Every article tag can be clicked to get a list of all articles in that category. Every article tag also has an RSS feed! You can customize an RSS feed too!
We do often include affiliate links to earn us some pennies. See more here.

Tim Sweeney has a point about Fortnite EAC support

By -

One of the big topics of discourse in the Linux gaming sphere recently has been Tim Sweeney's statement on porting Fortnite to the Steam Deck, where Sweeney argues that Linux would be too difficult of a target and the market not big enough to warrant the amount of resources it would take to bring all of Fortnite on the platform.

The central crux of the issue, from Sweeney's point of view, is that making Easy Anti-Cheat, with all of its capabilities, run on Steam Deck (and thus on Linux) would be extremely difficult. He argues, that for a game of Fortnite's size this would open the flood-gates to significant influx of cheaters.

There have been some responses to this from the Linux side, with some accusing Sweeney of exaggerating the difficulty of such a port or that his statements are conflicting, because he simultaneously believes the Linux market is too small to be worthwhile but also would provide a way for too many cheaters. I will address some of these aspects a bit later, but for now let's focus on the main technical blocker, which is Easy Anti-Cheat.

Easy Anti-Cheat, or EAC, is an anti-cheat solution which apparently comes in a few configurations. We know that it can be run in a configuration where it is compatible with Linux/Proton apparently with just a relatively simple toggle. However, this mode of operation is seemingly a comparatively high-trust configuration, where only part of the anti-tampering protections of EAC are active. This may prevent some cheats but fail to detect others, which can be perfectly reasonable for games, where the number of cheaters and potential cheaters are fairly low or other systems complement the anti-cheat solution. There are plenty of games, even some popular free-to-play titles, which at best have this level of anti-tamper protection and they don't seem to have a major cheating epidemic, so clearly in many cases this should be enough. We also don't know the scope of cheats that are detected by EAC in this configuration, so this system by itself may already be fairly comprehensive.

EAC also contains a kernel-level component, which on Windows is installed as a kernel driver. This allows EAC code to run at a very privileged level and inspect essentially any and all parts of the system in order to detect tampering. This provides a very broad level of monitoring, which is also harder to bypass. Based on Sweeney's comments, this is the mode of operation used by Fortnite. It is also a mode of operation that is technically incompatible with the Linux way of doing things.

In Linux, the standard way of delivering drivers is by submitting the driver into the kernel source code tree, which naturally requires that the driver be open source. Most drivers are delivered this way, where the driver gets tightly integrated into the kernel and the drivers are updated when the kernel is updated. There are of course some notable exceptions to this rule, the largest of which is the Nvidia driver. The Nvidia driver is instead loaded as a separate kernel module, which allows Nvidia to keep its source code hidden, but also allows the driver to be updated separately from the kernel. So, EAC could surely use this approach as well, right?

The separate kernel module approach comes with some gotchas. Firstly, the kernel is licensed under GPLv2 and many of the parts in the kernel require the calling code to also be GPLv2 due to the "viral" quality of GPL. This means that, legally speaking, if Epic were to turn EAC into a kernel module and started poking around the kernel APIs, they'd have to open source EAC or they'd be in a legal grey area. The first approach is obviously not possible due to their business model and the second is at least not a great look.

Another problem with separate kernel modules is that the Linux kernel only guarantees a stable user-facing interface. This means that almost anything is allowed to change inside the kernel as long as user-level programs continue functioning. This is also the reason why sometimes the Nvidia driver stops working when you upgrade from one kernel to the next without installing an up-to-date Nvidia driver as well. So, when Sweeney is complaining about the multitude of kernel configurations, he's not wrong. EAC would need to maintain a compatibility shim similar to that of the Nvidia driver, which ensures that the EAC kernel module functions with each kernel version out there. Every time the kernel updates, an EAC engineer would need to go over the changes and update the compatibility shim every time there's a breaking change while still maintaining the compatibility with older kernel versions.

Theoretically you could overcome this problem somewhat by only targeting the Steam Deck and its SteamOS. This would give you a single kernel version to target, although Epic would need to negotiate with Valve in order to ensure their driver is somehow shipped with SteamOS.

But the problems don't end there. Since Linux is a fully open platform, there is technically nothing that would prevent a determined cheater from cracking open the Linux source code and making some tactical changes to how the kernel behaves, building the kernel and then making the EAC kernel module blind. On Windows the EAC developers can assume that the black box that is the NT kernel is at least somewhat difficult to modify by users. This means that in kernel-space they can assume some level of security through obscurity. On Linux this assumption does not hold. The only way for Epic to overcome that problem would be to negotiate with Valve to lock down the Steam Deck, which Valve has already decided not to do.

So, from EAC's point of view the Linux platform can never be quite fully trusted, which is entirely fair, because from the user's point of view EAC can never be quite fully trusted.

But surely Epic could still somehow bring Fortnite to the Steam Deck, right? Surely they could ship a version of Fortnite without the kernel-level component, right?

That they could, which brings us to the points about market share and the viability of cheating. Sweeney argues that the Linux market is too small, which initially sounds a bit odd because he then goes on to worry about the large numbers of cheaters. The kicker is here that the small Linux market doesn't necessarily guarantee a low number of cheaters. If it turns out that certain cheats are possible via a Linux version of Fortnite, this will attract some cheaters to use the platform in order to bypass EAC. It won't be all of the cheaters, many casual cheaters would likely not bother to learn Linux in order to cheat in a video game, but there is no doubt a group of cheaters that would take the opportunity. So, Fortnite would see some increase in cheating, but without good data it is hard to determine how big that effect would be. However, considering the popularity and free-to-play nature of Fortnite, it could very well be that it would be an attractive enough target for cheaters to attack even if there is a slightly higher initial investment. Cheat makers on the other hand would probably eventually find ways to package their offerings in an accessible enough format, like boot-to-cheat USBs or pre-configured VM images.

Some solutions to this problem have been proposed. For example, they could silo Steam Deck/Linux users in such a way that they will never come into contact with the rest of the playerbase. This would contain cheating, but it's also a hard-handed measure that would likely be unpopular. It would also require some amount of work to accomplish and I think it's fair for Epic to discount options that would cause extra work on them.

So, what's the solution to the problem? Here's the thing: I don't think there is one. My personal opinion is that client-side anti-cheat is fundamentally limited and taking it into the kernel is a bandaid that comes with excessive cost and is simply incompatible with the Linux platform. So, as long as Epic insists on maintaining its current anti-cheat approach with Fortnite, I just don't think there's going to be Fortnite on Linux.

And that doesn't mean Tim Sweeney is wrong or lying about the difficulties of adapting that approach to Linux. It just means that a new or different approach is needed in the future.

Article taken from GamingOnLinux.com.
54 Likes
About the author -
author picture
I'm a Linux gamer from Finland. I like reading, long walks on the beach, dying repeatedly in roguelikes and ripping and tearing in FPS games. I also sometimes write code and sometimes that includes hobbyist game development.
See more from me
The comments on this article are closed.
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
141 comments
Page: 1/8»
  Go to:

strangeralps Feb 9, 2022
Thanks for the sensible write-up Samsai.

Dreadfully off topic but any chance you and Liam will be available for more episodes of the Gaming on Linux podcast?
Termy Feb 9, 2022
So, what's the solution to the problem? Here's the thing: I don't think there is one. My personal opinion is that client-side anti-cheat is fundamentally limited and taking it into the kernel is a bandaid that comes with excessive cost and is simply incompatible with the Linux platform

That's the point - client side anticheat is destined to fail if the client isn't under your control. And this even includes Windows. It's no secret that EAC isn't useful to prevent cheats, it's just making it hard enough so the cheat-devs can charge money for their working cheats, thus limiting the adoption.
But of course server side anticheat would require a certain amount of "i care about my userbase", not something Epic (or any of the big publishers for that matter) are known for ^^
Xpander Feb 9, 2022
Very well said. Great article/opinion piece.
marcus Feb 9, 2022
View PC info
  • Supporter
Thanks for the write-up! Interesting read. I still think that if Valve provided a measured boot facility where a user-program could verify that it is running on an un-modified kernel then EAC could assume that there are also no kernel-level cheats present and that all kernel-level introspection APIs present correct and unmodified results.

So I'm not sure that a kernel level component is actually required. Mind you that measured boot does not imply that the platform is locked down. It only implies that user programs can check that the system was booted in a known good configuration. You are still free to modify it, however a cheat detection program such as EAC could then refuse to run.
Kimyrielle Feb 9, 2022
I think it should go without saying that any design that relies on the user having no control over their own system is broken by definition. Game devs are using flawed-by-design tools like EAC instead of designing their game from the ground up to be cheat resistant at the application level, working under the realistic assumption that the user controls the system and can do whatever they want with it. Because that's the problem. Linux isn't. Maybe Sweeny and people like him need to stop blaming an open operating system for being open, and get a clue about good security practices instead?


Last edited by Kimyrielle on 9 February 2022 at 7:38 pm UTC
dejaime Feb 9, 2022
That's just a more polite excuse than "That would help our competitors, that would be bad for us".
He's right about the fact that EAC would never stop cheaters running Linux, especially considering it can't even stop them on Windows.
Samsai Feb 9, 2022
I still think that if Valve provided a measured boot facility where a user-program could verify that it is running on an un-modified kernel then EAC could assume that there are also no kernel-level cheats present and that all kernel-level introspection APIs present correct and unmodified results.
All fun and games until someone comes up with a way to spoof the measured boot report. If you add more layers, someone will eventually figure out how to hack the layer above.
Shmerl Feb 9, 2022
Kernel level "anti-cheats" are spyware garbage that mask companies unwillingness to invest in server side AI solutions for the problem (which are expensive obviously). It's much easier to require users to install spyware and monitor their system instead. Tim Sweeny and his kernel anti-cheats can get lost.

Anyone who cares about security of their systems shouldn't come anywhere close to stuff like that.


Last edited by Shmerl on 9 February 2022 at 7:47 pm UTC
Jpxe Feb 9, 2022
View PC info
  • Supporter Plus
This article was very interesting to read and felt well researched.
KohlyKohl Feb 9, 2022
This feels like deja vu when it comes to DRM. Heard the same thing with Music and Movies and yet if you want to pirate any of those you can.

How many people are out there that want to cheat but have not used the already available Windows and Console cheat services that already exist?


Last edited by KohlyKohl on 9 February 2022 at 8:23 pm UTC
jens Feb 9, 2022
  • Supporter
Thanks for the well written and unbiased article, nice read and describes the dilemma very well!.
Nocifer Feb 9, 2022
Ah, it always feels nice when you read a well-written opinion piece by someone who gets it - whatever "it" may be!

As I said in the previous article, in essence it comes down to this: Epic as a company have two distinct sections that produce two distinct products, EAC the anti-cheat and Fortnite the game.

Epic the anti-cheat company have no problem cooperating with Valve and porting their product, EAC, to Linux and the Steam Deck via Proton, along with any caveats and gotchas this porting may have. From thereon, they leave it up to the individual game developers to choose whether they feel competent enough to iron out those caveats and gotchas and integrate EAC and bring their own product, aka their game, to Linux and the Steam Deck. But they do give them the ability to do so, even though this will primarily be to the benefit of their "archenemy" Valve and not their own.

Now, one of these individual game devs, Epic the game company, have decided that it's not worth the trouble going that route with their product Fortnite, for all the reasons outlined by Tim Sweeney, Samsai and all the rest who've more or less agreed with the validity of this argument - i.e. the caveats and gotchas. They believe the risk is not worth the effort in their particular use case. Does this decision invalidate the fact that EAC is being offered as an option for Linux? No, it does not. Is this decision illogical or hypocritical in the face of EAC being offered as an option for Linux? No it is not, because offering an option for others to use, and making use of that option yourself, are two entirely different things.

What this means is that Epic on the whole are not being hostile to Linux when it comes to EAC, IMHO it's rather the opposite. But what Tim Sweeney et al have said unfortunately does make sense, even though it may feel hurtful and/or annoying to some of us Linux fans.
elmapul Feb 9, 2022
thanks for saving me the trouble of reading 9 pages of comments and replying on why people are wrong on the internt.
actually, i think we have 12 pages there already...

we all should see that coming, but it still frustrating, we are so close, yet so far...
Lancaban Feb 9, 2022
One thing that was pointed out in the Twitter thread, and I'm not technically inclined enoguh to understand the details of.

with everything saifd about the Linux kernel and different versions and hackabiltiy etc. yet it plays on Android, even on 3rd party Roms and Kernels just fine.

Would that not have the same exact issues and from a significantly larger player base than desktop Linux users?

Right now I can take my phone, root it, throw on a different Rom, and even use a different customized kernel, and still play Fortnite. This has been done, proven, viewed, tested, and seems to be OK.
1xok Feb 9, 2022
It has something to do not only with the number of users, but also with the F2P system on which Fortnite is based.

In the course of the introduction of F2P in CSGO, the game became virtually unplayable in the normal MM. Not only were cheaters swarming, but smurfs also became a huge problem. Now that there is a paywall again, you can play CSGO well again. That is the personal experience of my gaming partners and me.

Fortnite's open access opens the door to cheaters. So the measures have to be all the more aggressive. And don't rejoice that it won't find its way into Linux. Technically, it is not impossible at all to do something like this with Linux (secure boot, signed closed source kernel modules that only load into the Steam Deck's kernel).

Valve currently does not believe in kernel-bound anti-cheat measures. But what if the Steam Deck outshines everything that has gone before?

Let me illustrate with this picture (from reddit):

Valve's Trojan Horse


Last edited by 1xok on 9 February 2022 at 8:43 pm UTC
Samsai Feb 9, 2022
with everything saifd about the Linux kernel and different versions and hackabiltiy etc. yet it plays on Android, even on 3rd party Roms and Kernels just fine.

Would that not have the same exact issues and from a significantly larger player base than desktop Linux users?

Right now I can take my phone, root it, throw on a different Rom, and even use a different customized kernel, and still play Fortnite. This has been done, proven, viewed, tested, and seems to be OK.
Theoretically yes. I think the overriding issues are that Android is a market big enough to take the risk and generally speaking tech illiterate enough that the likelihood of someone installing a custom ROM to cheat in Fortnite is so unlikely, that it doesn't register as a realistic risk.
EagleDelta Feb 9, 2022
with everything saifd about the Linux kernel and different versions and hackabiltiy etc. yet it plays on Android, even on 3rd party Roms and Kernels just fine.

Would that not have the same exact issues and from a significantly larger player base than desktop Linux users?

Right now I can take my phone, root it, throw on a different Rom, and even use a different customized kernel, and still play Fortnite. This has been done, proven, viewed, tested, and seems to be OK.
Theoretically yes. I think the overriding issues are that Android is a market big enough to take the risk and generally speaking tech illiterate enough that the likelihood of someone installing a custom ROM to cheat in Fortnite is so unlikely, that it doesn't register as a realistic risk.

From everything I've read, they do try to prevent custom ROMs from playing the game. Even when those Custom ROMs do get it running, they have to have root disabled, play services must be installed, and safetynet must pass its checks, among other things.

So, it still requires a fairly locked down Android OS to run the game.
dibz Feb 9, 2022
It's a pretty commonly held belief that bringing something to linux exposes it to a higher breed of technical attacks, and frankly, it's not exactly wrong since more regular users are knowledgeable about doing advanced tweaks on their systems -- if not necessarily doing the hacks themselves.

That said, I've known linux people that have created cheat bots before. I hate to tell them, but those guys are ridiculously smart with windows too.
a0kami Feb 9, 2022
This indeed brings the question on future multiplayer games targetting Linux.
We need efficient models/processes/methods to prevent cheating by design in multiplayer games to come.
EagleDelta Feb 9, 2022
This indeed brings the question on future multiplayer games targetting Linux.
We need efficient models/processes/methods to prevent cheating by design in multiplayer games to come.

That may be true, but it sounds like right now, the Linux kernel itself is partially the blocker. Even if a specific kernel version was required, there would need to be additional tweaks added (and accepted) into the kernel to prevent users from running/writing programs that use the BPF VM within the kernel, for example.

That seems intense, but there are a few Windows AntiCheats that also require the user to disable certain Windows features just to use them. FaceIT requires that HyperV be disabled to utilize the anti-cheat in the CS:GO client. Basically that means, no VMs, no Docker, no WSL2, and no Application Isolation when running CS:GO on a server using FaceIT.

Anti-Cheat vendors basically would prefer that PCs running their ACs become console-like in user access


Last edited by EagleDelta on 9 February 2022 at 9:00 pm UTC
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.