Microsoft completed its acquisition of Activision and one of its first major changes to the company might be kneecapping Call of Duty and Warzone’s Ricochet anti-cheat engine. Though Microsoft isn’t taking this action directly against Activision, its own subsidiary is set to be caught in the crossfire.
Take any given online multiplayer game, look at the discourse within its fanbase, and there’s going to be a lot of discussion about cheating. Whether it’s scripting, macros, spinbots, or wall hacks, players are going to talk about hacking in their favorite game. While much of that is just players venting their frustration, it’s a real problem that has publishers taking increasingly drastic measures.
While some of this is real-life action, like siccing lawyers on cheat developers, much of this plays out in development studios. The result for players is increasingly invasive anti-cheat technology that has reached the point where it gives game publishers complete access to gamers’ hardware. Microsoft might force game publishers to work without this shortcut, and Activision is one of many companies that will have to go back to the drawing board.
Windows updates may stop Ricochet, Call of Duty and Warzone’s anti-cheat
Windows has confirmed major changes that will impact security programs that have kernel-level access following a summit.
The kernel is defined as “a computer program at the core of a computer’s operating system and generally has complete control over everything in the system.” Most major multiplayer shooters have anti-cheat engines that run in kernel mode. Running at the kernel level allows anti-cheat engines to effectively screen potential cheaters before their software reaches the operating system.
In theory, this literally gives anti-cheat engines the inside track on cheating software.
Numerous anti-cheat engines function in this way. Activision developed Ricochet for use in Call of Duty and Warzone. Riot Games uses its proprietary Vanguard anti-cheat in League of Legends and Valorant. BattleEye is licensed across multiple games including Rainbow Six Siege, H1Z1, and PUBG: Battlegrounds. The list goes on.
The trouble is that, in addition to not necessarily being more effective than surface-level anti-cheat engines, they offer serious security concerns.
Why are Ricochet and other kernel-level anti-cheat engines potentially unsafe?
Software that operates at the kernel level can potentially disable any hardware it’s running on, which is a major security and privacy concern.
This was seen with the CrowdStrike security software in July. A botched update saw PCs unable to boot up, resulting in airports around the globe being shut down. While this was ultimately a mistake, any kernel-level program adopted by millions of people is a cyberattack waiting to happen.
In a statement on the Windows blog, Microsoft’s VP of operating system security David Weston alluded to potentially pushing security software away from kernel-level operations. This came after a summit discussing the CrowdStrike incident.
“In addition, our summit dialogue looked at longer-term steps serving resilience and security goals…Windows 11’s improved security posture and security defaults enable the platform to provide more security capabilities to solution providers outside of kernel mode,” Weston said.
While this statement stops short of saying that Call of Duty’s Ricochet anti-cheat and similar will have to be thrown out, it’s a major statement from Weston. The message is clear that Microsoft is looking to steer developers away from kernel-level software at every level.
There are many notable anti-cheat engines that operate without kernel access. Most notable is Valve’s VAC, which is in Counter-Strike as well as the original Modern Warfare 2 and 3. Given how Activision always seems to be playing catch-up, however, the idea of the company having to start over with anti-cheat should worry fans.