But… have you considered having control of 0-ring software that runs on hundreds of millions of computers, that can perform targetted updates to change behaviour on just a select few computers, even interact with the network adapters unbeknownst to the OS.

I’m not talking about zero days popping up for this. But rather, this being part of the design?

A less nefarious application: The root kit anti cheats already continuously monitor processes. Say it finds a crypto mining one. It can request the instructions needed to search for a wallet and snatch that off.

A more nefarious one: RK is known to be in the device owned by the kid of a military contractor. Etc.

Trusting the client is a fools errand. So we are in complete agreement. I never understood why the effort isn’t placed on server side. People are very good at knowing when others have cheated. They know this from information that exists on the server side, so with the correct classifier, the server should also be able to know this.