Every article tag can be clicked to get a list of all articles in that category. Every article tag also has an RSS feed! You can customize an RSS feed too!
We do often include affiliate links to earn us some pennies. See more here.

Tim Sweeney has a point about Fortnite EAC support

By -

One of the big topics of discourse in the Linux gaming sphere recently has been Tim Sweeney's statement on porting Fortnite to the Steam Deck, where Sweeney argues that Linux would be too difficult of a target and the market not big enough to warrant the amount of resources it would take to bring all of Fortnite on the platform.

The central crux of the issue, from Sweeney's point of view, is that making Easy Anti-Cheat, with all of its capabilities, run on Steam Deck (and thus on Linux) would be extremely difficult. He argues, that for a game of Fortnite's size this would open the flood-gates to significant influx of cheaters.

There have been some responses to this from the Linux side, with some accusing Sweeney of exaggerating the difficulty of such a port or that his statements are conflicting, because he simultaneously believes the Linux market is too small to be worthwhile but also would provide a way for too many cheaters. I will address some of these aspects a bit later, but for now let's focus on the main technical blocker, which is Easy Anti-Cheat.

Easy Anti-Cheat, or EAC, is an anti-cheat solution which apparently comes in a few configurations. We know that it can be run in a configuration where it is compatible with Linux/Proton apparently with just a relatively simple toggle. However, this mode of operation is seemingly a comparatively high-trust configuration, where only part of the anti-tampering protections of EAC are active. This may prevent some cheats but fail to detect others, which can be perfectly reasonable for games, where the number of cheaters and potential cheaters are fairly low or other systems complement the anti-cheat solution. There are plenty of games, even some popular free-to-play titles, which at best have this level of anti-tamper protection and they don't seem to have a major cheating epidemic, so clearly in many cases this should be enough. We also don't know the scope of cheats that are detected by EAC in this configuration, so this system by itself may already be fairly comprehensive.

EAC also contains a kernel-level component, which on Windows is installed as a kernel driver. This allows EAC code to run at a very privileged level and inspect essentially any and all parts of the system in order to detect tampering. This provides a very broad level of monitoring, which is also harder to bypass. Based on Sweeney's comments, this is the mode of operation used by Fortnite. It is also a mode of operation that is technically incompatible with the Linux way of doing things.

In Linux, the standard way of delivering drivers is by submitting the driver into the kernel source code tree, which naturally requires that the driver be open source. Most drivers are delivered this way, where the driver gets tightly integrated into the kernel and the drivers are updated when the kernel is updated. There are of course some notable exceptions to this rule, the largest of which is the Nvidia driver. The Nvidia driver is instead loaded as a separate kernel module, which allows Nvidia to keep its source code hidden, but also allows the driver to be updated separately from the kernel. So, EAC could surely use this approach as well, right?

The separate kernel module approach comes with some gotchas. Firstly, the kernel is licensed under GPLv2 and many of the parts in the kernel require the calling code to also be GPLv2 due to the "viral" quality of GPL. This means that, legally speaking, if Epic were to turn EAC into a kernel module and started poking around the kernel APIs, they'd have to open source EAC or they'd be in a legal grey area. The first approach is obviously not possible due to their business model and the second is at least not a great look.

Another problem with separate kernel modules is that the Linux kernel only guarantees a stable user-facing interface. This means that almost anything is allowed to change inside the kernel as long as user-level programs continue functioning. This is also the reason why sometimes the Nvidia driver stops working when you upgrade from one kernel to the next without installing an up-to-date Nvidia driver as well. So, when Sweeney is complaining about the multitude of kernel configurations, he's not wrong. EAC would need to maintain a compatibility shim similar to that of the Nvidia driver, which ensures that the EAC kernel module functions with each kernel version out there. Every time the kernel updates, an EAC engineer would need to go over the changes and update the compatibility shim every time there's a breaking change while still maintaining the compatibility with older kernel versions.

Theoretically you could overcome this problem somewhat by only targeting the Steam Deck and its SteamOS. This would give you a single kernel version to target, although Epic would need to negotiate with Valve in order to ensure their driver is somehow shipped with SteamOS.

But the problems don't end there. Since Linux is a fully open platform, there is technically nothing that would prevent a determined cheater from cracking open the Linux source code and making some tactical changes to how the kernel behaves, building the kernel and then making the EAC kernel module blind. On Windows the EAC developers can assume that the black box that is the NT kernel is at least somewhat difficult to modify by users. This means that in kernel-space they can assume some level of security through obscurity. On Linux this assumption does not hold. The only way for Epic to overcome that problem would be to negotiate with Valve to lock down the Steam Deck, which Valve has already decided not to do.

So, from EAC's point of view the Linux platform can never be quite fully trusted, which is entirely fair, because from the user's point of view EAC can never be quite fully trusted.

But surely Epic could still somehow bring Fortnite to the Steam Deck, right? Surely they could ship a version of Fortnite without the kernel-level component, right?

That they could, which brings us to the points about market share and the viability of cheating. Sweeney argues that the Linux market is too small, which initially sounds a bit odd because he then goes on to worry about the large numbers of cheaters. The kicker is here that the small Linux market doesn't necessarily guarantee a low number of cheaters. If it turns out that certain cheats are possible via a Linux version of Fortnite, this will attract some cheaters to use the platform in order to bypass EAC. It won't be all of the cheaters, many casual cheaters would likely not bother to learn Linux in order to cheat in a video game, but there is no doubt a group of cheaters that would take the opportunity. So, Fortnite would see some increase in cheating, but without good data it is hard to determine how big that effect would be. However, considering the popularity and free-to-play nature of Fortnite, it could very well be that it would be an attractive enough target for cheaters to attack even if there is a slightly higher initial investment. Cheat makers on the other hand would probably eventually find ways to package their offerings in an accessible enough format, like boot-to-cheat USBs or pre-configured VM images.

Some solutions to this problem have been proposed. For example, they could silo Steam Deck/Linux users in such a way that they will never come into contact with the rest of the playerbase. This would contain cheating, but it's also a hard-handed measure that would likely be unpopular. It would also require some amount of work to accomplish and I think it's fair for Epic to discount options that would cause extra work on them.

So, what's the solution to the problem? Here's the thing: I don't think there is one. My personal opinion is that client-side anti-cheat is fundamentally limited and taking it into the kernel is a bandaid that comes with excessive cost and is simply incompatible with the Linux platform. So, as long as Epic insists on maintaining its current anti-cheat approach with Fortnite, I just don't think there's going to be Fortnite on Linux.

And that doesn't mean Tim Sweeney is wrong or lying about the difficulties of adapting that approach to Linux. It just means that a new or different approach is needed in the future.

Article taken from GamingOnLinux.com.
54 Likes
About the author -
author picture
I'm a Linux gamer from Finland. I like reading, long walks on the beach, dying repeatedly in roguelikes and ripping and tearing in FPS games. I also sometimes write code and sometimes that includes hobbyist game development.
See more from me
The comments on this article are closed.
142 comments
Page: «7/15»
  Go to:

Shmerl Feb 10, 2022
Quoting: RCLSo no, unfortunately there is no easy way around "client-side anticheat" problem. This is not about the laziness

It totally is about laziness, or more exactly about greed. You can develop AI to detect "cheating" by analyzing user's behavior on the server side and continue improving it to maintain a level that's "good enough". The elephant in the room is that there is no need for "perfect" anti-cheat. And their client one isn't perfect anyway. They simply don't want to spend on AI. It's much cheaper to force spyware on the user and pretend it's the right way to solve the problem.

Also, attitude of developers who push this trash is simply disgusting. Check this for example:

https://www.leagueoflegends.com/en-us/news/dev/dev-null-anti-cheat-kernel-driver/

QuoteThis isn’t giving us any surveillance capability we didn’t already have. If we cared about grandma’s secret recipe for the perfect Christmas casserole, we’d find no issue in obtaining it strictly from user-mode and then selling it to The Food Network. The purpose of this upgrade is to monitor system state for integrity (so we can trust our data) and to make it harder for cheaters to tamper with our games (so you can’t blame aimbots for personal failure).

Hear that? These idiots are claiming that their increasing spying on your is OK because they already could spy on you. With this kind of garbage logic, there is no end to it.


Last edited by Shmerl on 10 February 2022 at 7:05 am UTC
RobertKrig Feb 10, 2022
Couldn't they just have a whitelist of kernels that they allow Fortnite+EAC to run against?
At least for steamdeck they could check the hash of valve's provided kernel to ensure it's not a custom compiled one. Sure, it would mean they would need to keep an updated list of allowed kernels, but I don't think that's such a gargantuan task.

I think the "We don't want to pay Valve's fees" is probably the real reason why fortnite won't be coming to steamdeck.
Hooly Feb 10, 2022
View PC info
  • Supporter
Quoting: RobertKrigCouldn't they just have a whitelist of kernels that they allow Fortnite+EAC to run against?
At least for steamdeck they could check the hash of valve's provided kernel to ensure it's not a custom compiled one. Sure, it would mean they would need to keep an updated list of allowed kernels, but I don't think that's such a gargantuan task.

I think the "We don't want to pay Valve's fees" is probably the real reason why fortnite won't be coming to steamdeck.
And who is ultimately managing the memory that would perform that checksum calculation? The kernel.

And you could very well build your own kernel and have it lie to a module.
Asking another component if it is legit is simply naive.


Last edited by Hooly on 10 February 2022 at 7:31 am UTC
Purple Library Guy Feb 10, 2022
Quoting: RobertKrigI think the "We don't want to pay Valve's fees" is probably the real reason why fortnite won't be coming to steamdeck.
I'll repeat: There are no fees, because Fortnite is free to play, and Steam does not collect a percentage on within-game transactions, only on game (and DLC) sales. "We want to beat Valve's store" is probably the real reason why Fortnite won't be coming to Steam Deck.


Last edited by Purple Library Guy on 10 February 2022 at 7:43 am UTC
BlackBloodRum Feb 10, 2022
View PC info
  • Supporter Plus
If they brought this to Linux in the form of a kernel module.. you betcha I ain't installing it. I don't care if it works or not.

Install a rootkit that can't be inspected on my own system that works to limit my actions as well as could potentially give him, and his company complete and full access and control over my computer just to stop a few cheaters?

No thanks, you can keep your game. Running outside of userspace just for a video game? Then it's not running on my computer. Not even my steam deck (when it arrives).

Call me old fashioned if you will, but put bluntly...

No.


Last edited by BlackBloodRum on 10 February 2022 at 8:02 am UTC
toor Feb 10, 2022
Quoting: RobertKrigCouldn't they just have a whitelist of kernels that they allow Fortnite+EAC to run against?
At least for steamdeck they could check the hash of valve's provided kernel to ensure it's not a custom compiled one. Sure, it would mean they would need to keep an updated list of allowed kernels, but I don't think that's such a gargantuan task.

I think the "We don't want to pay Valve's fees" is probably the real reason why fortnite won't be coming to steamdeck.

What guarantees that the hash of the kernel wasn't forged?
TheSHEEEP Feb 10, 2022
View PC info
  • Supporter Plus
Quoting: ShmerlHear that? These idiots are claiming that their increasing spying on your is OK because they already could spy on you. With this kind of garbage logic, there is no end to it.
Except that's no garbage logic, but 100% correct.
It is exceedingly easy to spy on users already, with only user level privileges. It's how a lot of malware works already.
There are a few things (but really not much) that you'd actually need root or kernel level access for. But all of them are related to more under-the-hood stuff (like how they are trying to catch cheaters by inspecting processes, etc.).
Practically none of them are related to what people would generally call privacy (as in, personal data, habits, etc.) - as you can already get that data if you so wanted.

At least that is the situation on Windows. Remember those cases of games that would basically erase your disk on uninstallation? Those had just normal rights. If you can do that, you can do pretty much anything related to user data.
I expect it would be somewhat more difficult on Linux, but I'm not certain.

So, sorry, but the "they're spying on you" argument is bollocks.
"They" can already spy on you - if that happens or not or to what degree isn't up to you, it's up to them and/or your trust in them. If you give them the last bit of access more or not doesn't really matter much in reality.

I remember that outrage with some kind of ad service installed in games that would make calls to a webserver to see if an ad was successful. The tech illiterate media and the poor people believing it railed against that thing. "They can store your IP!"... like... yeah, everything you make a call to over the internet can do that. And assign even more data to it, if they so desire. This isn't new. Or outrageous.

TL;DR: The privacy train has left the station a long time ago. If you really do care about the privacy of your data (most people don't, and I include myself here), you'll have to jump through significant hoops to achieve a high level of it. Saying that kernel access would change a whole lot about the situation seems between ill-informed and dishonest to me.

All of that is a bit of a tangent, though. You are right that an AI inspecting what's happening on a server would indeed solve the problem, but I'll eat some cold fries if that ever happens. I hate cold fries.


Last edited by TheSHEEEP on 10 February 2022 at 8:11 am UTC
BlackBloodRum Feb 10, 2022
View PC info
  • Supporter Plus
Quoting: TheSHEEEP
Quoting: ShmerlHear that? These idiots are claiming that their increasing spying on your is OK because they already could spy on you. With this kind of garbage logic, there is no end to it.
Except that's no garbage logic, but 100% correct.
It is exceedingly easy to spy on users already, with only user level privileges.
The are big differences being:

1) With user level privileges (on Linux, without SUDO enabled) they can only collect info on the current user and that users related processes (things that user has access to). Other users and their information are safe.
2) When the game stops, the spying stops so long as its process is ended.
3) We can write apparmor or SELinux profiles or put it in other sandboxes to limit the information it has.
4) When a kernel module is involved, it has access to everything.
5) You can't sandbox it.
6) A kernel module starts up when your kernel starts, it stops when your kernel stops, so it is basically active the entire time you use your computer.
Shmerl Feb 10, 2022
Quoting: TheSHEEEPAt least that is the situation on Windows.

Normally - shouldn't be. Windows has its own ACL. If someone gives full access to their own data - well, too bad. But no, they can't already do it, unless you let them. So this logic is garbage, becasue they imply that you should let them.

And let's assume they could do it in some way. Their argument basically goes - so give us even more. My point is - it's a slippery slope. The push should be in the opposite direction, not in the direction of some dystopian nightmare.

Also the argument of "too late" is fake as it has always been. It's never too late for them to claim they need higher level of access? So it's never too late for users to push back against that trash either.


Last edited by Shmerl on 10 February 2022 at 8:29 am UTC
ShabbyX Feb 10, 2022
If ever a kernel-based anticheat is released for Linux, avoid it like the plague. Avoid it like you would a root login. Do you really want somebody snooping around *all of your memory*?
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.
Buy Games
Buy games with our affiliate / partner links: