[ruialmeida]

This will always be a cat and mouse game. There are some anti-cheat software more intrusive than others. Even Valve Anti-Cheat (VAC) which is considered by many to not be very intrusive, used to intercept DNS queries to detect communication with paid cheats DRM.

Most anti-cheats also scan all processeses memory and even files to detect know cheat signatures. They tend to run with high privileges and some take in-game screenshots for analysis. Basically they have permissions to do anything and receive silent updates.

I wonder if statistical methods to detect cheaters result in too many false positives.

[blattimwind]

> Even Valve Anti-Cheat (VAC) which is considered by many to not be very intrusive, used to intercept DNS queries to detect communication with paid cheats DRM.

I was surprised hearing this. It seems like what they actually did was if VAC already found something, it checked the hashes of the contents of the DNS cache against a list as a second check. That's quite a bit different from "intercepting DNS queries".

Overall VAC always made a reasonable impression on me as far as privacy and security are concerned (no SYSTEM services, no kernel driver, no screenshots, no scanning and uploading random files etc.), although this non-intrusive approach naturally limits the kinds of cheats it is able to discover. I feel like the approach taken by Vale is, on the whole, well balanced.

Source: https://www.pcgameshardware.de/Steam-Software-69900/Specials...

[ruialmeida]

Yes, thanks for clearing up the intercept part, I didn't remember how they did it exactly. They do make right decisions in my opinion to balance security/privacy issues at the cost of less ability to detect cheats. I think they also have a pretty good record of not banning inocent people.