Comment by drnick1
3 months ago
It's time to stop buying such games and send game studios a signal that we won't tolerate rootkits and/or closed platforms. Anti-cheats should run server-side, or better yet, servers should be community-operated. I would probably bought BF6, but since I exclusively use Arch, EA lost a sale -- too bad for them there are thousands of other games that work flawlessly on Linux.
I want to echo a previous comment of mine on this topic:
With the rise of mainstream-compatible, as in a standard gamer can get them running and use them with a similar frustration level as Win11, Linux first systems like steam deck, steam machine and even steam frame, there is a real, even if currently low, pressure for big publisher to support Linux/SteamOS. I somewhat hope/fear there will be a blessed SteamOS version that supports anticheats enough for publishers like EA, Epic and Riot to accept the risk.
Rumour has it that after the Crowdstrike fiasco future versions of Windows won't allow kernel level modules. I can only hope this is true if it kills off the main reason titles don't work on Linux as a side effect. I'd have bought BF6, some version of EAFC, and more.
Unfortunately the rumors were misinformed. Microsoft's official response states that while they will be moving towards allowing more security functions to be run outside of the kernel, "It remains imperative that kernel access remains an option for use by cybersecurity products to allow continued innovation and the ability to detect and block future cyberthreats" [1].
1: https://blogs.windows.com/windowsexperience/2024/09/12/takin...
Or like the EU won't change their stance on the matter...
It's not going to happen. If anything they would just add functionality so things like Crowdstrike don't need to run in ring-0 but they won't remove the access.
(I had to make a HN account to reply to this, but…) If only Riot, Epic, BE, whoever else knew about this wondrous approach! That way they wouldn’t have to reverse half the Windows kernel to figure out ways to stop & detect hacks.
Valve (mostly) does serverside analytics for CS2 and the success of their approach can be measured by one of FaceIT’s benefits being “we have a working anticheat”.
On a sidenote, I highly recommend this presentation on anticheat stuff: https://game-research.github.io/presentations/2025-08-06-bhu...
Always fun to read the "why don't they just..." Comments like it's an easily solved problem.
> Anti-cheats should run server-side [...].
This. It should actually be easier to catch offenders - you're leaning on hundreds of years of applied statistics, rather than racing versus sneakier exploits.
> [...] or better yet, servers should be community-operated.
I'm conflicted about this one. I've wanted to host a game server at home since 2003, but couldn't get a public, static IP. The landscape hasn't changed much, perhaps even for the worse: a Quake 3 dedicated server could be run from a mid-range laptop while playing the game; Minecraft and Factorio (both great games with fantastic communities), by that measure, have unreasonable hardware requirements.
So, you pay a host.
OTOH there's many ways for a studio to build and operate an ethical live service. Check out Warframe: it's 100% F2P, the main source of revenue is cosmetics, and it's easy for people to gift stuff (whales spill their pockets reinforcing community goodwill, rather than gambling).
It's best when a game offers both, e.g. Brood War. StarCraft II isn't "simply" dying; lack of LAN play actively hinders on-site, professional tournaments. And we can do nothing about it.
There's lots of neat tricks for DHT peer discovery and NAT hole punching these days. Wouldn't be hard to make a local game sever manager that lets you share join information to your friends and have it automatically resolve all the networking needed with no VPN, static IP, or DNS required.
I normally recommend Tailscale, and that's a great starting point, for games that do not support any of the neat tricks natively. The problem: it's more difficult to build a community around that. You're introducing a point of friction, and a lot of newcomers will bounce. It's difficult enough to guide a non-technical friend, and Tailscale is top among the absolute easiest solutions.
How would a server-side anti-cheat work? You wouldn't be able to detect ESP or other information leaks. Best you can do is see how good they are vs. everyone else but how do you know if someone is cheating or just really good? Most cheaters are not blatantly cheating so it is hard to know for sure. Even something like aimbotting is almost always adjustable in cheat software to have varying levels of accuracy.
SSAC is already widely deployed for many games. I'm not a professional backend gamedev (just an enthusiast), so I don't know all the approaches / tricks, but here's off the top of my head:
> [...] see how good they are vs. everyone else [...]
It's called Elo or MMR. You match players with a similar rating. An unfair advantage in one area (e.g. aimbot, map hack) turns into a significant disadvantage in all of the other areas (strategy, team play, mechanics, situational awareness, decision making). In SC2 you can regularly see mid-high masters or low GMs play against map hackers and just destroy them. Match making simply works as intended.
As a cheater - aside from being a different (not more difficult, but different) kind of a challenger, how do you gain material advantage from this? Streaming the game? If you attract a community that cherishes cheaters? Well.
This is of course on top of normal AC.
> [...] how do you know if someone is cheating or just really good?
In versus - it will surface, as noted above. You will plateau, just like any other player. If you're "really good", you will become an outlier and get attention.
In a game like Warframe (PvE, you can farm goods that you can sell for in-game currency), the main limiting factor is your time. A very good loadout will shorten an exterminate mission from 4 to 3 minutes, and you can build a decent loadout within ~2 months of starting to play the game. To further shorten it to 2min, you need good mechanics, or - as noted - to cheat. That's assuming you run solo - but since this is a co-op game, there's often someone on your team who will clear the mission for you in 2min anyway. Choosing to cheat is your own risk.
I'd consider AC a core part of game design.
> Most cheaters are not blatantly cheating so it is hard to know for sure. Even something like aimbotting is almost always adjustable in cheat software to have varying levels of accuracy.
It depends on how high you want to go - you don't know where the radar is, and it only needs to spot you once. The problem space isn't just aimbotting, it's highly multidimensional. An arms race like any other, except your "enemy" (the host) has significantly more information.
You must combine client-side with server-side AC either way. A CS exploit will circulate the same way a regular aimbot will.
4 replies →
It has been time for long time and I support your stance but the big publishers only speak money. I gather they still have enough customers for their mainstream AAA titles.
But I would like to think that Valve it indirectly putting pressure on them. I too am not far from removing Windows and making the full jump to Linux for my gaming needs.
[dead]