Are We Anti-Cheat Yet?(areweanticheatyet.com) |
Are We Anti-Cheat Yet?(areweanticheatyet.com) |
I originally created the site as a way to track which games would be supported on Linux, since at the time the Steam Deck was releasing, and some games were turning to support it. And it has since blossomed into a larger project, which some other tools even pull from! I would have never even imagined that when I first started making this.
I do want to address something I see being talked about in the comments, which is the fact people say that anti-cheats are snake oil, or useless. This is a big misunderstanding, and I feel like those more technically inclined should understand that anti-cheat is a "defense-in-depth" type of approach. Where it is just one of many lines of defense. Some anti-cheats are pretty useless, and don't do much, but some actually do try and protect the game you're playing. But, just like DRM, it can be cracked, and that's why it's more of a constant arms race, rather than a one and done thing.
I'm writing out a longer post about this for the future, but just know that without anti-cheat clientside, it would be far too easy for an attacker to cheat in these games. We're still ways out from letting AI (see VACnet [1] and and Anybrain [2]) determine if someone is cheating server-side, so for now we have to rely on heavier client-side techniques and server-side decision making.
Also if anyone has questions about the site (or for me), I'll try to answer them here when I see them. If not, have a nice day!
As a serious player of many multiplayer games I disagree. All it takes is one cheat to circumvent the protections and soon enough every cheater will use that circumvention.
Meanwhile, I, the legitimate player suffer from degraded performance, disconnections (looking at you Amazon Games - you've not been able to fix your (most likely) Easy Anticheat disconnection issue in 2 years!), or outright inability to play.
Perhaps the cheating situation would be worse without anticheats, but considering how rampant it seems to be in fast-paced or grindy games I play, I kind of doubt it.
The best anti cheat is proper net code. Games rarely do this because it's expensive and difficult. Consumers will buy it anyways.
Anti cheat overtop is like calling an open window with a loud Weiner dog guarding it "defense in depth".
Take the analogy of enabling better police work by granting unlimited access to our private communications. No one doubts it would be effective, but the cost and the threat is too much.
This is the line we draw in the sand: get out of the kernel, anti-cheat has no business being there. The cost and threat are too great.
This acceptance is the same situation that brought us the Crowdstrike incident. It's unacceptable.
We fail as an industry and as a society when we accept these compromises.
Believe it or not, most people don't play video games against strangers. Anti-cheat is not of any value to them. Even for people who do play video games against strangers even uncompromised anti-cheat doesn't stop many forms of cheating like macro-mouses. Especially now with all the success being shown at machine learning playing video games with nothing more than a video feed and the button inputs, the amount that anti-cheat can help is clearly quite bounded and getting worse over time.
And the cost? Anti-cheat comes at the cost of general purpose computing, at the cost of being able to control the computers with which you trust your most intimate secrets. It's a civil liberties nightmare, or at least a per-requisite technology for many such nightmares. Opposition to anti-cheat is opposition to RMS's Right to read dystopia (https://www.gnu.org/philosophy/right-to-read.en.html).
I don't think it's too far a leap that saying that anti-cheat or DRM technology that comes at the expense of the availability of general purpose computing is more of a problem for human rights than the farcical bedroom cameras I started with.
So when you advocate anti-cheating technology that locks users out of controlling their own computers, you're favoring an at-best incremental improvement which can still be evaded for a narrow application that most people don't care about... and this comes at the expense of imperiling the human rights of others.
Like with many things there is an asymmetry to the costs: Anti-cheat and DRM substantially fail if even a moderate amount of dedicated people still have a way to cheat. Yet the damage to people's freedom from the loss of general purpose computing is still substantial even when the lockdowns can be evaded.
If anti-cheat came at no meaningful cost the fact that it could be evaded wouldn't be a meaningful argument against it. But it's expensive to develop, intrusive, disruptive, and the more successful it is the more effective it'll be at being abused to deny people control of their computers in anti-social ways.
But, in practice, it usually doesn't result in any new cheaters. There is a myriad of reasons for this, but I won't go over them here.
Why do we need separate anti-cheat programs? Can't the operating systems simply have an option when creating a process that prevents all operations looking at the memory of the process (and maybe if such a process is about to be launched the user has to explicitly accept that by clicking a button)? Wouldn't that stop almost all the cheats without needing separate anti cheat programs, since I assume those programs have to use OS facilities to mess with the game anyway.
[1] https://r6fix.ubi.com/projects/RAINBOW6-SIEGE-LIVE/issues/LI...
Having anticheat ban everyone doesnt make it good. What makes anticheat good is it banning cheaters while leaving honest players not.
Apparently it's not really effective at all.
And one thing the devs could do without Anti-Cheat, is to automate analysis of e. g. head shot rate, movement speed, etc. but most games not do that. If average player make 25 Kills per hour in a game and some 150 over longer periods i did not need an anti cheat to do something.
Consider, for example, professional gamers. They spend countless hours practicing, and they can easily outcompete casual gamers who don't have the time to refine their skills daily.
Statistical anti cheat is extremely weak in any game where legitimate human players can end up as outliers.
Anti-Cheat software https://en.wikipedia.org/wiki/Cheating_in_online_games#Anti-...
We reliably use statistical process control to automatically calibrate incredibly precise, nanometric-scale machinery for purposes of semiconductor engineering. Surely, with the extreme amount of data available regarding every player's minute inputs in something like a client-server shooter, you could run similar statistical models to detect outliers in performance. With enough samples you can build an extraordinarily damning case.
The only downside is that statistical models will occasionally produce false positives. But, I've personally been "falsely" banned by purely deterministic methods (VAC) for reasons similar to others noted in this thread (i.e. leaving debugging/memory tools running for a separate project while playing a game). So, in practice I feel like statistical models might even provide a better experience around the intent to cheat (i.e. if you aren't effectively causing trouble, we dont care).
Battlefield started out using PunkBuster, one of the earliest kernel-level anti-cheats. With Battlefield 4, they used FairFight, a statistical server-side solution, alongside PB.
With Battlefield 1, they dropped PB, and operated with just FairFight.
And now, EA have decided to create their own kernel-level AC, called EA AntiCheat, and are implementing it on BF5 and BF1, largely because FairFight was not enough.
But I think collecting all that data and sparingly using it is the best approach. You could combine that with headshot rate, etc. and really narrow down relatively reliably.
I avoid these titles myself. In fact, I don't run wine, steam or game console emulators on my Linux workstation. I run Windows VM:s for isolation and security.
The cheaters don't make them, they buy them. It really needs a multi factor solution. The technical solution is not enough. Trying to buy cheats should be like trying to buy chemical precursors to illicit drugs. There should be a strong social stigma. Most cheaters have no problem with it because 'everyone else is cheating', justifying their behavior. There was a time when 'everyone else smokes' was justification, but now it's mostly defeated. There should be real world implications. Sign in with your phone number and 2 factor auth, which is located to a physical address. Cheating is a form of fraud. There should be legal implications.
oh my. Seeing your posts makes me sincerely want to lobby to ban video games at least if adding additional liabilities to distributing software or computing devices were actually a direction that the games industry was promoting.
We need to stop letting stupid entertainment companies trample our rights to narrowmindedly maximize their profits.
Totally agree, both should be absolutely legal and accepted
It's just that I use my machine for more stuff than gaming; and for anything else I'd really rather not have it on there at the same time.
The only difference is that maybe you have a few less rage hackers that get caught by it, but anyone that really wants to cheat will still be able to, it's just a lot harder for players to see. All they care about is the public perception. If it looks like it has less cheaters, it's good enough for them.
The cost? You basically install malware from a Chinese company in you computer...
to me, competitive video games are far gone like pro cycling in terms of the extent players go to feel "superior" than others.
<rant> many of these games remain broken with other things while raking in insane amounts of money, so regularly maintaining anti-cheat inside the game, if at all, is probably very low in their backlog.
the third-party ones are then used to not having to think about this, but even these providers are more focused on attracting game publishers than doing something meaningful. </rant>
personally, it should be possible for games that can be played in local multiplayer or with friends to have a way to play it without anti-cheat. don't allow competitive modes with it, but having an option will alleviate a lot of these issues.
https://pbs.twimg.com/media/GH3CPPHXwAAMR3i?format=png&name=...
That said, you "may" have a chance at detecting it using game related metrics on server side. Because an AI will very probably betray itself at some point, "AI"s are usually imperfect like human.
Elephant in room, the more you put big brother in your system, the less you will be able to run really free operating systems. So long for your digital freedom.
Look at the abominations which are video game consoles.
It is obcene to have to pay a lot of money for completely locked/digital jail devices. It should be illegal, period. They should be leased for cheap.
Why can't the servers distrust the clients? What should a 'client side anti cheat' actually prevent?
The way I think I'd tackle such things is to have multiple copies of each character model moving in different locations and different ways. Such that trying to spy on the state of the game from one client's viewpoint yields mostly false data. New 'threads' would fork off of the existing threads and would only be culled when there are too many or they're about to make a side effect that would be visible if they were real. In that way the server would be responsible for feeding misinformation to clients but maintaining the state of the true game as a secret to itself.
Of course nowadays DRMs are sort of baked-in, so I guess anti-cheats could be too?
Already the case for userspace programs, due to virtual memory
> those programs have to use OS facilities to mess with the game anyway.
Cheats today essentially are like drivers, they do not run as userspace programs. Hence, they can do literally anything on your computer. In terms of privileges, driver code runs at a level as privileged as the operating system. Hence the need for programs that run at the level of the OS kernel to catch the cheats.
Userspace programs can read other userspace programs memory, it's part of the standard win32 api[0].
> Cheats today essentially are like drivers, they do not run as userspace programs. Hence, they can do literally anything on your computer. In terms of privileges, driver code runs at a level as privileged as the operating system. Hence the need for programs that run at the level of the OS kernel to catch the cheats.
Some cheats nowadays do this, but they do this because of anti cheat programs. If there were no anti-cheat programs, they wouldn't have to do this.
[0] https://learn.microsoft.com/en-us/windows/win32/api/memoryap...
If you want to know why the OS doesn’t enforce this - https://slashdot.org/story/432238 you roll into HN’s other favourite topic of “why can’t I run the X of my choice on my OS?”
https://en.wikipedia.org/wiki/Cheating_in_online_games#Sandb...
- Have the user-facing OS be a VM managed by that hypervisor
- Have the game process run under a second sibling VM
The hypervisor can then mediate hardware access and guarantee nothing from VM A can access VM B nor the other way around.
IIRC WSL2 enables such a mode, both the Windows OS the user sees and the Linux VM run under Hyper-V as siblings VMs.
And Xbox One and up do EXACTLY the above: each game runs in its dedicated VM (I presume that's what "trivially" enables Quick Switch/Resume via pausing/shapshotting the VM) and apps run in another.
Tangent: I somewhat wish MS would allow WSL2 on Xbox.
There are two issues. One is the user seeing things that the server is hiding, such as enemies hidden behind obstacles, by going into "wireframe mode". The other is superhuman performance via computer assistance, or "aimbot hacks".
The first is a performance issue. The server can do some occlusion culling to avoid telling the client about invisible enemies, but that adds to the server workload. The second is becoming impossible to fix, since at this point you can have a program looking at the actual video output and helping to aim. (You can now get that in real-world guns.[1]) Attempts to crack down on people whose aim is "too good" result in loud screams from players whose aim really is that good.
[1] https://talonprecisionoptics.com/technology/how-it-works/
In the future I kind of hope the handshake from controller<->console becomes a lot more robust, maybe working in a similar way to HDCP.
Thanks to the neural network, we have made enormous progress in the computer vision domain. As a byproduct, it invalidates the method we use to separate machines from humans (the image-based CAPTCHAs).
I guess aimbots will switch to CV-based systems to detect enemies rather than dumping game memory to find the enemy's position. This change will force anti-cheat systems to perform an automated Turing test, which is hard. (Telling the bot and human apart only by watching the replay is much more challenging compared to the above CAPTCHA problem. And we are currently losing at the CAPTCHA frontline, too.)
Apply that to every interaction that the server has to be authoritative about, movement, reloading.
Your game will be unplayable.
And if you want to combat aimbotting: your viewport and hit point would have to be server authoritative too.
Basically: unless its Stadia or geforce now, this wont work.
It should be clear that servers already do not trust the client, they do many checks hence you don't see teleportation hacks in games like Counter strike or Valorant. There used to be cheats in the counter strike games like "nospread" where you could have 100% pixel perfect aiming but that was because the the client was trusted however now in most games with some randomness in bullet spray patterns the random seed is different between the client and server so something like "nospread" are no longer possible.
You might be stumbling upon "fog of war" that is not sending data to a client unless the enemy player is close to visible which is a thing. It's widely used and I'd say effective in MOBA/MMORPG/RTS games however in FPS games fog of war is many times more computationally expensive which matters at the scale of games these days. It has been a thing for a long time in counter strike with server plugins like "SMAC anti wall hack" or "server side occlusion culling" however the implementations sometimes have not been perfect and require significantly stronger servers. https://github.com/87andrewh/CornerCullingSourceEngine
Riot games also implements fog of war at scale in Valorant and has a blog post covering some of the issues they overcame. One thing you can see the gif at the end of the blog post, even though fog of war is effective it is only effective in reducing the effectiveness of wall hacks and wall hacks still provide a significant advantage. https://technology.riotgames.com/news/demolishing-wallhacks-...
The important reason I suggested MULTIPLE clones of a character and only forking new paths off of existing characters in the world is that it should eliminate any information oracle about which of those is the real character.
The popular cheats are "the client says the player just clicked at (1030, 534) on the screen", which is a totally valid move, except it's calculated by the cheat instead of the player.
* Aim Assist - what's that supposed to work with for the assist? I guess it might help someone target a player once they're exposed, or once they've locked on. For that I think that extremely top tier players might behave within fuzzing distance of tool assist, at least some of the time. Dodging might have similar issues. I could even see ML assisting inputs just based on frame-grabs off the screen video output. -- So I'm not sure what client side anti-cheat is supposed to do here.
* HUD improvements - like what?
sure if you develop platform today we can check token user now with hashtable we have in database but in games ?? You cant verify calculated damage numbers users gave, not fast enough
This type of cheats are DECADES in the past.
Today is all about a) enhancing normal behavior with artificial precision, not making any 'illegal' (from game perspective) actions. b) giving player information he isn't supposed to have but that is passed to client for latency sake
The traditional anti-cheat can be just slapped after the game is developed in most games. If the game is very successful then you can just update the game with extra paid protections provided by the anti-cheat tool.
The alternative is local game engine that works with a partial game state which is a challenge on it self. If you still can make it work, you will still have to deal with people "modding" the client to gain an advantage. E.g.: enemies are painted red instead of camouflage.
I don’t mean to sound harsh, but it’s tough to tackle this kind of misconception because it’s stated with such certainty that others, who also might not know any better, just take it as fact.
Here’s the thing: Multiplayer servers trust clients mainly for performance reasons. In AAA game development, anti-cheat isn’t something we focus on right from the start. It typically becomes a priority post-alpha (and by alpha, I’m talking about an internal milestone that usually spans about a year—not the "alpha" most people think of which is usually closer to an internal "beta", and "public beta" is more like release candidate 1). During that time, the tech team is constantly working on ways to secure the game. (make it work, make it correct*, make it fast).
If we were to bake in anti-cheat measures from the very beginning of a project, it would force us to scale back our ambitions. Some might argue that’s a good thing, but the truth is, we’d also risk missing critical milestones like First-Playable or Vertical Slice. You simply can’t tackle everything at once—focus is a measure primarily of what you are not doing, after all.
Back when I was working on The Division, we had some deep discussions about using player analytics and even early forms of machine learning to detect "too good" players in real-time. This was in 2014, well before the AI boom. The industry's interest in new anti-cheat methods has only grown since then, I promise you this.
At the end of the day, games are all about delivering an experience. That’s the priority, and a solid anti-cheat system is key to ensuring it. Endpoint security is currently the best solution we have because it doesn’t bog down the client with delays or force awkward mechanics like rollbacks or lock-step processing. Plus, it lines up with the (very heavy) optimisations we already do for consoles.
Nobody in this industry wants to install a rootkit on your PC if we can avoid it. It’s just the best trade-off (for all parties, especially gamers) given the circumstances. And let's be clear—these solutions are far from cheap. We pay a lot to implement them, even if some marketing material might suggest otherwise.
I'm sorry but this really does read like the start of a troll post.
Servers very much distrust the client. Obviously. That's literally rule #1. Don't trust the client!
Comments like yours are extremely irritating. Please don't behave this way with your co-workers.
Anyhow, there's all kinds of types of cheats for different kinds of games. There's a variety of mitigations for each kind. I don't think there's a multiplayer shooter on the planet that has fully solved aimbots. For however clever you think you are I promise the cheat makers are much, much more clever. :)
Said this without even flinching or having a second thought.
Bravo.
I presume it's also your point, netcode is irrelevant when the cheat is manipulating inputs.
I don’t agree. Instead, a lot of people allow the install because they have no say in the matter if they wish to continue playing the game. Even if it weren’t effective, I’m pretty sure most people would allow the installation of some form of not-yet-proven-to-be-dangerous malware if the alternative is cutting ties and accepting the sunk cost (be it in terms of in-game purchases, proprietary file format, etc).
I definitely could see someone games doing this as a one-off to just catch specific cheaters they are suspicious of to confirm they are cheating (Many 3rd party anti-cheats in counter strike and the 1st party valorant anti-cheat do manual bans based on replay reviews) but also since they already do fog of war someone with wall hack seeing an enemy player pop in for 1 frame before disappearing would make it not effective on a wide scale.
You need hardware support for confidential computing (for example, AMD SEV) to be able to trust that the hypervisor can't just read/write all over the VM RAM.
Hardware support for confidential computing is cherry on the cake, but in this scenario the user is not trying to defend themselves against an attacker, the game is, from the user a.k.a the cheater.
While the process still stays in user space, that's significantly different than "just being a user space program"
I also just thought it was unintentionally funny, like a comedic setup for a stereotypically cocky HN user to comment with great confidence on something way outside of their field of expertise. (not saying that's the case for mjevans)
Jt doesn't take much for people to feel like the UI is untrustworthy and “broken”.
No game wants to be a jank piece of ass, but theres no good solution here, believe me, we’ve tried.
Fighting games have two (maybe 4 with assists) characters generally at 60fps. That's relatively easy to do. A worse case would be an RTS game: in a fight when each unit's attack needs to be calculated repeatedly. Valorant runs at 128 ticks/second. For the same latency compensation as 6 frames in a fighting game, you would need 13 frames, so you need to be able to simulate the game at 13x speed.
And rollback still has janky visuals when conflicts happen. The games I've played will let you choose between smoother visuals with more delay or rollback artifacts with less delay. Generally the default setting is the former.
In fact, three people have been able to do so, that's why denuvo games do get cracked.
Anti-cheat systems, on the other hand, are entirely different. If you only need to modify one variable in the game, it's much easier because, in most cases, that variable is frequently used. This means you can't add too much overhead to its use, and after all, it's just one variable.
But it's not really feasible to argue since you need to be on such high level in the first place to honestly engage in 'is this player chesting' conversation. And it's on case-by-case basis
I've watched professional games in SC, CS and DOTA for decades and I definitely agree that pros are indistinguishable from a good cheater (not a rage hacker).
One of the issues around this is cheating within pros too. People that are actually good at the game, but use cheats to get even further ahead. These players are already statistical anomalies and even from an experienced player's perspective, you can't tell if they have an amazing game sense (many really do) or he's wall hacking, as an example.
I have never seen cheaters being an issue (even the few times people set up tournaments with prizes), which makes me think that this might be limited to very few games (in very specific genres) ?
Yes. Every game has cheats. The cheat packages are pretty easy to adapt to new games and people pay money for them.
Why do people cheat? Because it’s fun! If you’ve never cheated it’s honestly worth trying. It’s hilarious. It also utterly ruins the game for everyone else in the lobby.
If games had reliable anti-cheat you’d be shocked at the percentage of lobbies that have a cheater. It’s wildly rampant.
If you want to inquire then inquire. Don’t propose a bad solution as if it was an easy problem that you solved with nary a thought.
One thing that comes to mind for me is that most cheaters probably don't code the cheats themselves but buy them off telegram channels or whatever (just a guess), and probably wouldn't want to install a whole operating system for them
Cheating is a market, and most cheaters are not programmers themselves. But it goes deeper than that. Most players, and players who intend to cheat are already using Windows. Any portion of a game's player base that intends to cheat is usually small, any the portion of a game's player base that is also running Linux at the same time, is even smaller. So programming cheats for Linux (however easy it may be), is a nil-some game. Though I'm not going to claim it's never happen, there are cheats for CS2 on Linux for example, but this is an outlier and exception to the rule.
> Could I persuade you to reconsider going over them? I'm not expecting an essay or anything but it would be interesting.
Sorry, I didn't say that because I was trying to withhold this information, I just didn't want to spoil my future blog post. If you don't want to wait for the post and just want to hear it, I'm down to just giving a overview of the reasonings.
“Why can’t you just” guys are extremely irritating. I implore OP to not be a “why can’t you just” guy at work. What is a WCYJGuy? Someone who has no knowledge of a domain but proposes solutions under the implication that there is a simple solution that they are oh so clever to have instantly discovered. It takes a lot of time and effort to explain “no you can not just” to someone who doesn’t have the pre-requisite knowledge.
Games that turn heavily on aiming have a similar central security flaw in that it is hard to prevent cheating at the game's central skill. (Though I think in the case of aimbots, sometimes webcams are substituted for LANs, with some success.)
On the other hand, some games are practically cheat-proof. A puzzle game in which you submit actual solutions doesn't require any trust of the client at all. CTF games generally run along these rules - almost anything you can do to solve the puzzle (googling, teaming up, writing tools, bringing AI assistants) is considered fair game. What might be considered a cheat in another context is just advancing the state of the art.
HUD improvements depend on the game. But as a simple example, I play a game where leading a moving target is a major skill; a HUD that gave you an aimpoint for a perfect intercept would be a pretty big cheat.
I think anti-cheat is one of those problem spaces where there is a danger of overemphasizing technical solutions to social problems. Technical solutions are nice, but there are also gaming experiences that are only practical on a private server, with friends, on the honor system. A wise friend once observed that removing griefers and jerks from a community also did a lot to address cheating. I think it is best thought of as a social problem first, though I agree it all depends on the context.
https://www.tomshardware.com/monitors/msis-ai-powered-gaming...
For some data, like the health bars, a skill / accessibility leveling feature might be to just let the user pick HOW the game displays that data, to customize the UI layout to their needs.
Enemy position highlight based on the minimap vs present location? Yeah, that crosses a clear line, but it's abusing some data the game probably shouldn't have told the player to begin with. What if the minimap reflected the known shape of the world, but only updated with the visible area (standard 'fog of war' mechanic)? Again, it might be within accessibility features to highlight enemies within sight, so I don't see too much issue if the minimap's render state is restricted to the immediate area + what the camera direction could see.
The monitor is akin to having an experienced coach watch you play live. Is that also cheating? I think it is.
I also think it's impossible to detect, unless the player suddenly becomes extremely much better at the game. That's the best they can do to catch cheaters at chess. But chess is orders of magnitude easier to monitor, because the game state and input are small and simple.
When I first read about the monitor I realized that for many types of games cheating will become unstoppable. Although sad, the bright side is that it drove me away from online gaming even more, to the benefit of my overall health.
So the client must render multiple possible scene to be prepared ? They already have issue to have steady fps.
> So I'm not sure what client side anti-cheat is supposed to do here.
Anti-cheat will check other running processes to prevent it. Of course, you can have totally external system for that, but it will be much more expensive. The goal is not to be perfect but to prevent most of the player from cheating.
>HUD improvements - like what?
Highlight items, show life percentage in games that doesn't, highlight barely visible opponents...
And this will always be simply too slow for fast paced games.
Unless ofcourse you send the confirmation to frames before its actually displayed, but that brings us to square one
In a proper statistical analysis there are far more variables than what I outlined in my preceding two sentence post. It would be naive to think that I would consider anyone a cheater only based on the account age.
Smurf accounts are also bannable in plenty of games and I certainly support that.
Beyond that, the level of "good" we're talking here goes way beyond dominating in a random match. Cheater stats are usually better than literally the top #1 player in the world.
Take something like Battlefield, where on the public leaderboards the "top players" have a kill-to-death ratio in the thousands. That is so far beyond human possibility, yet they are still not banned because of this aversion to statistics.
When a complete newcomer comes to a field and sees professionals not doing a simple thing, the right question isn't "why don't you just do this, duh", but "I thought this would work, why doesn't it?".
(only on PC though, of course).
I fail to see how pimping out my PC to code that no one can verify is a good deal. The takeaway is, have a separate hardware to play games on and don't let it touch anything private?
I agree with the rest of the comment though.
thats a good takeaway.
Dualbooting windows with itself would be ideal, game windows and personal/business windows.
I mean... didn't you just essentially say he's right? Things are done the way they are because of performance (aka "cheaper") and to meet project goals (aka "less risk")
Those aren't bad reasons at all, and it makes perfect sense, especially when you consider already locked-down platforms like consoles. But it seems to me, from what I read here, that the reasons are ultimately cost and risk.
That's not even the point though, I am not saying it is literally impossible to circumvent this, but as long as it is hard enough that it is not financially reasonable for the cheat makers, that's good enough.
>Denuvo isn't just a flag on a process
Nor would be PC's solution. That's why they added it, making it relevant.
Actually, those kinds of mod is frequently performed by gamers, because lots of people wants to replace analogue potentiometer with hall-effect sensor with microprocessor, which provides much more durability compared to the Alps potentiometer stick. (and no one likes to play with a drifting Dualsense or Joy-Con)
But the deeper your anticheat detection, the higher friction there is for cheater.
Having to get extra hardware/modify existing one is a huge leap in friction, and probably filters out an overwhelming majority of wannabe cheaters
Would love to hear more thoughts on how to effectively balance these aspects without compromising the player experience!
There are egregious examples of cheating, sure, but those people are always banned within the hour.
The real killer was the free weekends, it makes it so that there is no “cost” to cheating for a while since being banned on a fresh account has no meaning.
But a lot of games do also have accessible to everyone replays that show every order given by every player, so catching a cheater that acted on information not available to them (because for instance they had buddies in other team(s)) isn't particularly hard, especially in tournaments with a lot of eyeballs on those replays.
At scale it’s incredibly hard. Impossibly hard even. So hard no one has successfully solved it! Ever!
But what you’re describing is Valve’s Overwatch system for Counter-Strike. It’s a key component of the anti-cheat ecosystem. But cheating is still rampant in CS and one of the biggest complaints.
I take this opportunity to share this great talk about Valve's usage of deep learning to fight cheating in CS:GO: https://www.youtube.com/watch?v=kTiP0zKF9bc
And "at scale" pretty much means that matches are not competitive, because the sums required for entering a tournament game and given for winning it are going to be too small, won't they ?
P.S.: And for non-competitive games, I would expect that this cheating issue (among others) would be aggravated if you insist on playing with total strangers you will never see again (also part of the scale issue) - maybe just avoid that ?
I'm not a newcomer though, I've worked on both cheats and anti-cheats going back more than two decades. I know how the sausage is made and it's not pretty.
The anti-cheat companies you talk about mostly sell a mass produced product that works very similarly to anti-virus software. Games embed the anti-cheat module and its cheat definitions get updated. Statistical analysis requries both knowledge of the specific game and access to its database. Often also additional game programming to even store the crucial data. A bespoke solution. This can't be mass produced and is expensive, so most games don't have it.
So to bring it back to the newcomer question, I thought this would work, why doesn't it?, the answer is that game companies don't want to spend the money. [1] A classic answer to most annoyances in life, really.
---
[1] An interesting outlier is the online gambling industry, especially online poker. They spend way more money than non-gambling game developers and have much more sophisticated anti-cheat systems, including statistical analysis. It's also fun to see how techniques used to get around online poker anti-cheat detection slowly make their way into mainstream gaming with a delay of about 15 years or so. As a simple example, nobody serious was even running their code on the same system as the game client back in 2005, instead parsing the video signal and simulating HID inputs. [2] Took more than a decade to see popular cheats for regular games go to that length to avoid detection. Not because the cheat developers were less capable, but because the anti-cheats didn't warrant the investment.
[2] Thus taking the battle almost completely to the statistical analysis realm. Are your mouse movements random enough, with good jitter? Does your bot take belivable micro breaks? Does your average performance, including reaction times, degrade at the end of a long session as you get more tired? Et cetera.
Many cheaters were already trying to not be obvious, most I've encountered playing various fps games are not the typical spinbot in csgo. Instead they might play with only wallhack, aimtrigger, or even no hack, and only turn on the big hacks halfway through a game if they're not winning or think someone on the other team is hacking as well. In some games they use bots to dunk their stats when not playing.
AI detection is also coming to videogames with anybrain.gg, but seems like these can be countered with AI enhanced cheats no?
As an experienced player with an anti cheat/cheating/security interest it doesn't seem like statistics is the silver bullet you claim it to be, at least as your only detection/protection. It combined with normal protection/detection methods is likely what Riot is doing.
I'm definitely not advocating for doing less to counter cheaters. I'm just talking about how more could be done. As in, continue with existing methods and add new ones.
Also, yeah many cheaters would start being more conservative and manage to evade detection. However that is also a win. It's the aggressive obvious cheaters that are the worst, because it makes it obvious that the fight was unfair. If the cheater made it look plausibly legit, then the victim won't feel as bad.
Part of the appeal for cheating is doing it where it has impact - in popular games.
Also, I want to insist on one thing : some of the popular games listed are those that are online-only and/or removed the ability to host your own servers (and/or even worse, have microtransactions).
I have zero sympathy for the kind of asshole that gave money to companies engaging in the despicable behaviour cited above. You were warned. You made your own bed, now lie in it !