not_a9's comments

not_a9 · 2026-01-02T03:09:16 1767323356

Anticheat has very different requirements to antimalware.

Some interesting reads on what modern anticheats do:

https://github.com/0avx/0avx.github.io/blob/main/article-3.m...

https://github.com/0avx/0avx.github.io/blob/main/article-5.m...

https://reversing.info/posts/guardedregions/

https://game-research.github.io/ (less in detail and less IDA pseudo)

not_a9 · 2025-12-31T20:26:19 1767212779

Idle curiosity, but: does Linux have similar offerings to HVCI?

not_a9 · 2025-12-30T14:50:36 1767106236

I don’t think Witcher 3 or Cyberpunk 2077 have Linux builds available for the common folk? Cyberpunk has a ARM64 Mac build, though.

mikkupikku · 2025-12-30T17:23:04 1767115384

Huh, I could have sworn Witcher 3 did, but maybe I am misremembering it merely releasing without DRM.

chungy · 2025-12-30T22:00:27 1767132027

Witcher 2 had a Linux native build, but never Witcher 3.

not_a9 · 2025-12-28T18:05:47 1766945147

> We all know they are inefficient and weaponized by hackers.

Name an exploit in EAC/BattlEye/Vanguard/FaceIT/whatever other big name anticheat middleware (though Vanguard and FaceIT don’t sell their services I think) that has actually been used for anything.

Genshin Impact’s driver got used as a vulnerable driver that one time, yeah. EAC had an exploit to inject your own code into processes, but that quickly got patched (https://blog.back.engineering/10/08/2021/).

Aerroon · 2025-12-28T20:26:53 1766953613

ESEA's anticheat was used to mine Bitcoin on the players' computers. They are/were a major competitor of FaceIt. They supposedly had to pay a $1 million settlement over it.

So not an exploit, but even worse.

sylware · 2025-12-29T10:40:44 1767004844

Well, I read HN. I did stop counting.

Unless you beleive in the conspiracy of AI generated news on HN.

You are the same type of guys who is going to try to sell 'computer security' as a deliverable, thing which does not exist.

Please, stop that.

not_a9 · 2025-12-28T18:02:14 1766944934

> because Epic has chosen not to support Linux

Because Epic doesn’t want payhack configs to be advertised in whatever leaderboards Fortnite has, like CS2 had for a while.

cedws · 2025-12-28T19:17:43 1766949463

Fortnite is easy to run in a hypervisor and also cheaters are using hardware DMA to cheat these days anyway. The proposition that Linux enables more cheating relative to Windows is unproven.

not_a9 · 2025-12-16T19:30:06 1765913406

Fun fact: LuaJIT FFI actually has a similar feature. You can do funky things like detour hooking with this functionality too.

https://luajit.org/ext_ffi_semantics.html

not_a9 · 2025-12-03T07:45:59 1764747959

Pretty sure HvH is still alive and well in CS2 and high rank Premier is still basically Valve-hosted HvH.

not_a9 · 2025-11-13T21:47:56 1763070476

(I had to make a HN account to reply to this, but…) If only Riot, Epic, BE, whoever else knew about this wondrous approach! That way they wouldn’t have to reverse half the Windows kernel to figure out ways to stop & detect hacks.

Valve (mostly) does serverside analytics for CS2 and the success of their approach can be measured by one of FaceIT’s benefits being “we have a working anticheat”.

On a sidenote, I highly recommend this presentation on anticheat stuff: https://game-research.github.io/presentations/2025-08-06-bhu...

Hikikomori · 2025-11-13T22:55:00 1763074500

Always fun to read the "why don't they just..." Comments like it's an easily solved problem.