Anticheat in Popular Demo Sparks Concerns; Trouble With Removal
The demo of Undecember available on Steam has sparked concern among players. Some of them claimed that a suspicious software was among the game's files. The program turned out to be the anticheat system, which is not easy to remove from a PC.
On Steam you can check out the game Undecember, a hack'n'slash game by Korean studio Needs Games, before its official release.
The demo of this free-to-play game has gained considerable popularity in recent weeks, however, not only due to pre-release marketing, but also as a result of player concerns about suspicious content found in the game's files.
What's in the files
The program in question is nProtect GameGuard, which acts as an anticheat. The services of this software have been used over the years in many online games, such as Metin 2 or PUBG. You can find a list of games using this tool here.
The problem is that GameGuard acts like a rootkit, a piece of software that is often used in hacking attacks. Some gamers were quick to jump to the conclusion that GameGuard seems suspicious, even if in theory it is just an anti-malware program.
BUT WHAT BASICALLY IS A ROOTKIT?
A rootkit is a tool that hides dangerous files and processes on a system. Rootkits hide deep within the operating system, so that often the user is unaware of their presence until unwanted activity becomes apparent.
Although a rootkit in itself is not a virus, it can put our hardware and data at risk.
A suspicious anticheat?
Some players who have installed the demo of Undecember and noticed the presence of nProtect GameGuard, began to report various unwanted actions.
One of the Steam users observed that the rootkit remains present on our system even after uninstalling the game. The removal of GameGuard itself is also not an easy process and requires quite a bit of effort (more at this link).
Another player observed that the software tried to download some file on its own without the administrator's permission:
"This game uses a very old version of nProtect GameGuard. The game worked fine the first time. The second time, nProtect started using 56% of my CPU (r7 5800x); I had no idea why. It then opened a very old version of Internet Explorer and tried to open pages and download something immediately; I killed the process before anything continued.
I was unable to start the game a second time - it always gets huge CPU usage and then the game crashes.
After many inquiries typed into Google [I found out - ed. note.] that nProtect deliberately opens an outdated and unsafe web browser to try to open a page that says you have to uninstall and reinstall GameGuard to fix it, and tries to force a download of the application used to remove GameGuard. This is suspicious as hell."
Although we're dealing with isolated incidents, and GameGuard itself has been used in many games for years (this fact is brought up by gamers claiming that the program isn't the problem), some people approach anti-cheat software with a lot of distrust.