What permissions does this require? A kernel module? Something that watches all processes all the time? Messes with input settings or breaks assistive devices?
On windows, a lot of the actions that "anti-cheat" software takes is indistinguishable from a rootkit.
Thank you. This makes me very uneasy. Apart from the obvious, it also potentially makes linux a bigger target by increasing exploitable surface a hacker can hold on to. And I am saying this as a happy proton user.
With all my heart, I'm rooting for the authors of this approach. Anti-cheat and DRM hide behind the defense of practicality and cost efficiency, but these products are absolutely evil. As personal computers are becoming more and more an extension of our bodies and minds, it is essential that they act in our interests and nobody else's. Imagine a prosthetic leg that phoned the insurance company if it detected illegal drugs in your blood. That's how I feel about these rootkit anti-cheats.
So please, let the cheaters turn to human-interface cheating methods. Force companies to deal with these problems in the proper way, like any other security problem: Don't trust the client at all. Infecting the client with your own agents is not an option. Can't make it work? Then use a different business model. Have your users put time and money into the game, and require more time and money the higher up the ranked ladder they climb. If they're buying as many in-game cosmetics as the average user, and playing for as much time as the average user must to reach a given level, then they never notice. If not, don't let them climb the ladder until they do. If they get reported by other players as cheaters, and manual validation confirms it, then they lose their investment. With that approach, you could have the most obviously hacked account in the world and it wouldn't be able to impact anybody for long without covering the costs of its own detection and banning.
> Imagine a prosthetic leg that phoned the insurance company if it detected illegal drugs in your blood.
Pure hogwash! There's no way a major company would decide to throw their users under the bus like this and subvert their best interests and there definitely haven't been recent events about one of the largest companies in the world doing exactly this thing! /s
Not a game dev but I don't think that's really feasible in a world where network latency is a thing, and it's necessary to send game state to a client that may not currently be visible on screen, unless you'd like us to move to a Stadia-like model of game streaming and dumb terminals.
You don't need game state. Good cheaters don't need to look behind walls, and it's obvious when they do so. You can theoretically build your own bot simply from visual recognition that plays pretty well.
And if a cheater makes it non obvious by being a bit worse sometimes, and has become indistinguishable from a regular or just really good player, then... Mission Accomplished? At that point, it's no worse for the other players than playing with someone who is organically good, unless the sanctity of some matchmaking algorithm is more important to them than the gameplay.
Which is fine too, but the solutions for that problem may ultimately need to extend our be situated beyond the game software itself.
I wonder if you could train an ai using screen grab and the mouse/keyboard input of players as a training set. so that it would look like a natural player rather than a aimbot
This will eventually lead to online multiplayer games to only be playable of a game console of sorts for ranked matches, where you are not the root user is implicit from the start.
Were they banned at a live tournament or an online only one? Article isn't clear. Also getting caught got them banned from the sport, much like sports doping today. It makes it a high risk action.
Epics anti cheat doesn't even work. flocks of kids get actual aim bots that epic can't deal with. CSGO anti cheat is yet to be matched in quality because it relies on players and statistics. It turns out that you can't control client software and hardware. Good competitive cheaters use hardware aim assist. Any software you make will be modified. The only way to stop cheaters is math, and people.
> The only way to stop cheaters is math, and people.
People are plenty enough. Let them run their own servers with robust moderation tools and custom software and then the community can deal with cheaters effectively. And false positives can simply find another server, since availability in a popular game will be higher than developer provided servers.
Over a decade of locking online gameplay even further behind developer and publisher control has been one of the greatest boons for cheaters.
In competitive Fortnite it seems like Epic is quick to permaban cheaters. Personally, in the last year of playing, I'm not sure I've run into more than a couple obvious aimbotters.
Aimbots are a form of obvious cheat. If anti cheat worked, they wouldn't be possible. The movement of the player input and accuracy is mathematically obvious. The problem is anti cheats aren't designed to prevent cheating, they're designed to sell a product that non programmers want to buy. Same as DRM. Somewhere down the list is actually having the anti cheat work, it's not the main goal.
Or worse machine-learning-to-bounding-box that takes the video stream through HDMI, identifies character heads, intercepts the USB HID mouse, and injects movement commands to move the center of the screen towards the nearest "head". Literally (not nearly) impossible to detect, there is no difference between this and just aiming by hand. The video is already out of the box, and the USB HID packets look the same as the real mouse's commands.
I spent about two months creating training data for this and it now runs smoothly on a sister PC with a capture card. I gave up because I got bored (and perhaps felt guilty about cheating) but I wholeheartedly believe I could have played top 500 region online matches and gotten away with it, as investigations usually trigger manual DMA checks by ESEA/Faceit mods, and a manual ("automated") ban in that case. But there is no DMA in my setup. The only way to get banned would be to play stupidly and obviously cheat, and to be honest that's a plus of my setup: the neural network is not perfect, so the aimbot can't be perfect. Like a built-in humanizer.
>I wholeheartedly believe I could have played top 500 region online matches and gotten away with it
Unless you were already near the top, climbing rapidly up rankings (in a 3rd party ladder) is going to be very suspicious. Draw enough attention and I think it's not unlikely someone would find evidence (not evidence of how your system works, but video proof that shows cheating).
And if the humanization is so good that it can literally never be detected... then better players with more knowledge and game sense will consistently still win. You'd need to be a good player in the first place - which is actually where the danger lies. A pro player with an undetectable cheat they can toggle on momentarily, even just once a series at a crucial moment, could make all the difference.
I've given up relying on technical anti-cheat solutions for online games. If it is apparent someone is cheating by watching them play then that's enough for me (and I've seen some _very_ subtle cheaters get banned from leagues for the most minor of slip-ups.) The only way to be totally sure are if the game is played on a LAN and the equipment is sufficiently controlled.
>climbing rapidly up rankings (in a 3rd party ladder) is going to be very suspicious
Hard agree here. There's always been people accusing semipros of cheating (see r/VacSucks for more) though, so unless it was pretty concrete, it wouldn't mean anything.
>And if the humanization is so good that it can literally never be detected
It's not that the humanization is good, it's that the cheat is poorly designed enough to be only as good as a really good consistent human. Though you're right that it's not going to be the holy grail.
>The only way to be totally sure are if the game is played on a LAN and the equipment is sufficiently controlled.
Hard agree as well. I've been hoping for online majors to be called off, but alas.
Once you start requiring external hardware setups like that, I think the barrier to entry for cheaters becomes high enough that they become far less prevalent.
The goal of good anti-cheat should never be to eradicate it entirely, since that is obviously impossible. You just need to make it so the vast majority of players rarely encounter it.
To be honest I have completely given up on competitive fps games. The cheating situation has only gotten worse and I really don't see anti-cheat makers winning.
I was 4 when the first DOOM came out, 7 when Quake was released - I LOVE me some fps games.
But I don't find playing online fun anymore - The first 3 days are great, then you've ranked up a bit and start hitting the rampant cheating, and you realize it's just a waste of time sitting for 20 minutes in a game where some 12 year old (or much worse, some 30 year old) has just bought hacks to feel good.
To be honest - I actually blame the automated matchmaking systems more than anything else.
Give me the good ol' server lists back, where a real person is an admin, and you can make a group of friends. This monotonous, automated, matching bullshit sucks the soul out of most games. It's not fun anymore, it's designed to be a chore to prove that you're "better", with an intentionally game-ified rewards systems built to trigger gambling impulses.
I'm grave digging a bit with this reply... but I was around the same ages as you maybe a bit older at all those releases. The only satisfying time to play big name competitive PVP FPS is during Beta periods and the first few weeks after launch. However... I've found satisfaction for my FPS itch playing games like 'Squad' it's very niche I have my servers I subscribe to for a few dollars a month and sometimes on 'free weekends' we'll have 3-4 a night but admins ban them within a minute. Cheating is rarely a problem in niche harder to play / enjoy games but comes with a time commitment cost. I'd be embarrassed to say how many hours I have in that game but let's just say it's more than 500 hours in ~6 years.
Another good niche game with virtually non-existent cheating is Midair. It's mostly old-school FPS players reliving their Tribes days with good admins global banning the rare cheater.
I wish I could reply to this with a rallying cry for you to keep trying. But it's true, every 14 year old kid with a keyboard can cheat in competitive now.
How does Stadia play a role in this? I don't play video games outside of Football Manager so not knowledgeable in the area but I recall reading about the competitive scene of one of these games moving over to the service due to the cheating.
I think it would kill the scene, Stadia is anti-performance, it's a video feed streamed over the internet, with all the problems associated with processing on a remote computer, the primary motivator for high refresh rate monitors and low latency input is FPS games I would assume, so going from sub 10ms end to end latency to a 40ms latency on a perfect connection, I just don't see it being accepted.
As an aside it's recommended to keep latency under 20ms to stop motion sickness in VR.
Developers can support this, if they want. Conan Exiles guides you to install the 3rd party anti-cheat, but you can opt out and play single player fine or even multiplayer on servers that allow it.
As someone who was really into CSGO, I can tell you the cheating just gets more subtle.
Up near LE/LEM ranks - no one is using the obvious hacks anymore. Instead it's things like a small autosnap radius for heads (ex: mouse within 3px of a players head? snap to head on fire), auto-recoil control, and map awareness hacks (4 went A, we go B)
It's a similar problem in Valorant - the goal of the cheater in the higher ranks is to get an unfair advantage with just enough of a cheat to leave the other players wondering if they actually cheated at all.
Hell - there are actually hardware cheats now - ex: mouse that will handle recoil for you in these games now.
It's destroyed my interest in the competitive FPS genre entirely.
>Literally (not nearly) impossible to detect, there is no difference between this and just aiming by hand. The video is already out of the box, and the USB HID packets look the same as the real mouse's commands.
doesn't "line" made of mouse coordinates look oddly for human?
At this point, I'm pretty sure any "human" pattern machines can find, other machines can fake. Simulating how a human would move a cursor towards a position definitely seems like something deep learning could approximate for cheap.
Naive aimbots will still have some artifacts (eg jumping to a new target as soon as the current one is occluded), but making an undetectable aimbot really doesn't seem hard, given the incentives involved.
The hosts are so cheap they wont do a raycast from a player to an object to see if its in line of sight, they are not going to try and scan your input looking for randomness.
You're downplaying how genuinely hard it is to do server side stuff on a game with 60+ players, a lot of this stuff is O(n^2), and the bottle necks is network packet sizes as well where players will start to complain about packet loss because they play on WiFi connection with someone else who watches YouTube or Netflix.
Apex legends does in fact do fully simulated bullet dropoff server side with temporal rewinding, and it doesn't stop hackers from just shooting you with 99% accuracy.
Its not _hard_ its $$$ expensive. You'll need bigger processors and more servers. I mean, I guess its _hard_ to choose what compromises to make, but not technically hard. Anyhow, I'm no expert.
The solution to competitive gaming is streaming, not anti-cheat. Everybody gets the same resolution, same frame-rate, same latency. Fair is fair.
Honestly think it's game consoles with keyboards and mice that are bound to proprietary crypto protocols, much like the anti-piracy that the current xbox has. Can't do video stream HID interception unless you make a robot, and you've just raised the barrier of entry so high to get rid of %99.9 of it. And in pro matches you can just watch them in person.
The point of crypto locked controllers made by and for the manufacturer's console is that tampering will cause the device to refuse to run. Which leaves you at a robot to physically manipulate the device as I said. Since it doesn't have to be an standard like HDCP, this can be locked down pretty well like the xbox one is. [0]
At that point the barrier to entry would be so annoying that online cheating will be reduced significantly, and pro tournaments will be done in person to let you prevent usage of robots. Also everyone will be using the same equipment probably provided by tournament organizers.
Congratulations on your fun project. Be careful about "literally impossible" though. If it's truly identical to aiming by hand, it won't help you. If it isn't, there might be some statistical (in)consistency that's detectable with enough play.
What if some person or algorithm notices that you don't have those skills while walking or shooting at other body parts - only at heads? That's the kind of inconsistency I'm talking about. Or what if the nature of the mouse movements is consistently a little different between the AI and yourself?
Physical aimbots are a much fairer cheat than picking apart the render pipeline to see through walls. A good player can still beat them.
I'm not saying I'm for any sort of cheat, including the built-in aim-assist for people who choose to play with a controller, but if I absolutely had to play against an unknown number of cheaters, I would prefer they were at least playing with the same deck as me.
Pretty well. It doesn't shoot through them, because it can't see through them. Sometimes it aims/shoots through them somewhat early before it dissipates completely, because rxn time is way faster than a human. But it's close enough to not be suspicious.
You know this? You've personally tried them? Or is this secondhand, thirdhand, hypothetical knowledge? It seems to me that anti-cheat works the same way DRM works: It poses a barrier to entry that keeps NN% of people who would hack from hacking, which is sufficient to keep the game from becoming a hacker cesspool.
As someone who runs an online Counterstrike platform, I can attest to this firsthand. There are literally dozens of open source cheats on Github that bypass the major anticheat services. And when one gets detected, they're usually updated in just a few days. For private paid cheats, they're very rarely detected. I've heard of people paying thousands of dollars for custom-built cheats that have gone years and years without being detected.
The cheating in the game is out of control and has been for half a decade. People still play and can find little pockets to play in to avoid cheaters (namely playing with friends or on paid services, that cut down on cheating due to the barrier to entry of cost), but it's inevitably unavoidable to consistently run into cheaters
My approach has been to run no client anti cheat outside of that built into the game (VAC), as I don't believe invading people's privacy (e.g. always-on kernel level detection) for the illusion of reducing cheating is worth it. There are better ways of hindering cheating than on-client detection, in my humble opinion.
You're talking about VAC, which is not even close to the same tier as EAC, there are no "open source cheats" that bypass the major anticheat services because they are quickly identified and patched.
Correct, VAC is very different than EAC. But it's absolutely not true that there are not open source cheats that bypass EAC, FaceIT, and ESEA. The more popular ones get patched, but I've seen a bunch of smaller ones that do not get detected – you just have to know how to find them. They may eventually get detected, but cheaters generally will just create a new account and start cheating again.
When my platform launched 6 years ago, we were the first to approach the problem of preventing cheating via non-invasive methods. We required you to have played several hundred matches in-game before being allowed to join our platform. ESEA, who are widely considered to have the best client side CS:GO anti-cheat, just recently implemented something similar, proving that clientside anticheats alone don't solve the problem.
> They may eventually get detected, but cheaters generally will just create a new account and start cheating again.
Typically games will either avoid putting low play count players in the pool with established or paying players. Both because they don't want the guy playing for the first time to be constantly creamed by heavily invested players which would drive them off but also because real time and real dollars are strong deterrent to most and at least an extreme slowdown to the remaining. The net result of anti-cheat is to make it unviable to continually cheat, not to never have hacks that temporarily work.
CS's problem is Valve has shit anti-cheat that doesn't really care to detect cheaters and even when it does it doesn't have strong new player segmentation to delay them from coming back. Both of these are reason's Valve is lax with cheaters not reason's anti-cheats aren't effective.
You probably won't be in there for long, if ever, if you're a standard new player. It's a factor most serious anti cheats consider, not the only factor.
That is you came in on an account that had existing game time or existing purchases or you hop on with a friend in good standing or you bought something in game or anything to indicate your account is actually valued by a legitimate player in some way you won't even see this process.
On the other hand if you're a fresh account with 0 time, 0 spend, and the only people that will friend you are accounts that accept every request or are known for accepting new cheaters expect you aren't just going to be dumped into the clean player pool on your first night. Not only are you the hardest type of player to prevent false positives for but you're the least likely to ever be profitable to server anyways.
Even if you aren't immediately uplifted some strategies mean you may not care if your initial nights had a higher risk of cheaters anyways matter. E.g. Fortnite is F2P but your first night you aren't likely to run into many real players. Both because they want you to get some wins to get hooked but also because it dilutes the amount of cheating new players will see.
Does popflash.site have an AC? I didn't have a problem last time I tested it.
I think your server could check for several cvars that are only enabled for cheaters using some cheats, to auto-ban them. Though this precludes externals and some better internals.
Sorry, I edited my comment after you asked. We don't have an "anti-cheat" in the traditional sense, though I've developed a few solutions to curb cheating in the past. Fortunately, it's not really a problem I've had to solve because I only offer scrimmages these days, meaning you choose who you play with. If I were to offer matchmaking, I'd be more liable to prevent cheaters from using the platform since I would be matching up people to play with.
Since my users are mostly just playing friends I don't really have rampant cheater problems like other services.
That's not really what DRM IMHO -- sure it says that on the tin... Once the video or game is cracked once, the DRM is done. It just provides hurdles and extra barriers for the first person. Once somebody finds a "hack" method that works, they can clone and resell it up until their greed belies their customer's wishes of being undetected due to small player pool using the hack.
And yes, hacks are "rootkits". It's kind of funny how they work. Some of them work at the memory level, or packet level. They require you to disable anti-virus, all firewalls, etc. The only incentive for them not to hack the user is a recurring subscription cost that's often more expensive than the game itself (leading to rage hacks where they are known to detected but the delay in detection-ban lets the user play still and farm RMT items).
I do know this, personally. EAC is not great. They sort of stay on top of things compared to something like CS but it's still possible to get away with it for a few months if you do it right
We need to go deeper! Cheat Makers produce their own kernels that trick the kernel modules by intercepting everything theses modules do.
I don't know if there is even cheat software on Linux, but if there's a market, there might be a product.
You’d be very surprised how much of the industry hasn’t discovered this. There’s lots of stats that can be used to reliably detect cheating.
* New account
* K/D ratio that’s multiple times better than the best players in the game
* Using incredibly off-meta “cheater builds”
* Consistent record breaking total kill count
* Inhumanly low TTK and headshot ratio
* Speed hacks that allow you to move around the map much faster than you should be
* Time to lock on/switch between targets
All of those are incredibly easy to statistically analyze. I play a fair amount of Warzone, and I often run in to cheaters that would fail a very basic “definitely cheating” stats check. You can even get a rather reliable indication of whether there’s an obvious cheater in the lobby by how quickly the surviving player count goes down.
A 3rd party implemented an app that looks up the stats of every player in your lobby, that players were using to detect the more obvious cheaters. There’s no non-cheating explanation for a double-digit K/D player getting 50+ kills for the past few matches in this game, but you’ll find players like that in your games routinely. The developer response was to declare the app against ToS and modify the public end points that provided those stats, breaking the app.
That’s one of the biggest games in the world, they’re clearly not utilizing even simple statistical methodology, and they don’t want users doing it themselves to decide what lobbies to back out of.
VACnet IS more effective than their previous system, but that's a LOW bar. CS:GO is still full of obvious spinbotters and wallhackers that get to ruin a hundred competitive games before eventually getting banned, and just grabbing a new account. VACnet for some reason can't even get the obvious stuff; Spinbotting looks nothing like a normal person playing, to the point that you could probably write "if average rotation rate > some high bar then ban" and do better
Valve have been doing it with Counter Strike for at least 3 years. And the "VACnet" they have is still far from perfect. Especially with the less obvious cheats. They used to be a talk on youtube, but it seems to have been taken down.
I did a few hundred cs overwatch (it's a system where people with 150+ won matches can review suspicious behaviours reported by system/other users - https://blog.counter-strike.net/index.php/overwatch/) cases and 95% of them were people using Spinbots. You can write a program/script that parses demos and detects those in few hours (assuming you don't know how to parse a demo file). Why is this even a thing? I want to help them with fighting less than obvious cheaters but if almost everything I get can be automated by any 1st-year cs college student then what is the point?
I am guessing extra computation? Maybe this sort of technology is in infancy?
The real interesting take away is it is always a mouse and cat game. The hackers will adapt, instead of reading memory they might just read packets, or use a m.2 memory reader card, because they have to -- and so will the anti-hackers. I am interesting in machine learning to simulate COD -- I saw a video of it and it's like a young child was playing the game -- not good but obviously on the path to competence.
They do. And after a few weeks/months there will be a ban wave. But there really isnt incentive to fix these problems because if you ban cheaters they have to buy new copies of games.
Because they can get people to install rootkits on their PCs and offload the computational burden on to them instead of paying $$$ to detect these themselves?
That can only detect obvious hacking. Subtle hacking is hard enough to detect that you'd either have to accept high amounts of false positives or false negatives.
Eliminating obvious hacking would be an improvement in a lot of games. You can get good enough to outplay a waller with a subtle aimbot, especially considering the cheaters are typically not very good at the game. The “rage hacks” offer no level of counter play at all.
Client-side analysis allows the game to identify unauthorized access to game state, which is the root cause of most cheating (probably not going to prevent computer vision aimbots that just analyze frames). It's just a much simpler and effective solution than fine-tuning a statistical model.
If it's running on the client, it can be patched out. Any checks done on the client side can be bypassed. Sure, obfuscation will deter most people from trying to reverse engineer the checks, but all it takes is one person to succeed and distribute their cheat program to others.
I wouldn't be shocked if it used BPF probes or something like that. A kernel module is possible, too, especially if they're targeting Ubuntu with DKMS.
I don't know if you're being sincere or just trying to gotcha it, but Ubuntu has had support for this for ages as part of DKMS [0]. It generates a key and registers it with the firmware during setup if secure boot is on, and it signs any modules you build with that key as part of the regular DKMS build.
This is why I still use the console model with my gaming PC. It is exclusively for games without exception. I would have it boot directly into steam if I could get steam to boot other games like from Battle Net without so much work.
I did that for a long time, but I get a little too into FPS games and playing ranked against people who can see in the dark using game filters, have a high FOV not supported on console, 240FPS, and 1ms input lag I decided to switch. Cheating is a console problem too now that everything is doing crossplay anyway.
You can, actually. Steam can add non-steam games to the library, and also can stream them over Steam link. I've used that to play GoG games on Android TV.
The dev page still says "The Anti-Cheat Client interface currently only supports the Windows platform and requires a 64-bit operating system installation. Mac and Linux client support are coming soon." so there's not much info yet. I'm guessing it'll require a specific kernel version and an obfuscated kernel patch that probes everything and calls a web service constantly.
Riot games already made this on their game titled "Valorant." It's irritating because you need to restart your pc every time you encounter some of the game's errors.
For context, ProtonDB is a database of Steam games and how well they work on Linux through Wine/Proton. A huge number of the "borked" games are using some kind of anti-cheat and that's the main reason the game doesn't work.
EAC is one of the most-used anti-cheat systems in gaming. Between EAC and BattleEye, you're hitting the Pareto Principle for anti-cheat support.
Four of the top 10 Steam games use anti-cheat and therefore cannot run currently. Two of those four use EAC.
Worth noting that the VAC games on that list, CS:GO, TF2, and Dota 2, have effectively given up on actually detecting and preventing cheaters and now rely on server-based or community-consensus methods of finding and punishing cheaters (with TF2 being the exception with how little maintenance Valve performs on it).
Both CS:GO and Dota 2 have a report+overwatch system where users watch a replay to determine if someone is exhibiting suspicious cheating behavior. The server side of this is VACnet where it uses heuristics like mouse movement or [in Dota] clicking out of regular camera bounds to detect these cheaters and expedite them to the Overwatch queue. You can readily download the biggest script client for Dota 2, and VAC ban waves for using it have been unheard of for years now (you only get an in-game ban when enough other players verify the cheating via Overwatch).
I can’t quite tell if you think this system is reasonably effective or not. It certainly seems less invasive, so it would be good if it were. Are you able to comment on that?
> You can readily download the biggest script client for Dota 2, and VAC ban waves for using it have been unheard of for years now (you only get an in-game ban when enough other players verify the cheating via Overwatch).
Does this mean you think the ban process is too slow and involved?
The system is effective for CS:GO and Dota mostly because the nature of the games; things like Fog Of War[0] (which applies to both of these games and Valorant) help bring down the upper bounds of how much a cheat can help the cheater, and the rest of the potential things a cheat can do (like aimbot in CS:GO, or auto-disable in Dota[1]) are easy for VACnet/Overwatch reviewers to detect since the movements are usually non-human-like.
> Does this mean you think the ban process is too slow and involved?
As VACnet and Overwatch reviewers become more experienced it really brings down just how much the cheats can help the player, to the point where using them barely makes a difference or only allows them to use informational cheats. I just don't think this will work for every game, and certainly isn't something every game developer wants to have to implement & maintain.
1: https://redd.it/psb7h7 - an example. In the second part of the video, the Invoker cheater targets the Axe with one of his items without moving his mouse to the Axe, which saves him from being disabled/taunted - but a human would have to click or hover their mouse on the Axe to disable him.
If I’m bored I can jump into either dota2 or cs:go and play and win and have fun.
If I join warzone modern warfare… omg i sometimes die right after dropping from the plane due to aimbots. Or I could be inside a building not standing next to wall not in line of sight with 1 door. Boom dead from someone shooting outside with wall hack. I didn’t install it on my gaming laptop because it’s filled with hackers now.
Community moderation with persistent outcomes (eg VAC ban) is great for games you have to pay for, but it's really abrasive to a F2P community if there's am endless stream of cheaters.
Both CS:GO and Dota are F2P, but yes, most cheaters just purchase new accounts/create new accounts. They've had to put mitigations for this like requiring x hours/x games to play competitive game modes.
Just to be clear, the rating is NOT how well they work but how easy it is to get the game up and running. That said, in a majority of cases, the quality of the runtime of the game is usually correlated to the rating given on ProtonDB.
I wish there was some well respected third party reputation service that I could prove my identity to (government id, utility statements, etc) and then all games just integrate with this third party reputation service. Sort of an Olympic committee for gaming. Give me the option to only play with other verified players. Getting caught cheating in one game then impacts your reputation in _all_ games. There's a gazillion details that would need to be hammered out to get this right (appeal process, account hijack recovery, etc) but I think the idea has merit. I feel something like this is the only way to end cheating once and for all. Would be so nice if developers never had to think about anti-cheat again, and we didn't have to run all this super invasive anti-cheat software on our machines.
You want to open up yourself to risk for your identity being stolen and normalize handing out personally identifiable information just to maybe make it harder for cheaters to get in on some of your games?
I don't think the idea has merit. See how long it is taking the Real ID act to become enforced. People barely trust the government with this info, with the ability to get on a plane (among other things) at stake.
Self-defeating, since part of the point is that your reputation is based on multiple games, so by only playing one game your account already looks suspicious.
Nothing really, unless people are already suspicious that you're cheating, then having no other games on your account looks extra suspect. The system isn't meant for objective measurement, so if people think you're cheating and you don't have a reputation score to back up your claim that you aren't then you'll probably get banned pretty quickly.
This doesn't solve the issue of stolen accounts, or fraud.
Game companies won't accept a system that has a non-recoverable state like a deleted private key.
If you can assign a new key to your account, then the private keys don't improve trust, and remove the point in having them instead of just OAuth.
In games like Dota 2, there's already an industry for account selling.
It's pretty simple really,
Find some Boomer's ID, who barely does anything but browsers facebook (or better yet, buy an ID of one of the billion in the 3rd world).
Sign up to this service using their id, hire some poor kids in the 3rd world to level up the account without cheats to build rep, then sell the account to a hacker.
If you get financing on purchasing a car you have to give financial institutions your personal information, I don't see this as being any worse. Even companies that I'd prefer not to do business with have all my personal details, because there isn't really any alternative. My identity was stolen as part of the Equifax breach. Certain organizations are more reputable than others, and I want this gaming reputation service to be well respected and trustworthy, since that's the only way something like this can work. It's hard to get right, but it can be done.
The alternative is having to run third party closed source anti-cheat software on my computer that is written by god knows who, that has the potential to do an enormous amount of damage if a bad actor were to sneak in a backdoor.
> You want to open up yourself to risk for your identity being stolen and normalize handing out personally identifiable information just to maybe make it harder for cheaters to get in on some of your games?
If you look at how much how much time and effort and money people put into these games, it doesn't seem so unreasonable. Another commenter pointed out that you have to give a similar amount of personal information to get a car loan, or, as you say, to get a plane ticket. I suspect a lot of people spend comparable amounts of money and effort on gaming, and probably see it as a bigger part of their lives.
> Getting caught cheating in one game then impacts your reputation in _all_ games.
This sounds pretty similar to Steam's VAC (Valve Anti Cheat) system aside from how widespread you want the system to be. IIRC, owners of Source-based game servers can set a flag to allow/deny users with a VAC ban. I don't think this is available to non-source games, which would be needed for your idea.
> How do VAC bans relate to phone numbers?
> VAC bans are applied to all accounts sharing a phone number at the time of the infraction.
> Can I move my items and games to a different Steam account?
Being able to play Call of Duty without people screaming the N word into my ears regularly would be amazing. Intolerance to hate speech could be something enforced by this hypothetical service as well.
Sure I can turn off the death mic, but there's been some really amazing interactions though it as well. For those not aware, the death mic in CoD is a feature where the instant you frag somebody in game, it turns their mic on, so you can hear their very candid reaction. Lots of times it's things like "no way what a shot how'd that guy get me!". Such a fun feature, if it wasn't for people that just utter the most offensive things imaginable on it.
Have you ever glanced at the Facebook comments under a news article? It did nothing at all to stop online toxicity when they tied your online persona to your identity, photograph, the identity of all your friends and family, etc. Plenty of pictures of smiling grandfathers holding babies next to N-word-laden rants out there
It's not just the tying of ones online identity to their real life identity that would mitigate this issue though. It's the fact that if a punishment is doled out (voice comms restricted for hate speech, or a ban issued for cheating), then you could be certain that the person isn't just going to register a new account and keep doing it, because the barrier of registering a new account would be so much higher (having to prove your identity to my theoretical reputation service).
OK, imagine this: A 13 year old makes an account, goes through your onerous KYC process, plays some game. Gets banned for saying something offensive under his breath when the game suddenly turns his mic on without him expecting it.
You're thinking "Great, problem solved, this kid will literally never be allowed to play another video game as long as he lives"
OK, in actuality, he's just going to use his mom's ID next time. And his dad's. And his grandparents' IDs. etc, etc
There'll be a whole gray market for IDs from all over the world to pair to your ridiculous Orwellian service, because thankfully it won't be backed up by penalty of death
I don't think a single infraction of hate speech would warrant any consequences, it would need to be a multiple offenses before punishment is doled out. This punishment could just be a temporary loss of voice communication privileges. Eventually if they are a habitual offender, it could lead to longer loss of voice comms, and then eventually a repeat ban.
Producing identity verification documents that many times over and over is not something a 13 year old will likely be able to do, relatives would certainly raise questions from those relatives as to why they need them.
I see the ridiculous Orwellian service is being the anti-cheat software we have to run already.
Right now you get muted and banned pretty quickly for mouthing off in any online game. Most games have some combination of costing $60+ up front, being pay-to-win, and/or being grind-to-win, so getting permanently banned from any of them is pretty catastrophic. Yet plenty of people get banned and re-buy the games regularly anyway
It would also be nice if people were able to use cheats in a game against other people with cheats. It would be very enjoyable to watch battle of the bots in games and have people pit their programming skills against each other like this.
I seem to recall a certain game that had a shadowban system that just put all the cheaters in the same lobbies together. Might be misremembering that though.
Sending away all of your PII to be verified in games isn’t much better (in terms of intrusiveness) than running anti-cheat software in the first place.
Additionally, will it be any harder to get around a system like this than a traditional anti-cheat system? Theoretically - for the average player at least, it might make cheating worse - assuming the cheater runs their cheats in a realistic way, in your world, there is now no detection software pinpointing the cheaters!
> Sending away all of your PII to be verified in games isn’t much better (in terms of intrusiveness) than running anti-cheat software in the first place.
In my mind it's much better than running N number of different anti-cheat software on my machine, assuming that this reputation management entity is very well respected. Again, it'd be very hard to get a system like this right, but I think it is certainly possible.
As a casual player another way to alleviate cheating is good matchmaking, so cheaters all rank up to other cheaters. This doesn’t help higher-level players though.
Some cheats run outside the OS and are basically indistinguishable from regular players. So anti-cheat won’t work. Good matchmaking + still catching cheats for impossible stuff + real tournaments requiring in-person attendance or heavy monitoring, should still work pretty well.
It doesn't work across multiple games but Counter-Strike: Global Offensive has a system where you enter your phone number to verify your account and then can queue only with other verified players.
The phone number is not much of a barrier. I'm a verified player and only queue with other verified players, and I encounter cheaters regularly in CSGO.
That sounds like a great way to get lots of non-cheating players to give up online gaming once it becomes mandatory for the majority of online play (which it would if it took off).
I'm not sure if you actually believe that. If the population I've observed is any way representative, we'd be more than happy to give full root level access if it means the cheaters actually vanish.
You might be severely underestimating how much comp gamers hate cheaters.
> we'd be more than happy to give full root level access if it means the cheaters actually vanish
Except it won’t - cheaters will move on to using other methods. There already exist external, undetectable methods for cheating that involve running the cheat software on other machines. Requiring this level of access is just pouring fuel on the fire of the arms race here, and the potential harm it will cause to non-cheaters is worse than whatever harm getting pwned by skriptkiddies in your bang bang shooty shoot live service Skinner box simulator can cause. This is an attempt at a technical solution to a social problem - you can’t patch meat and brain.
> You might be severely underestimating how much comp gamers hate cheaters.
Actually, I’m not. I’ve been on streams where competitive gamers meltdown and threaten to kill their opponents. But just like murdering people who beat you is morally wrong so is forcing everyone who wants to play a game to effectively give over control of their machines to the game makers through intrusive, kernel level anti-cheat.
I had someone invade the League of Legends account I used for almost a decade after me not using it for a year or so and cheat to their hearts content. That caused the account to get permanently banned with absolutely zero help from Riot Games' support on how to get it revised.
In your system I'd never be able to play an online game again, only because a single account of mine used an email / password combination that leaked god knows where. Needless to say I'm not a fan.
Yes this is a very real issue that would need to be solved by the service I proposed, I specifically called out the appeals process and account hijacking resolution in my original comment due to their importance. It needs to be centralized because it's an impossible task to ask every game studio to get all these things right.
this type of solution sounds good until you get hit by a false positive in a game.
happened to me on pugb and the only way I could get my account back was with a paypal charge back. It's very typical that game companies refuse to tell users what triggered it or how to avoid it in the future. For all I know, it could have been a scam from the devs.
I can live with a 40 - 60$ loss on a game, but losing the ability to play all games on protected servers forever would be really bad
Yup it's a valid point, that's why I made sure to call out in my original comment. So many little details that would need to be done right in order to make it work.
It's an impossible task for every game studio to get all those details right, that's why I think it needs to be centralized. That way game studios can just worry about making cool games, and not having to waste resources on this endless arms race of cheating.
This is great and all, but I feel like all of these client side cheat detection tools are basically a waste of time. Trying to enforce the trustworthiness of the client is basically an unwinnable arms race between anti-cheat and the cheat makers. A better approach is for the server to treat all clients as hostile and untrustworthy and use a combination of heuristics and statistics to ferret out malicious client behavior. Valve has been doing some very interesting stuff with VACnet where they employ deep learning to flag potential cheater accounts in CS:GO and then have humans review and rule on the output. From what I have read and watched, it has been very successful.
I used to write cheats for various source engine games (running vac), and later more interesting games like pubg which run battleeye. Those are two very different anticheats, and I think comparing them is interesting
An important thing to point out is that it requires a lot of reversing work and low level knowledge to make a cheat, and usually at the end of the day cheats all end up with the same core features anyways. This means that there’s a huge stigma amongst cheat developers around knowledge sharing, which makes a lot of that initial work all the more arduous. Anticheats further increase that initial work, and incur an ongoing maintenance cost since each update can break your cheat (especially of you specifically work to break the public methods that everyone is using).
Last time I looked at VAC, it was doing stuff like looking for stuff like modifications to the .text section to detect hooks implemented by writing e.g. jmps to some injected code, but never actually adapted when people started just modifying vtable entries (most source engine constructs are exposed to developers as pure virtual cpp classes). Since they stagnated, it got easier and easier to cheat over time as more and more people spread knowledge on how to hook in an undetected way. Hell, in gmod some lua anticheat developer (gmod is a sandbox game with a lua scripting interface) found a vuln in the clientside lua implementation that allowed arbitrary memory io and used that primitive to implement checks for injected dlls when people started cheating at that level in that game, which was far more effective than VAC ever was.
BE was another universe, it felt extremely prohibitive to touch the game in usermode & even in the kernel I started to feel cramped. You can still totally get past it, but it felt more like writing a very specific rootkit than actually making a cheat.
So, from the other side, anticheats raise the cost of initially developing and maintaining a cheat. If used effectively, they can also kill paysites. I think they have value, even if they aren’t achieving a 99.99999% success rate.
As someone that has played CSGO recently, it's still normal to come across cheaters. Server side cheat prevention is preferred when possible, but there are just too many opportunities for client side cheating in multiplayer FPSs. You can't prevent the client from auto-aiming or knowing the enemy player position behind a nearby wall. If you do not stay on top of cheating, cheaters will ruin your game.
>You can't prevent the client from auto-aiming or knowing the enemy player position behind a nearby wall
Valorant and Edan.gg's defender [1] has the best fog of war system I've ever seen. CSGO has probably the worst; in fact, at one point, the game had NONE and sent player pos's to everyone at all times.
I completely agree, but there are a lot of server-side mitigations that haven't been nearly as explored as I'd hope.
I'm a little skeptical that that's the case. When I cheated in CS:GO years ago (1856 days ago in 2016), I specifically remember being unable to see where people went at the beginning of the round, and sniping double-doors on dust2 showed people only when they were about to pass by the opening. This was on official competitive servers, so maybe you only mean self-hosted servers don't have FOW.
Another source engine cheat dev here. Source has had dormant entities at long ranges in culled-off areas [sectors of the map demarcated by func_areaportal] since... as long as I can remember.
Your cheat couldn't see those players because the server was doing a very cheap and primitive visibility calculation, deciding the player entities are dormant for you, and choosing to not send you the data for them.
This is different from the later-enabled player PVS system, which does more expensive ray casting once you get a certain distance away, which cut down on wallhack cheats a lot more [although they are still very useful]
Would an anticheat work if you did the opposite of this? Send the client random movement data above and behind them and if they spin and shoot towards it instant permaban forever
Random wonder. I have no idea in or around anticheating, please do feel free to shred it as an idea to pieces
I mean, it has fog of war, yes. It's not as good or strict as it could be. I have seen discussions with the devs and they say that if it is more "strict" (ie hiding player positions until they are closer) would be more taxing on CSGO servers, AND would screw with high ping players (they would experience pop-in).
I'm not a CSGO player, but I assume you also have to be able to play e.g. footstep sounds for someone coming up around the corner, so you at least need to send the info that someone is nearby.
You can track statistics of players aiming at same spot in enemy model every time, looking directly at other players behind obstacles outside sound range, you can send probes with bogus player position data behind a wall from suspect player and analyze reaction.
In the cases where end-to-end vendor control over the hardware from the player's fingers to the HDMI out exists, yes that seems possible.
But on a PC? Where the user can install whatever software they like? Much harder.
It feels like stopping aimbots will ultimately fail as eventually we'll see bots that use machine-vision to spot heads and pick them off. You wouldn't even need to run it on the cheating machine, this could be a separate device doing passthrough on the mouse, keyboard, and monitor.
All Valve has done is made it so people cheat and pretend to be legitimate, you can't beat cheaters outside of making it a non-cheatable game, you can just reduce it. Then again, if nobody notices that you're a cheater, are you a cheater?
It's an unwinnable arms race if your goal is zero cheating.
It can work well enough if your goal is 'ban/hellban cheaters relatively quickly'. If the time/money cost of creating a new account is non-trivial, this can very well get cheating down to some acceptable level.
Server-side statistics can be used in addition to this kind of client-side monitoring, but there's only so much that can be inferred from statistics. It may not be too difficult to determine if someone is using, say, an aimbot from statistics, but it's very difficult to determine if they are using a radar - because the cheater still has to make fuzzy, human decisions, based on the information that radar gives them - and because its difficult to tell radar apart from good gamesense.
Simply because a tech arms race is theoretically unwinnable doesn't mean that trying to win a little doesn't deliver value to the company and its ecosystem.
You can emulate an android and run snapchat and screenshot the emulator, but the screenshot reporting inside of snapchat is still valued by millions (and shapes the behavior of millions).
Perhaps if you want a perfect solution, but in practice most people aren't cheaters, and those that cheat tend to eventually make a mistake and get caught by the anti-cheat. The remaining 1337 you can manage manually.
Because it's not as trivial as you think it is to get good results if you rely only on the server side, if it was the case everyone would do that.
Server side cheat detection actually don't detect that much, like how do you known someone is wallhacking?
As for manual review it just does no scale, when you see that CoD banned 100k cheaters, imagine if one person from activision would have to review every cases.
If that was 2015 or 2010 then I'd say: why would people competent in computer vision waste time on making 30$ cheats when they can use their skills at faang for probably 200k?
Because they are kids and they use it as a practice ground to gain those skills inadvertently. Or they use it as a practice ground where they don't have to deal with bigtech BS and can just develop with no design reviews and all the miles of BS getting in your way.
VACnet hurts cheaters, and also probably 25% of legits as well. In low trust this can be verified pretty quickly. Even in the gutter of trust, redder than red, you still have about 50-60% of players cheating. That's nearly half of everyone in the WORST trust factor of the game, who are there while not cheating. Though some are probably griefers/mic-spammers/toxics, it's certainly not all of them.
If there's one thing that all cheaters have in common, it's an inflated ego. If the enemy is cheating, and half your teammates are, and it's casual, you're gonna toggle on harder. There is no way to get banned in casual, unless it's by VAC, in which case you already have it injected so it doesn't matter.
You are right, though; my estimate is just personal experience
Hmm I wonder how intrusive EAC is on Linux, and Macs. I seem to recall that they look for visiting blacklisted websites in some browsers a while back. Also I wonder how their VM detection is for linux, and macs.
I know that it can checksum files, search through drivers, scan memory addresses, etc. I think I can read registry keys as well. That’s just what I know of the 2005-2008 era of Warden implementation. See vanilla implementation: https://github.com/vmangos/core/pull/1295
I'll go on the record and say above 5% by December 31st 2022.
Depending on who you ask, its at ~2% today. If that feels high to you, remember: it includes Chromebooks.
As it grows, you'll absolutely hear people say "Chromebooks" or "Steam Decks should be their own category, they don't count". These arguments effectively reduce to "Linux cannot be popular, so I'll move the goalposts so it never is." Ignore them, and pour cement around the goalposts: running a distribution of gnu/linux.
Of course, if all we cared about was the "linux" part of gnu/linux, then its already the most popular operating system kernel in use by mankind. Its already won.
>Of course, if all we cared about was the "linux" part of gnu/linux, then its already the most popular operating system kernel in use by mankind. Its already won.
Except the "linux" part matters to the actual user not one bit.
Android is a fairly walled garden no matter what kernel it uses. It's an implementation detail.
I'm curious as to why should the Steam Deck be in its own category. To me, it runs a mainstream, open and not-locked-down Linux distro. I could see an argument for Chromebooks being in their own category, but the Steam Deck, in my eyes, is a legitimate "full" Linux device.
Branding is important and an ordinary person (I think) will hear more about Steam Deck than Linux. And it makes sense that it's in its own category (or rather, game console category) because it's made for that purpose. The fact that you can do whatever you want with the HW is just a bonus.
> Branding is important and an ordinary person (I think) will hear more about Steam Deck than Linux
Fair point, I say. But people will know that KDE and Linux exist a bit more now, since they're kinda intertwined.
> PS. Nice user name. But why pair those two? :D
You're the first one to notice! And I paired them since if they married at the end of arc 1, it'd be the the most satisfying ending for me. And also, their mental states and stuff seem to be weirdly aligned, so I feel like they'd be the best fit for each other. It's also what I feel that pairing is the one that the least number of people would expect (:
Least expected indeed. To me those two only come together if opposites attract. Although a queen marrying an (originally) dark eye? Definitely counted as an upside in Jasnah's eyes.
If they do marry I hope Brandon makes a sequel like Mistborn 2 and we'll see what a descendant of Jasnah/Kaladin could do.
Woah, I'm a linux gamer but %5 by 23 is crazy. Steam Deck is going to be super niche, and a lot of people over on reddit are already planning how they will install Windows on it.
It's not going to explode. It will creep up very slowly.
And lets not forget that Microsoft will combat it if it starts to take off. Game pass is already and incredible deal. We have it in our house for the xbox.
> people over on reddit are already planning how they will install Windows on it
Wait until hands on videos show the battery and performance difference between Linux and Windows and see how many Deck purchasers don’t go ahead with their installation.
Not if Epic keeps buying independent video games that support linux, saying they won't change anything, then 6 months later removing linux as a playable platform (rocket league). That they're trying to develop a linux anti-cheat does not indicate they will actually support linux. It doesn't even indicate they won't actively kill linux games as their long history proves.
I used InSync with a mounted drive. I rebooted and it ran before the drive mounted and deleted my entire online google drive contents and then deleted the local files when the drive mounted.
The google UI is such garbage that you can't undelete 1000s of files so I had to write a script against it's API that ran for a few days restoring everything. Sucked.
I've been using it for the past year. Works perfectly find, no complaints. Definitely worth the $40CAD I paid,even if I plan to move away from Google Drive in the near future
Ubuntu supports Google Drive out of the box, it appears in the file manager. Probably it's Gnome doing the actual work, I haven't really bothered to learn it well.
Why would you run Linux and use Google Drive? If you don't care about FAAN(M)G reading your data and activity, Windows is simpler and has better compatibility.
I could see it becoming big with pc gamers for how much you can tweak the OS itself to eek out as much performance as you can get. They also tend to want to personalize their PCs a lot and with linux they'd have a whole new level to that with the customizability of the desktop experience itself.
It doesn't spy on you. It gives you freedom of choice when it comes to desktop environment, and what software you run. It's not developed by anti-competitive tech giants.
Desktop computers haven’t been relevant since 2008ish, and were struggling to maintain relevance after the 4th gen Intel GPU/Power-consumption changes.
Headless servers and consumer electronics are, already, largely using Linux.
If anything, this is the reason Linux could hit that point. Desktops are increasingly for specialized applications: gaming, development, content production, etc. If you just need general consumption, you probably have a tablet or phone. I could absolutely see Linux hitting 5% just because people who would never use Linux have stopped using a computer at all.
It is a factor. It is hard for me to argue that it did not have significant impact and I don't really have hard data.
That said, all the people in my circle with remote jobs upgraded their desktops or lappies. It cannot be an insignificant number given initial pandemic panic and current delta resurgence. And between China cracking down on bitcoin ( check 3060s prices there and you will be left wondering why the prices did not drop significantly here ), Treasury issuing crypto guidance on ransomware payments, and eth moving to POS, it is harder and harder to blame crypto miners.
Frankly, they sound like convenient scapegoat.
I won't go into details, but I had the option of buying 3070 yesterday and 3090 2 weeks ago. I passed on both precisely due to recent uncertainty.
I run games in a VM to isolate things. Some anti-cheat detect a VM and just assume you’re a cheater and exit the game, but I just don’t play those games.
Sometimes, yes. However last time I tried to get Hyper-V nested in KVM to work it…didn’t. Windows’ nested virtualization on AMD is a bit unsupported and buggy.
A long time ago, before my frontal lobe had completely developed, I used to develop multiplayer game cheats. I now recognize that behavior as abhorrent, but in those days I thought it was l33t.
In any case, no mater how good your protection is, how deep in the system you go, the cheaters can go deeper. Like anti-virus and DRM evasion will always win from detection. The cheaters have complete insight into any/all client side protection mechanisms, more importantly, the cheater owns the machine and the environment where your code runs. There is not a checksum that can not be faked, and no way to measure if any of your protections have been circumvented, because the code you use to measure can (and will) be patched.
You mean like they do on windows? It's like gay marriage. Linux users just want a chance to have that thing that everyone else has. Regardless of its merits.
I literally just posted a comment in an earlier thread that the only reason I dual boot Windows is for EAC support. This is awesome news. We can finally play Fallout Guys on linux!
I played Fall Guys on release on Linux, it worked quite well. Came back a couple of months later to it just blackscreening on launch and I realized they had added EAC sadly. This is great news
Has there ever been any attempts to construct a “credit score” for online gaming? At the end of the day anti-cheat measures can always be bypassed because the cheater owns the hardware which the game runs upon. On top of that I don’t trust game developers with installing an anti-cheat rootkit on my device. I would much rather have an online credit score which takes into account the number of games you own, how old your account is, the number of high credit friends you have on your friends list, etc… to calculate a “online gaming credit score” which matches you with others who have a similar “online credit score”. Getting caught cheating causes all of your friends to lose credit score therefore incentivizing online groups to self police and cheaters to be ostracized.
There are issues where new players will tend to get shafted by the scoring system but there can be certain routes to boost your score quickly such as providing some personally identifying information or spending more money within the game.
Trying to automate these types of systems always runs the risk of targeting innocent players. Because of the TF2 bots I stick to community servers located in my country and add regular players on there to my friends list. That’s the problem with valve owned servers; you cannot visit the same lobby regularly and have a rapport with other players.
You know, PvE is really underrated. I find playing against bots to be more fun, easier to gauge skill progress, and a better time with friends than playing against overmatched humans, whether cheating or not.
Losing 50% of your matches isn't fun. The alternative of losing 90% for months before winning 90% isn't inviting either.
I agree. I don't really play multiplayer online games at all anymore, but when I do they are explicitly not competitive. As the world switched from community servers to matchmaking I felt that it only made everything even more toxic than it already was, and I was not liking the person it was turning me into.
I will only play competitive now if it is couch, or lan party, or otherwise with people I know.
This is cool. Nothing ruins a game like someone cheating. What are the security implications of running an anti-cheat system on Linux? Do I need to give it root access?
Like another said in this thread, yes you would but it's because some cheats are rootkits. It's a little invasive but doesn't seem as problematic as other ACS like Riot's Vanguard, which is always on and China-owned.
State owned is problematic, I'm not in disagreement with you. But so is corporate owned. I'd like to see an industry standard anti-cheat root-kit developed as a publicly reviewable open source project at the very least.
>I'd like to see an industry standard anti-cheat root-kit developed as a publicly reviewable open source project at the very least
An anti-cheat is one of the few areas that truly would ruin its security by going OSS. A cheater can quickly enumerate every method the AC uses to detect cheats, then they know EXACTLY which goalpost to kick into, per-se. 85% of Vanguard's effectiveness is their CONFUSING ban protocols, whether that's delaying a ban to confuse someone testing what's bannable, not divulging details about what avenues are tested, constant updates that aren't specified anywhere, etc.
Case in point, even in CSGO: Just changing the offsets of some game values will break some cheats for several days.
Obscurity can be a layer, but it can't be the only layer, and in general systems (such as web servers) need to be designed to withstand full-knowledge attacks. That isn't likely to be possible when it comes to anti-cheat, so obscurity plays a larger role.
Many of you haven't noticed yet, but contemporary AAA devs realized years ago how much easier to make something compulsive than compelling and substituted addiction for fun, taking inspiration from slot machines and abandoning past masterpieces.
Shooters aren't enjoyable enough to justify this shit. Other genres are more respectful of your time, money, and efforts than to dribble content you purchased at a rate just slow enough that you'll keep playing. Your time and attention are valuable non-renewable resources. Consider how well you're spending them.
Awesome! So what does this mean for me? Will I be able to launch Apex legends without getting booted right now? How long will i need to wait for my favorite games to start working?
If I can play Planetside2 on Linux I can just ignore games that don't work well on Linux.
I can't wait to delete windows, it does nothing for me professionally or personally outside of being a gamebox. I find between the spyware, bluescreens when trying to move a boot drive to a new box, explorer.exe is a miserable excuse of a desktop and... I could go on about the papercuts but... yeah.
If the Steam Deck gets a large enough user base, Epic will absolutely try to make a native, seamless store for Linux (at least the distribution running on Valve hardware). Hopefully sooner than later because, after all, the more users that have access to their store the more $$$ they make.
Anyone remember PunkBuster? If anything took more out of the soul of gaming in them days I'd love to know what. It never managed to keep on top of "hackers" but some how managed to destroy the legitimate gamer communities - I got kicked so much I just gave up in the end playing publicly.
Does anyone even bother anymore with online gaming without using hacks? I've never strayed far from private servers for over a decade now.
Punkbuster was a nightmare and I still have flashbacks to botched updates ruining my Friday evenings in Quake 3 and Battlefield 2.
I've yet to personally encounter any issues with more modern solutions like EAC or BattleEye, though I know they've caused issues with some exotic device drivers like RGB controllers.
> Does anyone even bother anymore with online gaming without using hacks? I've never strayed far from private servers for over a decade now.
Don't listen to the haters, cheating isn't as widespread as people seem to think it is, as long as you stay out of APAC matchmaking servers. Smurf accounts are the bigger problem in the games I play regularly (Overwatch, Apex Legends).
The thing is, part of the challenge is that we don't really know if the game itself will work because people can't get past the anti-cheat to see if the game itself works.
There is no incentive to let you out of the Sony/Xbox walled gardens, unless you're Fortnite where everyone from children to adults love to spend stupid money on IAP's just to dance or clothe themselves and you don't want to miss out.
If they did, and you realized your game runs better on a real pc, you'd just defect and not beg/borrow/scam/hustle for a ps5 or new xbox (maybe for decent gpu still though).
You will take what they give you and be goddamn content with it. Unless you're Epic and even Sony gives up the GI Joe kung fu grip.
The lack of cross-play always bugged me. Usually a friend group settles on a particular platform to buy so they can all play together, which is a pain because in a lot of cases that platform is far from ideal for everyone. For example consoles always seemed quite useless to me because I only casually play games, so when I'm not playing games I have this expensive and powerful x86 computer doing nothing because I can't use it for anything else but playing games and maybe watching movies. I wish Sony had kept the "install another OS" option that they introduced for a while in the PS3.
Fortunately my friends are PC gamers too so no locked down hardware in my house :)
At least on Playstation, that is 100% Sony's fault. They refuse to let you have cross-platform play unless your game is huge. Unsure if Microsoft has/had similar policies for Xbox games.
That doesn't make sense. The main reason in favor of letting cross-platform play is exactly unfragmenting the player base. I'm sure I'll never run out of PS4 players to fight against in Fortnite or CoD of whatever, but I simply can't find an opponent when I play Skullgirls on PS4, while on Steam I can. Games with a small population benefit immensely from crossplay.
That said, if I'm on a PS4 (a platform where cheating is much harder than PC) and the game is well populated, maybe I don't want to play against PC players, as I don't want cheaters.
There's also the mouse+keyboard vs pad thing for FPS games.
Either mouse people destroy the controller people totally.
Or the controller people destroy the mouse people totally because aim support is too strong. Balance between these two never works. Apex has this problem almost since forever after allowing mix of these two.
There's also the mouse+keyboard vs pad thing for FPS games.
You can get adapters for older consoles that will convert mouse+keyboard input to control pad input. I haven't used consoles in years, so I'm not sure if they're available for newer generations.
In the PS3/XBOX 360 days it was Microsoft who were all against cross-platform play whereas Sony was more open to it. In the early days of that console generation, XBOX was arguably more successful than PS. Now PS is more successful.
The pattern is that the player ahead doesn't want cross-platform and the one behind does. That makes sense to me.
I still hold that many of our anti-cheat systems are based on a flawed starting premise for multiplayer games and how competitive and how "fair" they should be.
I have softened on this a bit. I don't think that global/regional ladders are universally bad, I don't have anything against competition as a motivator, and I concede that for some games this is important. But I still think that current multiplayer games place way too much emphasis on global rankings, to the point of ignoring other very common player archetypes. And I still think for most games, the application of player psychology in multiplayer ranking systems and reward systems is shockingly primitive. Multiplayer games are doing a lot of advanced research and complicated work, but they're directing the majority of that work into optimizing in a very narrow direction that nobody ever questions.
Could be a longer conversation, but I am again reminded of the XKCD comic: https://xkcd.com/810/
Completely fair games where players across an entire region are stuffed together into a single ladder system -- this is a legitimate design space, but it is a very, very narrow design space catering to what is honestly a kind of niche playerbase, and a lot of games would benefit from taking a broader, more creative view of why the majority of their playerbase is attracted to in the first place.
There are other ways that players could be rated and sorted that would (if not eliminate) at least significantly lessen the need for a lot of these rootkits. In short, if cheaters aren't noticeable, and if the reward structures of a game are such that creating an enjoyable match for all players is more highly rewarded than "winning", then a lot of motivation for the kind of destructive cheating that ruins current experiences would go away. But more importantly, a lot of the kind of cheating that would remain: griefing, hacking, and generally destructive, mean-spirited behavior -- that kind of cheating would become much easier to detect and its detection could be better grouped together with moderation of other destructive player behaviors that may not constitute cheating, but that are still annoying enough that you already should be searching for and banning them anyway.
Of course in some situations you have to try and guarantee completely fair experiences, and in some situations the purely competitive aspect of the game is the only part of the experience that matters. But the games industry currently treats it like it's a given that purely fair, region-wide competition should be the primary motivator for almost everyone playing multiplayer games, and honestly I just don't see it. The games industry is obsessed with something that is niche, most players don't want to try and work their way up a global competitive ladder beyond the impulse they have to unlock rewards and see a number increase. Many of those players want to win >50% of their matches, they want to be matched up against people who play interesting strategies rather than purely competitive ones, they want to play against people who force them to think and experiment, they want a constantly shifting meta where a dominant strategy doesn't very quickly become the only strategy, they want difficulty spikes to come in waves rather than randomly, when trying out new strategies they want to be able to slowly ramp into them, they want opponents to be playful and to try "fun" things during games.
Ladder systems for most games are not designed to encourage those behaviors or outcomes.
I am seriously skeptical that the majority of players in most multiplayer games today actually care about the integrity of ladders more than the other issues I raise above, and I wonder if this focus on fairness at all costs is a mentality that the games industry is going to eventually grow out of and look back on with the same kind of embarrassment as we already do with many other generally accepted practices in the past that were never questioned.
I don't think many cheaters themselves actually care about ladders and rankings. They just derive personal entertainment from ruining other peoples fun. This is why cheating was always a significant problem in online shooters long before they introduced ranking systems. It's also why entirely non-competitive games (like Minecraft) have problems with griefers.
If you're able to shift cheat detection systems to primarily focus on griefers, that's a significant win, since griefing by its nature can't be subtle enough that other people don't notice it. The whole point of griefing is to be noticeably toxic to other players and to get a reaction out of them. Griefers have a harder time hiding than other cheaters do.
If your design allows you to shift your focus towards trying to fight toxic behavior itself rather than just cheats, you can use the same detection methods as you would for any other toxic behavior that doesn't involve cheats. And you should have those detection methods anyway; whether or not a cheat is involved in the abuse shouldn't be the deciding factor between banning or allowing toxic behavior.
The shift here is in realizing that for a significant number of your players, playing against someone who legitimately snipes them from across the map over and over while camping at a spawn point because they're just that good, and playing against someone who uses an aimbot to accomplish the same behavior -- both of those experiences are equally game-ruining for a lot of players. The legitimacy isn't the problem for those players, the resulting experience is. So trying to detect subtle aimbots kind of misses what the real game-ruining problem is for a lot of players.
Where a number of player archetypes are concerned, you can look for overt toxic behavior and ban it regardless of how that behavior is accomplished. Similarly, if you're not prioritizing ladder integrity over everything else, there's a case to be made that you can just ignore any cheating that's too subtle for people to notice or that doesn't result in overt toxic behavior.
A nontrivial number of your players don't actually care about ladder integrity, they want a number to go up and they want rewards released on a variable schedule as they get better at the game. For those players, it's not clear that playing against cheaters is actually a problem unless the cheaters ruin the difficulty curve or ruin the matches, and... again, you should think about banning people who do that stuff even if they're not cheating.
On windows, a lot of the actions that "anti-cheat" software takes is indistinguishable from a rootkit.