I'll simplify for everyone: They don't. Although I do appreciate the author delving into this beyond surface level analysis.
Modern cheats use hypervisors or just compromise hyper-v and because hyper-v protects itself so it automatically protects your cheat.
Another option that is becoming super popular is bios patching, most motherboards will never support boot guard and direct bios flashing will always be an option since the chipset fuse only protects against flashing from the chipset.
DMA is probably the most popular by far with fusers. However, the cost of good ones has been increasing due to vanguard fighting the common methods which is bleeding into other anticheats (some EAC versions and ricochet).
These are not assumptions, every time anticheats go up a level so do the cheats. In the end the weakest link will be exploited and it doesn't matter how sophisticated your anticheat is.
What does make cheat developers afraid is AI, primarily in overwatch. It's quite literally impossible to cheat anymore (in a way that disturbs normal players for more than a few games) and they only have a usermode anticheat! They heavily rely on spoofing detection and gameplay analysis including community reports. Instead of detecting cheats, they detect cheaters themselves and then clamp down on them by capturing as much information about their system as possible (all from usermode!!!).
Of course you could argue that you could just take advantage that they have to go through usermode to capture all this information and just sit in the kernel, but hardware attestation is making this increasily more difficult.
The future is usermode anticheats and gameplay analysis, drop kernel mode anticheats.
No secure boot doesn't work if you patch SMM in bios, you run before TPM attestation happens.
> Another option that is becoming super popular is bios patching
I wouldn’t call BIOS patching “super popular”. That sounds like an admission that anti-cheat is working because running cheats now requires a lot of effort. Now that cheats are becoming more involved to run, it’s becoming less common to cheat.
When cheats were as simple as downloading a program and you were off to cheating, the barrier to entry was a lot lower. It didn’t require reboots or jumping through hoops. Anyone could do it and didn’t even have to invest much time into it.
Now that cheats are no longer an easy thing to do, a lot of would-be cheaters are getting turned off of the idea before they get far enough to cheat in a real game.
> Of course you could argue that you could just take advantage that they have to go through usermode to capture all this information and just sit in the kernel, but hardware attestation is making this increasily more difficult.
Didn’t the first half of your post just argue that these measures can be defeated and therefore you can’t rely on them?
Cheating is so addictive that it doesn't matter if it's more difficult to cheat. I have peronsally interacted with people that just want to spin-bot.
Anticheats, especially kernel-mode ones does not make the problem smaller. All they do is make it more rewarding for capable people.
Having gamed on and off over the years, I don’t think the average cheater is actually a highly motivated super genius who derives reward from patching their BIOS or installing PCIe DMA cards to an entire second computer built for the purpose of cheating.
The average cheater is (or was) basically a troll. They delighted in the act of ruining other people’s games, not installing the cheat. The harder you make it for them to get to that point, the less enjoyment they get.
The people you describe who are in it for the thrill of breaking through are not the ones playing 6 hours every night because the game itself is not the thrill. It’s the exploration of the hardware and software. They might get cheats set up, but once it’s working they get bored with the game and move on to another technical challenge.
> The average cheater is (or was) basically a troll.
This observation is at least a decade out of date.
The average cheater/cheat developer in 2026 is doing it to make money. Either boosting accounts, training accounts to sell, gathering collectibles to sell, or selling access to the cheats themselves.
I wish this was the case, but cheating addiction is real and there's people with PCs from 2016 spending $100+ on cheats a month. If they're spending that money they're also dedicated enough to jump through some hoops.
You two aren't disagreeing, your just describing different groups of people.
[dead]
Can you tell me more? I'm curious about motivations.
* I use easy cheats for single player games - for example, infinite jumps in cyberpunk 2077 are just huge amounts of fun :)
* I have zero desire for cheating in multilayer games. Not some high morality righteous horse, just, what's the point? I have fun even when I lose, and having something else play for you takes away from visceral fun that I get.
* I could understand, even if not agree, people who cheat for profit. That's the basis of all crime everywhere.
* I do not understand people who cheat in multilayer games not-for-profit. It feel you need to have both a) some sort of anti social / non social tendency, and b) dopamine rushes along pathways I don't.
I'd be genuinely curious to hear about your acquaintances who cheat in multilayer for no profit and why they do it :-)
Some use it to make money, boosting etc.
Some are just addicted, they really love the game, but playing without cheats doesn't make them feel anything so they pick the easiest solution: continue to cheat... forever.
Some are just delusional, they do not want to deal with the reality that they're not good at the game without cheats.
Some are just trolling and want to spinbot piss people off, make people angry. It's what makes them happy.
Some don't have a choice, they started their competitive career with cheats.
Some justify it that "I made the cheat, I deserve to use it"
If you want more I got a whole book of reasons. I am in a unique situation since I happen to be friends from back when I was cheating a lot my self, in that time I established relationships with a lot of developers and personally for me it was curiosity that got me not only into cheating, but the whole process and development. I ended up just making roblox games though.
I'm playing WoW and I've heard lots of compains about Blizzard banning innocent players. Just recently there was a wave of complains that they banned players who spent a lot of time farming one dungeon (like 10+ hours per day).
I, myself, got two accounts banned and I was innocent. I managed to make it through support and got them unbanned but I'm fairly certain that many players didn't, because they seem to employ AI in their support.
So I'm a bit skeptical about that kind of behavioural bans. You risk banning a lot of dedicated players who happened to play differently from the majority and that tend to bring bad reputation. For example I no longer purchase yearly subscription, because I'm afraid of sudden ban and losing lots of unspent subscription time.
I think you are right on every point, but I think it's worth noting that WoW is kind of a different beast.
You don't play a "match", you don't play "against" other players most of the time, in this context "botting" and "cheating" overlap because having your character do stuff 24/7 unattended is an evident advantage over the rest of the population, but it's not like you are hindering anyone's progress directly the vast majority of the time doing so.
How often does actual cheating happen in WoW, anywhere it matters? M+? Raiding? PvP?
Most of cheating is botting. When bots farm dungeons or other activities, earn gold and then that gold is being sold at black markets for dollars to other players.
That's indirectly hindering other players progression, because it causes deflation (so you can't earn as much gold selling your ores); because it causes inflation (more circulating gold, yes, these are contradictory); because it denies other player farm (if bot gathered ore, other player have to search for another vein) and so on; also illegal gold selling increases expectations (other players bought super good gear, why don't you do that) and causes burn-out (because farming gold fairly is much more hard, than just buying it).
But mainly it just makes players angry, because they can see these bots moving in a predetermined route and stealing resources from their noses. I'm not really sure if bots are that bad in the grand scheme of things, but living players certainly don't like to compete with automatons.
There were also cheaters who used instant cast interruptions at arenas, but it seems that competitive PvP is not that popular nowadays so I'm not sure how it's wide spread.
[dead]
I agree that it's a problem, having a strong support system for remediating false bans is very important.
[dead]
Everything you described increases the cost of attack (creating a cheat), and as a result, not everyone can afford it, which means anti-cheats work. They don't have to be a panacea. Gameplay analysis will only help against blatant cheaters, but will miss players with simple ESP.
It's almost the same as saying "you don't need a password on your phone" or something like that.
> but will miss players with simple ESP.
False, people that have information they shouldn't have will act in detectable ways, even if they try their hardest not to.
Economics work out, harder to make means that it's more profitable to do so. DMA crackdown has actually lead into innovation which has drove the prices down for "normal" DMA hardware what used to be thousands is now $120, excessive spoofing detection has driven down the cost of bios level spoofing and as a result the creation of bios level DMA backdoors - no additional hardware required.
ESP is a lot more obvious to a machine than one might think, the subtle behavior differences are obvious to a human and even more so for a model. Of course none of that can be proven, but it can increase the scrutiny of such players from player reports.
The number of people willing to spend $120 and hook up a hardware device compared to downloading and running an executable is significantly less. That’s kind of the point of it!
You are already spending more than $120/month on the executable. The hardware device cheap inclus
You can achieve the same with usermode anticheats, once you have bare minimum obfuscations the level of entry is roughly the same as kernel mode anticheats in terms of price. Cheats cost more than $100 a month (rest are scams or don't put any effort into being undetected).
A DMA cheat requires a hardware change (and a second device). That is a much higher barrier than a download plus reboot.
> you can achieve the same with user mode anticheats
A user mode anti cheat is immediately defeated by a kernel mode cheat, and cheaters have already moved past this in practice.
A user mode anti cheat (on windows) with admin privileges has pretty much full system access anyway, so presumably if you have a problem with kernel AC you also have a problem with user mode.
Lastly, cheating is an arms race. While in theory, the cheaters will always win, the only thing that actually matters is what the cheaters are doing in practice. Kernel mode is default even for free cheats you download, so the defaults have to cover that.
this is a common misconception, just because you're in kernel-mode doesn't mean you are immediately undetected and things are not as easy people initinally think.
First, point of ingress: registry, file caches, dns, vulnerable driver logs.
Memory probe detection: workingsets, page guards, non trivial obfuscation, atoms, fibers.
Detection: usermode exposes a lot of kernel internals: raw access to window and process handles, 'undocumented' syscalls, win32, user32, kiucd, apcs.
Loss of functionality: no hooks, limited point of ingress, hardened obfuscation, encrypted pages, tamper protection.
I could go on, but generally "lol go kernelmode" is sometimes way more difficult than just hiding yourself among the legitimate functionality of 3rd party applications.
This is everything used by anticheats today, from usermode. The kernel module is more often than not used for integrity checks, vm detection and walking physical memory.
It's too bad we have to play this semantics game of "most vs all" every. Single. Time. On. This Damn Site.
So let me summarize the above thread:
Yes, there will always be workarounds for ANY level of anti-cheat. Yes, kernel-mode anti-cheat detects a higher number of cheats in practice, and that superiority seems durable going forward.
There, I think we can all agree on those. No need to reiterate what has already been posted.
I think it misses the fact that kernel anticheats generally do not reduce overall cheating compared to a good user-mode anticheat + good obfuscation and binary protection + strong report system and behavior analysis. If you add a kernel-mode anticheat to that I'd estimate that it helps only around 5% more while being way more invasive and causing widespread issues (as the original blog describes).
source: observation of games implying stronger anti-cheat measures over time and customer count staying exactly the same or growing. league of legends is a prime example, although it did create a crater for awhile. this all comes from people who actively sell cheats.
I’m sorry but what’s your source for this? This is a fairly wild claim.
huh, couldn't reply for awhile.
anyway: I already edited with the source.
Sorry, what's wild about it? It's a pretty standard observation that defense in depth beats "here's a silver bullet to solve X". Is there something about gaming (or preventing cheating in gaming) that makes that not true?
>It's quite literally impossible to cheat anymore (in a way that disturbs normal players for more than a few games)
AKA the way that is easiest to detect, and the easiest way to claim that the game doesn't have cheaters. Behavioral analysis doesn't work with closet cheaters, and they corrupt the community and damage the game in much subtler ways. There's nothing worse than to know that the player you've competed with all this time had a slight advantage from the start.
In CS2, the game renders your enemies even though you can't see them (within some close range). The draw calls are theoretically interceptable (either on the software/firmware or other hardware level). Detecting this is essentially impossible because the game trusts that the GPU will render correctly.
if you cheated with wallhacks, post-game analysis can detect it.
And it is possible to silently put you into a cheating game match maker, so that you only ever match with other cheaters. This, to me, is prob. the better outcome than outright banning (which means the cheater just comes back with a new account). Silently moving them to a cheater queue is a good way to slow them down, as well as isolate them.
> post-game analysis can detect it.
Not with 100% accuracy. This means some legitimate players would be qualified as potentially cheating.
You don't have to play with wallhacks constantly on, you can toggle. And it doesn't detect cases where you're camping with an AWP and have 150ms response time instead of 200ms. Sometimes people are just having a good day.
> cheating game match maker
This is already a thing. In CS2, you have a Trust Factor. The lower your trust factor is, the bigger the chance you will be queued with/against cheaters.
[dead]
Overwatch has made the decision that closest cheaters are not a problem and have actually protected a cheater in contenders, although they were forced to leave the competitive scene. None of it ever became public.
How do you know if none of it went public?
Word of mouth, but if you looked at their twitter and proof presented it was undeniable. If you want to go digging check a french contenders player that there are videos of with an instance of where the aimbot bugged out and started aiming directly at the center of a player with perfect reaction time and movements.
Every other competitive game regularly has public cases of cheaters being caught in pro games, overwatch doesn't.
Wait... Your proof that something has happened is that there is no proof?
Do you really think that's not sufficient for the purposes of this conversation?
Absolutely not. Making wildly speculative claims and saying that the lack of proof of it not happening is conspiracy theory territory
Why do you think this claim is "wildly" speculative as opposed to merely speculative?
We have two possible options here, it's pretty obvious which is the more likely one.
It is pretty ridiculous to suggest that nobody has ever been caught cheating in overwatch pro games.
“Trust me bro”
Don't forget that ActiBlizz are also pretty much the only ones regularly taking legal action against pay2cheat developers, see Bossland/EngineOwning.
I saw engine owning lawsuit verdict as the biggest loss for the companies. They proved that you can continue running a cheat provider service out in the open.
They won way more than they lost, people who left got given a free pass for ratting the remaining people out.
Taking a probabilistic approach to ban people… so if enough people start cheating it's fine?
Kernel AC is currently the best way to protect against cheats by far, the game with the strongest protection is Valorant and it works very well. OW2 is lightyears behind Valorant.
Not sure what your point is. Most of your post is inaccurate, DMA cheats represent the minority of cheats because they're very expensive and you need a second computer.
elitepvpers - it's public. DMA cheats have grown and are the primary way people cheat in games these days it makes around 5m/month [retail] just from one of the providers that I know in the scene this includes selling the hardware, the bypass and the cheats (not under the same umbrella for obvious reasons).
The scene has shifted immensely in the last few years, everyone and their grandmother has DMA now, I mean you can buy these off amazon now. Korean's are a bit stuck since most of them use gaming cafes so they've been slow adopters, but cafe shops have the benefit of using an old version of hyper-v which allows you to just use the method described above. Hyper-V cheats are the most popular for valorant.
I would argue that valorant and overwatch are pretty much on the same level based on what it feels to play. I've seen just as many visible cheaters in valorant as in overwatch. Although I will admit that I am pretty outdated myself since around mid 2025. Valorant allows you to ** around so that might be related, overwatch bans rage hackers way faster than valorant does as well.
So no, my post is pretty accurate.
OW2 is very different from CS and Valorant, OW does not suffer from cheat the same way because it's not a pure aim based game game with hitscan as the main thing. The vast majority of classes don't benefits from cheat like other fps do.
I did main support and tank at master level in OW and beside esp there is 0 benefit of cheating.
Asked a guy I know since 2021 said that ability helpers are the most important features for an overwatch cheat and that ESP is basically unusable in gm since you get almost immediately called out for it, they are quite just sus you out and report. Trust score of high rated players eventually gets you banned (assumption).
[dead]