Every time I see a studio ship a ring-0 driver to stop wallhacks, I remember the startup that bricked half our QA laptops after a badly signed filter driver update. Consoles and server-side checks still look cheaper than rolling your own rootkit and praying QA caught everything.
Authoritative servers are fine until the client does visibility or prediction locally; at that point the only vantage point with equal power to a cheat is ring 0. Sadly that means shipping a driver where a single unchecked pointer can turn the anti-cheat into the very rootkit you feared, QA or not.
Every time I see a studio ship a ring-0 driver to stop wallhacks, I remember the startup that bricked half our QA laptops after a badly signed filter driver update. Consoles and server-side checks still look cheaper than rolling your own rootkit and praying QA caught everything.
Authoritative servers are fine until the client does visibility or prediction locally; at that point the only vantage point with equal power to a cheat is ring 0. Sadly that means shipping a driver where a single unchecked pointer can turn the anti-cheat into the very rootkit you feared, QA or not.