I mean, they're not rootkits. Rootkits are either to gain root access (thus the name) or to hide something from a user. Anticheats don't do either of these.
They expose a kernel API to allow games to verify the state of the system, and they're knowingly installed by the user.
I'm already counting down the days for eBPF to blow up in our face.
But admittedly, it's the cheapest way of gaining more capabilities and privileges than you need, thus it's here to stay.
That's not really possible as long as the kernel allows the loading of arbitrary user-provided modules. Because the cheater will certainly run the cheat that requires kernel mode. If it's run in kernel mode, the API call can be intercepted.
How does the anticheat then work? Corewars. It's a cat and mouse game between the cheat provider and the game developer.
One would need a secure base layer, where also the MS anti-cheat lives, and all drivers can only run in a layer between this base layer and userland. I think that's already done for most of the graphics stack.
On the other hand, I am not convinced I want a system where I cannot load arbitrary kernel mode code if I choose to do so.
Riot games use theirs (Vanguard) to improve detection of cheating software. basically the idea is by being on from the moment the computer is booted up it can validate the environment better.
Here's a recent blog post by riot detailing their recent deployment of the system for league of legends, the biggest online multiplayer game in the world
They expose a kernel API to allow games to verify the state of the system, and they're knowingly installed by the user.