Steam Introduces New Rules for Kernel-Level Anti-Cheat Disclosure

Valve, the company behind the Steam gaming and software distribution platform, has implemented new requirements for developers, mandating the disclosure of any anti-cheat systems that operate at the kernel level of the operating system. These changes come in response to requests from both players and developers who are seeking greater transparency regarding anti-cheat protections and additional software installed alongside games. The high level of privileges granted to such anti-cheat systems can pose significant security risks to users’ systems.

What’s Changing for Developers and Gamers?

When publishing new games on Steam, developers are now required to indicate if their games use kernel-level anti-cheat systems. This information will be displayed on the game’s Steam page, allowing users to be informed about the protection systems before installing a game. Valve also plans to review existing games and contact partners if it is found that their titles use kernel-level anti-cheat solutions.

For anti-cheat systems that operate server-side or do not require kernel privileges, disclosure remains optional. However, Valve recommends that developers provide information about any anti-cheat technologies used, as users find this information valuable.

New Uninstallation Requirements

Valve has also updated its requirements regarding file removal during game uninstallation. Developers of new projects must now include uninstallation scripts that completely remove any files created or modified during installation. This change addresses concerns that certain anti-cheat systems, especially those operating at the kernel level, may leave files behind after a game is uninstalled, which has been a source of user frustration.

Security Incidents Highlight the Risks

The history of anti-cheat technology includes incidents that demonstrate the risks of kernel-level access. For example, in 2022, a vulnerability in the Dark Souls 3 protection system allowed attackers to execute remote code on other users’ devices, forcing developers to temporarily disable PVP servers. In 2024, the CrowdStrike security tool, which also operates at the kernel level, caused widespread system failures around the world.

Conclusion

Valve’s new transparency and security requirements aim to give users more control and information about the software running on their systems. By making anti-cheat technologies more visible and ensuring thorough uninstallation, Steam is responding to community concerns and working to improve user trust and safety.