DOOM Eternal switches to Denuvo Anti-Cheat which runs on the Windows 10 Kernel and is a major security hole
A few weeks ago we explained why the anti-cheat system used by Valorant was a bad idea and a security problem. DOOM Eternal has updated its anti-cheat system, in this case using the Denuvo Anti-Cheat system. This is Irdeto's solution to combat cheaters who use different hacks within the multiplayer mode, which annoys other users.
Denuvo Anti-Cheat also runs on Ring 0, the innermost ring of execution that gives access to the operating system kernel. Basically, this anti-cheat system allows you to have full control of the system, thus generating a security breach. What's more, a few days ago there was also talk that tools such as MSI Afterburner stopped working after installing Valorant.
[amazon box="B07QQV3D4H"]DOOM Eternal now performs an anti-cheat on Ring 0
The latest update for DOOM Eternal installs a tool in the same Windows kernel. If there was a security breach in this tool, all players would be affected. But for Linux users using Proton it is even more complicated, since they will not be able to run the game.
Basically this tool within DOOM Eternal monitors our entire system, eliminating privacy. All this information goes directly to servers that are owned by Amazon. There the data is controlled and the user is monitored to see if he is cheating. Come on, here we have two security breaches instead of one. The first because it runs in the Windows kernel and the second because the data is sent to third-party servers.
We can see in the Reddit thread of the user 'extant_dinero' how this is not liked, since there are more than 1.200 comments. Furthermore, as if that were not enough, users are highlighting that there is a great loss of performance due to the resources that Denuvo consumes. Users indicate that they have gone from 60FPS to only 20FPS after the update.
As far as we know, id Software is silent about this addition to DOOM Eternal. We also leave you the Reddit message of this user in Spanish and link to the post where we explain what Ring 0 is that we wrote by Valorant.
Problems with the Denuvo Anti-Cheat system introduced in DOOM Eternal
Denuvo Anti-Cheat DO NOT It is the same as Denuvo Anti-Tamper ("Denuvo").
Denuvo Anti-Tamper (hereafter DAT) is a software used to obfuscate the code during the compilation process. This makes it harder for pirates/crackers to crack the software. This software has no relation to the operating system, but is built into the executable. It can cause performance issues in the game at times, but that's about it. This is what people usually talk about when they say a game has "Denuvo".
Denuvo Anti-Cheat (hereinafter DAC) is the new anti-cheat introduced with update 1. It is EXTREMELY invasive anti-cheat software that runs on ring 0 (kernel level) of your operating system.
Please don't make the common mistake of thinking that these two things are the same.
2. This currently only affects the PC versions of the game (Steam and Bethesda Launcher). Consoles are not affected.
3. The DAC should not be installed if you have not run the game since the last update. There are anecdotal reports that it was installed even when people weren't running the game but I have no way of verifying it.
4. Another important side effect of its addition is that completely remove Linux support. The game worked almost perfectly on Linux using Proton before the update, but now the DAC makes it impossible to play on Linux.
With the latest patch, id Software introduced Denuvo Anti-Cheat in the name of cheating prevention in its multiplayer mode. I agree that an anti-cheat solution needed to be implemented due to the prevalence of cheats in multiplayer; but nevertheless, DAC is one of the most invasive pieces of software you can have on your machine from a security, privacy and stability point of view.
To understand the above statement I need to give a bit of information about how operating systems use what is known as hierarchical domains of protection, or more commonly, "protection rings» to improve fault tolerance and enhance system security.
The concept is simple. Your operating system has different levels (or rings) privileges that gives computer programs so that they can function properly. These rings range from 3 to 0, with ring 3 giving the least number of privileges and ring 0 giving the highest number of privileges. Ring 0 is also called the nucleus ring or nucleus level. The figure below is a visual representation of this concept.
The software must be designed to use the ring with the highest numberthat is, use the least amount of privileges you need to function properly. Most applications work on ring 3 as they do not need low-level access to function. Lower-level software, such as device drivers, usually works somewhere in ring 1 or 2, as they require more access to the operating system than the average application.
Ring 0 is reserved for the nucleus. The kernel is the central part of the operating system that has full control over the entire system. Without the kernel the operating system would not work. It is the most fundamental part of any operating system, as it controls the absolute basics like Input / Output. Do you know the dreaded blue screen of death? That is what is formally known as the core panic. Kernel panic occurs when the kernel encounters an unrecoverable error.
With that explanation out of the way, let me explain the reasoning from the title of this thread. Denuvo Anti-Cheat (DAC) functions as a RING 0, CORE LEVEL SERVICE. What does this mean? It means that DAC has unrestricted access to your operating system. You have full control and access to everything your operating system does.
This means that:
- It may interfere with the normal operation of the operating system causing errors or crashes, which reduces overall system stability and performance.
- You can collect information about EVERYTHING the operating system is doing while potentially transmitting such information to whomever it pleases. You only have the word of the creators of the software that this is not happening.
- Presents an EXTREME security risk as if hackers discover and use exploits in software that can gain complete control of your machine.
