It used to be pretty easy to just ban people from playing, now we're 100% reliant on their ability to do it. So we have anti-cheat which roots our computer, and still doesn't 100% solve the problem.
The reason it's necessary is because players want to be able to play with/against other players around the world. Matchmaking requires some form of anti-cheat. Running your own server as admin can't give you the degree of competitive global ranking that players enjoy today.
And cheating is an arms race. It's just hacking. You either preserve game integrity or you're going to have cheaters.
It doesn't matter how good the game developers are, someone out there is could make a better map.
The studios took control of everything, and their answer is to rootkit our computers, and to buy more DLC if we want another map.
Personally, I don't accept the premise that such studio control is necessary for me to have fun playing a game.
I especially miss custom maps.
If anything, we are in a golden age of mods!
Rust remains maybe the last true community game that's just solid all the way through where the studio is good to its players and doesn't patronize and betray them. I can have the sort of fun I would have had 20 years ago in Rust, and everything else feels like monocultural slop by comparison.
I wish more of my friends wanted to play it, and wish I had more time for it.
You reject the premise that such control is necessary for your idea of fun.
But millions of players enjoy ranked matchmaking enough that without aggressive anti cheat you will wind up with cheaters.
I hate the root kits as well, but if you spend any time playing Valorant vs CS, you will see the difference. If I play CS consistently I'll get cheaters once or twice a week. In Valorant it's almost unheard of by comparison. It sucks, but that's just what's happening.
Do I wish I at least had the option in Valorant or whatever to host a server? Absolutely. Do I think they use the rootkits maliciously? No, generally not. Do I think studios are disincentivized to provide server hosting due to DLC or microtransactions? Definitely. But I also think there's often also a game integrity component. All of these things can be true simultaneously.
I'm curious to know how player stats and global rankings truly affect game adoption (not that you can accurately measure what I'm asking for). It seems to me the more popular the game the less it matters because everyone becomes a small fish in a big pond. Rank one billion out of a gajillion. The games where it matters more would be the smaller games, which have less of a cheating problem to begin with.
I do agree however that you won't get the adoption without centralization, if only because centralization is exactly where all the money resides, via DLC and other nonsense. Therefore centralization is exactly where all the marketing money goes. And without marketing you don't usually get blockbuster games. So expecting the rootkits to go away is a lost cause, until client-side rendering goes away, at least.
That may be the answer to playing these rootkit titles on Linux: just stream it. I know it's somewhat lame, and I know it adds latency, but I seem to recall a recent demonstrate of a service where the latency is very minimal. Clearly I'm a bit out of touch with the state of the art, heh.
Larger games have the luxury of being able to place those highly skilled players into teams consisting entirely of other players of similar skill levels, against teams of similar composition. The results of those games are a better reflection of those players' skill.
Case in point, Counter Strike is a rare example of a popular game which supports both the "modern" matchmaking paradigm and the classic community server paradigm... and for better or worse the playerbase overwhelmingly prefers matchmaking.
The server browser is buried under a couple layers of obtuse menus (and, at present, is completely broken on my SteamOS machine) while matchmaking is obvious and straightforward. You cannot come to any reasonable conclusions about player preference given the way the UI drives players towards matchmaking and away from servers. If they were presented on equal footing you might have a point.
Consider also TF2. It launched as a server-based game, and in the years after matchmaking was added Valve went through many UX iterations designed to drive traffic to it before it was more popular.
If they would just let the cheaters win their way up the ranks, they could have their own little cheater lobbies and we wouldn’t have to deal with them.
When people play in these “competitive” matchmaking queues, it is more like a pickup game. If somebody shows up to a pickup baseball game with a corked bat, they are just kind of a loser and it isn’t a big deal, right? There’s no actual reward for hitting “platinum rank” or whatever in most games, other than skins or something. Nothing real is on the line.
IMO: we really should just have let these people cheat their way out of the normal matchmaking population. Smurfing is a much bigger problem. I don’t actually care if the guy dominating the match with some 60:0 kill-death-ratio is cheating or a semi-pro beating up on casuals, haha.
It's the same phenomenon you see in many sectors.
Access is democratized and the friction/barrier to play is dramatically lowered/free, and the localization is diluted or non existent and just a monoculture.
The only way that "around the world" can be relevant is ping, and the best way to manage ping is by sorting a list of servers by ping.
Cheating is an arms race that no one needs to participate in. Moderation was a perfectly good workaround until major game studios decided to monopolize server hosting.
Moderating that game is multiple orders of magnitude off of major titles.
No Battlefield game is even in the top 100 of esports earnings.
- If you were too good on some server, you'd get banned.
- If the admin doesn't know well cheating, he could tolerate something that was obvious cheating.
- Cheaters could just change server often.
It used to be easy to just ban peoples yes, and it was as easy to switch servers.
Plus on most competitive game today, you have custom lobbies, which do exactly what you want, and there is a reason why only a minority of players uses it.
Yes, sometimes you run into power-tripping moderators. That comes with the territory of having moderators. But the upsides, of being embedded in a usefully-sized community, and having nearly constant human moderation, not to mention the whole "stop killing games" of it all, far outweigh the need to shop around a bit for a good server.
I think the ideal middle ground is something like Squad's server system: The developers offer a contract to server owners, establishing basic standards that must be met to be a recommended server. Rules forbidding the crazy bigotry that milsims tend to attract, minimum server specs to ensure smooth gameplay, an effective appeals process. If a server meets those requirements, and signs the agreement to keep meeting those standards, they get put on a "recommended" server list (which 90%+ of the playerbase exclusively use). Other servers go on the "custom" server list, which can be modded, or spun up for certain events, or whatever.
That's the kind of things that were common too, maybe you forgot about it.
My negative experiences with community servers represent a pretty short list. Sometimes servers die, but games die sometimes, too. That's obviously only an issue with persistent-state games, like Minecraft, but it's unfortunate when it happens. Can't say it was so frequent that it impacted my enjoyment of any games as a whole.
Private games (now called "custom lobbies") were available back then too, they're not equivalent to a public server browser.
Back then, the most common option taken was leaving the server to find another one.
Edit to add: I'm not disputing that kernel-level anticheat is bad; I agree that it is. I don't think it helps to try and hearken back to a golden age of PC gaming that didn't really exist. Maybe it was easier for server admins to manage because player populations were smaller back then, but that's about all that would have made things "better."
Believe it or not us old folks who played during this time had ways to address these issues.
Not everyone is interested in a "fair and balanced competitive match" where you're guaranteed to win no more and no less than 50% of the time. I actually find that intolerably boring.
Lots of the mosts played competitive games have that, or third party websites/discords that have links to custom lobbies.
I have to conclude you're unfamiliar with what multiplayer gaming was like when servers were the norm.
Playing against overwhelming odds has its own kind of charm. I once spend days just sabotaging the top players on some gun game servers, only wining myself once or twice. Games against friends with various fun handicaps and flat out abuse of any knowledge you could gain from playing against the same people repeatedly - what good is a hidding spot when everyone knows you will be there 50% of the time.
"Fair and balanced" games against completely random people are just missing something for me.
Of course, classic competitive institutions had problems as well (“he’s very competitive” is not necessarily a nice description of a person!), but they seemed more enjoyable that this matchmaking stuff.
When you have accurate matchmaking, you will be playing against other players of a similar skill level. If you we're playing in single-player mode, it wouldn't bother you that some of the players were better than others.
Whether the person you're playing against is as good as you because they have aim assist, while you have a 17g mouse and twitch reflexes shouldn't matter. You're both playing at equivalent skill levels.
The only reason it matters to anyone is that they want their skills to be recognized as better than someone else's. Take down the leaderboards, and bring back the fun.
I say, let the people cheat.
You can't have accurate matchmaking and allow cheating. People cheat for a variety of reasons, at lot of cheaters are just online bullies that enjoy tormenting other players. In a low ELO lobbies, you would have cheaters that have top tier aim activated only if they lose too much, making the experience very inconsistent.
Top tier ELO would revolve around on how the server handle peeker advantage and which cheater as the fastest cheating software. It's an interesting technical challenge, but not a fun game. As soon as a non cheating player is in view of a cheating player, the non cheating player dies. That doesn't make for a fun game mechanic.
If you are in the higher skill levels, you might end up playing too many cheaters who are impossible to beat. If the cheat lets you be better than the best human players, the best human player will end up just playing cheaters.
It's almost kind of worse than this. If you are in higher skill levels, you end up getting matched with cheaters who lack the same fundamental understanding of the game that you do and make up for it with raw mechanical skill conferred by cheats.
So you get players who don't understand things like positioning, target priority, or team composition, which makes them un-fun to play with, while the aimbots and wallhacks make them un-fun to play against.
And as a skilled player, you are much better equipped to identify genuine cheaters in your games. Whereas in low skill levels cheaters may appear almost indistinguishable from players with real talent so long as they aren't flat out ragehacking with the aimbot or autotrigger.
No, it is not fun to play against smurf accounts using hacks. They aren't doing it for the leaderboards, they actively downrank themselves to play against worse players!
And no, it's not fun to play against cheaters who are so bad at situational awareness their rank is still low, but who instantly headshot you in any tense 1v1 and ruin your experience.
And no, I actually do care that people are cheating in multiplayer games because it's not fair. Since when do we reward immoral fuckwits who can't or won't get better at the game?
Why don't we just start letting basketball players kick each other and baseball players tar their hands while we're at it. Who cares if the sanctity of the sport or competition is ruined - we're a community of apathetic hacks.
The problem is that it doesn't matter how good you are. You will not beat a computer. Ever. Playing against someone who is using a computer is just completely meaningless. Without cheating control, cheaters would dominate the upper echelons of the ELO ladder, and good players would constantly be running into them.
First, cheating is absolutely still an issue in Rust. Sure, server admins can kick them out... once they have been discovered, verified by an admin, and kicked. The damage is usually done by then, and that is the best case scenario... often, the admins aren't available at that moment, because they are normal people who are not online all the time.
Plus, this means you have to search and find a good server to play on. That isn't always easy, and limits your ability to find a good game.
Second, lots of games I love to play don't make sense in the 'server hosted by a community member' model.
I love playing sports games... Madden, FIFA (now called FC), NBA2k, etc. The best way to play those games is often 1on1 against someone who is close to your skill level. It isn't fun to play against people way worse or way better than you.
The only way to do this in a way that lets me get a good game whenever I want to play is to have some sort of matchmaking system, that keeps track of how good i am and finds players who are about the same skill level. There is no way this would work on user hosted servers, and even if it did, why would a user hosted server be better at solving this problem than a company hosted one? You need a TON of players to be able to do good skill based matchmaking 24 hours a day.
I have been playing multiplayer online games for over 30 years. I started playing when I had to call my friend on the phone, tell him to tell his family not to answer the next call because it was my modem calling, and then hope to god my sister didn't pick up the phone during our game and break the connection. We had to develop a code to signal if I was actually trying to call him to talk about an issue; if I called and hung up immediately it meant I was voice calling and the next call he should answer with the phone.
I have played every iteration of multiplayer gaming. I played Warcraft II when you had to pay $20 to subscribe to Kali to use their virtual IPX service. I played local Counterstrike games at the college dorms on the local network (which was not even a switched network!) I run Minecraft servers for my kids on my local network. I have written multiplayer games for both peer-to-peer and server based multiplayer.
No, you can't recreate the modern convenience and pleasure of company provided matchmaking by going back to community hosted servers.
I ran servers for a lot of games. It was often difficult to ban people from playing. First off, someone with ban permissions would have to actually be online at the time. So often nothing would happen at all, you'd just have to leave and find a different server. Second, one could get banned, often just change their IP or use a different CD key or whatever other identifier the game used, and hop back on with a new identity.
Meanwhile discoverability of similarly skilled matches were a challenge, along with actually playing with a group of friends against new people. Its not some perfect panacea, there are a lot of things people disliked about picking private servers to play on.
Let's be real, what % people among those who game are interested in running their own game server? I'm definitely one of them, and one of my earliest tech memories was setting up a CS 1.6 game server for a bunch of classmates (and being unable to play myself because the computer had nowhere near enough capacity for both the server and the actual game running at the same time); but it's a minuscule percentage.
We had this, it worked, for years. I'm baffled by all the posters saying it won't, because it did.
Standalone servers you need to run separately and care for are much more rare.
Then, there are companies that ran a bunch of them, which lowered the ratio even further.
IMO, it's more effective, cheaper and easier to mod smaller forums (be it web communities or game server communities) than to do for huge ones.
Let's put it differently: What % of people among those who program are interested in maintaining open source software?
A very low %, and yet it's a thriving ecosystem.
To bring it back to gaming: How many people who game are interested in modding, or creating models/maps/etc? Again, a very low %, and yet...
As another example: how about hosting a website?
The entire narrative of "cheating" is a giant misdirect. People don't actually care about cheating, they care about fun. If a player is making the game less fun, it does not matter how.
The real problem is that ~10 years ago major game studios decided to monopolize server hosting. This means that the responsibility of moderation is now in their hands. The only way this problem can ever be resolved is by giving the authority to moderate servers back to players. Until then, the responsibility to moderate will be unmet, no matter how fascist and authoritarian game studios become. Fascism cannot guarantee fun!
By the time you have to wait for someone to cheat just to ban a single user, the disruption is already done. Your 4v4 45min game is already disrupted and everyone has already wasted their time now that you have to kick someone.
It's kind of like thinking you can forgo anti-bot measures because your website's users can just report the bots: by the time it's your users' problem, you've ruined the experience for everyone except the bots.
Does it mean a better experience though? This isn't like, a theoretical GP is talking about. We don't have to imagine if
> That's how bad cheating is.
Seems like the answer is no?
The difference is there is usually an existing level of trust between people playing on a private server. Usually your group would know ahead of time if someone is going to potentially be a problem.
Furthermore, even with public dedicated servers, there's a psychological aspect to it - it's no longer just a random matchmaking server; you're almost walking into someone's house. Many people feel a lot more pressure not to misbehave
Then there's the fact that you don't have to wait many days for your cheating report to hopefully be acted on. Our game got interrupted? Well, that sucks, but we can just ban that guy and go again and we likely won't have to worry that our very next game will also contain a cheater
Finally: these defences always have an implicit assumption with it: that the horribly pervasive anti-cheats actually... you know, work. They do, to a rather limited extent, but cheaters are still rampant, so what's the point?
The question is what to do about the rest of the time for everyone else. Shopping around private servers and dealing with individual server admin quirks is a regression from matchmaking UX that Starcraft had in the late 90s or that Halo 2 had in the early 2000s.
If you wanna matchmake, great, go ahead.
If you want to run a private server, you can do that too.
It's a free and open-source game, so creating a cheat client would be especially easy. But I've never encountered cheating.
I think there's a few reasons for this:
1) The playerbase is small and there is no auto-matchmaking, just a traditional list of servers. This results in the same group of people always playing together. People don't want to cheat when they're playing with acquaintances they see frequently.
2) Spectators are allowed in every game. The top-ranked games usually have several spectators.
You might think this would result in even more cheating, but in practice the spectators would prefer to watch a sneak attacks succeed, because it's funny. It's boring to be whispering the enemy secrets to you buddy on a private Discord, it's more fun to watch your buddy die in a surprising and funny way.
Also, the spectators can spot if a player does something that suspiciously well timed or lucky. The spectators see all, so they have the information needed to spot suspicious behavior.
3) Official servers create an official record of what happened in every game. The entire community has access to all the recordings. If someone thinks cheating is happening they can link to the official game recording on Reddit (or whatever) and everyone can see what happened.
4) An active moderator team reviews every report of cheating. There are official moderators that do the banning, but also volunteer moderators which can watch the recordings and create a trusted written account of what happened; this makes the official moderators have an easier job.
[1] Among the general public, not RTS aficionados. Which is unfortunate; Total Annihilation and its spiritual descendants like BAR deserve more love.
Immediately uninstalled it and haven't ever played Valorant to this day. Fuck that crap, if your community is so toxic that you need a rootkit to keep cheaters at bay, then maybe it's more of a community problem than a technological one. And yes, if this means that you have to block all of China in order to do so, then that is still a community problem. Put your rootkits on your Chinese servers, separate them out, and let the cheaters fight amongst themselves.
It's nothing to do with a toxic community.
I'm never going to play again online on any FPS because that whole incoherent bubble of crap disgusts me.
The multiplayer games community is toxic, and players are focused on success whatever the cost is. And I don't even want to touch the question of match making with a 10-foot-pole. Local, self-hosted or in small community is the best.
It always makes me happy to fire up Quake via Darkplaces or even ioQuake3 and still see servers up and people playing.
Cheating is a meat space problem and there is no technical solution to it. Thats why in tournaments there are referees standing behind the players. Ultimately it comes down to checking if metrics like reaction speed are humanly possible, but a rootkit is not really needed for that.
Incorrect. DMA (direct memory access) is and can be prevented [1] and detected [2].
[1] https://www.faceit.com/en/news/faceit-rollout-of-tpm-secure-...
[2] https://community.osr.com/t/detecting-pcie-dma-based-cheatin...
Cheating is an arms race - the number of people who are willing to run a second computer with DMA connected to a single machine is vastly smaller than the number of people who are wiling to download a dodgy file from the internet and run it.
> Ultimately it comes down to checking if metrics like reaction speed are humanly possible, but a rootkit is not really needed for that.
If it was that easy, cheating would be a solved problem. An awful lot of play is "I know the reload time is 0.75s, so they're going to appear when they've reloaded" - that's way beyond human reaction time. And that's at "mid level" play - at gold/sliver levels in league of legends knowing cooldowns is considered base knowledge. At higher levels of play, _all_ of your players are statistical outliers.
I had a realization, it's a cold day in hell when someone else is going to tell me what I can run on my computer. All the latest multiplayer games are now requiring secure boot on Win11 as well
I'm actually wary of all these anti-cheats, they're literally hyperinvasive maleware.
I don't need gaming that much.
And if I do I'll stream it with Gamepass or another cloud service.
Also, after a brief period, all of the cheaters disappeared because just repeatedly winning a PvE game get boring.
It's been fine. Surprisingly few games I'm interested in to begin with have anticheat that doesn't work on Linux, and it's comforting to know games aren't allowed to just shove trash into kernel space at will.
Linux will never compete here.
They often have complicated auth systems, etc.
I don't really want to learn a new DAW.
Counter point: gaming is fun, and indy games are worth investing in. Voting with your wallet works better if you vote for behavior that's not user hostile, rather than only abstaining.
If anything it's for the OS to care about that, not individual programs. Afaik, secure boot doesn't (on it's own) prevent the running of arbitrary software, so how is it actually preventing cheating?
It also demonstrates further levels of driver signing robustness.
Of course... at this point I am back to having a PC with a beastly GPU and I boot Windows for games and CAD. It is hard to resist high framerate 4k gaming once it becomes a possibility, so now I need to figure out the secure boot problem for the occasional game that requires it.
Although who knows, they might be outright lying about that just to scare cheaters, but I tend to default to assuming what they're saying is more or less true.
There is no Switch emulator that can play online on official servers.
The only way you can cheat online is by hacking a real console, but the percentage of people who do it is quite small.
Any Switch game using an anti-cheat solution that can't trivially detect that it's being emulated is... not using a very good anti-cheat solution.
fornite???? its not gonna be main playerbase
I'm sure there are others, but those are the 2 I play
Some actions which breach ToS may be illegal, but that has nothing to do with them being outlined in a ToS.
The obvious solution would be, just don't send data to the player's client about enemies that are behind walls. But this is a surprisingly hard thing to engineer in realtime games without breaking the player experience (see: https://technology.riotgames.com/news/demolishing-wallhacks-..., and then notice that even in the final video wallhacks are still possible, they're just more delayed).
With respect I'd like to disagree on this subtly. A lot of games have the client send their cursor position at relatively frequent updates/packages (i.e. sub-second). So the server knows pretty precisely in which direction and to which object a player is looking.
This in turn can be readily used upon when using wall-hacks, as most players, who use wall-hacks tend to almost faithfully follow objects behind walls with their cursor, which good moderators can usually spot within a few seconds, when reviewing such footage (source: I was involved in recognizing Wall-Hacks in Minecraft, where players would replace textures, to easily find and mine diamonds underground).
Examples would be pre-aiming corners and >99th percentile reaction time.
You need a false positive rate well below 1%.
It's basically the usual cat-and-mouse game of an arms race.
Instead I'm playing ARC Raiders which works perfectly on Linux and I don't regret a thing.
There's also practical limits to how much data you can filter out in complex 3D games, both due to performance constraints, and because culling information too perfectly can cause things to pop into existence too late under real-world network latency. The effectiveness of ESP cheats can be reduced, but not eliminated in practice.
This player is posting 30 auctions per second. Bot.
This player is turning at a rate of 500 radians per second to make perfect headshots. Bot.
to be honest, it isn’t particularly good - all serious CS2 games operate on a third party provider with a kernel-level anti-cheat. also, the cs2 update banned people for spinning their mouse too fast [2].
[0]: https://www.reddit.com/r/GlobalOffensive/comments/5u2xly/eli...
Even with turnrate, reaction time is very relevant. Reaction time allows you to silence enemies midcast, or to pop a shield, or a BKB, or some other instant measure. Turnrate doesn't mean reaction time doesn't matter, it means the direction you are facing matters.
As for precision, yes it does matter, ask any Phoenix player who gets hexed mid-flight.
People cheat in Dota in these very terms, it's absurd to argue it doesn't matter.
This problem is magnified in a shooter game, which would be unplayable with that kind of batching, but where a cheater with an aimbot is actually impossible for a legitimate player to beat.
If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
This is interesting, because I feel like the fundamental gameplay of an fps is players exposing themselves to each other's field of view, and then trying to click the other's head first. Skill is a measure of map knowledge (so you can try to expose yourself to a possible field of view but not where the enemy is actually looking at that moment) and speed of clicking head.
How would you design FPSs to remove this "bad game design?"
I think we just need to accept that bots will always be better at reaction based KPIs & abusing "knowing" too much game state, we should just remove those conditions.
1) Move most of the application logic to the server, the client should be a fairly dumb terminal that knows how to render and accept inputs, and only receives the state that it needs. No more spying issues.
2) Just give everybody auto aim & immediate/auto controlled firing, etc. No more aim bot issues.
3) Improve the quality of gameplay around the types of interactions which bots are bad at. Decision making, strategy, communication, execution, adaptation.
But some people just want to play competitive fps shooters. And currently obnoxious anticheat toolkits are the way to provide that, unfortunately.
This isn't possible. And this explains why: https://www.youtube.com/watch?v=WFw4F2AyaP4
We can only minimize the amount of extra information given to the client, not eliminate it. And at high enough skill levels, even 1-2ms of extra information will always be actionable, even by humans (not just bots).
From the servers perspective you always kinda do that for fast movements as the client send rate usually isn't more than 60hz.
That's just discount wallhacks. Fortnite has it and you're basically forced to use it even if you have no hearing issues, because it provides a massive advantage.
Doing everything server side does prevent cheating.
No. Server side only protects against some types of cheats, such as telling the server that your bullet in an FPS is actually a grenade.
It cannot prevent snapping your aim to a target on screen.
The other half is much harder to solve. For a simple example - my client knows that there is an enemy player around a corner. It knows exactly where that player is, because that player is walking, and making noise. A cheats could allow the cheater to see his opponent's player's model through the wall.
For a more blatant example, consider cheats in a first-person shooter that just snap your aim to the nearest enemy's head. This involves zero violation of the game's logic, and also makes the game completely unplayable for everyone in a lobby.
You can replace a playermodel with wider "sound coming from around here" if you want to make it even harder for a cheat to pinpoint a sound
This requires the server to calculate line of sight checks for every player, which is costly, requires loading the entire geometry into the server and would be horribly prone to latency. Then you're looking at potential performance problems on the client due to only knowing about a player the second its in view and having to stream the assets to the GPU, which if don't happen in time for the frame you'll experience as hitching.
> You already know where an enemy is if you hear them behind the wall
Yes but this requires using your brain rather than just seeing them straight up through a wall.
One non-trivial part seems to me that if you walk around a corner you don't want to wait 50ms (your ping) for the server to send enemy locations you can now see. Ideally every tick the server would be sending all enemies that you could potentially see before the next tick depending on what your movement packets that it hasn't yet received turn out to be. Wouldn't entirely eliminate advantage from cheating (e.g: a cheater walking around a corner could still see enemies up to a tick/~15ms in advance) but would hopefully make this form of cheating significantly less worthwhile.
This is unworkable for fast paced games.
You know they are somewhere behind the wall, you don't know which exact angle they are behind the wall, because headphones and our ears don't work with that degree of accuracy.
The cheater can just swing the corner with his cursor already pre-positioned exactly on his target. Between peeker's advantage (inherent to any online game with latency) and human reaction time, there's not a lot you can do to fight that.
There could simply be a developer option that disables these integrity checks but subsequently breaks online games that rely on them. Valve could also offer a module that allows signed user-space binaries access to kernel space, which would be an improvement over Windows offers in that anti-cheat wouldn't need to live in the kernel.
I think that's a fine trade off.
Secure Boot in theory isn't even necessary, only TPM2. Secure boot only ensure that you are actually booting into a binary that you expect to boot in this case, so if your binary is actually different it would result in different PCR values in the TPM indicating something is wrong.
Sadly a lot of end user software (flatpak, ...) isn't packaged & signed in a way which would allow for full "only run software I allow by importing public keys" (read Linux IPE[2]), but what can you do, only your best I suppose...
[1]: https://www.freedesktop.org/software/systemd/man/systemd-sys...
Given that a certain amount of windows gamers have been having issues making sure their PCs complied with the config requirements for the latest COD/Battlefield, it would seem an even higher bar for a consumer targeted bit of software that needs to do more to be running securely (or add a different mode to your distro install and reboot to it), alongside the wider variety of distros/configs. Distros advertising themselves for gaming or getting people to migrate from windows are also trying to keep barriers to entry low or to appear simple.
Those things are all possible, but really the only entity that has the power to realistically do them is the OEM - Valve could do it for SteamOS, but only on it's own hardware.
Thats the point to many things in life that you just make it more difficult and most people won’t be bothered to attempt to circumvent whatever it is.
There will still be circumventers but it is will be less than if you just said fuck it.
And if someone does the kernel bypass thing, well, rely on server-side heuristics (which are imperfect, but also unknowable to the attacker) and you'll discourage enough of that with account bans.
Helpfully eSports players tend to have video captures of their gameplay, and most of these "undetectable" cheats are real obvious if you actually watch the footage. That catches most of the serious stuff at the upper level. It's why video verification has been a thing in the speedrunning scene for such a long time.
Anyone can do that, but not anyone can simply “patch the kernel” and such.
Sure they can - download this pre-patched ISO and boot it in QEMU. Now you have a modified kernel, _and_ you’re not running dodgy spyware on your PC.
There's a subreddit called /r/vacsucks which is full of pro players blatantly cheating and getting away with it while the rest of the idiots think they're just good players.
Or, depending on your point of view, full of idiots flagging any player better than they are as cheating.
Aimbots can be "humanized" enough that any such determination becomes subjective.
That's assuming there's no money in being a cheater.
The real solution is to limit information sent to the client, make it harder for cheaters to have reliable solutions to get access to critical game information. ARC Raiders has Theia anti tamper (very poor performance) but right now the number of cheaters is minimal because the select few who are smart enough to break the anti-tamper are keeping quiet. See other examples; The Finals, Roblox (Byfron) and Overwatch
Yeah, I mean why would they open source their anti-cheats, would defeat the purpose, wouldn't it?
Not sure why you bring up OSS here, it isn't relevant in the least, plenty of non-OSS runs on Linux even though Linux and more is OSS.
If Linux did the same, anyone could recompile the kernel with their fake anticheat’s signature. The fake anticheat would then present itself as real to the game. One could go as far as to rewrite the relevant syscall to falsely indicate to the game that the legitimate version is running.
However that means that anything based on reaction times and such is impossible to protect against (under reasonable conditions). At the end of the day you can always have a robot sitting at your desk. But there is steps to that. You can have something that highlights enemies, etc., you can have something that controls keyboard and mouse (maybe inside a VM, so you don't need hardware) and so on. You can reverse engineer packet encryption in a debugger (in most situations) and have something on the network messing with stuff and so on.
So in that regard, yes you can prevent everything you can prevent on the server, but you cannot prevent every sort of cheating on the server.
Everything that has rounds basically can be prevented (other than again a bot playing).
Everything that is complex to automate is better, but might just make cheating more "worthwhile".
The other thing you can do on the server is "dumb cheat" detection. Eg. the odds of someone being consistently as good at a game and such. Statistics like that is widespread and doesn't need any change on the client.
As mentioned in another comment, you can’t do this on the server without expensive checks for every single player that is always checking line of sight, because it’s not just your session running on a single server but multiple sessions.
And let’s say you did this, now you have a latency problem because most modern games to make them feel fluid has client side prediction with server reconciliation. This is what makes your modern games feel more responsive, if you put a constant server check there you have lost this.
No matter what people say online, it isn’t just move all of it to the server, there is data the client needs to know and can’t be spoonfed by the server.
Why would a company pay for anti cheat infrastructure when they can outsource it to some company and blame them if there are cheaters or upset users? Windows is the status quo too, so it’s very easy to point to everyone else when justifying your choice to the execs.
It would be great if steam deck+box start costing studios quantifiable amounts of money that can be used to justify fixing this instead of outsourcing and hand waving.
I, for one am disappointed that anyone has accepted it. Once it's widespread, service providers can demand it, as we're seeing with mobile banking apps and game anticheat.
Personally, I run Windows purely for gaming and don't let it near any important data. For the latter, I boot into Linux with separately encrypted disks.
You can't suggest "run online games as close-knit social groups, with social exclusion punishments for cheaters", which is how most online games used to be run. How old are you?
Game vendors used to be happy letting us host and run our own multiplayer games, until they realised they could get more money out of us -- "battle passes", microtransactions, ability to forcibly turn off multiplayer of older game when newer remake comes out -- and now they've made themselves a mandatory part of your online experience. You have to use their matchmaking and their servers. So now it's down to them to solve the problem of cheaters, enabled by their centralised matchmaking... and their only solution is remote attestation of your machine and yet more data collection?
The correct solution is to verify everything server side, or actually have humans watch replays and ban cheaters, but both of those would reduce profits, so will obviously never happen.
Maybe add some blatant detection for people teleporting and doing other absolutely impossible things serverside, but I don't understand why my team has to ruin their 'reputation' teamkilling a cheater so he doesn't ruin the game completely in most current games when the anticheat only catches free, old cheats. Just let people votekick and find someone else in the matchmaking queue who's willing to join halfway through.. Once votekicked enough times you can escalate to the AI (always indians) for automated (manual) review.
Also, you don't even have to ban cheaters. Just isolate them to play with each other. Some might find it fun and keep away from the normal players.
Edit: The 'issue' with community server manual review and votekick is you can be kicked for being cracked or garbage at the game legitimately, but TBH at this point you're ruining the fun of everyone else, so you should probably get in another server/match.. Also that premades can have majority, but that's easily solved by reducing their vote weight.
Back in MW2 if you were the host you could kick players from your game using a cli tool that adjusted firewall rules.
I remember the misuse of it but it was better than having your only option be teamkilling, which is now punished in all games via reputation systems.
The only thing I don't see this as a solution for are games like Planetside, with massive lobbies. I know they used to have automated detection and manual review by admins teleporting and flying around, usually invisible to sus players. Once we found a bug and got inside the map able to shoot through the ground and in like 15 minutes an admin came, asked us how we got in there and to get out nicely, before he gets us out forcefully :D
If a==b, then everything moves on as normal. If not, the client gets a synchronisation error and has to rewind back to the last known good state.
Completely unfeasible for anything real-time pretty much.
You can always run things in a VM, you can always replace your keyboard and mouse with a different device, you can always have your a camera instead of human eyes and have something that recognizes enemies.
Even cheat detection in the real physical world (sports, chess, etc.) is not a completely solved topic.
You can connect computers to other computers so other computers will always be able to control them.
The idea that any (currently realistic) cheat prevention is unbypassable is silly.
The idea that anti-cheats don't make sense because they don't catch 100% of the cheaters is what's silly, who believes that? Not even the people writing these anti-cheats believe catching 100% of them are possible, why are you under the assumption that others think that's possible?
If it removes 80% of the cheaters from the game, the experience goes from "Holy shit lets leave" to "Ok, bothersome, but fine", this is what they're reaching for, not some fantasy utopia that you seem to be under the impression is the target.
This is making those rootkit anitcheat mechanism work. If people will leave, cheaters will play only with cheaters - problem solved.
Yeah, but it's a bit like the ultimately solution to climate warming; getting rid of all humans on the planet. Fine, it solves the problem, but who is staying to enjoy the solution?
There is also complete lack of secure boot and a way to validate that your kernel hasn't been compromised.
I mean seriously, making a cheat for a proton supported game that no anticheat has any hopes of detecting are in 100 lines of a kmod driver and 1 console command: insmod.
On windows you at least need to use scuffed tools like KDU to bypass signature verification requirements and every anticheat can detect you with a simple physical memory scan.
That's not true, though?
It also would be completely unnecessary if they fixed their servers.
In higher ELO, people would target good players with "avoid player"^1, effectively soft-banning those people from match making because the pool was small enough. They would still get put in matches eventually but their queues would blow out a lot.
From memory it did not have an explicit "match me with this person" button, but you could thumbs up players in the post-match podium as well as endorse them which may have soft-factored into matching you with them again.
\1 I think it was called this. It was a general "bad attitude" marker, not a "bad team mate" or "bad opponent" marker.
Then there is just the endorsement system, which is just a level from 1-5 and you can endorse people you liked playing with. It doesn't really do much in matchmaking but you can't do certain things if you are below a certain level (I forgot what all it was but you can't make (public?) custom games if you are too low and I think text and voice chat could also get disabled if you are too low).
The avoid system is now more flexible. You have 3 pin slots for people you never really want to see on your team again, plus 12(?) regular avoid slots to avoid people for a week at a time like usual. In situations where too many avoid conflicts occur and the matchmaker struggles to create a match (e.g. high ELO), it will start to ignore people's avoid slots in order of (last regular avoid > first regular avoid > pin slots), i think.
Cod MW2019 would occasionally ask, but once every X game IIRC.
I'm not sure it would be better than just reporting people with undesired behavior.
But not enough to avoid, as you’re here.
It might only be a few percent of overall users. But a few percent of a billion $ is a couple of tens of millions. That's a steep price to pay for anti-cheat code.
It's only the highly competitive online games that have this issue. While they make up a lot of playtime, they're worked on by a tiny minority of developers.
Players of these games are sometimes running their games at high framerates like 240fps which is much higher than the tick rates of these games too.
Plus it doesn't solve all the possible cheats that are out there, as there are some like aim-hacks that don't need any server information to work.
I don’t want any cheaters in my games. I don’t care if a rootkit is required. Riot has a kernel level anti-cheat and it’s _really_ good. It’s so good in fact that it deters most cheaters from even trying. This is the dream for anyone who wants fair games.
Then people can choose to either accept they have to install a rootkit anti-cheat, or want to risk facing cheaters in return for not having to install the anti-cheat.
Friendly reminder. 90% of games are not competitive multiplayer and don't need any anti cheat to be enjoyable.
My main entertainment is video games and books (no TV) in equal proportions so I'm far from "casual". I play zero competitive multiplayer due to the "communities" being invariably toxic.
Last time I played something like that it was Starcraft 2 when it was new. Enjoyed being called a stupid noob when I won.
Personal preference, but I'd far rather have a separate device dedicated to gaming than my kernel hacked by anti cheat.
https://www.purexbox.com/guides/all-xbox-games-with-mouse-an...
Other than that I have emulation plus a steam library. I'll take that over a locked in console that can only play 2 generations of games any day!
Edit: I'm not sure why the person who replied to me asking about emulators was nuked, emulators are still legal everywhere as far as I know. Anyway tldr go check out emudeck's GitHub repo to see a good list of emulators for basically every platform.
I actually really liked Crysis for its open maps where you can approach a goal using different tactics. It had a lot of flaws and I hated the alien ship along with everything after as it was way too linear. Though I really want to play it again but alas, no more Windows for me.
And if nothing works you can always build a robot pushing mouse, buttons, etc.
Of course you can raise the bar, but if anything has been shown it's that cheating is not something that anyone has been able to prevent yet.
In many situations you can also interfere on the packet level. Of course maybe you need to extract some key, but in many situations that's not exactly hard. And then you can hook something into network.
Unfortunately, there are also plenty of offerings which do not touch the game memory or process at all, and work purely based on image recognition and these days they actually use AI that is trained on specific games. I have no idea how they plan to detect these. All the cheat needs is the video feed and the ability to provide input via mouse and keyboard, and as you say this is trivial to do in a way that is entirely undetectable.
And I have yet to come across an anti cheat driver of the big publishers (EAC, Faceit, Javelin, Vanguard) being exploited and allow access to r/w kernel memory. It is more likely that the driver of some hardware is being exploited for, rather than anti cheat drivers.
Personally, I only remember the ac driver of Capcom ever being exploited. Compare this to the dozen hardware/av drivers which were exploitable, like the Intel LAN utility driver, ASUS IOMap64, MSI NTIOLIB or that one Razer driver. Oh, and CPU-Z and the Avast Hypervisor driver were exploitable too and allowed r/w on kernel memory. These drivers are way more likely to be weaponized than ac drivers.