Comment by jchw
2 days ago
> and modern multiplayer games with anti-cheat simply do not work through a translation layer, something Valve hopes will change in the future.
Although this is true for most games it is worth noting that it isn't universally true. Usermode anti-cheat does sometimes work verbatim in Wine, and some anti-cheat software has Proton support, though not all developers elect to enable it.
It works in the sense it allows you to run the game; but it does not prevent cheating. Obviously, Window's kernel anti-cheet is also only partially effective anyway, but the point of open-source is to give you control which includes cheating if you want to. Linux's profiling is just too good; full well documented sources for all libraries and kernel, even the graphics are running through easier to understand translation layers rather than signed blobs.
These things do not prevent cheating at all. They are merely a remote control system that they can send instructions to look for known cheats. Cheating still exists and will always exist in online games.
You can be clever and build a random memory allocator. You can get clever and watch for frozen struct members after a known set operation, what you can’t do is prevent all cheating. There’s device layer, driver layer, MITM, emulation, and even now AI mouse control.
The only thing you can do is watch for it and send the ban hammer. Valve has a wonderful write up about client-side prediction recording so as to verify killcam shots were indeed, kill shots, and not aim bots (but this method is great for seeing those in action as well!)
That's easy to say. But they do prevent some cheating. Don't believe me? Consider the simplest case: No anti-cheat whatsoever. You can just hook into the rendering engine and draw walls at 50% transparency. That's the worst case. Now, we add minimal anti-cheat that convolutes the binary with lots of extra jumps and loops at runtime. Now, someone needs to spend time figuring out the pattern. That effort isn't free. Now, people have to pay for cheats. Guess what? Visa doesn't want to handle payment processing for your hacks & cheats business. So now you're using sketchy payment processors based out of a third-world country. Guess what else? People will create fake hacks & cheats websites that use those same payment processors, and will just take people's money and never deliver the cheats. You get to try to differentiate yourself from literal scammers, how are you going to do that? You can't put the Visa logo on your website. Because you're legit, and you don't want to get sued. Then, the anti-cheat adds heuristic detection for cheat processes. The anti-cheat company BUYS the cheats and reverse-engineers them and improves the heuristics. then the game company makes everyone sign up with a phone number, and permabans that phone number when they're caught cheating. Now some gamers don't want to risk getting banned. Saying that these factors simply don't exist or are insignificant is certainly one of the opinions of all time.
6 replies →
> These things do not prevent cheating at all.
I feel like this is the same as saying "seatbelts don't prevent car accident deaths at all", just because people still die in car accidents while wearing seat belts.
Just because something isn't 100% effective doesn't mean it doesn't provide value. There is a LOT less cheating in games with good anti-cheat, and it is much more pleasant to play those games because of it. There is a benefit to making it harder to cheat, even if it doesn't make it impossible.
4 replies →
I don't know why you brought up VAC as an example. It is a horrible AC, so bad so that an entire service (FaceIT) was built to capitalize on that.
VAC is still a laughing joke in CS2, literally unplayable when you reached 15k+. Riot Vanguard is extremely invasive, but it's leaps and bounds a head of VAC.
And Valve's banning waves long after the fact doesn't improve the players experience at all. CS2 is F2P, alts are easy to get, cheating happens in alost every single high-ranked game, players experience is shit.
1 reply →
That sounds like it does prevent cheating? But maybe doesn’t prevent ALL cheats. Or do you mean they work so poorly that it doesn’t make any difference at all?
5 replies →
Cheating still exists and will always exist in online games.
Sure, but you still have to make a serious attempt or the experience will be terrible for any non-cheaters. Or you just make your game bad enough that no one cares. That's an option too.
4 replies →
> These things do not prevent cheating at all.
Yes they do. They don't stop all cheating, but they raise the barrier to entry which means fewer cheaters.
I don't like arguments that sound like "well you can't stop all crime so you may as well not even try"
2 replies →
They do prevent some cheating methods on Window, like blocking other processes from reading/writing game process memory.
Anti-cheat is a misnomer; it's much more about detecting cheats more than it is preventing them. For people who are familiar with how modern anti-cheat systems work, actually cheating is really the easy part; trying to remain undetected is the challenge.
Because of that, usermode anti-cheat is definitely far from useless in Wine; it can still function insofar as it tries to monitor the process space of the game itself. It can't really do a ton to ensure the integrity of Wine directly, but usermode anti-cheat running on Windows can't do much to ensure the integrity of Windows directly either, without going the route of requiring attestation. In fact, for the latest anti-cheat software I've ever attempted to mess with, which to be fair was circa 2016, it is still possible to work around anti-cheat mechanisms by detouring the Windows API calls themselves, to the extent that you can. (If you be somewhat clever it can be pretty useful, and has the bonus of being much harder to detect obviously.)
The limitation is obviously that inside Wine you can't see most Linux resources directly using the same APIs, so you can't go and try to find cheat software directly. But let's be honest, that approach isn't really terribly relevant anymore since it is a horribly fragile and limited way to detect cheats.
For more invasive anti-cheat software, well. We'll see. But just because Windows is closed source hasn't stopped people from patching Windows itself or writing their own kernel drivers. If that really was a significant barrier, Secure Boot and TPM-based attestation wouldn't be on the radar for anti-cheat vendors. Valve however doesn't seem keen to support this approach at all on its hardware, and if that forces anti-cheat vendors to go another way it is probably all the better. I think the secure boot approach has a limited shelf life anyways.
Speaking of Anti-Cheat and secure boot, you need SB for Battlefield 6. The game won't start without it. So it's happening!
I don't hate the lack of cheating compared to older Battlefield games if I am going to be honest.
10 replies →
Anticheat devs could REALLY benefit by having some data scientists involved.
Any player responding to ingame events (enemy appeared) with sub 80ms reaction times consistently should be an automatic ban.
Is it ever? No.
Given good enough data a good team of data scientists would be able to make a great set of rules using statistical analysis that effectively ban anyone playing at a level beyond human.
In the chess of fps that is cs, even a pro will make the wrong read based on their teams limited info of the game state. A random wallhacker making perfect reads with limited info over several matches IS flaggable...if you can capture and process the data and compare it to (mostly) legitimate player data.
35 replies →
They do prevent some cheating methods, like read/write memory from other userspace processes.
Motivated cheaters will just hook into PCI directly. Cheating is just part of pc gaming.
> though not all developers elect to enable it.
Looking at you Rust.
Edit:
And the rest of you. If even Microsoft's Masterchief Collection supports it, I Don't understand why everyone else does not.
https://areweanticheatyet.com/
First i thought you meant the video game Rust.
Then I saw the arewe…yet url and thought you meant Rust the programming language
Then I visited the arewe…yet link and realized it was the Rust game you meant after all
I know what you mean, sometimes I google Rust specific things (the coding language) and get Rust the game.
9 replies →
> I Don't understand why everyone else does not.
It's because the Linux versions of those anti-cheats are significantly weaker than their Windows counterparts.
It's telling that Valve uses a user space anti-cheat (VAC) for Counter-Strike 2, but the competitive community overwhelmingly rejects that and ops to use a third-party Windows-only kernel mode anti-cheat (FACEIT).
7 replies →
Wow, what a cool site. Just learned that Hunt: Showdown is supported in Linux. And it wasn't the first time I checked. Will love to give it a try.
Arc Raiders is a great example of a modern and popular multiplayer game that works with proton. I haven't heard about it having a problem with cheating.
Marvel Rivals, Age of Empires 2 DE, Path of Exile 1/2, Last Epoch, Fall Guys are other such examples. In fact, Marvel Rivals even explicitly mentioned Bazzite in one of their changelogs! I can't recall an instance when a major game name-dropped a (relatively) minor Linux distro like that.
I think a big portion of that is the rather poorly made anti-tamper solution they are using called 'Theia' most cheat developers are too unintelligent to correctly reverse engineer this kind of binary obfuscation
I'm curious, what makes it poorly made if it is working? I don't know anything about it or the game or the state of cheating in the game.
3 replies →
Valve is the only company I'd let inject anti-cheat software directly into my veins if it meant I could play CS and be sure others were not cheating haha.
Online cheaters are first against the wall when I become dictator...
Maybe they'll secretely fund an open source project to emulate only the windows kernel calls that Anti Cheats use.
As a former cheat developer, I think it is impossible since it is digging into some specific stuff of Windows. For example, some anti-cheat uses PsSetCreateThreadNotifyRoutine and PsSetCreateThreadNotifyRoutine to strip process handle permission, and those thing can't be well emulated, there is simply nothing in the Linux kernel nor in the Wine server to facilitate those yet. What about having a database of games and anticheat that does that, and what if the anticheat also have a whitelist for some apps to "inject" itself into the game process? Those are also needed to be handled and dealt with.
Plus, there are some really simple side channel exploits that your whitelisted app have vulns that you can grab a full-access handle to your anticheat protected game, rendering those kernel level protection useless, despite it also means external cheat and not full blown internal cheat, since interal cheat carrys way more risk, but also way more rewardings, such as fine-level game modification, or even that some 0days are found on the game network stack so maybe there is a buffer overflow or double-free, making sending malicious payload to other players and doing RCEs possible. (It is still possible to do internal cheat injection from external cheat, using techniques such as manual mapping/reflective DLL injecction, that effectively replicates PE loading mechanism, and then you hijack some execution routine at some point to call your injected-allocated code, either through creating a new thread, hijacking existing thread context, APC callback hijack or even exception vector register hijacking, and in general, hijack any kinds of control flow, but anticheat software actively look for those "illegal" stuff in memory and triggers red flag and bans you immediately)
From what I've seen over the years, the biggest problem for anticheat in Linux is that there is too much liberty and freedom, but the anticheat/antivirus is an antithesis to liberty and freedom. This is because anticheat wants to use strong protection mechanism borrowed from antivirus technique to provide a fair gaming experience, at the cost of lowering framerates and increasing processing power, and sometimes BSOD.
And I know it is very cliche at this point, but I always love to quote Benjamin Franklin: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety". I therefore only keep Windows to play games lately, and switched to a new laptop, installed CachyOS on it, and transfered all my development stuff over to the laptop. You can basically say I have my main PC at home as a more "free" xbox.
Speaking of xbox, they have even more strict control over the games, that one of the anticheat technique, HVCI (hypervisor-protected code integrity) or VBS, is straight out of the tech from xbox, that it uses Hyper-V to isolate game process and main OS, making xbox impossible to jailbreak. In Windows it prevents some degree of DMA attack by leveragng IOMMU and encrypting the memory content beforehand to makd sure it is not visible to external devices over the PCIe bus.
That said, in other words, it is ultimately all about the tradeoff between freedom and control.
A similar concept, trusted computing: https://en.wikipedia.org/wiki/Trusted_Computing
companies will go where the money is. If Valve enables, say EA, to have their yearly franchise and in-game-stores on mobile devices, they will find a way.
I honestly don't know why so many people say that anti-cheat with Proton or SteamMachines won't work. SteamOS is an immutable Linux - especially with their own SteamMachine they can enable SecureBoot and attestation that you are using the SteamOS verbatim efi boot file, kernel, and corret system fs image - all signed by Valve. Just as Battlefield 6 does on windows (relying on SecureBoot). That would still allow you to install other OSes on your SteamDeck/SteamMachine, but it would fail the anticheat attestation. I personally see the push in hardware from Valve particular so that they can support anti-cheat on linux.
I think if Linux gaming becomes popular someone may come up with a solution where you run a native linux kernel-mode anticheat. That somehow connects to the wine-hosted game.
I'm not sure how I feel about that, but it's what I think will happen.