The Anti-cheat for Unturned II

[NOTE: I’m going to try to explain this the best I can since I’m NOT an expert on computers, but it’s something that is actually critical to the security of the players’ computers]

So, I’ve been looking around online and seeing that people have been worried about anti-cheat software with access to Ring Zero, which many are concerned could act as a rootkit. The vanguard anti-cheat of Valorant is one of these games with said anti-cheat with ring zero access.

The various rings are rings of protection and how much access one application or software has to the most essential parts of a computer. This would not be a problem if you are running a virtual machine for your games.


Privilege rings for the x86 available in protected mode

Ring Zero gives access to you the highest level of permissions into your operating system on your PC. I’m just going to say this right now and it’s going to stick. It is not worth it to put an anti-cheat on to your computer if it can act as a rootkit. It’s not worth defeating the in-game cheaters if some hacker can compromise the anti-cheat and use it to install malware onto someone’s computer. It’s just not worth it.

People are taking computer security serious, now more than ever. We all saw the backlash with Valorant and it’s anti-cheat. I do not want the same to happen for Unturned II either.

TL;DR, don’t have a ring zero access anti-cheat. I’d be fine with Ring 1 or 2, but Ring Zero is a god awful idea. It’s why I uninstalled DOOM Eternal recently, because I was deeply concerned with the anti-cheat.

Also, Mutahar Anas made a video on it, which I find to be pretty good.

4 Likes

It’s worth noting that unturned 3.0 uses battleye which uses very similar methods to valorant with the notable exception being that it only runs with the game.

9 Likes

Most anti-cheats are ring 0. The difference between valorants and things like easy-anticheat and battleye is that they start up when the game is launched, while valorants is on when the pc is started. Your more at risk if you are using cheats than from the anti-cheat.

5 Likes

So basically the dev should keep using BattlEye as planned.

If we were to want cheat protection while providing minimal concern over security, you would have to go for a standard anti-cheat undoubtedly. Unless Nelson wishes to find a ‘better’ one or magically be able to create a built-in anti-cheat that does marginally better, there’s no reason not to go for BattlEye.

It’s expected that paranoid people would scream over "ITS ACCESSING MY FILES" regardless.

5 Likes

@Yarrrr
So most anti-cheats are kernel level? Honestly, I had no idea but will spark massive amounts of paranoia if people find out. I was somewhat was confused on this at first, I guess continuing to use Battleye would be the best option.

Update: Some anon on /g/ pointed out it could by a psyop by a cheaters forum. I might have fucked up on this one.

1 Like

I get some on the paranoia around kernel level drivers, but the only real problem is the larger attack surface. You can do almost everything people are concerned about without running on the kernel level relatively easily.

Also since we’re on the topic of rings, IME says hello from ring -3 :slight_smile:

1 Like

Punkbuster, Easy Anticheat, etc. Valorant’s anti-cheat is a special case in having caused new paranoia, because it ran at start-up.

They made changes last month, so that it’s only required to run when the game is running. Users can turn it off so it’s not only running, but it has to be running to play the game. I believe that you have to reboot if you ever turn it off and then back on, which means it’s effectively the same as it was before (but it’s an “official” implementation of the workaround to just uninstall/reinstall as you desire).

EDIT: To clarify a bit further, according to the Valorant/Vanguard team, even when it’s running 24/7 it was only designed to scan stuff while the game is running. It’s the fact that it was still just always running that was a concern for people. Be it privacy concerns, security concerns, whatever…

3 Likes

That scanning stuff only when the game is running is entirely false from my short experience with Valorant. Whenever I started my computer, not even launching the game, it gave me a pop-up saying that I couldn’t use anything like CPU-Z or HWMonitor. I first noticed it because it disables almost all of the monitoring tools that HWMonitor offers while Vanguard is running. So despite whatever the company says, it’s still scanning certain things anyway.

Vanguard blocking certain drivers isn’t the same as Vanguard scanning for cheats so that you can get banned. Specifically, it’s blocking outdated CPU-Z drivers with a known vulnerability in them. Apps (usually outdated versions) such as HWMonitor, CPU-Z, Speccy, CoreTemp, etc.

That’s a bit more accurate as to what’s happening. The context for “scanning stuff” is “whether or not you can get flagged as a cheater and get banned”, to clarify.

Very annoying for the consumer regardless, but they’re blocked because of how people can exploit those vulnerabilities. Fortunately people can disable/enable Vanguard as they want to now, but that likely means you’d have to restart your PC each time you switch.

2 Likes

Might have already been mentioned here, but Battleye on Unturned 3.0 is already ring 0 as well as the other ones. (Well, it has a kernel driver that it uses)
There are a lot of valid reasons why ring0 is necessary. It essentially boils down to hacks being able to abuse that a user-mode anticheat wouldn’t easily be able to check the integrity of the kernel/drivers/etc.

Keep in mind too, the vast majority of spyware you get is usermode as well and doesn’t run at ring0 because it doesn’t need too. You can have a keylogger that steals all your passwords that just runs usermode. (i.e Battleye/Vac/etc could easily spy on you without needing a kernel driver at all if they wished to)

It would be nice if we didn’t need to have such invasive anticheats, but the reality is game hackers don’t care if they have to run kernel components or hypervisors, so anticheats must also match their level in order to detect them.

The reason why Vanguard was running at system boot is so it can ensure nothing is changed during running. They can on boot get the integrity of kernel, system stuff, etc and then when the game launches, ensure nothing has changed. The article explains it better then I can. (Although it is my personal opinion that Battleye shouldn’t do this/I hope they don’t, as it’s just too invasive/annoying, there still is a logical reason why you would want to do so)

(Apologies if I got something wrong or explained something wrong)

4 Likes

Hatsune Miku spitting straight facts doe

There’s a lot of misunderstanding, and I guess I got caught up in the misunderstanding. Honestly, my bad. This entire thread was likely a mistake based off of a misunderstanding.

2 Likes

you talk about Valorant on the SDG forum a forum based around a company that created unturned if you are saying don’t use this sort of anticheat then read some of the posts that nelson has made

he has literally said before that if you get banned on unturned by battle eye the ban will carry over meaning that he is not switching anticheats

@WEEZOOKA
I haven’t been banned on Battleye, I’ve never even claimed that. It’s that a lot of people have fears of Anti-Cheats being used as rootkits. Though I’ve realize that these fears and paranoia around anti-cheats are dumb. This is Riot Games, and Tencent after all (aka not trust worthy).

Battleye is made by Bohemia Interactive which is Czech, it’s also the gold standard of anti-cheat systems so I wouldn’t worry about Battleye being used as a rootkit. Honestly, I feel really fucking dumb for making this thread because computers are not my expertise and my misunderstanding has made me look like a dumbass in front of everyone.

1 Like

https://www.battleye.com/about/
It is not. It is also German.

2 Likes

If you had read my previous comment I never mentioned anything about you being banned i just said that Nelson has said that bans will transfer over also battle eye runs in ring 0 but it doesn’t launch like valorant with windows instead it only starts with unturned decreasing the chances of any sort of security breach and anyway running an anti cheat when windows starts has no real benefit I had someone get instantly banned by battle eye on 3 different accounts on my arena server

1 Like

I can confirm from personal experience that Tencent is a bitch-ass motherfucker.

No, we’re saying that Battleye is good, and probably leagues better than other anticheats out there in terms of privacy and safety concerns. Also, the people at Battleye are good at what they’re doing, so that’s another plus.

1 Like