So yeah, I want to discuss or point out why I think Valve needs to fix Anti-Cheat issues. They have VAC but apparently its doing jackshit, be it Counter Strike 2 (any previous iterations) or something like Hunt: Showdown the prevalence of cheating players is non deniable. For me personally it has come to a point that I am not enjoying playing those games anymore, although they are great games by itself. But the amount of occurrences being killed or playing against cheaters is at a height, where I don’t see the point anymore.
- Why I think Valve is the only company able to something against cheaters?
Because they have the tools with VAC already aiming to prevent cheaters. Valve has got the resources to actually invest into something more profound which could be used for any game where anti-cheat protection needs to be implemented. And lastly Valve is the company which is interested in furthering the ability to gaming on Linux, the anti-cheat solution needs to work on both operating systems. Only Valve has the motivation and means to achieve that with their knowledge and resources. What do you guys think about the topic? Is the fight against cheaters hopeless? Do you think some other entity should provide anti-cheat protection, why? I skimmed over “anti cheat in linux kernel” posts in the net, but I have very little knowledge about the topic, what is your stance on it?
Edited: Mixed EAC with VAC. EAC seems to be part of Epic Company. Both of these tools seem unable to prevent cheating like mentioned above.
Server side anti cheat can’t distinguish good players from aimbots. There are plenty of cheats that are clear bugs (like the dual wielding issue) but there will always be client side tricks that ruin games. You can prevent some of it by exchanging minimal data, but that will cause problems like “you got shot by a player that your computer doesn’t even know about”. It also requires simulating a range of permissible player movements on the server for every single player, which would ruin server performance compared to an efficient server that just relays data and enforces basic correctness.
I’m no fan of the spyware that comes with modern games, but it’s the only way to prevent cheaters ruining everybody else’s games. Cheaters ruined online gaming and I’m not sure it we can ever to back.
However, I would like games to come with servers again so you can play games on your own terms (with anticheat disabled if necessary), but for online matchmaking I don’t think we can go without spyware anymore. Let people host their own servers and deal with cheaters their own way, and let the masses who don’t want to bother with all that use whatever anticheat you deem fit.
Neither can a rootkit, which should be unconditionally illegal and send CEOs to jail for putting in their product. There are no exceptions and no scenarios where it can possibly be acceptable for a video game to access any operating system anywhere near that level. Every individual case should constitute felony hacking, with no possibility of “user consent” being a defense even if they do actually clearly and explicitly ask for “permission”.
It can’t detect hardware anticheat (i.e. a hacked keyboard + mouse + a camera + computer vision) but anticheat sure beats a lot of cheats that used to be rampant back in the day. There’s a reason cheat developers sell good working cheats for top dollar, cheating is not as easy as it used to be.
If you don’t like the software, don’t buy it, or refund it. Pirate it if you still want to play the game. Anticheat serves a real purpose that many (I would even say most) players are perfectly okay with for the benefits it brings.
Ehhhh.
If you want that, I kind of feel like the obligation should be placed on the OS (or maybe Steam or similar distribution platforms) to do sandboxing. Generally-speaking, in the computer security world, you’re better off just not letting software do something objectionable than trying to track down everyone who does it and have the judicial side handle things.
Mobile OSes and game console OSes already sandbox games that way.
PCs could have the ability to do that, but they don’t do that today.
I do think that they’re heading in that direction, though, at least relative to where they were, say, 30 years ago; at that point in time, permission tended to be really at a user level, and if you ran software on your computer, it pretty much had access to anything that the user did. Web browser are generally available and act as a sandbox for some lightweight sandbox. On Linux, Wayland’s a move towards handling isolation of apps at the desktop level – for a long time, desktop APIs really didn’t permit for isolation of one graphical program from another. Also on Linux, Flatpak and the like are aimed at distributing isolated graphical applications.
If you don’t physically control the hardware, it is not secure.
The only valid approach to preventing cheating that matters is to have authoritative servers. Nothing else works, nothing else theoretically can work, and nothing else can possibly be described as anything but malware. There is literally no possible scenario where any entertainment company knowing anything about what else is happening on your computer can be justified.
My above comment isn’t about preventing cheating, but preventing malware, like mods with a malicious payload.
I’m not smart enough to see a world where Linux and effective client side anti-cheat can cohabitate. Nothing can ever stop someone running a custom linux kernel that hides any nefarious code from the games they’re targeting. PC gaming can only head that direction to the degree that they take kernel-level control away from the user.
When it comes to windows, the devs working on kernel-level anti-cheat systems are working closely with microsoft on the implementation. To the point that, if you were to try to reverse engineer it on your own machine, in all likelihood msft could convince a court that you are hacking their system, not the other way around.
I’ve been thinking about this, and I wonder how accurate this is. I think overuse of all this modern AI nonsense is a problem, but wonder if this might be a good use case for it.
A big game will probably have huge amounts of training data for both cheaters and non cheaters. An AI could probably pick up on small things like favouring the exact centre of the head or tracking through walls.
If a user has a few reports of aimbotting, just have this AI follow them for a bit and make a judgement.
It’ll get it wrong sometimes, but that’s why you also implement a whole appeals process with actual humans. Besides, client side anticheat systems also have a nasty habit of mistakenly banning people for having specific hardware/software configs.
Please! Not just for anticheat reasons, but also for mods and keeping the game playable when the publishers decide it isn’t profitable.
I think unleashing AI on it will just cause bans for exceedingly good players or exceedingly terrible players. It’ll probably also pick up on network behaviour, so people using the same ISPs as cheaters can get banned.
Some games do employ new tactics. For example, when the game suspects you’re cheating, it’ll spawn fake opponents only you can see and check if you try to interact with them. This will defeat most wallhacks and maybe even a few aimbots.
I don’t think client side anticheat is the reason games stopped coming with server code. There’s a lot of money to be made selling weapon skins and lootcrates, and those investments disappear when you allow people to play games on their own. It’s awful, but unless we can convince players to stop buying this cruft, games companies won’t change their tune.
I’m a Linux gamer, every few weeks there’s a story in the news about how some random update to anti-cheat ending up banning Linux/Steam Deck users, it’s not a problem unique to AI. AI finding false positives will happen, but that’s where the “human in the loop” appeals process happens.
This is the kind of cool things that they should be doing! Try new and interesting things instead of trying to brute force anti-cheat by putting restrictions on what people can do with their computers and forcing a narrative where cheaters only exist because you weren’t strict enough.
The problem is that having an essential component of the game run on servers that only the publisher has access to is also a pretty effective way to do DRM, so they’ve got a pretty strong incentive not to do that. It’s a lot easier to ensure that someone paid for an account on publisher-run servers than that someone paid for a copy of the server and client binaries that they are in possession of.
I made an anti-cheat for vanilla minecraft once, it’s REALLY easy to tell if someone is cheating it’s just developers are grotesquely incompetent when it comes to detecting that sort of thing or (more often) just don’t give a shit. They’ll just create a naïve solution then never test it. For example: minecraft’s god awful anti-fly and anti-speedhack which is just “is the player in the air for 5 seconds” or “did the player go too fast” which is notorious for false positives and doesn’t even stop people trying to cheat, just punishes players for its own fuck-ups.
It really is as simple as creating a model of what the player should be able to do, and then nudging clients towards that expected play. Normal players will not even notice (or will be pleased when it fixs a desync) but cheaters will get ENRAGED and try to cheat harder before eventually giving up. The point of a good anticheat is not to punish players for cheating, but to make it easier and more fun to play within the rules.
It’s like piracy: We had years of systems built on punishment and all they do is create resentment and people trying to break your system, but you build a system on rehabilitation and you become one of the biggest platforms for PC gaming with people willingly downloading it.
I don’t really consider Minecraft to be a game that cares much about cheaters. I don’t even get why you would cheat at Minecraft, there aren’t any rankings or anything and you can just set up your own server with every console command imaginable.
Many games servers are written with a simple goal in mind: allow as many players as possible to play as long as possible for the lowest cost. This is especially true for first-person shooters and other timing-critical games. Constantly mapping out the possible moves for a player is quite CPU intensive when you’re trying to run servers for a million concurrent players and you need to deal with the packet processing overhead to boot.
You can do some server-side cheater detection based on modelling by taking a random player sample and analysing their behaviour post-match, but you can only record so many matches before that starts to add up.
As for piracy: we now have maybe two people in the world who can crack Denuvo games, and one of them has severe mental illness so working with her to share knowledge and skills isn’t very likely. Games do get cracked, but it takes a very long time, or it doesn’t happen at all when games aren’t very popular, or it happens because developers remove Denuvo after they’ve made enough profits that they can ship the DRM removal as a magical “add 10fps” patch. I don’t even know of any popular online games that you can still play with cracked versions on PC. Denuvo and basic always-online DRM have beaten most of the piracy scene, it seems.
And yet people did. I only brought that up as an example because minecraft is like 90% client side, proving that server-sided AC is possible.
In case of CS2, it doesn’t even ban people who teleport behind you at the first second of the round. Or killing everyone through the whole map like here (Reddit): link
That’s ridiculous. The server can definitely detect those. Valve should 100% fix their server code on this one.
That doesn’t necessarily mean client side anticheat isn’t necessary, though. You need a balance of both if you intend to have any kind of ranking or (professional) competition among all players.