Anti-cheat drivers have indeed turned out to be major security risks on Windows. But I think the blame should not be on game developers because kernel-mode anti-cheat is still one of the only methods that’s reasonably effective — and realistically, you can’t expect every game studio to have the expertise to write secure, reliable kernel drivers.
If Microsoft wants Windows to be more stable and secure, they should provide built-in anti-cheat support in the OS. That would reduce the need for third-party kernel drivers in the first place.
Thanks! I had no idea it was already being used in the wild. It's a good case study for why shipping signed drivers with exposed IOCTLs and weak authentication is such a liability, even if (especially if) the developer never bothers to even load them.
Anti-cheat drivers have indeed turned out to be major security risks on Windows. But I think the blame should not be on game developers because kernel-mode anti-cheat is still one of the only methods that’s reasonably effective — and realistically, you can’t expect every game studio to have the expertise to write secure, reliable kernel drivers.
If Microsoft wants Windows to be more stable and secure, they should provide built-in anti-cheat support in the OS. That would reduce the need for third-party kernel drivers in the first place.
If a surgeon does not have the expertise to perform a surgery, they probably shouldn’t cut into you.
If the company lacks the competency to write secure driers, they should outsource the work or have it validated externally.
These things could be solved by spending money. Stop excusing dangerous actions performed in the name of greed.
This is a great writeup.
It looks like this driver is being actively used in malware, too: https://www.fortinet.com/blog/threat-research/interlock-rans...
Thanks! I had no idea it was already being used in the wild. It's a good case study for why shipping signed drivers with exposed IOCTLs and weak authentication is such a liability, even if (especially if) the developer never bothers to even load them.