at 10:28 PM
Uh, you'd have to compile a Kernel that doesn't allow it while claiming it does ... And behaves as if it does - otherwise you'd just fail the check, no?
I feel like this is way overstated, it's not that easy to do, and could conceptually be done on windows too via hardware simulation/virtual machines. Both would require significant investments in development to pull of
➕ show 2 replies
Well yeah but then eBPF would not work and then the anti cheat could just show that it's not working and lock you out.
This isn't complicated.
Even the Crowdstrike falcon agent has switched to bpf because it lowers the risk that a kernel driver will brick downstream like what happened with windows that one time. I recently configured a corporate single sign on to simply not work if the bpf component was disabled.