I’m not exactly knowledgeable when it comes to kernel stuff and cheating in general. But couldn’t Linux say have some functionality in the kernel that will never lie about what apps are running and games as such as this can then query that against a blacklist for anti cheat?
I’m not exactly an expert either, but as far as I know there’s nothing stopping you from modifying your own kernel on Linux if you’re a hardcore enough Linux dork who knows how to. This is part of the reason anti-cheat developers love Windows and hate Linux, the Windows kernel is practically considered a black box that no normal user is ever supposed to touch, and Microsoft tries reasonably hard to make sure it isn’t (I had to disable Secure Boot and virtualization in my bios, and add a sketchy looking second boot option to the Windows Boot Manager, back when I paid for cheats in games). This doesn’t really work (as evidenced by the existence of kernel level cheats), but that’s the philosophy.
On Linux, there are no “normal users”. Some people run Arch for fun. Some people run Gentoo for fun. It’s the Wild God Damn West. Ergo, you can say “well the kernel will have this functionality built in”, and that’s all fine well and good – but there is nothing stopping someone else from coming along, yanking it out (or better still, modifying it to always pass “yep no cheats here” to any anti-cheat, even when there are), and recompiling their own kernel; because the design philosophy in Linux (for the most part) seems to be that the meatbag sitting at the keyboard is God, not some corporation. Which, considering how Microsoft is enfuckening Windows, I consider a good thing.
Kernel anti-cheat is a bodge, a stopgap, a last-ditch effort to save money instead of hiring staff that actually give a shit about supporting a game for people who’ve already parted with their money and moderating it properly. You know the only games I was never able to cheat in/didn’t see many cheaters in/didn’t ever really want to cheat in, for that matter? The games where the developers actually gave a shit, made a good game that didn’t exploit the player, and paid moderators to do a good job keeping it free of other shitheads. Kernel anticheat wasn’t even a speedbump, not then and I doubt it would be now. It’s a shortcut taken by lazy and/or greedy companies who would rather compromise user security and eke out a few more percentage points of net profit up-front instead of investing in the long-term health of their community.
disclaimer: I am not a hardcore linux dork. I like Linux Mint nowadays and have for the past couple years because it just works and doesn’t give me shit. I could be wrong, but that’s the gist of it as it is understood by me.
There is a way to kinda make this work, this would be hardware based security. You could use a TPM to make reasonably sure the kernel is e.g. mainline / hardened / anything else acceptable. Hardware vendors (i.e. Intel, AMD etc.) would have to provide a service where they hash the kernel alongside their keys for the game devs to check against (probably not for free). You would absolutely have to use Secure Boot tho, and eventually keys may be leaked. Another possibility would be devs connecting directly to your TPM to make sure (afaik this is possible in principle, but not mean to be used that way).
I think there are easier ways to prevent cheating tho, for example simply detecting suspicious activity on the server side, i.e. stats go way up, looking at data coming from clients other than yours.
