[Spivak]

> It's none of the game's business what other software my computer is running.

I get the sentiment here but we're specifically talking about a mechanism specifically designed to detect other software that is used for cheating.

The alternative is a world where games will only run on machines with SecureBoot, a signed kernel with kernel security on, and only whitelisted signed modules.

There isn't a good solution for how to run games where the clients have to be semi-trusted on a hardware and software stack controlled by the user. If you give me total control over the environment in which a program runs I can make it do and believe anything.

[eptcyka]

Maybe the game servers could not send the whole game state to each client and validate input it receives from each client? Banning blatant aimbots is just a pure statistics thing. Also, you could just train ai to detect patterns of cheating via an adversarial model where you pit normal ai against ai that uses the cheats you currently detect via rootkits. Games should not be part of my ring 0.

[chc]

Game companies do take a similar approach to what you're describing, but still feel the need to run anticheat. If you ban aimbots based purely on statistics, you'll just encourage cheat developers to change the statistical properties of their aimbots. Cheats are a fairly big business — even detecting them with anticheat software in ring 0 doesn't seem to be a surefire guard against cheating.

[kaba0]

Well, if an aimbot is only statistically as good as a good human player, does it matter anymore whether the player actually plays or a good bot?

If it is only as good as a real player than it won’t be invincible and will be equivalent to playing with a few AIs in a multiplayer game - which already happens.

Also, I believe the exact mouse movement will not be the same for a human and an aimbot - so not only statistics can be used to ban players

[kortilla]

> Banning blatant aimbots is just a pure statistics thing.

So you have two choices here. You either ban the best players or the aim bots just behave with a success rate close to the best players.

[eptcyka]

If you can't distinguish between cheaters and the best players statistically, can the regular players tell the difference? Does it matter at all then?

And when I'm talking about statistics here, I'm not referring to the kill/death ratio, but rather all input data received from a cheater.

[krageon]

If a player consistently has a sub 100ms response time, it is a bot. There are plenty such values to be found that have clear superhuman markers (100ms on average is already realistically too low, so I'm being mild), and you can use those to detect cheaters.

[kuschku]

So, if you allow bots that behave exactly like humans, then what's so bad about that?

[Acutulus]

I remember playing a first person shooter called Red Faction on PC maybe 15 years ago. Through some poking around I (and many others) discovered that when a client joined a multiplayer game, the server would instruct each client to load a large .dat file local to the client containing presumably a bunch of global assets. Within that were numerous object, physics and game state variables in plain text ripe for the picking. The server would proceed to accept any .dat file that contained the necessary declarations regardless of their value.

I recall seeing players hovering in the air and spinning while shooting rockets out at hundreds of rounds a second. There was also a way to modify your files such that you could crash a game just by joining it. The experience was as interesting and fun as it was awful.