Comment by TheCraiggers
5 months ago
Anti-cheat today is a stop-gap measure at best. For various reasons such as improved OS security and security concerns with this software, ring zero anti-cheat won't be around forever. Besides, it's a cat and mouse game where the vendor is the mouse.
We already have the technology now to do it better. A combination of only sending what info a client should have, and server-side checks. As soon as something like UT ships with that built in we can hopefully forget about this horrible hack we currently have to check for cheats.
> Besides, it's a cat and mouse game where the vendor is the mouse.
The goal of anti-cheat isn't to stop the world's most advanced cheaters. Those are already unstoppable because they now use Direct Memory Access over the PCI-E bus, so the cheats don't even run on the same computer anymore. However since those cheaters are few and far in-between they can be handled through player reports.
The goal is to stop the mediocre cheater who simply downloaded a known cheat from a cheating forum. If you don't stop those you'll get such a large wave of cheaters that you can't keep up with banning them quickly enough.
With the emergence of AI cheating, cheats don't even need access to memory anymore. The cheat can entirely run on mouse and screen peripherals and the computer will have totally no idea what's going on. The best you can do is behavior analysis. But it always comes with chance of misreports.
Direct Memory Access cheats will always perform better as they can reveal the location of an opponent before they're even visible on the screen.
5 replies →
DMA hardware and cheats are getting more and more accessible. It's not just chosen few anymore
> Those are already unstoppable because they now use Direct Memory Access over the PCI-E bus, so the cheats don't even run on the same computer anymore.
Working on mostly server platforms, I had forgotten that IOMMU enablement (and, where relevant, enforcement) was not the default.
Consumer hardware and software is terrifying.
Not sure how that's relevant, unless you find it terrifying that owners of hardware have control over their hardware.
7 replies →
> they now use Direct Memory Access over the PCI-E bus
Do you have any good resources with keeping up with this kind of thing? Seems like a fun topic to learn about
As long as games are running on user hardware/OS, you'll always deal with cheating. Server-side checks and computation can only go so far.
For example: in competitive shooters (where cheaters are most prevalent) you can't have things appearing out of thin air. The client needs to know about things ahead of time to play sounds and to give other environmental hints.
Exactly, nothing short of streaming the entire game fully rendered from the server will stop cheats. And even then you can probably still do aimbotting with modern day computer vision.
This reminds me of a discussion around 2 decades ago, where someone showed a picture of his "undetectable aimbot" for a turn-based artillery game: a ruler, a page of charts, and a handheld calculator; followed by a copious amount of discussion of whether that was considered cheating.
1 reply →
How exactly will it stop cheats? Any skill based game can still be cheated. Just analyze the video stream, or go even lower tech, point a camera at your screen. Many games can be effectively cheated like this. For eaxmple Aimbots in counter strike and peak human reflexes in dota/lol.
Surely the server can tell the client what sounds to play and what other environmental hints to do, just as well as the server can choose to tell the client where the other players are when they are in sight.
If the server says "there are footsteps from these coordinates" then it's telling the client there's a person at these coordinates.
Due to latency, the client has to at least do a little prediction.
Maybe, but I think that would've been done already if it was feasible.
The storage read, memory bandwidth, load computation, and gamethred pause to add the object to the game world is far more expensive than sending a move.
I've always thought the line about whats cheating, and what's not is unfair and arbitrary. How is it ok that some players can play 4k 200fps and others 1080p at 30fps.
The only way to be really fair is for everybody to Stream the game at the same res, frame rate and latency.
In certain competitive environments framerate is definitely limited. Here [0] are the rules for Fallout 4 any% speed runs, framerate must be capped at 60FPS. AFAIK that rule applies to all games in this engine due to physics behavior. I don't follow tournament FPS games, but it wouldn't shock me if there are rules for competitive play there as well.
If you are asking why games like counterstrike don't have limits on online play, that's mostly a commercial question. Would those games be as popular if they limited performance to what was achievable for minimum specs? I certainly wouldn't want to play at 1920x1080 on my nice widescreen monitor, but setting the minimum to a $1500 monitor and the hardware to drive it would guarantee very few players.
[0] https://www.speedrun.com/fallout_4?h=Any-Full-game&rules=gam...
Edit:typo
Yeah and in real world people from different countries with vastly different economic backgrounds compete on the same stage, I think video games are fine.
This isn't exclusive to video games. Much of the improvements to world records in sports are due to improvements in gear, yet we don't consider those records to have been unfairly achieved.
Some games do impose limits though, for example Overwatch doesn't allow you to use an aspect ratio larger than 16:9 and selecting a wider aspect ratio actually cuts down on your vertical field-of-view rather than granting you more horizontal field-of-view. This lessens the potential advantage of ultra-wide monitors.
so consoles are better
How would consoles be any more immune to computer vision based cheating? Instead of feeding the output to a spoofed keyboard & mouse, you'd just be feeding it to a controller input. I'm not really seeing any difference in technical challenge here, and you wouldn't even need esoteric hardware since console controllers are USB devices anyways.
4 replies →
Someone doesn’t know about the chronus zen or how big console cheating is!
Let’s just say that my finals experience isn’t the same as yours! ;)
They are often more convenient and secure. If you don't mind a single-purpose device that severely limits your ability to modify your experience. Better is subjective after all.
> Anti-cheat today is a stop-gap measure at best. For various reasons such as improved OS security and security concerns with this software, ring zero anti-cheat won't be around forever.
I think that traditional kernel-level anticheat is going away. But the reason is more that when CrowdStrike caused mass outage, Microsoft stated that they want to provide standard interfaces for security sensors, and forbid kernel-level access otherwise (and anticheat can be considered a kind of security sensor too).
If these interfaces become standardized then Valve/Linux could in principle implement them too.
It might be a cat and mouse game, but that doesn't mean we shouldn't be trying.
Any anti-malware software ends up ultimately being a cat and mouse game, but that doesn't mean we stop updating our signature updates.
The goal isn’t to stop 100% of cheats but the majority of them and that’s fine. Either way, it’s the only thing stopping me from playing the rest of my games on steamos.