Regular user mode software can be sandboxed by running the games in their their own user/graphical session dedicated to that specific game. Kernel mode software can by pass all security features implemented in the OS however.
If you run everything in a single account what you say is true, but at least some people do use basic sandboxing methods like described above, which makes kernel-mode anti-cheat much more invasive.
If you run everything in a single account what you say is true, but at least some people do use basic sandboxing methods like described above, which makes kernel-mode anti-cheat much more invasive.