"Rootkit" is a word that comes up in security, in malware, and increasingly in conversations about anti-cheat. Understanding it explains a lot about how modern cheating and anti-cheating actually work.
What a rootkit is
A rootkit is software that operates at a deep, highly privileged level of a system — often inside the operating system kernel — specifically to hide its presence and keep control. The defining trait is concealment: a rootkit is built so that the system's own tools do not report it. If you cannot see it, you cannot easily remove it.
Why depth equals power
The operating system is layered. Ordinary programs run with limited permissions; the kernel runs with full control over memory, hardware and every process. Code at that depth can decide what the layers above are allowed to see. That is what makes a rootkit powerful — and dangerous — when it is malware.
The link to cheats
Modern game cheats have pushed into exactly this territory. A kernel-level cheat uses rootkit-like depth to hide from anti-cheat software: if the cheat sits deeper than the anti-cheat, it can try to conceal itself the same way a rootkit conceals malware. This is the core of the cheating arms race.
The link to anti-cheats
It also explains why anti-cheats went to the kernel. To detect something operating at rootkit depth, you generally need to be at that depth too. A kernel-level anti-cheat is not trying to be a rootkit — it is not hiding — but it runs at the same privileged layer because that is where it must look. The privacy and security debate around kernel anti-cheat comes directly from this.
The takeaway
A rootkit is defined by depth and concealment. That concept is the key to modern anti-cheat: cheats use rootkit-like depth to hide, so anti-cheats descend to the same level to find them. The whole kernel-anti-cheat era is, in effect, a response to rootkit-style cheating.