[Sohcahtoa82]

There isn't.

When it comes to anti-cheat on Linux, it's basically an elephant in the room that nobody wants to address.

Anti-cheat on Linux would need root access to have any effectiveness. Alternatively, you'd need to be running a custom kernel with anti-cheat built into it.

This is the part of the conversation where someone says anti-cheat needs to be server-side, but that's an incredibly naive and poorly thought out idea. You can't prevent aim-bots server-side. You can't even detect aim-bots server-side. At best, you could come up with heuristics to determine if someone's possibly cheating, but you'd probably have a very hard time distinguishing between a cheater and a highly skilled player.

Something I think the anti-anti-cheat people fail to recognize is that cheaters don't care about their cheats requiring root/admin, which makes it trivial to evade anti-cheat that only runs with user-level permissions.

When it comes to cheating in games, there are two options:

1. Anti-cheat runs as admin/root/rootkit/SYSTEM/etc.

2. The games you play have tons of cheaters.

You can't have it both ways: No cheaters and anti-cheat runs with user-level permissions.

[Brybry]

I don't fully agree with the 1 and 2 dichotomy. For example, before matchmaking-based games became so popular a lot of our competitive games were on dedicated servers.

On dedicated servers we had a self-policing community with a smaller pool of more regular players and cheaters were less of an issue. Sure, some innocents got banned and less blatant cheaters slipped through but the main issue of cheaters is when they destroy fun for everyone else.

So, for example, with the modern matchmaking systems they could do person verification instead of machine verification. Such as how some South Korean games require a resident registration number to play.

Then when people get banned (or probably better, shadowbanned/low priority queued) by player reports or weaker anti-cheat they can't easily ban evade. But of course then there is the issue of incentivizing identity theft.

And I don't think giving a gaming company my PII is any better than giving them root on my machine. But that seems more like an implementation issue.

[vel0city]

> For example, before matchmaking-based games became so popular a lot of our competitive games were on dedicated servers.

I still had a lot of problems with cheaters during this time. And when the admins aren't on you're still then at the whims of cheaters until you go find some other playground to play in.

And then on top of that you have the challenge of actually finding good servers to go join a game with similarly skilled players, especially when trying to play with a group of friends together. Trying to get all your friends on to the same team just for the server to auto-balance you again because the server has no concept of parties sucked. Finding a good server with the right mods or maps you're looking for, trying to join right when a round started, etc was always quite a mess.

Matchmaking services have a lot of extremely desirable features for a lot of gamers.

[ThatPlayer]

Except most anti-cheats started on dedicated servers because it turns out most people are not interested in policing other players.

Punkbuster was developed for Team Fortress Classic, even getting officially added to Quake 3 Arena. BattleEye for Battlefield games. EasyAntiCheat for Counter-Strike. I even remember Starcraft 1 ICCUP 3rd party servers having an anti-cheat they called 'anti-hack'.

You can still see this today with modern dedicated servers in CS2: Face-It and ESEA have additional anti-cheat, not less. Even modded 3rd party server FiveM for GTAV has their own anti-cheat called adhesive.

[Brybry]

I would argue a lot of the early anti-cheat was just as much about giving admins and communities better tools to police themselves as it was about automated cheat detection.

Like here's 2006 Punkbuster for Battlefield 2 (BEye might have been made for BF:V but Punkbuster was what I remember being used by servers). [1]

It automatically kicked on cheat detection but it didn't ban. It provided logs for admins to use for bans. It provided a way for admins to give community players the power to kick. It provided a player GUID based on CD key. It provided an online identity verification/registration system (though I don't remember anyone using this). It let admins take screenshots of players' screens.

[1] https://web.archive.org/web/20060515160425/http://www.evenba...

[Sohcahtoa82]

> So, for example, with the modern matchmaking systems they could do person verification instead of machine verification. Such as how some South Korean games require a resident registration number to play.

If you think the hate for anti-cheat is bad, just wait until you see the hate for identity verification.

I'm actually rather blown away that you would even suggest it.

[conor-]

Rootkit anti-cheats can still often be bypassed using DMA and external hardware cheats, which are becoming much cheaper and increasingly common. There's still cheaters in Valorant and in Cs2 on faceit, both of which have extremely intrusive ACs that only run on Windows.

At the level of privilege you're granting to play a video game, you'd need to have a dedicated gaming PC that is isolated from the rest of your home network, lest that another crowdstrike level issue takes place from a bad update to the ring 0 code these systems are running

[likeclockwork]

I'm not letting a game company have root on my PC. How does that kind of exposure for something as frivolous as gaming even make sense?

[paxys]

Something that is "frivolous" to you is a passion or even a profession for others. Competitive gaming is a massive market worldwide, and it wouldn't exist without the ability to enforce a level playing field. Not everything has to be a holy FOSS war.

[likeclockwork]

"holy FOSS war"?

Why not have a commissar sit behind every gamer to make sure they're not cheating?

That's a startling degree of access to give to these people for access to cosmetic micro-transactions.

But, I guess if all your friends are snorting coke in an alley, FOMO will have you right there with them.

[Hikikomori]

Do you use a separate user to play games? If not it's kinda useless as a user space process can read all your files and memory of running processes of the same user.

[0x457]

That's how gaming on windows work. You're a minority with that opinion.

[gf000]

Even kernel anti-cheat can be defeated, this is a similar fight to what captchas have.

I can just have my screen recorded and have a fake input signal as my mouse/keyboard.. or just simply hire a pro player to play in my name, and it's absolutely impossible to detect any of these.

The point is to just make it more expensive to cheat, culling out the majority of people who would do so.

[polski-g]

But isn't all client-side anti-cheat bypassable by doing image recognition on the rendered image? (either remote desktop or a hardware-based display cable proxy)

[Yokolos]

Modern cheats are far more advanced than this. Using a DMA cheat, you basically just read the game's memory from a different computer and there's no way for the game to know unless the PCI device ID is known: https://intl.anticheatexpert.com/resource-center/content-68....

[bangaladore]

DMA is "easy" to patch. No reason to allow a device to have arbitrary memory access. Just require use of IOMMU.

FaceIT essentially has countered most modern cheats including those using DMA. https://www.faceit.com/en/news/faceit-rollout-of-tpm-secure-...

Nowadays if memory access is needed, you are looking at having to find a way to load a custom BIOS or UEFI module in a way that doesn't mess with secure boot. Even then, certain anti-cheats use frequently firing interrupts to find any unknown code executing on any system threads.

[bangaladore]

Yes. Using another machine, record the screen & programmatically move mouse.

At that point you have to look at heuristics (assuming the input device is not trivially detectable vs a legit one).

However, that can obviously only be used for certain types of cheating (e.g. aimbot, trigger bot (shoot when crosshair is on person)).

[suddenlybananas]

3. write your codebase in a way which is suspicious of client data and gives the server much more control (easier said than done however)

[Sohcahtoa82]

That's just server-side anti-cheat, which I've already addressed.

Cheating isn't always about manipulating game state, especially in FPSes. There, it's more about manipulating input, ie, auto-aim cheats.

[gausswho]

There's a third path:

3. No humans in your multiplayer

As someone who grew up amazed at Reaper bot for Quake, I'm surprised we don't see a rennaisance of making 'multiplayer' fun by more expressive, fallible, unpredictable bots. We're in an AI bubble and I don't hear of anyone chasing the holy grail of believable 'AI' opponents.

This also has the secondary benefit of having your multiplayer game remain enjoyable even when people's short attention spans move on to the next hot live service. Heck this could kill live service games.

Then again, what people get out of multiplayer is, on some unspoken and sad level, making some other person hurt.

[Synaesthesia]

There's just nothing like playing against other people. It's so dynamic and fun. Especially games like StarCraft. AI is just nowhere near as engaging.

[herewulf]

> AI is just nowhere near as engaging.

A gazillion dollars of VC capital says otherwise!

[gausswho]

Cheaters are increasingly sophisticated and hard to detect. It leads me to think if we put the effort in, we could emerge the same dynamism and fun, maybe even moreso.

If we can't fight 'em, join 'em?

[wnevets]

the third option is cloud gaming for everyone.