Thursday, February 28th 2019

Anti-cheat Software Runs Amok Causing System Crashes in Windows 10 Insider Previews

In what is likely to cause some hand wringing or chuckles depending on upon your personality, Microsoft's Windows 10 Insider Preview Slow Ring (beta versions of the OS) has not seen a new release in months. This is due to a common Anti-cheat software running amok and causing GSODs (replacement for BSODs in preview builds). The problem itself has existed for a few months and needs to be fixed by the creators of the software as noted by Chief of the Windows Insider program, Dona Sarkar, on twitter. Apparently, this isn't something Microsoft can fix due to how the software itself functions. Essentially the unspecified anti-cheat software runs in kernel mode and tampers with various aspects of the OS that it is not supposed to tamper with. While it is possible, the software is using allowed hooks in order to function. It is also possible that in the process it is damaging kernel data structures and code. This situation is likely to stir up debate on how effective anti-cheat software is considering it seldom seems to stop determined cheaters and as of now is causing the OS crash and is proving to be a thorn in Microsoft's side.

Still, this has more ramifications than just some system crashes or a software company that needs to edit some code. It directly results in Microsoft having to delay Preview releases. Since these Slow Ring builds can't be tested or validated. Pair that with the fact Microsoft's testing of Windows 10 builds is already considered lackluster with many bugs and issues going unresolved and you end up with a rather grim situation. After all, it was only a few short months ago that the October 2018 update was released after suffering numerous problems and delays. If issues like that continue, it seems the April 2019 update could be delayed as well. To avoid this and to get something done, Microsoft will be pushing out a Slow Ring build to systems that do not have the offending anti-cheat software. Better late than never but you would have thought that this solution would have been implemented sooner.
Sources: Ars Technica, Twitter 1, Twitter 2
Add your own comment

37 Comments on Anti-cheat Software Runs Amok Causing System Crashes in Windows 10 Insider Previews

#1
Ferrum Master
Prff... it is news? It has been like that since DECEMBER?...

Anticheat has gone overbroad imho... it has no connection or responsibility from microsoft...
Posted on Reply
#2
bug
I would like to take this opportunity to thank all sites that review games for sweeping DRM under the rug :wtf:
Posted on Reply
#3
FreedomEclipse
~Technological Technocrat~
Ferrum Master, post: 4003526, member: 90058"
Prff... it is news? It has been like that since DECEMBER?...

Anticheat has gone overbroad imho... it has no connection or responsibility from microsoft...
well, rather it goes overbroad then abroad. keke

I digress... Microsoft..

Posted on Reply
#4
windwhirl
bug, post: 4003533, member: 157434"
I would like to take this opportunity to thank all sites that review games for sweeping DRM under the rug :wtf:
I thought anti-cheat was unrelated to DRM...?

If it was up to me, this late in the game, I'd say who is the developer responsible for the anti-cheat software and screw everything else.
Posted on Reply
#5
FreedomEclipse
~Technological Technocrat~
windwhirl, post: 4003551, member: 175818"
I thought anti-cheat was unrelated to DRM...?

If it was up to me, this late in the game, I'd say who is the developer responsible for the anti-cheat software and screw everything else.
I think its to do with with Microsoft allowing Xbox games to be run on PC. Its all baby steps. baby steps without hand holding of a QA department.
Posted on Reply
#6
R-T-B
Ferrum Master, post: 4003526, member: 90058"
Anticheat has gone overbroad imho... it has no connection or responsibility from microsoft...
Are you sure about that?

Say hello to Windows 10 TruePlay:



Granted, being they wrote the kernel, they are probably the only ones who can really do this right. I'm still skeptical that they will, sadly.
Posted on Reply
#7
Ferrum Master
R-T-B, post: 4003576, member: 41983"
Are you sure about that?

Say hello to Windows 10 TruePlay:



Granted, being they wrote the kernel, they are probably the only ones who can really do this right. I'm still skeptical that they will, sadly.
It is battleye and actually only it... other ones were fine. So PUBG and Rainbow 6...

If an app goes rogue and starts to mess in memory registers where it should not? It has to be compatible with the kernel, but they are the lazy bums, it has been months and they didn't fix it and ignored. It was reported in the hub.

AND most importantly... if that shit code could even work against cheaters...

also mate... insider builds doesn't have true play. yet it didn't change the behavior. You are blaming the wrong party.

Posted on Reply
#8
OSdevr
If it has to run in kernel mode it MUST be well written! Microsoft has gone to great lengths to move as many things into user mode as possible for this very reason.
Posted on Reply
#9
bug
windwhirl, post: 4003551, member: 175818"
I thought anti-cheat was unrelated to DRM...?

If it was up to me, this late in the game, I'd say who is the developer responsible for the anti-cheat software and screw everything else.
Technically, they're both rootkits :D
Posted on Reply
#10
eidairaman1
The Exiled Airman
How about wringing the nose or a hurtzdonut
Posted on Reply
#11
OC-Ghost
Why not do it like with the first few feature updates, just remove programs that are not compatible /sarcasm
Posted on Reply
#12
R-T-B
Ferrum Master, post: 4003581, member: 90058"
You are blaming the wrong party.
No, because I'm not blaming anyone. I'm only pointing out Microsoft is an anticheat industry player, not that anything is or isn't their fault.

If you need blame, battleeye does indeed suck.

Ferrum Master, post: 4003581, member: 90058"
insider builds doesn't have true play.
More like it's just on by default as a kernel feature now. It was only togglable in early builds nearly a year old.
Posted on Reply
#13
trparky
OSdevr, post: 4003608, member: 170580"
If it has to run in kernel mode it MUST be well written! Microsoft has gone to great lengths to move as many things into user mode as possible for this very reason.
Yes, because usually if you screw up in kernel land things can go really wrong really quickly. It's not like in user land where you can say... "Something went wrong, please restart the application." In kernel land, when things go wrong it's usually catastrophic and immediately ends up blue (or green) screening the PC.
Posted on Reply
#14
bug
trparky, post: 4004107, member: 170376"
Yes, because usually if you screw up in kernel land things can go really wrong really quickly. It's not like in user land where you can say... "Something went wrong, please restart the application." In kernel land, when things go wrong it's usually catastrophic and immediately ends up blue (or green) screening the PC.
Yes, but WHQL is meant precisely to ensure drivers behave. I understand no screening/validation is perfect, but a problem that goes unsolved for months is cause for concern in my book.
Posted on Reply
#15
Ferrum Master
R-T-B, post: 4003973, member: 41983"
No, because I'm not blaming anyone. I'm only pointing out Microsoft is an anticheat industry player
Gosh Frog... it is the overall toxicity towards Microsoft, for no reason, just because. Yet someone could ever properly contribute instead of whine. The whole handling of the idea testing a beta product on slow ring is to trigger bugs, the more the better.

Basically... if AMD or Nvidia driver causes gsod in a specific game, then it is their fault, okay, everyone and their dog understands it. If not then it is Microsoft's fault? Also the article is about beta unfinished product, thirds, why certain game creators do not suffer it, and for the matter switch to another anticheat group, that ships side by side inside the game, for example like Fortnite. When someone uses their head, it saves a lot of problems, ain't it? Yet someone has to make a yellow press article from it, without any experience using the insider builds at all. There cannot be any WHQL by now anyways, there is no gold code shipped. So basically Microsoft has no rights to alter their kernel code during development phase, and if it causes to break some specific code it becomes an issue? That's the whole point of this news?

From where did you pull out that TruePlay is a kernel feature now? It is actually a xbgmsvc service, as usually you have many ways of enabling windows features on or off... in current builds such service is not present at all and is omitted. Also... what it has to do with this particular issue is beyond me. They have xbox right? They really know how to protect their ecosystem for years... sky is blue also btw...
Posted on Reply
#16
lemonadesoda
I dont like that the kernel is being compromised for the sake of anti-cheat software. A better solution is for tru-play to force a locked virtualised signed environment that can only crash the game VM not bring down the whole OS.

Seriously, back to the drawing board. Find another way.
Posted on Reply
#17
bug
lemonadesoda, post: 4004423, member: 29805"
I dont like that the kernel is being compromised for the sake of anti-cheat software. A better solution is for tru-play to force a locked virtualised signed environment that can only crash the game VM not bring down the whole OS.

Seriously, back to the drawing board. Find another way.
The kernel isn't compromised in any way. That is just the nature of software that runs at the kernel level: it can take the kernel down when it breaks.
The only peculiarity here is Microsoft (and presumably the makers of said anti-cheat) being unable to figure this out for months and being unable to come up with a workaround in the meantime.
Posted on Reply
#18
trparky
This is the danger of working with undocumented APIs.
Posted on Reply
#19
lexluthermiester
WTAH, Microsoft? And you wonder why people don't want to adopt Windows 10? Monkey's diddling a football...

Yet another reason not to allow Microsoft to meddle in PC gaming. Multiplayer anti-cheat code needs to run local to the game itself, server side, NOT in the OS kernel. Luckily, I remove all of the files related to the XBox service and then delete the Xbox services themselves.
Posted on Reply
#20
FreedomEclipse
~Technological Technocrat~
Ferrum Master, post: 4003526, member: 90058"
Prff... it is news? It has been like that since DECEMBER?...

Anticheat has gone overbroad imho... it has no connection or responsibility from microsoft...
FreedomEclipse, post: 4003541, member: 38411"
well, rather it goes overbroad then abroad. keke

I digress... Microsoft..


Also - since we're heading in the same direction. Sooner or later we'll need anti-cheat for the anti-cheat to prevent the anti-cheat from being cheated <AsthamticCoughingFit> D E N U V O

Being online wont be enough.
Posted on Reply
#21
lexluthermiester
FreedomEclipse, post: 4004523, member: 38411"
Also - since we're heading in the same direction. Sooner or later we'll need anti-cheat for the anti-cheat to prevent the anti-cheat from being cheated <AsthamticCoughingFit> D E N U V O

Being online wont be enough.
I have a solution for that. Can you guess what it is?
Posted on Reply
#22
FreedomEclipse
~Technological Technocrat~
lexluthermiester, post: 4004531, member: 134537"
I have a solution for that. Can you guess what it is?
Not installing trashware?
Posted on Reply
#23
lexluthermiester
FreedomEclipse, post: 4004540, member: 38411"
Not installing trashware?
That and not playing online. Buying only DRM free games generally helps too.
Posted on Reply
#24
FreedomEclipse
~Technological Technocrat~
lexluthermiester, post: 4004542, member: 134537"
That and not playing online. Buying only DRM free games generally helps too.
Not easy since most triple ay titles comes with DRM and GoG is having a hard time financially. Steam is technically still DRM. though they used to allow a lot of games to be run in offline mode. these days not so much. Theyve even stopped L4D from being run in offline mode but that was a while ago when i attempted it.
Posted on Reply
#25
lexluthermiester
FreedomEclipse, post: 4004545, member: 38411"
GoG is having a hard time financially
Rumor, nothing more.
Posted on Reply
Add your own comment