As someone who has been on both sides, developing cheats and working in anticheat, AC on linux will always be significantly gimped compared to windows because of GPL related issues, anyone saying otherwise is doing it entirely for marketing reasons.
On windows a closed-source driver that can utilize and scan for anomalies in reverse engineered undocumented internal kernel structures is feasible. If you want to do something similar on linux you need to find a reverse engineer that has never laid eyes on linux kernel sources(good luck with that), have them reverse engineer and take very detailed notes on relevant kernel structures and functions, and then find a software developer that has also never laid eyes on kernel sources to write a driver according to those notes. Needless to say, this takes a fair amount of time and therefore money.
The alternatives are to implement your detections in usermode, where they can easily be fed false information from the kernel, or to publish the source code for your detections making them almost worthless.
Cheat developers have it much easier, they do not give a fuck about licensing and will just read kernel sources and ship a closed source driver, or ship a hypervisor that tampers with kernel data structures that they are able to just copy and paste out of the sources.
On windows a closed-source driver that can utilize and scan for anomalies in reverse engineered undocumented internal kernel structures is feasible. If you want to do something similar on linux you need to find a reverse engineer that has never laid eyes on linux kernel sources(good luck with that), have them reverse engineer and take very detailed notes on relevant kernel structures and functions, and then find a software developer that has also never laid eyes on kernel sources to write a driver according to those notes. Needless to say, this takes a fair amount of time and therefore money.
The alternatives are to implement your detections in usermode, where they can easily be fed false information from the kernel, or to publish the source code for your detections making them almost worthless.
Cheat developers have it much easier, they do not give a fuck about licensing and will just read kernel sources and ship a closed source driver, or ship a hypervisor that tampers with kernel data structures that they are able to just copy and paste out of the sources.