[wrren]

Literally no part of this comment is true. They’re not hidden and they’re not malicious.

They’re also very much required, because a user mode anti-cheat is trivially circumvented by a kernel mode cheat. The only way to defeat cheats is to wage continuous war with them, adapting to their tactics and stamping them out. It’s like collecting trash; trash will keep accumulating, your goal is to keep homes and streets clean in spite of that.

[ithinkso]

Every part of that comment was true. They are rootkits with a non-hidden persona, they are not malicious unless it's worth being malicious.

I don't give trash collectors access to my bank account so that they can better estimate the amount of plastic I'm about to produce and better prepare themselves to make streets even cleaner

[Spivak]

That’s such a weird point when people to complain about bots and cheaters in games a lot. It almost killed Fall Guys because games stopped being fun.

[jhgb]

> They’re also very much required

That's a weird notion of "required". Very few things are "required", notably food and oxygen. Saying "no" to bullshit like rootkits is very easy in comparison.

[zdragnar]

That's a pretty strong take. One could easily have read it as "required for the game" as in, the multiplayer experience drives the replay value of the game, ama prolific cheating destroys the community.

Of course, it still makes me avoid such games, but saying the argument is invalid because required only means air and water is absurd.

[DethNinja]

As a gamedev that develops online games I have to disagree that they are required.

Whatever type of anti-cheat you want, you can implement it at server-side with today’s hardware capabilities. However, that would increase server requirements and bandwidth considerably, and as companies don’t want to pay for that they install rootkits to people’s computers.

[AndriyKunitsyn]

I’m going to be Bill Gates for a second and ask for your definition of “can”.

If you mean they can implement a fully server-side anti-cheat without compromising gameplay experience and without requiring the player to have a super-duper fiber connection with 5ms ping to the game server - no. They certainly can’t do it, not for fast-paced online shooters at least, not in this day and age.

[neatze]

While I agree with you to a large degree, from my limited perspective there is one problem with server side cheating detection, such detection would be inherently reactive (eg. it will take few cheating actions, before it is detected by service side anti-cheat) versus on client anti-cheat that is deliberate (eg. cheats can be detected before game is initialized, potentially)

[Spivak]

And if cheating can’t be detected via statistical inference on the server inputs like texture hacks to see through walls?

[DethNinja]

You can actually raycast at server time and only send the location of players visible to client back. So wallhacks are definitely detectable on server side, in fact one of the games I’m making uses this system, it isn’t even that expensive.

[AndriyKunitsyn]

Scenario: I step around a corner. There are enemies behind the corner which I didn’t see previously because they were hidden behind the corner for me.

Will I see enemies behind the corner instantly, or do I have to wait for round-trip time for the server to acknowledge that I stepped out of the corner and tell me where the enemies are?

[DethNinja]

Wall scale would have to be reduced around 10% less for visibility check on the server-side, so that player view info would be sent without RTT problems especially for the cases you mention.

[AndriyKunitsyn]

This makes sense. However, what if we consider another scenario: a cheating player just staying behind the corner. He/she would have no problems receiving information about enemies behind that corner, so this would be much easier for the cheater to push the corner. Basically, the portion of the wall that you cut off for purposes of this visibility check can be considered transparent for cheaters, and opaque for legitimate players, putting legit players in disadvantage.

Can this happen in the game you make? If yes, do you consider this a vulnerability?

[squeaky-clean]

This doesn't 100% fix the vulnerability. If your game has footstep sound effects the hack can detect the location of the audio sources playing footstep clips.

(I agree though that low-level anticheat also doesn't 100% solve cheating, and causes lots of problems for legitimate players. Just that cheating is always going to be a game of cat and mouse)

[a1369209993]

> the hack can detect the location of the audio sources playing footstep clips.

You don't need a hack for this; the whole point[0] of having footstep sound effects is that the player can detect the location of the audio sources playing footstep clips.

Edit: 0: well, and ambiance, but if your ambiance is impacting your tactical considerations, that's a game design issue in and of itself.

[xfer]

You also add a report system and do additional inference based on reports, add a system where random player review matches. When your multiplayer games become very popular and making you money, you have to put the effort in, not install rootkits on paying customers computers.

[nsgi]

Or just accept the fact that you'll never completely stop people cheating? Have your server prevent obvious cheaters but maybe people should just accept that the only way to avoid people cheating against them is to only play with people they trust

[feu]

That completely destroys a whole class of games. How do you suggest I get 60 of my friends together at once for a game of Apex Legends?

You'll never completely stop people cheating, but that doesn't mean that game developers should just give up. Thankfully the people clamouring for less, rather than more, anticheat is relegated to a vocal minority.

[COGlory]

When I was younger, we used to play on community servers with active moderation. That worked pretty well.

[feu]

Active moderation is still a thing now, people are just actively employed by the game companies to do that job. The cheating situation in multiplayer FPSs is generally much better now than it was back in the day I was a mod for CS:S servers.

[schmorptron]

Cool, young people today prefer more competitive environments.

[slipframe]

When one of your 60 friends refuses to stop cheating, maybe stop inviting him to the party. Lots of games and lots of circles of gaming friends get on just fine without kernel-mode anti-cheat.

[feu]

You missed the point. The idea of coordinating games between 60 trusted people is ridiculous. Anti-cheat and matchmaking between untrusted players is essential in modern (FPS) gaming.

[zdkl]

That wipes out any trust in public rankings and some very big games are entirely built around those. Not going to happen while competition is a major income source.

[gbrown]

Then why do we still see cheats in these games? In this day and age, surely they could just use ML and human supervised cheat detection teams, and set up the incentives to make account bans more painful.

Instead, we get security theater and everything must be F2P to get the maximum number of people in the door.

[evh]

Valve is working on using ML for anti-cheat but it's still quite a way from being ready.

https://win.gg/news/8115/is-ai-the-future-of-csgo's-anti-che...

[schmorptron]

It's "ready" in the sense that it runs, analyzes every single shot in every single game played on valve matchmaking servers, and submits the suspicious ones it finds to the player-controlled overwatch system. At John McDonald's GDC talk he showed them achieving a 98%+ success rate, which while not enough to start banning people outright since any false positives are too many, is super promising.

[ta988]

If I had to take a bet I would bet it will never work.

[rolph]

how about

1) if you want a challenging game sign into normal game server

2) i you want a cheat game sign into cheat server

3) if you cheat on a normal server, you are banned for life no questions asked from ever using a non cheat game server

[josephcsible]

> banned for life no questions asked

If a 13-year-old cheats at a game, do you really think they should still be banned when they're 30? Permanent punishments for things people did as minors are essentially unheard of for anything less serious than murder or rape.

[sodality2]

HVH servers exist for CSGO, which are hack vs hack. It's a great alternative. The problem is Steam accounts can be generated en masse and CSGO is free.

Or accounts with the Prime upgrade that makes cheaters less common are often stolen ("cracked primes") and sold to cheaters for a few bucks.

[KingMachiavelli]

Why can't the user mode anticheat just check if any unsigned kernel mode driver's are active?

In any case, I'd argued the integrity of the OS is far more important than a game's anticheat. Game devs could ship kernel mode anticheat but user's should be at least more aware that they giving full control over to these programs.

[Bancakes]

Sure. Give me the denuvo anti-tamper and anti-cheat source code, and then we can negotiate.

[slipframe]

> They’re also very much required,

The games I play don't have these sort of anti-cheat features; the anti-cheat is handled entirely on the server side. A server admin who is attentive and ready to rollback griefs helps a lot too. But kernel-mode anticheat on the players' computers is not "very much required."

(The game I play most is minecraft, and I think it's more popular than any of the games with this sort of invasive anticheat.)