So yeah, I want to discuss or point out why I think Valve needs to fix Anti-Cheat issues. They have VAC but apparently its doing jackshit, be it Counter Strike 2 (any previous iterations) or something like Hunt: Showdown the prevalence of cheating players is non deniable. For me personally it has come to a point that I am not enjoying playing those games anymore, although they are great games by itself. But the amount of occurrences being killed or playing against cheaters is at a height, where I don’t see the point anymore.
- Why I think Valve is the only company able to something against cheaters?
Because they have the tools with VAC already aiming to prevent cheaters. Valve has got the resources to actually invest into something more profound which could be used for any game where anti-cheat protection needs to be implemented. And lastly Valve is the company which is interested in furthering the ability to gaming on Linux, the anti-cheat solution needs to work on both operating systems. Only Valve has the motivation and means to achieve that with their knowledge and resources. What do you guys think about the topic? Is the fight against cheaters hopeless? Do you think some other entity should provide anti-cheat protection, why? I skimmed over “anti cheat in linux kernel” posts in the net, but I have very little knowledge about the topic, what is your stance on it?
Edited: Mixed EAC with VAC. EAC seems to be part of Epic Company. Both of these tools seem unable to prevent cheating like mentioned above.
Hear, hear.
Quick disclaimer, I’ve been involved with FOSS shooters for something like 20 years now. I mention that to establish where I come from: in a FOSS game anybody can modify the game client all they want, so all the bullshit is out of the way from the start. You can’t hide behind make-believe notions such as “they can’t modify the client” – which is one of the major lies and fallacies of commercial close-source games. If there’s something you don’t want the client to know or do, you make it so on the server.
There is a lot of things that the server can do that can severely limit cheater shenanigans. If you don’t want them to see through walls then don’t tell them what’s behind walls. If you don’t want them to know what’s behind them then don’t tell them what’s outside their cone of view. If you don’t want them to teleport look where they were a moment ago and where they claim to be now and figure out if it should be possible. You get the idea.
Aimbots can be detected because at the core it’s a simple issue of the client’s aim snapping from one place to the target too fast. What’s “too fast” and the pattern of the movement can be up for debate but it can definitely be detected and analysed and reviewed in many ways – regular code, AI, and human replay.
If this kind of analysis is too much for your server to perform in real time (it was too much, 20 years ago) then you can store it and analyse it offline or replay it for human reviewers. You can fast-parse game data for telltale signs, analyse specific episodes in detail, and decide to ban players. Yes it happens after the game was ruined but at least it happens.
There are a couple of types of cheating that you can’t detect server side:
Some of the most fun games I’ve seen did not care about HUD mods and macros and on the contrary embraced them. You want to write a macro that will auto-purchase the best gear based on your available coin after respawn? Knock yourself out, because what constitutes “best” gear changes depending of the circumstances, and a veteran with a pistol can smoke your ass anyway if you don’t know how to properly use that fancy plasma gun.
I’ve mentioned human review above which brings up an interesting feature that I don’t see implemented in enough games: saving and replaying game metadata. It’s stupidly simple to store everything that happened during a match on the server side and it doesn’t take much space. You can offer that recording to seasoned players to replay on their PC which allows them to see the match from any player’s point of view. An experienced veteran can notice all kinds of shenanigans this way – and it’s also an excellent e-sport and machinima feature that enables commentary, editing, tutorials and so on.
Edit: Oh, forgot one thing. You may be wondering, then why don’t the big game companies do all this? Simple, cost. Why should they pay for server juice and staff to review games properly when they can slap a rootkit on your computer and use your resources?
Sometimes, just for practical performance reasons, with realtime games, the client is gonna need access to data that would permit one to cheat. You can’t do some game genres very well while keeping things on the server.
Consoles solve this by not letting you modify your computer. I think that if someone is set on playing a competitive game, that’s probably the best route, as unenthusiastic as I am about closed systems. The console is just better-aimed at providing a level playing field. Same hardware, same performance, same input devices, can’t modify the environment.
'Course, with single player games, all that goes out the window. If I want to modify the game however I want, I should be able to do so, as it doesn’t hurt anyone else. I should be able to have macros or run an FPS in wireframe mode or whatever.
For PC competitive multiplayer, in theory, you could have some kind of trusted component for PCs (a “gaming card” or something) that has some memory and compute capability and stores the stuff that the host can’t see. The host could put information that the untrusted code running on the host can’t see on the card. It also lets anti-cheat code run on the card in a trusted environment with high-bandwidth and low-latency access to the host, so you can get, for example, mouse motion data at the host sampling rate for analysis. That’d be a partial solution.
Sure, it’d be a solution for five minutes until someone delids the secure enclave on the gaming card, extracts the keys, and builds their own open source hw alternative.
High-performance FPGAs are actually relatively cheap if you take apart broken elgato/bmd capture cards, just a pain in the butt to reball and solder them. But possibly the cheapest way to be able to emulate any chip you could want.
Not a problem. You can potentially go for an attack on hardware, maybe recover a key, but you have a unique key tied to it. Now the attacker has a key for a single trusted computer. He can’t distribute it with an open-source FPGA design and have other users use that key, or it’ll be obvious to the server that many users have the key. They blacklist the key.
It’s because hardware is a pain to attack that consoles don’t have the cheating issues that PCs do.