Agreed. Definitely not trying to say encryption is a poor strategy. But it does seem obfuscation is most of their anti-cheat techniques.
But the larger point I was trying to make is that all these studios are very secret about anti-cheat but they all seem to be fighting the same battle. Makes me wonder if the industry would be better off with cross-studio collaboration and open-sourcing anti-cheat libraries (that won't be defeated by knowing the details).
> open-sourcing anti-cheat libraries (that won't be defeated by knowing the details).
This doesn't make any sense. Anti cheat rely on the fact that it's not known. There is no such a thing as open source in the anti cheat world. It's all very secret for a good reason.
I'd curious to know what strategies make secrecy a necessity. I come from a WebDev background and open-source libraries are almost always always secure and safer then your own (due to the sheer amount of developers and ingenuity working on one repo). Admittedly, game development is a different beast and has to deal with far more client-code so I'm admitting my ignorance here.
The attack surface is not only on the game but on the operating system that the client controls. I mean the game is just a process, the process runs on your computer, you control the computer so you can do anything.
The attackers are literally already able to run arbitrary code on the same machine, which is normally game over from a security perspective. Your secure webdev libraries also break under the same constraints.
Or you could design the game mechanics so that client-side cheating offers little advantage... but that would probably require doing more than ripping off a popular mod of another game.
That's literally impossible. The entire point of the game is to have client-side input and for that input to be generated by a human and not a computer. There's no way to move that to a server.
> Or you could design the game mechanics so that client-side cheating offers little advantage
Not possible in any sort of real-time game that involves reacting quickly to what your opponent does, or a game where user input precision is paramount.
I mean, that idea basically eliminates all first-person shooters, where aimbots run rampant.
> I mean, that idea basically eliminates all first-person shooters, where aimbots run rampant.
Indeed, mechanics that reward mechanical skill are more susceptible to abuse.
From the article:
> For example, some common techniques we see include helping players dodge skillshots, zoom out farther than they normally could, or perform perfectly executed combos to smash their opponents’ faces.
Scripting perfect combos can be mitigated by introducing more delay (i.e. backswing after using abilities/attacking), zooming out by giving the client less information about the game state. I can't think of anything that helps with dodging and skillshots.
Increasing the server tick rate would help with that. AFAIK Starcraft, Dota2 and LoL all use 30Hz. FPS games usually use higher tickrates. Some fighting games enforce a constant amount of (input and network) lag to make the connection quality unimportant (up to a point).
But the larger point I was trying to make is that all these studios are very secret about anti-cheat but they all seem to be fighting the same battle. Makes me wonder if the industry would be better off with cross-studio collaboration and open-sourcing anti-cheat libraries (that won't be defeated by knowing the details).