Comment by lucideer
4 years ago
you're confusing cryptography with corporate secrecy. Cryptography can be open (in terms of both specification and implementation - only keys need secrecy). This thread is about closed implementations, which is a different topic (even if those implementations happen to leverage cryptography)
how can you have open hardware, but promise fair play?
you cannot. this is the crux of the matter.
consoles dont have cheaters, PC games do.
consoles are locked, pc's are not.
these are separate ideas, that meet when players do: online.
the only way to hide the code to prevent cheating is to physically embalm it into the CPU, in a way that, if physically accessed, will break the machine, rendering the effort fruitless.
PC's are going that way, the way GPU's are containing more "black box" mechanisms themselves.
consoles were this way from the start, on purpose.
Consoles have less anti-cheat bypasses for a number of reasons, mostly related to obscurity, not security. The relative scarcity of gamers running homebrew-ed consoles makes developing bypasses of limited appeal. There's also a cultural difference, where gamers with an interest in mods, etc. will tend to gravitate toward PC as a platform, since it's a multi-use platform. There's still plenty of AC bypass on consoles, just significantly less.
A similar example outside of gaming is Linux as an OS platform: antivirus software isn't a big thing, despite Linux being continuously behind bigger desktop OSes with their security mitigations - (e.g. things like strong ASLR). It's less of a concern, not because Linux is more secure, but just because desktop applications there aren't a large target market for malware, and because of large cultural differences in usage.
On the other hand, AC bypasses on PC happen not because of a lack of console-esque hardware mitigations, but simply because software AC is not particularly advanced (yet). Popular AC solutions tend to employ non-engine-specific solutions that match known cheat signatures - bypasses inject cheat dlls and hope they don't get caught "too often", rather than using in-engine verification of non-cheat behaviours. I think this is primarily just an issue with software maturity and likely to solve itself over time. The general non-gaming software space has gone through similar evolution, whereby we used to rely heavily on signature matching on malware, and have evolved toward a more integrated "zero trust" approach to mitigating threats - signature-matching still exists for things like software-composition analysis, but in general is not a primary mitigation strategy for runtime security.
> the only way to hide the code to prevent cheating is to physically embalm it into the CPU, in a way that, if physically accessed, will break the machine, rendering the effort fruitless.
> PC's are going that way, the way GPU's are containing more "black box" mechanisms themselves.
Hiding code has historically never succeeded in preventing anything. The trend toward black-box is about a combination of corporate IP protection, vendor lock-in (see also the Apple T2 SoCs) and almost certainly APT actors (disclaimer: speculation). It's not about security, least of all anti-cheat.
I don't know why you think console games don't have cheaters. COD on the Xbox 360 was rampant with cheating, including custom games that gave you huge amounts of XP
They have learned from past mistakes with the Xbox 360. You can't mod the Xbox One like you could the Xbox 360. The person you're responding too is one of the most knowledgeable on the subject.