Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
Not quite; it's more like this..
A police officer is sitting in your home, the local mayor says its "because we want you to have a good life". You look outside, and your neighbors have police at their homes too, but they're all driving around in lamborghinis together! You ask the police officer, hey what about all that cheating over there?? He laughs and says "silly citizen, you can't stop cheating, I'm just here so you can give us more money--aren't you ready to buy some premium currency and battlepasses yet?"
They even say as much in the FAQ:
Q. Isn't using anti-cheat just to protect the game's monetization structure?
A. Yes, and no. While it will protect monetized content, our primary purpose in using it is to protect the social aspect of the Galactic War gameplay and preserve player experience.
So in that strawman example, yes, I think they should disband the "police in your home" policy, especially since I'm not going to be buying any currency. Make sense?
I think a good example where this works well is Valheim--while it's a very different game, it doesn't seem to be terribly impacted by cheating. It also _enables_ it through admin console commands. Nearly every survival style game works like this. This isn't a survival game, but it could do the same.
Because they developed their own in house Anti-Cheat solution. They have full control and autonomy of what it does or doesnt do. They made that change after the fact.
However, Arrowhead doesn't own, contribute to, or otherwise maintain NProtect Gameguard. That is owned by INCA in South Korea. They can make that change if they want, but Arrowhead has no control of what it does or doesnt do.
Again, youre thinking about the "What if's" not the "What it does now". What it does now, unless proven via extensive research otherwise, is load the dll via your bootloader and idle behind the scenes UNTIL the game boots, in which case the game hook tells it, "Hey, wake up, I need you to check the database for updates and fire on all cylinders, since im active".
What it does or doesn't do, behind the scenes, until it receives its wake up cup of coffee remains to be proven.
But you guys have just spent the entire thread telling me that it's impossible for kernel-level anti-cheat to only run when the game is running because by definition it is loaded and run alongside the OS.
Or were you specifically referring to Gameguard?
In which case, I'd love to read where it is stated that Gameguard runs all of the time.
For anticheat purposes? No. But is the kernel driver still there? Yes.
https://www.pcgamer.com/genshin-impacts-kernel-level-anti-cheat-no-longer-runs-after-you-close-the-game/
In this post, MiHoYo, the developer, initially tried to say "ok we will only run the anticheat 30 hours after you close the game because reasons." Rightly so, this received even more backlash.
So now, it closes when you stop the game. But MiHoYo still were not being entirely truthful. When speaking about kernel-level drivers, this just means the USER level service that communicates with the driver solely for anticheat purposes on Genshin Impact has been stopped. The kernel-level anticheat driver is still laying there, dormant, a skeleton key to your entire computer just waiting to be used. See the following threat analysis by TrendMicro on this exact problem:
https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
Do you want to know the surefire way of completely removing kernel-level drivers/anticheats from your computer? A fresh OS install, or with the right technical know-how you can painstakingly remove it from the bootloader yourself.
That's right. If you have installed Helldivers 2 on your machine, you cannot with certainty be sure you are completely free of the kernel-level anticheat even after uninstalling Helldivers 2.
Again, it is unlikely nProtect GameGuard is going to be compromised to the same degree as the above anticheat was, but the fact is that the risk is still there.
It seems like you are running a blind-eye to anything provided by others previously in this forum. Why?
Others' have already explained a lot and some links are provided: https://steamcommunity.com/app/553850/discussions/0/4206993639701617701/
https://steamcommunity.com/app/553850/discussions/2/4339851480047558410/
https://steamcommunity.com/app/553850/discussions/2/4206994023681304166/
You can start with google and go through the first myriad of pages surrounding this Korean based anti-cheat product that has a history of causing issues. Especially if you look it up combined with "GunBound", "Maplestory" and "Gaia", however the results are currently a bit muddled up since the release of Helldivers 2. So it can take a bit of time.
The (incomplete) list of games running GG: https://en.wikipedia.org/wiki/NProtect_GameGuard
Even the barebones wiki page already shows you a ton of stuff that should pop-up red-flags for anyone. But if you are willing to accept those risks, there's still:
- https://security.stackexchange.com/questions/31870/how-dangerous-is-game-guard (10 years ago)
- https://www.alteredgamer.com/pc-gaming-tech/1710-beware-of-the-game-guard/ (Article from 2008)
- https://forums.malwarebytes.com/topic/24934-nprotect-gameguard-rootkit-threat/ (2009)
- https://www.cvedetails.com/cve/CVE-2005-0295/ a CVE that was up for 12(!) years before being patched out. Man what a concern for your product you must have.
And sure, you could say "well, maybe the company learned its lesson after all these years", however, the company has never provided any information on what they changed in their software, what things it can and, most importantly, can not do in the kernel and other reasons and technical details we IT engineers NEED before we can whitelist the product if a user wants to install a game on the company laptop (which we allow).
We enabled Easy Anti-Cheat and VAC for this very reason. They are not invasive, they only read the memory section the game is using/running in and they close only the game upon detecting suspicious behaviour. They also dont conflict with our EDR and Anti-virus solutions and most importantly... They stop running when the game is shut down and EAC has provided technical proof of it doing this.
https://www.baeldung.com/cs/user-kernel-modes#necessity-for-user-mode-and-kernel-mode
Gameguard is irrelevant. We are talking about the normal behavior of kernal level processes, that load themselves via bootloader. Gameguard is a kernal level process.
https://www.inca.co.kr/include_file/pdf_down/nProtect_GameGuard_en.pdf
Take a look at their product brochure. Have you never thought to yourself, "huh, why is it so intentially vague" or "Why doesn't it say exactly what it does and how it operates?"
That should be what alarms you. Why do you think there is little to no documentation on what it does or doesn't do? Therefore, since we cant look to INCA for answers, we look at what traditional kernal level operations do. Which they boot when your system boots up, and idle because the task is running. Waiting for the game to tell it to fully come out of hibernation. What it is or isn't doing in said hibernation state is what should concern you.
A negation doesnt make a positive. Having no evidence to support what it doesnt do doesnt mean it does the opposite. i.e. If there is no information to say it doesnt idle, that doesnt mean it doesnt idle.
99% of that is talking about Vanguard, not Gameguard.
The small reference it makes to Gameguard, is incorrect/not applicable to Helldivers. Also isn't anything to do with Gameguard, if the game devs don't ensure the third party tool they're using isn't also uninstalled, that's kinda on them.
"nProtect doesn't tell you any of that. nProtect does not uninstall when you uninstall the game (Undecember in this example), nProtect doesn't even have an uninstaller"
You're kidding right?
The OP literally says "I won't be listing 'evidence' or 'proof' for anything as this is just my opinion. If you think a claim needs research, you are welcome to post your rebuttal with your own proof."
Weird how I won't be taking anything in there as factual.
Ah yes, the megathread of hearsay, misinformation and outright lies.
Nothing in that thread has undergone even the smallest amount of investigation.
Just link after link of "My game crashed whilst playing helldivers, it MUST be gameguard!!!"
There are literally 3 posts and other than talking about the known risks of kernel-level anti-cheat (which I accept), their only comments on Gameguard specifically is "it could abused but we don't actually know anything about it"
So, in 2008 it caused an issue where it conflicted with some security software and the machine shutdown.
Not great, but hardly grounds for boycotting Gameguard forever or claiming that it is worse than other kernel-level AC software.
Also something that I could see any kernel-level anti-cheat doing unintentionally.
Also several contradictions in there
e.g.
" It installs a virtual device driver and .dll files and there is no apparent way to remove the software once installed."
"If you have already been unfortunate enough to have Game Guard leech into your system, there is some good news: Game Guard can be uninstalled, although it isn’t easy to do so. If you need or want to uninstall, read my article on how to uninstall Game Guard."
Random guy claiming it is malware with zero evidence other than the wikipedia link.
Yeah, I'm convinced now.
Again, a vulnerability that required your system to already be compromised in order to exploit.
Man, what a concern for you system you must have.
Yeah, can't be a security software company is making their code open source and providing detailed analysis of exactly how it all works.
I have a feeling that the game devs will have been provided with those kinds of details though whilst deciding which AC to use.
Ok, so it IS possible for kernel-level anti-cheat to only run when the game is running?
You're assuming that Gameguard doesn't do this because they haven't specifically told you otherwise? But you don't have any actual proof that it is always running?
I can understand that, assume the worst until proven otherwise.
Vanguard and Gameguard have the same principles. Unlimited access in your kernel to stop all processes and write in to memory of running-programs to check, verify and hinder. This is known to cause issues.
You're either willfully ignorant or not grasping how bad this is for a private PC. You're better off dual-booting with a Windows "gaming" version and a "private" windows version.
The OP did state that if anyone wants to create a counter-thread listing how the issues are NOT having anything to do with the anti-cheat, he will retract all the sources that are listed and subsequently proven wrong.
And you can keep shouting "burden of proof!", but the burden of proof in this case is on both sides given the erratic history of this anti-cheat and how it manages itself within the kernel-level.
It's just a collection of everything happening currently to a popular game in Europe and America since this is one of the first times a popular game outside of Asia is using this very sketchy anti-cheat that was mainly used by asian freemium MMO's. Of course more discussion and cases will pop-up on a mainly European/American used platform. If it's all related to GG? Dont know, but it's interesting that the devs themselves stated a "1 in 150 chance of you facing issues with this anti-cheat". Those are some horrible odds for such a big impactful software program.
Because we dont know how bad it is and the devs probably dont either. Given the extremely sketchy answers from the """technical director""" while not providing any technical explanation or argument whatsoever, we can almost safely assume that the devs have no idea what they dragged in their game.
We only have the sketchy history of nProtect with its GameGuard to go on about. Like I said, the program can be absolutely fine. However, it can also still be a shoddily put together crippled piece of code working for the CCP. WE DONT KNOW. We do not claim to KNOW. But nProtect themselves never gives answers, so why would they give answers to the devs/publishers? Probably the same corporate drivel we can look up on google.
And EAC did it. EAC provides you with the documentation on their Anti-cheat all the way up to the point where they explain how it works and then they of course dont give you that. So IT departments, security departments and other company related departments can have enough confidence in to whitelisting this anti-cheat for kernel-level approval. So why cant nProtect do the same and ease everyones mind?
Or might there be another reason why so many games remove/replace nPGG after its release? Hmm.
because it is the literal definition of malware in what it does, can do and will do. But it does it in 'good faith', or as far as we are led to believe, but we dont know.
I'm more concerned on the fact that you have no idea how exploitable you and your system in this day and age are. But to each their own. I just wont accept you going on the forums and telling everyone that nPGG is "okay" and "good" and "without issues", telling everyone else that they're liars. I hope your conscience is clear.
I agree with you on this part. A number of the links in this post lend heavily to scaremongering moreso than providing actual, backed up cases of GameGuard causing problems. However, there are some in there which are backed up. See the one where GameGuard tried to hook itself to the guys antivirus that was installed. The gameguard GameMon files showed up in event viewer, proving the result of his system crash was a direct result of GameGuard trying to manipulate his antivirus.
Haha, sure, lets all just install random software from shady companies that has documented cases like this one of negatively affecting the stability of my machine, however minuscule an impact it may be. Can't get any worse, can it?
I guess anyone on the internet can claim to have a technical background of over 10 years. Regardless of that, all of his points are true based on common knowledge of how kernel-level drivers work. If you knew anything about that, you wouldn't be here trying so damn hard to defend GameGuard. In fact, it is worrying that you are still here, because you should now be a bit more educated on what kernel-level software does. Why can't you understand the simple fact that anticheats like this are keys to your entire system should it ever become compromised in a similar fashion to how Genshin Impact's AC was compromised? Why does none of this at least exhibit an inkling of concern from you?
Do you have any background in computing/software engineering at all?
If you did, you would know that the following implies in no way whatsoever that the computer has to have anything wrong with it beforehand: "npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges."
This is tagged as a medium level threat simply because it only allows elevated privileges to anyone that abuses it. I.e, any local user on that machine of any privilege can disguise themselves as a System Admin by executing code or commands through this npptnt2.sys file. Not especially dangerous on personal computers. It would be dangerous on corporate machines in a place of work for example, but it is unlikely work computers are going to have games installed that would further warrant installation of GameGuard.
This is probably true to be honest. You are right that nProtect cannot divulge information on exactly how their AC works, because then it would eventually get leaked. But, as end users, we deserve more than their completely vague description of what exactly their product does at a high level. A lot more detail than that would be needed for bad actors to crack or reverse-engineer it.
So why are you allowing nPGG a free pass on this?
Easy Anti-cheat had to prove themselves.
VAC had to prove themselves.
Battleye had to prove themselves.
Vanguard is still under heavy scrutiny as well.
And many others had to do the same. Yet the only one who up to this day and age still is relying on cheap-to-implement-anti-cheat but has no other angle on why you should chose this AC over others, is apparently heavily defended on this forum for absolutely no reason.
Oh good.
So it's fine for people to just go around making wild statements and expecting everyone else to do their homework for them.
Brilliant attitude.
They actually said that "about 1 in 150 people reported issues launching the game due to a false positive clash with other software".
And then provided a workaround and asked people to notify them of any known software so they could get the whitelist updated.
Not quite the same as what you're trying to imply.
The fact you keep calling it "sketchy" kinda seems like you claiming to KNOW.
Because they're the people giving them the money or going to a competitor?
Yeah you need to stop before you get a report.
You are literally now arguing in bad faith, ignoring any context given to any of my other sentences, trying to pull them apart from the rest of the comment made. One last chance:
I was referring to their history. Which I have explained in detail in the comment. And as long as that 'sketchy' history is not cleaned up, I am allowed to keep calling it "sketchy".
And what other motivations, besides effectiveness, might there be? The Technical Director certainly didnt tell us or left it very very vague. But being (a whole lot) cheaper might have something to do with it? Or maybe they were ordered by Sony (the publisher) to implement it? Of course I am just guessing here, but the current answers are illogical and misleaing (refering to the FAQ), so we have nothing to do on at this point.
That is the most vague description the devs gave, you can come across to downplay actual issues..
As if its an innocent "oh good sir, your mousewheel software is flagged as suspicious to poor little old me trying to start the game, would you please send in the report while we wreck this little service to oblivion so you can play? Thank you".
This is just my opinion of course, but I'm not buying that answer.
Also, why was there no pre-release testing on this anti-cheat if that was the case? Could have caught hundreds of programs before release and prevent all these issues. But nope.
That's literally every video game released in the last how many years?
Honestly can't remember the last one that didn't have reports of crashing.
I'm really not defending Gameguard, just trying really hard to get a clear answer from someone as to why that specifically is bad.
If you're against all kernel-level AC, then fine, I disagree but I have no real issue with that.
But it seems to keep coming back to JUST gameguard being bad, all the rest are great. And I'm not seeing any reasoning for that other than things you can't prove.
And the reason I'm not really worried about kernel-level stuff to the same degree is because the same thing applies to everything on my computer.
What if my AV was compromised?
What if my OS was compromised?
What if my router was compromised?
What if any of the hundreds of hardware drivers were compromised?
Kinda feels like these things that are on pretty much EVERY system are a much bigger target than some random anti-cheat tool running on tiny percent of people's systems.
Sure, I could constantly worry about all of that, or I could just accept that using a computer on the internet comes with risks and get on with life.
"local user".
How is someone who hasn't already compromised my machine going to be acting as a "local user"?