[cclogg]

In many RTS peer-2-peer games like Starcraft or Age of Empires, they use a lock-step model, which can stop the majority of cheating.

Every player uses a tick-engine (ie tick every 0.1s) that performs the same commands on the same ticks. When a player issues a command, such as "Build Unit X", it sends it to every other player to run a couple ticks ahead (how far ahead is based on average lag or whatever). If anyone performs differently, then a de-synchronization occurs and the game is over.

It's explained much better here http://www.gamasutra.com/view/feature/3094/1500_archers_on_a... "Because the game's outcome depended on all of the users executing exactly the same simulation, it was extremely difficult to hack a client (or client communication stream) and cheat. Any simulation that ran differently was tagged as "out of sync" and the game stopped. Cheating to reveal information locally was still possible, but these few leaks were relatively easy to secure in subsequent patches and revisions. Security was a huge win. "

[endianswap]

Your assertion that a game like Starcraft is built such that it makes cheating difficult is unfounded. Because Starcraft players both synchronize the full state of the game, even what's in the fog of war to your opponent means that cheating is trivial. There are some trivial countermeasures here where if the two simulations differ it the two machines will quit over the desynchronization, so you can't just spawn a million units, but you can have full map vision in a game whose rules are tied strongly to the notion of imperfect knowledge of the board.

I've worked anti-cheat (and written cheats) for several games, and there's little you can do in the space of 1-on-1 games to prevent cheating(1), but in the space of 3+ player games the separate simulations can "vote" to remove the player who is cheating (in the desynchronization fashion as above), if you assume there are going to be fewer cheaters in games than legitimate players. Of course if there is any knowledge hidden by the client in its render/UI of the game then a cheater can always recover that data, which is why when you can build a client/server model not transmitting hidden data is the most effective strategy to counter cheating (for example don't transmit entities the player shouldn't be able to see.) This is often difficult, of course, for example if you want footstep sounds to travel through walls in an FPS, but a lot of low-hanging fruit that cheaters would want can be pruned that way.

1: The other (common) approaches are to detect the cheats and punish the cheaters afterwards (Punkbuster, Valve Anti-Cheat, Warden, etc.) or try to lock down the process and make it difficult to write effective cheats (GameGuard, or one trick Blizzard does is attach a second process as a debugger of the game process and IPC validation checks so you can't directly/easily hook into the main process.)

Edit: I now realize you mention hidden data still being recoverable, and desynchronization as a method to combat cheating, I missed that at first but figure I'll leave my post up anyways, even if only to emphasize that seeing the whole map is a very valuable cheat that has taken players easily into the top of the Starcraft ladder (and the top of the Grandmaster rank in Starcraft 2).

[baddox]

But multiplayer RTS games are notoriously easy to cheat in. Cheating is extremely common in Starcraft 2, and as far as I know, the only way Blizzard combats it is to detect unauthorized behavior and ban those accounts.