> you can’t expect every game studio to have the expertise to write secure, reliable kernel drivers.

If someone wants to sell something that comes with a driver, the driver needs a modicum of care applied to it. This is of course also on Microsoft for signing these things, although that ship sailed ages ago.

Yes, I wouldn't expect every studio to need their own team - game studios can buy anti-cheat middleware, and the middleware can compete on not being total junk (which is how the industry already works, with a side helping of these more obscure awful drivers and a few big studios with their own).

> If Microsoft wants Windows to be more stable and secure, they should provide built-in anti-cheat support in the OS.

I guess they could have users approve a set of signed applications that would get some "authenticated" way to read address space and have an attestation stapled to it? It's actually kind of an interesting idea. The hardest part here would be that each anti-cheat tries to differentiate with some Weird Trick or another, so homogenizing the process probably isn't appealing to game developers really.

Anti-cheat could go the opposite direction, with basically a "fast reboot" into an attested single process VM sandbox, but this has issues with streaming/overlays and task switching which are a bit thorny. I've always thought that this might be the way to go, though - instead of trying to use all kinds of goofy heuristics and scanning to determine whether the game's address space has been tampered with or there's a certain PCIe driver indicating a malicious DMA device or whatever, just run the game in a separate hypervisor partition with a stripped down kernel+OS, IOMMU-protected memory, and no ability to load any other user code, like a game console lite.

What does built–in anticheat support looks like to you? A whitelist of apps you can run? Debuggers not being allowed?

They do, on XBox OS, which while based on Windows, it isn't exactly the same.

As for plain Windows, lets see how Crowdstrike changes will reflect on anti-cheats.

https://www.theverge.com/news/692637/microsoft-windows-kerne...

People could also behave, and then no anti-cheats would be needed anywhere, but that is utopia.

> they should provide built-in anti-cheat support in the OS.

As much as I dislike anti-cheat in general (why incorporate it instead of just having proper moderation and/or private servers? Do you need a sketchy third-party kernel level driver to police you to make sure you're "browsing the internet properly in a way that is compliant with company XYZ's policies", or even when running other software like a photo editor, word processor, or anything else? It's _your_ software that you bought.) something similar is already happening with, e.g, Widevine bundled in browsers for DRM-ed video streaming.

I agree that having some first-party or reputable anti-cheat driver or system, is probably preferable than having different studios roll out their own anticheat drivers. (I am aware there are studio-level or common third party common anti-cheat solutions already, such as Denuvo or Vanguard. But I would prefer something better)

This is a lost battle, you have cheaters on console which are more locked down than PC ever will be. You can't remove cheating with software.

Sorry game companies, the answer is paid moderation, I know it cost money and I know you don't like to pay but there's no way around it.

If a surgeon does not have the expertise to perform a surgery, they probably shouldn’t cut into you.

If the company lacks the competency to write secure driers, they should outsource the work or have it validated externally.

These things could be solved by spending money. Stop excusing dangerous actions performed in the name of greed.