Comment by ZiiS
2 days ago
It works in the sense it allows you to run the game; but it does not prevent cheating. Obviously, Window's kernel anti-cheet is also only partially effective anyway, but the point of open-source is to give you control which includes cheating if you want to. Linux's profiling is just too good; full well documented sources for all libraries and kernel, even the graphics are running through easier to understand translation layers rather than signed blobs.
These things do not prevent cheating at all. They are merely a remote control system that they can send instructions to look for known cheats. Cheating still exists and will always exist in online games.
You can be clever and build a random memory allocator. You can get clever and watch for frozen struct members after a known set operation, what you can’t do is prevent all cheating. There’s device layer, driver layer, MITM, emulation, and even now AI mouse control.
The only thing you can do is watch for it and send the ban hammer. Valve has a wonderful write up about client-side prediction recording so as to verify killcam shots were indeed, kill shots, and not aim bots (but this method is great for seeing those in action as well!)
That's easy to say. But they do prevent some cheating. Don't believe me? Consider the simplest case: No anti-cheat whatsoever. You can just hook into the rendering engine and draw walls at 50% transparency. That's the worst case. Now, we add minimal anti-cheat that convolutes the binary with lots of extra jumps and loops at runtime. Now, someone needs to spend time figuring out the pattern. That effort isn't free. Now, people have to pay for cheats. Guess what? Visa doesn't want to handle payment processing for your hacks & cheats business. So now you're using sketchy payment processors based out of a third-world country. Guess what else? People will create fake hacks & cheats websites that use those same payment processors, and will just take people's money and never deliver the cheats. You get to try to differentiate yourself from literal scammers, how are you going to do that? You can't put the Visa logo on your website. Because you're legit, and you don't want to get sued. Then, the anti-cheat adds heuristic detection for cheat processes. The anti-cheat company BUYS the cheats and reverse-engineers them and improves the heuristics. then the game company makes everyone sign up with a phone number, and permabans that phone number when they're caught cheating. Now some gamers don't want to risk getting banned. Saying that these factors simply don't exist or are insignificant is certainly one of the opinions of all time.
100% agree. This is exactly the kind of big picture thinking that so many people often seem to miss. I did too, when I was young and thought the world was just filled with black and white, good vs evil dichotomies
> You can just hook into the rendering engine and draw walls at 50% transparency
A properly designed game should not send the position of ennemies out of view
4 replies →
> These things do not prevent cheating at all.
I feel like this is the same as saying "seatbelts don't prevent car accident deaths at all", just because people still die in car accidents while wearing seat belts.
Just because something isn't 100% effective doesn't mean it doesn't provide value. There is a LOT less cheating in games with good anti-cheat, and it is much more pleasant to play those games because of it. There is a benefit to making it harder to cheat, even if it doesn't make it impossible.
I don't think that analogy holds because the environment isn't actively in an arms race against seatbelts.
The qualifier "good" for "good anti-cheat" is doing a lot of heavy lifting. What was once good enough is now laughably inadequate. We have followed that thread to its logical conclusion with the introduction of kernel-level anti-cheat. That has proven to be insufficient, unsurprisingly, and, given enough time, the act of bypassing kernel-level anti-cheat will become commoditized just like every other anti-cheat prior.
3 replies →
I don't know why you brought up VAC as an example. It is a horrible AC, so bad so that an entire service (FaceIT) was built to capitalize on that.
VAC is still a laughing joke in CS2, literally unplayable when you reached 15k+. Riot Vanguard is extremely invasive, but it's leaps and bounds a head of VAC.
And Valve's banning waves long after the fact doesn't improve the players experience at all. CS2 is F2P, alts are easy to get, cheating happens in alost every single high-ranked game, players experience is shit.
> CS2 is F2P
Not anymore for the competitive gamemodes. This was reversed a while ago.
That sounds like it does prevent cheating? But maybe doesn’t prevent ALL cheats. Or do you mean they work so poorly that it doesn’t make any difference at all?
It makes cheating harder and the timeline to a cheat product gets longer than the iteration speed of anticheat. Kind of like fancy locks don't prevent break ins, just take longer to pick and require more specialised tools.
3 replies →
I mean it works by someone saying look for DotaCheat4.exe and it searches for it. That’s basically it. Also if your engine has the ability to be hooked into (ahem, gta) it will detect that a process has been attached. It may do some memory scanning if they implemented the allocator from the sdk. What I’m saying is, it’s a crap shoot out there whether the devs did or not. Executives use it as a blanket as to not get sued. “We have anti-cheat”. They can claim it was “circumvented” or whatever. They are all garbage. BattleEye, EasyAntiCheat, Vanguard. If you don’t know, here LL giving a run down.
https://m.youtube.com/watch?v=VtHlMTc8lR4&t=49s
Cheating still exists and will always exist in online games.
Sure, but you still have to make a serious attempt or the experience will be terrible for any non-cheaters. Or you just make your game bad enough that no one cares. That's an option too.
Other options exist but it’s not an option for these real-time games like FPS’s. I get it.
If you don’t need real-time packets and can deal with the old school architecture of pulses, there’s things you can do on the network to ensure security.
You do this too on real-time UDP it’s just a bit trickier. Prediction and analysis pattern discovery is really the only options thus far.
But I could be blowing smoke and know nothing about the layers of kernel integration these malware have developed.
3 replies →
> These things do not prevent cheating at all.
Yes they do. They don't stop all cheating, but they raise the barrier to entry which means fewer cheaters.
I don't like arguments that sound like "well you can't stop all crime so you may as well not even try"
Ok, they prevent known cheats that the company has found online behind some subscription site run in the basement in Jersey. True. They do raise the bar, but they aren’t the barrier.
They do prevent some cheating methods on Window, like blocking other processes from reading/writing game process memory.
Anti-cheat is a misnomer; it's much more about detecting cheats more than it is preventing them. For people who are familiar with how modern anti-cheat systems work, actually cheating is really the easy part; trying to remain undetected is the challenge.
Because of that, usermode anti-cheat is definitely far from useless in Wine; it can still function insofar as it tries to monitor the process space of the game itself. It can't really do a ton to ensure the integrity of Wine directly, but usermode anti-cheat running on Windows can't do much to ensure the integrity of Windows directly either, without going the route of requiring attestation. In fact, for the latest anti-cheat software I've ever attempted to mess with, which to be fair was circa 2016, it is still possible to work around anti-cheat mechanisms by detouring the Windows API calls themselves, to the extent that you can. (If you be somewhat clever it can be pretty useful, and has the bonus of being much harder to detect obviously.)
The limitation is obviously that inside Wine you can't see most Linux resources directly using the same APIs, so you can't go and try to find cheat software directly. But let's be honest, that approach isn't really terribly relevant anymore since it is a horribly fragile and limited way to detect cheats.
For more invasive anti-cheat software, well. We'll see. But just because Windows is closed source hasn't stopped people from patching Windows itself or writing their own kernel drivers. If that really was a significant barrier, Secure Boot and TPM-based attestation wouldn't be on the radar for anti-cheat vendors. Valve however doesn't seem keen to support this approach at all on its hardware, and if that forces anti-cheat vendors to go another way it is probably all the better. I think the secure boot approach has a limited shelf life anyways.
Speaking of Anti-Cheat and secure boot, you need SB for Battlefield 6. The game won't start without it. So it's happening!
I don't hate the lack of cheating compared to older Battlefield games if I am going to be honest.
I remember reading that Microsoft is trying to crack down on kernel level anti-cheats. Just like anti-virus, they mess with the operating system on a deep level, redirecting/intercepting API calls, sometimes on undocumented and unstable internal APIs.
Not only does this present a huge security risk, it can break existing software and the OS itself. These anti-cheats tend not to be written by people intimately familiar with Windows kernel development, and they cause regressions in existing software which the users then blame on Windows.
That's why Microsoft did Windows Defender and tried to kill off 3rd party anti-virus.
3 replies →
> Speaking of Anti-Cheat and secure boot, you need SB for Battlefield 6. The game won't start without it. So it's happening!
I'm curious, does anyone know how exactly they check for this? How was it actually made unspoofable?
3 replies →
Lack of cheating in BF6?
Afaik there have been wallhacks and aimbots since the open beta.
1 reply →
They do prevent some cheating methods, like read/write memory from other userspace processes.
Anticheat devs could REALLY benefit by having some data scientists involved.
Any player responding to ingame events (enemy appeared) with sub 80ms reaction times consistently should be an automatic ban.
Is it ever? No.
Given good enough data a good team of data scientists would be able to make a great set of rules using statistical analysis that effectively ban anyone playing at a level beyond human.
In the chess of fps that is cs, even a pro will make the wrong read based on their teams limited info of the game state. A random wallhacker making perfect reads with limited info over several matches IS flaggable...if you can capture and process the data and compare it to (mostly) legitimate player data.
> Any player responding to ingame events (enemy appeared) with sub 80ms reaction times consistently should be an automatic ban.
It's really much more nuanced than that. Counter-Strike 2 has already implemented this type of feature, and it immediately got some clear false positives. There are many situations where high level players play in a predictive, rather than reactive, manner. Pre-firing is a common strategy that will always look indistinguishable from an inhuman reaction time. So is tap-firing at an angle that you anticipate a an opponent may peek you from.
6 replies →
We used to track various timings in some of our games to detect cheating. Cheaters find out and change their cheat engines to perform within plausible human reactions. Which is a benefit - now the cheating isn't obvious to everyone, but it still happens. I don't know if you could sprinkle data scientist dust on the problem and come up with a viable cross-game solution though.
1 reply →
Tomorrow the cheats will be back with human looking reaction speeds and inhuman decision making that is indistinguishable from expert players.
1 reply →
"Any player responding to ingame events (enemy appeared) with sub 80ms reaction times consistently should be an automatic ban."
Can you define what "reacting" means exactly in a shooter, that you can spot it in game data reliable to apply automatic bans?
21 replies →
Motivated cheaters will just hook into PCI directly. Cheating is just part of pc gaming.