[HN Gopher] Epic launches anti-cheat support for Linux, Mac, and...
___________________________________________________________________
Epic launches anti-cheat support for Linux, Mac, and Steam Deck
Author : cactusbee
Score : 243 points
Date : 2021-09-23 18:56 UTC (4 hours ago)
(HTM) web link (dev.epicgames.com)
(TXT) w3m dump (dev.epicgames.com)
| halfcreative wrote:
| Awesome! So what does this mean for me? Will I be able to launch
| Apex legends without getting booted right now? How long will i
| need to wait for my favorite games to start working?
| zaptrem wrote:
| Only for games that use EAC.
| ziml77 wrote:
| The page specifically says that these new versions of EAC are
| for native builds. So it's on Respawn now to provide that to
| players.
| chaorace wrote:
| _psssst_ Try reading a little more of that page you just
| quoted. I think you may have missed something important
| marcodiego wrote:
| So... how many games suddenly started to run now on wine?
| OtomotO wrote:
| Finally Bill Gates evil plan with COVID-19 makes sense! ;)
|
| Epic move from epic :)
| SCHiM wrote:
| A long time ago, before my frontal lobe had completely developed,
| I used to develop multiplayer game cheats. I now recognize that
| behavior as abhorrent, but in those days I thought it was l33t.
|
| In any case, no mater how good your protection is, how deep in
| the system you go, the cheaters can go deeper. Like anti-virus
| and DRM evasion will always win from detection. The cheaters have
| complete insight into any/all client side protection mechanisms,
| more importantly, the cheater owns the machine and the
| environment where your code runs. There is not a checksum that
| can not be faked, and no way to measure if any of your
| protections have been circumvented, because the code you use to
| measure can (and will) be patched.
| peanut_worm wrote:
| I could totally see Linux hitting 5+ percent market share for
| desktops on the next couple years
| nivenkos wrote:
| I've been using it at work the last 6 months.
|
| Only issue I've hit was Tableau Desktop has no Linux support
| (but hopefully we can migrate to Looker, as Tableau sucks
| anyway).
| sylens wrote:
| I think at this point I just need a Google Drive client.
| 1Password is already there, Obsidian is there, I'm ready to go
| wyufro wrote:
| Ubuntu supports Google Drive out of the box, it appears in
| the file manager. Probably it's Gnome doing the actual work,
| I haven't really bothered to learn it well.
| sylens wrote:
| Was not aware of this, interesting
| lights0123 wrote:
| If you want client, not necessarily sync, GNOME has it built-
| in. It'll mount your Drive using FUSE.
| sneak wrote:
| Why would you run Linux and use Google Drive? If you don't
| care about FAAN(M)G reading your data and activity, Windows
| is simpler and has better compatibility.
| sylens wrote:
| Consider that I may use a tool like Google Drive for a
| subset of data that I don't feel is particularly sensitive
| or identifying in nature
| kaladin-jasnah wrote:
| InSync? Not first party, but I heard everywhere it's really
| good.
| duncanawoods wrote:
| I used InSync with a mounted drive. I rebooted and it ran
| before the drive mounted and deleted my entire online
| google drive contents and then deleted the local files when
| the drive mounted.
|
| The google UI is such garbage that you can't undelete 1000s
| of files so I had to write a script against it's API that
| ran for a few days restoring everything. Sucked.
| Karsteski wrote:
| I've been using it for the past year. Works perfectly find,
| no complaints. Definitely worth the $40CAD I paid,even if I
| plan to move away from Google Drive in the near future
| legohead wrote:
| why would anyone other than programmers/devops/IT pros have
| anything to do with Linux?
| jakogut wrote:
| It doesn't spy on you. It gives you freedom of choice when it
| comes to desktop environment, and what software you run. It's
| not developed by anti-competitive tech giants.
| KaoruAoiShiho wrote:
| why would anyone other than programmers/devops/IT pros have
| anything to do with Linux?
| 015a wrote:
| I'll go on the record and say above 5% by December 31st 2022.
|
| Depending on who you ask, its at ~2% today. If that feels high
| to you, remember: it includes Chromebooks.
|
| As it grows, you'll absolutely hear people say "Chromebooks" or
| "Steam Decks should be their own category, they don't count".
| These arguments effectively reduce to "Linux cannot be popular,
| so I'll move the goalposts so it never is." Ignore them, and
| pour cement around the goalposts: running a distribution of
| gnu/linux.
|
| Of course, if all we cared about was the "linux" part of
| gnu/linux, then its already the most popular operating system
| kernel in use by mankind. Its already won.
| faho wrote:
| >Of course, if all we cared about was the "linux" part of
| gnu/linux, then its already the most popular operating system
| kernel in use by mankind. Its already won.
|
| Except the "linux" part matters to the actual user not one
| bit.
|
| Android is a fairly walled garden no matter what kernel it
| uses. It's an implementation detail.
| kaladin-jasnah wrote:
| I'm curious as to why should the Steam Deck be in its own
| category. To me, it runs a mainstream, open and not-locked-
| down Linux distro. I could see an argument for Chromebooks
| being in their own category, but the Steam Deck, in my eyes,
| is a legitimate "full" Linux device.
| ajsnigrutin wrote:
| 2022, year of linux on the desktop!
| peanut_worm wrote:
| For once it might be!
| austinshea wrote:
| I doubt it.
|
| Desktop computers haven't been relevant since 2008ish, and were
| struggling to maintain relevance after the 4th gen Intel
| GPU/Power-consumption changes.
|
| Headless servers and consumer electronics are, already, largely
| using Linux.
| symlinkk wrote:
| Go to Twitch.tv, everyone there will be on gaming PCs.
| throwaway2048 wrote:
| desktops are effectively the only thing people play PC games
| on.
| stinkytaco wrote:
| If anything, this is the reason Linux could hit that point.
| Desktops are increasingly for specialized applications:
| gaming, development, content production, etc. If you just
| need general consumption, you probably have a tablet or
| phone. I could absolutely see Linux hitting 5% just because
| people who would never use Linux have stopped using a
| computer at all.
| A4ET8a8uTh0 wrote:
| And yet we just went through a massive GPU shortage
| suggesting Desktop is alive and well. Do we have any recent
| industry stats on this?
| bloqs wrote:
| This is a startlingly out of touch comment. Desktop PC
| gaming, along with self builds are one of lockdowns hottest
| trends.
| leppr wrote:
| Good to see Epic coming back on their shunning of Linux. I guess
| their quarrel with Apple opened their eyes about walled
| gardens...
| krastanov wrote:
| I am very happy about this, but how is it possible without the
| typical "root access / rootkits" invasiveness of anticheat
| software!?
| gruez wrote:
| >how is it possible without the typical "root access /
| rootkits" invasiveness of anticheat software!?
|
| It probably does require root/kernel access. If you're not a
| fan of that, your only option is cloud gaming.
| amarshall wrote:
| I run games in a VM to isolate things. Some anti-cheat detect
| a VM and just assume you're a cheater and exit the game, but
| I just don't play those games.
| zdw wrote:
| What permissions does this require? A kernel module? Something
| that watches all processes all the time? Messes with input
| settings or breaks assistive devices?
|
| On windows, a lot of the actions that "anti-cheat" software takes
| is indistinguishable from a rootkit.
| reanimus wrote:
| I wouldn't be shocked if it used BPF probes or something like
| that. A kernel module is possible, too, especially if they're
| targeting Ubuntu with DKMS.
| m4rtink wrote:
| Good luck getting custom kernel modules working with secure
| boot.
| marcodiego wrote:
| Pssst! Don't give them ideas!
| Datenstrom wrote:
| This is why I still use the console model with my gaming PC. It
| is exclusively for games without exception. I would have it
| boot directly into steam if I could get steam to boot other
| games like from Battle Net without so much work.
| rodgerd wrote:
| > This is why I still use the console model with my gaming
| PC.
|
| I mean this is why I use a console as my first choice gaming
| platform.
| vetinari wrote:
| You can, actually. Steam can add non-steam games to the
| library, and also can stream them over Steam link. I've used
| that to play GoG games on Android TV.
| judge2020 wrote:
| Arguably necessary when cheats people install themselves are
| actual rootkits.
| tablespoon wrote:
| > Arguably necessary when cheats people install themselves
| are actual rootkits.
|
| There's a hardware cheat that's actually in the wild that
| uses a capture card, computer vision, and hardware input
| devices to run entirely outside the OS:
| https://arstechnica.com/gaming/2021/07/cheat-maker-brags-
| of-...
| 10000truths wrote:
| Not 'arguably necessary'. Cheats can just as easily be
| detected from the server side through statistical analysis.
| ketralnis wrote:
| Oh great, so you've solved the problem then. The entire
| industry just hasn't discovered your one simple trick. You
| should let them know.
| pstrateman wrote:
| Yeah except he's right, the vast majority of cheaters can
| be detected server side.
|
| Literally no game does this, because ?????
| westpfelia wrote:
| They do. And after a few weeks/months there will be a ban
| wave. But there really isnt incentive to fix these
| problems because if you ban cheaters they have to buy new
| copies of games.
| schmorptron wrote:
| Battlefield has been doing this, with FairFight, and it's
| worked okay-ish, but insanely slow
| mrmuagi wrote:
| I am guessing extra computation? Maybe this sort of
| technology is in infancy?
|
| The real interesting take away is it is always a mouse
| and cat game. The hackers will adapt, instead of reading
| memory they might just read packets, or use a m.2 memory
| reader card, because they have to -- and so will the
| anti-hackers. I am interesting in machine learning to
| simulate COD -- I saw a video of it and it's like a young
| child was playing the game -- not good but obviously on
| the path to competence.
| jasonladuke0311 wrote:
| Because they can get people to install rootkits on their
| PCs and offload the computational burden on to them
| instead of paying $$$ to detect these themselves?
| nightowl_games wrote:
| Sounds like a startup opportunity. Lookin' forward to the
| pitch deck!
| TillE wrote:
| What kind of massive startup ROI are you expecting to
| make from a highly niche bit of middleware?
|
| Just because something is possible doesn't make it
| profitable.
| sudosysgen wrote:
| CS:GO does do this.
| rodgerd wrote:
| In one part because the false positives of picking up top
| players as bots becomes an issue.
| tester756 wrote:
| "vast majority" means? 60% or 99%?
| erk__ wrote:
| Valve have been doing it with Counter Strike for at least
| 3 years. And the "VACnet" they have is still far from
| perfect. Especially with the less obvious cheats. They
| used to be a talk on youtube, but it seems to have been
| taken down.
| judge2020 wrote:
| `\dkliksphilip` reuploaded the talk it seems:
| https://youtu.be/SnRgW54EWwA
| echlebek wrote:
| I don't think that level of snark is really warranted
| here.
| sudosysgen wrote:
| Valve does this though. I'm pretty sure their VACnet is
| more effective than their classical anticheat. It's just
| a lot more effort.
| mrguyorama wrote:
| VACnet IS more effective than their previous system, but
| that's a LOW bar. CS:GO is still full of obvious
| spinbotters and wallhackers that get to ruin a hundred
| competitive games before eventually getting banned, and
| just grabbing a new account. VACnet for some reason can't
| even get the obvious stuff; Spinbotting looks nothing
| like a normal person playing, to the point that you could
| probably write "if average rotation rate > some high bar
| then ban" and do better
| [deleted]
| nx7487 wrote:
| Client-side analysis allows the game to identify
| unauthorized access to game state, which is the root cause
| of most cheating (probably not going to prevent computer
| vision aimbots that just analyze frames). It's just a much
| simpler and effective solution than fine-tuning a
| statistical model.
| 10000truths wrote:
| If it's running on the client, it can be patched out. Any
| checks done on the client side can be bypassed. Sure,
| obfuscation will deter most people from trying to reverse
| engineer the checks, but all it takes is one person to
| succeed and distribute their cheat program to others.
| gruez wrote:
| That can only detect obvious hacking. Subtle hacking is
| hard enough to detect that you'd either have to accept high
| amounts of false positives or false negatives.
| babypuncher wrote:
| I think if this were true, somebody would have successfully
| done it by now.
| shreddit wrote:
| That so called "guessing" has an awful amount of false
| positives
| Razengan wrote:
| > _cheats people install themselves are actual rootkits.
| reply_
|
| Examples?
|
| That's like the "Apple shouldn't allow third-party stores
| because of malware" argument.
| pstrateman wrote:
| Sure except EAC doesn't work, even on windows with the full
| kernel rootkit installed.
|
| Money back guarantee SaaS cheats are like $10/month that are
| undetected by EAC.
| AustinDev wrote:
| And those aren't even cheaters using a full DMA module and
| separate PC which is nearly impossible to detect if done
| properly.
| temporarrry0923 wrote:
| Or worse machine-learning-to-bounding-box that takes the
| video stream through HDMI, identifies character heads,
| intercepts the USB HID mouse, and injects movement
| commands to move the center of the screen towards the
| nearest "head". Literally (not nearly) impossible to
| detect, there is no difference between this and just
| aiming by hand. The video is already out of the box, and
| the USB HID packets look the same as the real mouse's
| commands.
|
| I spent about two months creating training data for this
| and it now runs smoothly on a sister PC with a capture
| card. I gave up because I got bored (and perhaps felt
| guilty about cheating) but I wholeheartedly believe I
| could have played top 500 region online matches and
| gotten away with it, as investigations usually trigger
| manual DMA checks by ESEA/Faceit mods, and a manual
| ("automated") ban in that case. But there is no DMA in my
| setup. The only way to get banned would be to play
| stupidly and obviously cheat, and to be honest that's a
| plus of my setup: the neural network is not perfect, so
| the aimbot can't be perfect. Like a built-in humanizer.
| exporectomy wrote:
| Congratulations on your fun project. Be careful about
| "literally impossible" though. If it's truly identical to
| aiming by hand, it won't help you. If it isn't, there
| might be some statistical (in)consistency that's
| detectable with enough play.
| temporarrry0923 wrote:
| >If it's truly identical to aiming by hand, it won't help
| you
|
| Except it's identical to incredible aiming (yet human)
| skills, which I do not have ;)
| subw00f wrote:
| Just out of curiosity, how does it fare with smokes?
| temporarrry0923 wrote:
| Pretty well. It doesn't shoot through them, because it
| can't see through them. Sometimes it aims/shoots through
| them somewhat early before it dissipates completely,
| because rxn time is way faster than a human. But it's
| close enough to not be suspicious.
| tester756 wrote:
| >Literally (not nearly) impossible to detect, there is no
| difference between this and just aiming by hand. The
| video is already out of the box, and the USB HID packets
| look the same as the real mouse's commands.
|
| doesn't "line" made of mouse coordinates look oddly for
| human?
| PoignardAzur wrote:
| At this point, I'm pretty sure any "human" pattern
| machines can find, other machines can fake. Simulating
| how a human would move a cursor towards a position
| definitely seems like something deep learning could
| approximate for cheap.
|
| Naive aimbots will still have some artifacts (eg jumping
| to a new target as soon as the current one is occluded),
| but making an undetectable aimbot really doesn't seem
| hard, given the incentives involved.
| temporarrry0923 wrote:
| Absolutely, it's a bezier curve with some random noise, I
| oversimplified.
| tester756 wrote:
| > random noise
|
| I thought about randomness, but cannot randomness be
| detected?
|
| e.g you add +- 5 pixels horizontally/vertically
|
| so with 30min game sample cannot it be detected? e.g when
| collecting only when enemy is on screen
| cooljacob204 wrote:
| To be honest I have completely given up on competitive
| fps games. The cheating situation has only gotten worse
| and I really don't see anti-cheat makers winning.
| nawgz wrote:
| As a former CSGO player who would've said this
| previously... Valorant is impressively legit
| temporarrry0923 wrote:
| I wish I could reply to this with a rallying cry for you
| to keep trying. But it's true, every 14 year old kid with
| a keyboard can cheat in competitive now.
| deepsun wrote:
| Play with friends only, like in good-o-days.
| eertami wrote:
| >I wholeheartedly believe I could have played top 500
| region online matches and gotten away with it
|
| Unless you were already near the top, climbing rapidly up
| rankings (in a 3rd party ladder) is going to be very
| suspicious. Draw enough attention and I think it's not
| unlikely someone would find evidence (not evidence of how
| your system works, but video proof that shows cheating).
|
| And if the humanization is so good that it can literally
| never be detected... then better players with more
| knowledge and game sense will consistently still win.
| You'd need to be a good player in the first place - which
| is actually where the danger lies. A pro player with an
| undetectable cheat they can toggle on momentarily, even
| just once a series at a crucial moment, could make all
| the difference.
|
| I've given up relying on technical anti-cheat solutions
| for online games. If it is apparent someone is cheating
| by watching them play then that's enough for me (and I've
| seen some _very_ subtle cheaters get banned from leagues
| for the most minor of slip-ups.) The only way to be
| totally sure are if the game is played on a LAN and the
| equipment is sufficiently controlled.
| temporarrry0923 wrote:
| >climbing rapidly up rankings (in a 3rd party ladder) is
| going to be very suspicious
|
| Hard agree here. There's always been people accusing
| semipros of cheating (see r/VacSucks for more) though, so
| unless it was pretty concrete, it wouldn't mean anything.
|
| >And if the humanization is so good that it can literally
| never be detected
|
| It's not that the humanization is good, it's that the
| cheat is poorly designed enough to be only as good as a
| really good consistent human. Though you're right that
| it's not going to be the holy grail.
|
| >The only way to be totally sure are if the game is
| played on a LAN and the equipment is sufficiently
| controlled.
|
| Hard agree as well. I've been hoping for online majors to
| be called off, but alas.
| emsy wrote:
| >Unless you were already near the top, climbing rapidly
| up rankings (in a 3rd party ladder) is going to be very
| suspicious.
|
| smurfs are as old as competitive games, so I doubt it.
| babypuncher wrote:
| Once you start requiring external hardware setups like
| that, I think the barrier to entry for cheaters becomes
| high enough that they become far less prevalent.
|
| The goal of good anti-cheat should never be to eradicate
| it entirely, since that is obviously impossible. You just
| need to make it so the vast majority of players rarely
| encounter it.
| temporarrry0923 wrote:
| Very true. I wasted hundreds of hours doing this, if it
| takes an extra hour to do, cheating would drop overnight
| phendrenad2 wrote:
| You know this? You've personally tried them? Or is this
| secondhand, thirdhand, hypothetical knowledge? It seems to
| me that anti-cheat works the same way DRM works: It poses a
| barrier to entry that keeps NN% of people who would hack
| from hacking, which is sufficient to keep the game from
| becoming a hacker cesspool.
| temporarrry0923 wrote:
| I do know this, personally. EAC is not great. They sort
| of stay on top of things compared to something like CS
| but it's still possible to get away with it for a few
| months if you do it right
| mrmuagi wrote:
| That's not really what DRM IMHO -- sure it says that on
| the tin... Once the video or game is cracked once, the
| DRM is done. It just provides hurdles and extra barriers
| for the first person. Once somebody finds a "hack" method
| that works, they can clone and resell it up until their
| greed belies their customer's wishes of being undetected
| due to small player pool using the hack.
|
| And yes, hacks are "rootkits". It's kind of funny how
| they work. Some of them work at the memory level, or
| packet level. They require you to disable anti-virus, all
| firewalls, etc. The only incentive for them not to hack
| the user is a recurring subscription cost that's often
| more expensive than the game itself (leading to rage
| hacks where they are known to detected but the delay in
| detection-ban lets the user play still and farm RMT
| items).
| switz wrote:
| As someone who runs an online Counterstrike platform, I
| can attest to this firsthand. There are literally dozens
| of open source cheats on Github that bypass the major
| anticheat services. And when one gets detected, they're
| usually updated in just a few days. For private paid
| cheats, they're very rarely detected. I've heard of
| people paying thousands of dollars for custom-built
| cheats that have gone years and years without being
| detected.
|
| The cheating in the game is out of control and has been
| for half a decade. People still play and can find little
| pockets to play in to avoid cheaters (namely playing with
| friends or on paid services, that cut down on cheating
| due to the barrier to entry of cost), but it's inevitably
| unavoidable to consistently run into cheaters
|
| My approach has been to run no client anti cheat outside
| of that built into the game (VAC), as I don't believe
| invading people's privacy (e.g. always-on kernel level
| detection) for the illusion of reducing cheating is worth
| it. There are better ways of hindering cheating than on-
| client detection, in my humble opinion.
| temporarrry0923 wrote:
| Does popflash.site have an AC? I didn't have a problem
| last time I tested it.
|
| I think your server could check for several cvars that
| are only enabled for cheaters using some cheats, to auto-
| ban them. Though this precludes externals and some better
| internals.
| switz wrote:
| Sorry, I edited my comment after you asked. We don't have
| an "anti-cheat" in the traditional sense, though I've
| developed a few solutions to curb cheating in the past.
| Fortunately, it's not really a problem I've had to solve
| because I only offer scrimmages these days, meaning you
| choose who you play with. If I were to offer matchmaking,
| I'd be more liable to prevent cheaters from using the
| platform since I would be matching up people to play
| with.
|
| Since my users are mostly just playing friends I don't
| really have rampant cheater problems like other services.
| temporarrry0923 wrote:
| Yeah, that's understandable. If one of my friends were
| cheating I think it would be obvious what to do.
| donkarma wrote:
| You're talking about VAC, which is not even close to the
| same tier as EAC, there are no "open source cheats" that
| bypass the major anticheat services because they are
| quickly identified and patched.
| switz wrote:
| Correct, VAC is very different than EAC. But it's
| absolutely not true that there are not open source cheats
| that bypass EAC, FaceIT, and ESEA. The more popular ones
| get patched, but I've seen a bunch of smaller ones that
| do not get detected - you just have to know how to find
| them. They may eventually get detected, but cheaters
| generally will just create a new account and start
| cheating again.
|
| When my platform launched 6 years ago, we were the first
| to approach the problem of preventing cheating via non-
| invasive methods. We required you to have played several
| hundred matches in-game before being allowed to join our
| platform. ESEA, who are widely considered to have the
| best client side CS:GO anti-cheat, just recently
| implemented something similar, proving that clientside
| anticheats alone don't solve the problem.
| zamadatix wrote:
| > They may eventually get detected, but cheaters
| generally will just create a new account and start
| cheating again.
|
| Typically games will either avoid putting low play count
| players in the pool with established or paying players.
| Both because they don't want the guy playing for the
| first time to be constantly creamed by heavily invested
| players which would drive them off but also because real
| time and real dollars are strong deterrent to most and at
| least an extreme slowdown to the remaining. The net
| result of anti-cheat is to make it unviable to
| continually cheat, not to never have hacks that
| temporarily work.
|
| CS's problem is Valve has shit anti-cheat that doesn't
| really care to detect cheaters and even when it does it
| doesn't have strong new player segmentation to delay them
| from coming back. Both of these are reason's Valve is lax
| with cheaters not reason's anti-cheats aren't effective.
| kflzufkrbzi wrote:
| Making new players play together with cheaters for a long
| time sounds kind of bad too
| lrae wrote:
| > There are literally dozens of open source cheats on
| Github that bypass the major anticheat services.
|
| Do you have links for EAC & FACEIT?
| Razengan wrote:
| "Think of the cheaters!" is the gaming equivalent of "Think of
| the children!"
| phendrenad2 wrote:
| The dev page still says "The Anti-Cheat Client interface
| currently only supports the Windows platform and requires a
| 64-bit operating system installation. Mac and Linux client
| support are coming soon." so there's not much info yet. I'm
| guessing it'll require a specific kernel version and an
| obfuscated kernel patch that probes everything and calls a web
| service constantly.
| A4ET8a8uTh0 wrote:
| Thank you. This makes me very uneasy. Apart from the obvious,
| it also potentially makes linux a bigger target by increasing
| exploitable surface a hacker can hold on to. And I am saying
| this as a happy proton user.
| nitrogen wrote:
| This is cool. Nothing ruins a game like someone cheating. What
| are the security implications of running an anti-cheat system on
| Linux? Do I need to give it root access?
| danvayn wrote:
| Like another said in this thread, yes you would but it's
| because some cheats are rootkits. It's a little invasive but
| doesn't seem as problematic as other ACS like Riot's Vanguard,
| which is always on and China-owned.
| yesbut wrote:
| > China-owned
|
| State owned is problematic, I'm not in disagreement with you.
| But so is corporate owned. I'd like to see an industry
| standard anti-cheat root-kit developed as a publicly
| reviewable open source project at the very least.
| temporarrry0923 wrote:
| >I'd like to see an industry standard anti-cheat root-kit
| developed as a publicly reviewable open source project at
| the very least
|
| An anti-cheat is one of the few areas that truly would ruin
| its security by going OSS. A cheater can quickly enumerate
| every method the AC uses to detect cheats, then they know
| EXACTLY which goalpost to kick into, per-se. 85% of
| Vanguard's effectiveness is their CONFUSING ban protocols,
| whether that's delaying a ban to confuse someone testing
| what's bannable, not divulging details about what avenues
| are tested, constant updates that aren't specified
| anywhere, etc.
|
| Case in point, even in CSGO: Just changing the offsets of
| some game values will break some cheats for several days.
| yesbut wrote:
| Then handle it server side. Anything you ask the user to
| install into their kernel should not be closed source.
| schmorptron wrote:
| Anti-Cheat is the only industry where security by obscurity
| is valid.
| tester756 wrote:
| Obscurity is always valid because it increases security,
| doesn't it?
| nitrogen wrote:
| They're referring to this idea:
| https://en.wikipedia.org/wiki/Security_through_obscurity
|
| Obscurity can be a layer, but it can't be the only layer,
| and in general systems (such as web servers) need to be
| designed to withstand full-knowledge attacks. That isn't
| likely to be possible when it comes to anti-cheat, so
| obscurity plays a larger role.
| bootloop wrote:
| Nothing ruins a game like not being able to play it because
| some algorithm things your setup is suspicious.
| jerf wrote:
| What does this involve on Linux? Reading the docs there's a
| reference to a "client module" for Linux but the link seems to be
| broken.
|
| Is this going to require a linux kernel module or something to
| work, or is it pure user space?
| d23 wrote:
| Does PUBG not use this, or does it just not work that well?
| bcrescimanno wrote:
| It appears to use BattlEye which is another anti-cheat solution
|
| https://www.protondb.com/app/578080
|
| The thing is, part of the challenge is that we don't really
| know if the game itself will work because people can't get past
| the anti-cheat to see if the game itself works.
| [deleted]
| b8 wrote:
| Hmm I wonder how intrusive EAC is on Linux, and Macs. I seem to
| recall that they look for visiting blacklisted websites in some
| browsers a while back. Also I wonder how their VM detection is
| for linux, and macs.
| judge2020 wrote:
| Blizzard's Warden anti-cheat was rumored to collect your
| process list and/or open window titles at one point, but IIRC
| they weren't substantiated.
|
| https://wowwiki-archive.fandom.com/wiki/Warden_(software)
| henhouse wrote:
| I know that it can checksum files, search through drivers,
| scan memory addresses, etc. I think I can read registry keys
| as well. That's just what I know of the 2005-2008 era of
| Warden implementation. See vanilla implementation:
| https://github.com/vmangos/core/pull/1295
| doublerabbit wrote:
| I feel that if we can could work on introducing more online
| cross-play, the gaming community would be a better place.
|
| There should be no reason why I can't play online with Xbox and
| PlayStation players.
| cmeacham98 wrote:
| At least on Playstation, that is 100% Sony's fault. They refuse
| to let you have cross-platform play unless your game is huge.
| Unsure if Microsoft has/had similar policies for Xbox games.
| Cu3PO42 wrote:
| In the PS3/XBOX 360 days it was Microsoft who were all
| against cross-platform play whereas Sony was more open to it.
| In the early days of that console generation, XBOX was
| arguably more successful than PS. Now PS is more successful.
|
| The pattern is that the player ahead doesn't want cross-
| platform and the one behind does. That makes sense to me.
| dyingkneepad wrote:
| That doesn't make sense. The main reason in favor of letting
| cross-platform play is exactly unfragmenting the player base.
| I'm sure I'll never run out of PS4 players to fight against
| in Fortnite or CoD of whatever, but I simply can't find an
| opponent when I play Skullgirls on PS4, while on Steam I can.
| Games with a small population benefit immensely from
| crossplay.
|
| That said, if I'm on a PS4 (a platform where cheating is much
| harder than PC) and the game is well populated, maybe I don't
| want to play against PC players, as I don't want cheaters.
|
| There's also the mouse+keyboard vs pad thing for FPS games.
| nitrogen wrote:
| _There 's also the mouse+keyboard vs pad thing for FPS
| games._
|
| You can get adapters for older consoles that will convert
| mouse+keyboard input to control pad input. I haven't used
| consoles in years, so I'm not sure if they're available for
| newer generations.
| schmorptron wrote:
| Lots and lots of games, and most new big ones coming out, have
| cross-play. Apex, CoD, Rocket League jus to name a few.
| bastard_op wrote:
| There is no incentive to let you out of the Sony/Xbox walled
| gardens, unless you're Fortnite where everyone from children to
| adults love to spend stupid money on IAP's just to dance or
| clothe themselves and you don't want to miss out.
|
| If they did, and you realized your game runs better on a real
| pc, you'd just defect and not beg/borrow/scam/hustle for a ps5
| or new xbox (maybe for decent gpu still though).
|
| You will take what they give you and be goddamn content with
| it. Unless you're Epic and even Sony gives up the GI Joe kung
| fu grip.
| eric__cartman wrote:
| The lack of cross-play always bugged me. Usually a friend
| group settles on a particular platform to buy so they can all
| play together, which is a pain because in a lot of cases that
| platform is far from ideal for everyone. For example consoles
| always seemed quite useless to me because I only casually
| play games, so when I'm not playing games I have this
| expensive and powerful x86 computer doing nothing because I
| can't use it for anything else but playing games and maybe
| watching movies. I wish Sony had kept the "install another
| OS" option that they introduced for a while in the PS3.
|
| Fortunately my friends are PC gamers too so no locked down
| hardware in my house :)
| fletchowns wrote:
| I wish there was some well respected third party reputation
| service that I could prove my identity to (government id, utility
| statements, etc) and then all games just integrate with this
| third party reputation service. Sort of an Olympic committee for
| gaming. Give me the option to only play with other verified
| players. Getting caught cheating in one game then impacts your
| reputation in _all_ games. There's a gazillion details that would
| need to be hammered out to get this right (appeal process,
| account hijack recovery, etc) but I think the idea has merit. I
| feel something like this is the only way to end cheating once and
| for all. Would be so nice if developers never had to think about
| anti-cheat again, and we didn't have to run all this super
| invasive anti-cheat software on our machines.
| armchairhacker wrote:
| As a casual player another way to alleviate cheating is good
| matchmaking, so cheaters all rank up to other cheaters. This
| doesn't help higher-level players though.
|
| Some cheats run outside the OS and are basically
| indistinguishable from regular players. So anti-cheat won't
| work. Good matchmaking + still catching cheats for impossible
| stuff + real tournaments requiring in-person attendance or
| heavy monitoring, should still work pretty well.
| jbman223 wrote:
| Sending away all of your PII to be verified in games isn't much
| better (in terms of intrusiveness) than running anti-cheat
| software in the first place.
|
| Additionally, will it be any harder to get around a system like
| this than a traditional anti-cheat system? Theoretically - for
| the average player at least, it might make cheating worse -
| assuming the cheater runs their cheats in a realistic way, in
| your world, there is now no detection software pinpointing the
| cheaters!
| fletchowns wrote:
| > Sending away all of your PII to be verified in games isn't
| much better (in terms of intrusiveness) than running anti-
| cheat software in the first place.
|
| In my mind it's much better than running N number of
| different anti-cheat software on my machine, assuming that
| this reputation management entity is very well respected.
| Again, it'd be very hard to get a system like this right, but
| I think it is certainly possible.
| dpedu wrote:
| > Getting caught cheating in one game then impacts your
| reputation in _all_ games.
|
| This sounds pretty similar to Steam's VAC (Valve Anti Cheat)
| system aside from how widespread you want the system to be.
| IIRC, owners of Source-based game servers can set a flag to
| allow/deny users with a VAC ban. I don't think this is
| available to non-source games, which would be needed for your
| idea.
|
| > How do VAC bans relate to phone numbers?
|
| > VAC bans are applied to all accounts sharing a phone number
| at the time of the infraction.
|
| > Can I move my items and games to a different Steam account?
|
| > No.
|
| https://help.steampowered.com/en/faqs/view/647C-5CC1-7EA9-3C...
| f0e4c2f7 wrote:
| It doesn't work across multiple games but Counter-Strike:
| Global Offensive has a system where you enter your phone number
| to verify your account and then can queue only with other
| verified players.
| fletchowns wrote:
| The phone number is not much of a barrier. I'm a verified
| player and only queue with other verified players, and I
| encounter cheaters regularly in CSGO.
| dfxm12 wrote:
| You want to open up yourself to risk for your identity being
| stolen and normalize handing out personally identifiable
| information just to maybe make it harder for cheaters to get in
| on some of your games?
|
| I don't think the idea has merit. See how long it is taking the
| Real ID act to become enforced. People barely trust the
| government with this info, with the ability to get on a plane
| (among other things) at stake.
| bqmjjx0kac wrote:
| Thanks to the magic of cryptography, it's possible to prove
| your identity to someone else without enabling them to
| impersonate you.
|
| For instance, the third party gives you a nonce, you sign it
| with your private key, and they verify it with your public
| key.
| beebmam wrote:
| This is probably the best solution I've seen around anti-cheat
| solutions. I also think this is the best approach to prevent
| abuse on social media.
|
| I can't be the only one sick of what a sewer the internet, like
| multiplayer gaming and especially social media, has become.
| neoromantique wrote:
| So, like that black mirror episode?
| VRay wrote:
| yeah, no shit
|
| You guys can just move to South Korea or China if you want
| to live with that authoritarian BS
| oehtXRwMkIs wrote:
| China I understand, but what's up with pairing it with
| South Korea?
| [deleted]
| fletchowns wrote:
| Being able to play Call of Duty without people screaming the
| N word into my ears regularly would be amazing. Intolerance
| to hate speech could be something enforced by this
| hypothetical service as well.
|
| Sure I can turn off the death mic, but there's been some
| really amazing interactions though it as well. For those not
| aware, the death mic in CoD is a feature where the instant
| you frag somebody in game, it turns their mic on, so you can
| hear their very candid reaction. Lots of times it's things
| like "no way what a shot how'd that guy get me!". Such a fun
| feature, if it wasn't for people that just utter the most
| offensive things imaginable on it.
| iratewizard wrote:
| It would also be nice if people were able to use cheats in a
| game against other people with cheats. It would be very
| enjoyable to watch battle of the bots in games and have people
| pit their programming skills against each other like this.
| fletchowns wrote:
| I seem to recall a certain game that had a shadowban system
| that just put all the cheaters in the same lobbies together.
| Might be misremembering that though.
| mgdlbp wrote:
| I recall rumour that the relatively recent _Fall Guys_ had
| such a system. A quick search seemingly shows confirmation
| from an official Twitter account.
| bcrescimanno wrote:
| For context, ProtonDB is a database of Steam games and how well
| they work on Linux through Wine/Proton. A huge number of the
| "borked" games are using some kind of anti-cheat and that's the
| main reason the game doesn't work.
|
| EAC is one of the most-used anti-cheat systems in gaming. Between
| EAC and BattleEye, you're hitting the Pareto Principle for anti-
| cheat support.
|
| Four of the top 10 Steam games use anti-cheat and therefore
| cannot run currently. Two of those four use EAC.
|
| https://www.protondb.com/
| judge2020 wrote:
| Worth noting that the VAC games on that list, CS:GO, TF2, and
| Dota 2, have effectively given up on actually detecting and
| preventing cheaters and now rely on server-based or community-
| consensus methods of finding and punishing cheaters (with TF2
| being the exception with how little maintenance Valve performs
| on it).
|
| Both CS:GO and Dota 2 have a report+overwatch system where
| users watch a replay to determine if someone is exhibiting
| suspicious cheating behavior. The server side of this is VACnet
| where it uses heuristics like mouse movement or [in Dota]
| clicking out of regular camera bounds to detect these cheaters
| and expedite them to the Overwatch queue. You can readily
| download the biggest script client for Dota 2, and VAC ban
| waves for using it have been unheard of for years now (you only
| get an in-game ban when enough other players verify the
| cheating via Overwatch).
|
| https://youtu.be/SnRgW54EWwA
|
| https://www.pcgamer.com/vacnet-csgo/
| hpfr wrote:
| I can't quite tell if you think this system is reasonably
| effective or not. It certainly seems less invasive, so it
| would be good if it were. Are you able to comment on that?
|
| > You can readily download the biggest script client for Dota
| 2, and VAC ban waves for using it have been unheard of for
| years now (you only get an in-game ban when enough other
| players verify the cheating via Overwatch).
|
| Does this mean you think the ban process is too slow and
| involved?
| judge2020 wrote:
| The system is effective for CS:GO and Dota mostly because
| the nature of the games; things like Fog Of War[0] (which
| applies to both of these games and Valorant) help bring
| down the upper bounds of how much a cheat can help the
| cheater, and the rest of the potential things a cheat can
| do (like aimbot in CS:GO, or auto-disable in Dota[1]) are
| easy for VACnet/Overwatch reviewers to detect since the
| movements are usually non-human-like.
|
| > Does this mean you think the ban process is too slow and
| involved?
|
| As VACnet and Overwatch reviewers become more experienced
| it really brings down just how much the cheats can help the
| player, to the point where using them barely makes a
| difference or only allows them to use informational cheats.
| I just don't think this will work for every game, and
| certainly isn't something every game developer wants to
| have to implement & maintain.
|
| 0: https://technology.riotgames.com/news/demolishing-
| wallhacks-...
|
| 1: https://redd.it/psb7h7 - an example. In the second part
| of the video, the Invoker cheater targets the Axe with one
| of his items without moving his mouse to the Axe, which
| saves him from being disabled/taunted - but a human would
| have to click or hover their mouse on the Axe to disable
| him.
| oliwarner wrote:
| Community moderation with persistent outcomes (eg VAC ban) is
| great for games you have to pay for, but it's really abrasive
| to a F2P community if there's am endless stream of cheaters.
| BeefySwain wrote:
| Developers will have to opt-in to allowing Wine/Proton users to
| play.
|
| Pertinent info on this change is in the Unreal dev docs here:
| https://dev.epicgames.com/docs/services/en-US/GameServices/A...
| hparadiz wrote:
| Does this mean I can finally play Apex legends on my Linux box?
| danShumway wrote:
| I still hold that many of our anti-cheat systems are based on a
| flawed starting premise for multiplayer games and how competitive
| and how "fair" they should be.
|
| https://news.ycombinator.com/item?id=21949201
|
| I have softened on this a bit. I don't think that global/regional
| ladders are universally bad, I don't have anything against
| competition as a motivator, and I concede that for some games
| this is important. But I still think that current multiplayer
| games place way too much emphasis on global rankings, to the
| point of ignoring other very common player archetypes. And I
| still think for most games, the application of player psychology
| in multiplayer ranking systems and reward systems is shockingly
| primitive. Multiplayer games are doing a lot of advanced research
| and complicated work, but they're directing the majority of that
| work into optimizing in a very narrow direction that nobody ever
| questions.
|
| Could be a longer conversation, but I am again reminded of the
| XKCD comic: https://xkcd.com/810/
|
| Completely fair games where players across an entire region are
| stuffed together into a single ladder system -- this is a
| legitimate design space, but it is a very, very narrow design
| space catering to what is honestly a kind of niche playerbase,
| and a lot of games would benefit from taking a broader, more
| creative view of why the majority of their playerbase is
| attracted to in the first place.
|
| There are other ways that players could be rated and sorted that
| would (if not eliminate) at least significantly lessen the need
| for a lot of these rootkits. In short, if cheaters aren't
| noticeable, and if the reward structures of a game are such that
| creating an enjoyable match for all players is more highly
| rewarded than "winning", then a lot of motivation for the kind of
| destructive cheating that ruins current experiences would go
| away. But more importantly, a lot of the kind of cheating that
| would remain: griefing, hacking, and generally destructive, mean-
| spirited behavior -- that kind of cheating would become much
| easier to detect and its detection could be better grouped
| together with moderation of other destructive player behaviors
| that may not constitute cheating, but that are still annoying
| enough that you already should be searching for and banning them
| anyway.
|
| Of course in some situations you have to try and guarantee
| completely fair experiences, and in some situations the purely
| competitive aspect of the game is the only part of the experience
| that matters. But the games industry currently treats it like
| it's a given that purely fair, region-wide competition should be
| the primary motivator for almost everyone playing multiplayer
| games, and honestly I just don't see it. The games industry is
| obsessed with something that is niche, most players _don 't_ want
| to try and work their way up a global competitive ladder beyond
| the impulse they have to unlock rewards and see a number
| increase. Many of those players want to win >50% of their
| matches, they want to be matched up against people who play
| interesting strategies rather than purely competitive ones, they
| want to play against people who force _them_ to think and
| experiment, they want a constantly shifting meta where a dominant
| strategy doesn 't very quickly become the only strategy, they
| want difficulty spikes to come in waves rather than randomly,
| when trying out new strategies they want to be able to slowly
| ramp into them, they want opponents to be playful and to try
| "fun" things during games.
|
| Ladder systems for most games are not designed to encourage those
| behaviors or outcomes.
|
| I am seriously skeptical that the majority of players in most
| multiplayer games today actually care about the integrity of
| ladders more than the other issues I raise above, and I wonder if
| this focus on fairness at all costs is a mentality that the games
| industry is going to eventually grow out of and look back on with
| the same kind of embarrassment as we already do with many other
| generally accepted practices in the past that were never
| questioned.
| babypuncher wrote:
| I don't think many cheaters themselves actually care about
| ladders and rankings. They just derive personal entertainment
| from ruining other peoples fun. This is why cheating was always
| a significant problem in online shooters long before they
| introduced ranking systems. It's also why entirely non-
| competitive games (like Minecraft) have problems with griefers.
| danShumway wrote:
| If you're able to shift cheat detection systems to primarily
| focus on griefers, that's a significant win, since griefing
| by its nature can't be subtle enough that other people don't
| notice it. The whole point of griefing is to be noticeably
| toxic to other players and to get a reaction out of them.
| Griefers have a harder time hiding than other cheaters do.
|
| If your design allows you to shift your focus towards trying
| to fight toxic behavior itself rather than just cheats, you
| can use the same detection methods as you would for any other
| toxic behavior that doesn't involve cheats. And you should
| have those detection methods anyway; whether or not a cheat
| is involved in the abuse shouldn't be the deciding factor
| between banning or allowing toxic behavior.
|
| The shift here is in realizing that for a significant number
| of your players, playing against someone who legitimately
| snipes them from across the map over and over while camping
| at a spawn point because they're just that good, and playing
| against someone who uses an aimbot to accomplish the same
| behavior -- both of those experiences are equally game-
| ruining for a lot of players. The legitimacy isn't the
| problem for those players, the resulting experience is. So
| trying to detect subtle aimbots kind of misses what the real
| game-ruining problem is for a lot of players.
|
| Where a number of player archetypes are concerned, you can
| look for overt toxic behavior and ban it regardless of how
| that behavior is accomplished. Similarly, if you're not
| prioritizing ladder integrity over everything else, there's a
| case to be made that you can just ignore any cheating that's
| too subtle for people to notice or that doesn't result in
| overt toxic behavior.
|
| A nontrivial number of your players don't actually care about
| ladder integrity, they want a number to go up and they want
| rewards released on a variable schedule as they get better at
| the game. For those players, it's not clear that playing
| against cheaters is actually a problem unless the cheaters
| ruin the difficulty curve or ruin the matches, and... again,
| you should think about banning people who do that stuff even
| if they're not cheating.
| ajb257 wrote:
| > Today, we extend support to Linux and Mac for developers who
| maintain full native builds of their games for these platforms.
|
| That sounds like Proton is definitely not supported here. So if
| an EAC developer only supports Windows, Linux users are SoL.
| mullr wrote:
| > support for the Wine and Proton compatibility layers on Linux
| is included
| [deleted]
| xd wrote:
| Anyone remember PunkBuster? If anything took more out of the soul
| of gaming in them days I'd love to know what. It never managed to
| keep on top of "hackers" but some how managed to destroy the
| legitimate gamer communities - I got kicked so much I just gave
| up in the end playing publicly.
|
| Does anyone even bother anymore with online gaming without using
| hacks? I've never strayed far from private servers for over a
| decade now.
| babypuncher wrote:
| Punkbuster was a nightmare and I still have flashbacks to
| botched updates ruining my Friday evenings in Quake 3 and
| Battlefield 2.
|
| I've yet to personally encounter any issues with more modern
| solutions like EAC or BattleEye, though I know they've caused
| issues with some exotic device drivers like RGB controllers.
|
| > Does anyone even bother anymore with online gaming without
| using hacks? I've never strayed far from private servers for
| over a decade now.
|
| Don't listen to the haters, cheating isn't as widespread as
| people seem to think it is, as long as you stay out of APAC
| matchmaking servers. Smurf accounts are the bigger problem in
| the games I play regularly (Overwatch, Apex Legends).
| tlackemann wrote:
| I literally just posted a comment in an earlier thread that the
| only reason I dual boot Windows is for EAC support. This is
| awesome news. We can finally play Fallout Guys on linux!
| theandrewbailey wrote:
| I assume that affected games need to be patched to include a
| newer EAC.
| BeefySwain wrote:
| This appears to be correct.
| francislavoie wrote:
| "Fallout Guys" haha, I think you meant Fall Guys.
| tlackemann wrote:
| I was so quick to reply, yes Fall Guys. Thank you kindly
| snthd wrote:
| How long till epic brings their store to Linux (or at least
| native Steam Deck)?
| eric__cartman wrote:
| If the Steam Deck gets a large enough user base, Epic will
| absolutely try to make a native, seamless store for Linux (at
| least the distribution running on Valve hardware). Hopefully
| sooner than later because, after all, the more users that have
| access to their store the more $$$ they make.
| BeefySwain wrote:
| Some additional context here:
| https://www.gamingonlinux.com/2021/09/epic-games-announce-fu...
| WhatIsDukkha wrote:
| This is fantastic news.
|
| Now I just need punkbuster.
|
| If I can play Planetside2 on Linux I can just ignore games that
| don't work well on Linux.
|
| I can't wait to delete windows, it does nothing for me
| professionally or personally outside of being a gamebox. I find
| between the spyware, bluescreens when trying to move a boot drive
| to a new box, explorer.exe is a miserable excuse of a desktop
| and... I could go on about the papercuts but... yeah.
| stinkytaco wrote:
| > I find between the spyware, bluescreens when trying to move a
| boot drive to a new box, explorer.exe
|
| I worry that EAC basically amounts to spyware, however.
|
| Also, and this is off topic, but I think Windows Explorer is
| the best GUI file manager on any platform. Shoot me.
| Macha wrote:
| It's better than Finder, but I'd have a hard time picking it
| over Dolphin.
| jtms wrote:
| This is great and all, but I feel like all of these client side
| cheat detection tools are basically a waste of time. Trying to
| enforce the trustworthiness of the client is basically an
| unwinnable arms race between anti-cheat and the cheat makers. A
| better approach is for the server to treat all clients as hostile
| and untrustworthy and use a combination of heuristics and
| statistics to ferret out malicious client behavior. Valve has
| been doing some very interesting stuff with VACnet where they
| employ deep learning to flag potential cheater accounts in CS:GO
| and then have humans review and rule on the output. From what I
| have read and watched, it has been very successful.
| Unklejoe wrote:
| > unwinnable
|
| It seems winnable so far if you look at the Xbox One and later,
| at least. I'm not aware of anyone successfully modifying game
| code on those consoles.
|
| The downside is that it a requires a completely locked down
| system.
| half-kh-hacker wrote:
| Cheat dev here. Check out this prior art of someone utilizing
| PS4 jailbreak exploits to modify GTA V's scripting VM at
| runtime:
|
| https://github.com/2much4u/PS4-GTA-V-Native-Caller
| Pxtl wrote:
| In the cases where end-to-end vendor control over the
| hardware from the player's fingers to the HDMI out exists,
| yes that seems possible.
|
| But on a PC? Where the user can install whatever software
| they like? Much harder.
|
| It feels like stopping aimbots will ultimately fail as
| eventually we'll see bots that use machine-vision to spot
| heads and pick them off. You wouldn't even need to run it on
| the cheating machine, this could be a separate device doing
| passthrough on the mouse, keyboard, and monitor.
| nitrogen wrote:
| Someone else mentioned doing this:
| https://news.ycombinator.com/item?id=28634631
|
| Even if they turn on HDCP, you could just get a low-lag
| monitor and point a camera at it.
| shadilay wrote:
| You can just buy an HDCP stripper.
| https://www.amazon.com/Easyday-Stripper-Splitter-Signal-
| Ampl...
| donkarma wrote:
| All Valve has done is made it so people cheat and pretend to be
| legitimate, you can't beat cheaters outside of making it a non-
| cheatable game, you can just reduce it. Then again, if nobody
| notices that you're a cheater, are you a cheater?
| s_dev wrote:
| >Then again, if nobody notices that you're a cheater, are you
| a cheater?
|
| Yes, you're just a successful cheater as all cheaters are
| deceptive by definition.
| sigotirandolas wrote:
| Perhaps if you want a perfect solution, but in practice most
| people aren't cheaters, and those that cheat tend to eventually
| make a mistake and get caught by the anti-cheat. The remaining
| 1337 you can manage manually.
| Mandatum wrote:
| They've been doing interesting stuff but have completely failed
| to succeed with anything. VAC is a joke. VACnet continues to be
| a pipe dream.
| rastafang wrote:
| Cheating in CS:GO's casual mode is still very common, not sure
| about competitive. But yes, server-side detection would make
| more sense.
| temporarrry0923 wrote:
| VACnet hurts cheaters, and also probably 25% of legits as well.
| In low trust this can be verified pretty quickly. Even in the
| gutter of trust, redder than red, you still have about 50-60%
| of players cheating. That's nearly half of everyone in the
| WORST trust factor of the game, who are there while not
| cheating. Though some are probably griefers/mic-
| spammers/toxics, it's certainly not all of them.
| fwip wrote:
| You mean that 50-60% of players appear to be _currently_
| cheating in ways that are detectable by you.
| temporarrry0923 wrote:
| If there's one thing that all cheaters have in common, it's
| an inflated ego. If the enemy is cheating, and half your
| teammates are, and it's casual, you're gonna toggle on
| harder. There is no way to get banned in casual, unless
| it's by VAC, in which case you already have it injected so
| it doesn't matter.
|
| You are right, though; my estimate is just personal
| experience
| Thaxll wrote:
| Because it's not as trivial as you think it is to get good
| results if you rely only on the server side, if it was the case
| everyone would do that.
|
| Server side cheat detection actually don't detect that much,
| like how do you known someone is wallhacking?
|
| As for manual review it just does no scale, when you see that
| CoD banned 100k cheaters, imagine if one person from activision
| would have to review every cases.
|
| Cloud gaming is the solution against cheats.
| franknine wrote:
| https://twitter.com/anticheatpd/status/1412024189561851904?s.
| ..
|
| There are cheats doing CV on video stream and they work on
| consoles. I guess they would also work on cloud gaming
| services.
| SXX wrote:
| Uh oh what would stop my ML-based auto-aim from cheating in
| FPS running on cloud? Cheats now might be fine with just
| video feed as input.
| tester756 wrote:
| If that was 2015 or 2010 then I'd say: why would people
| competent in computer vision waste time on making 30$
| cheats when they can use their skills at faang for probably
| 200k?
|
| but nowadays idk whether it stands
| thaumasiotes wrote:
| > Cloud gaming is the solution against cheats.
|
| The solution to cheating is to _stop playing with strangers_.
| sneak wrote:
| Simply because a tech arms race is theoretically unwinnable
| doesn't mean that trying to win a little doesn't deliver value
| to the company and its ecosystem.
|
| You can emulate an android and run snapchat and screenshot the
| emulator, but the screenshot reporting inside of snapchat is
| still valued by millions (and shapes the behavior of millions).
| vkou wrote:
| It's an unwinnable arms race if your goal is zero cheating.
|
| It can work well enough if your goal is 'ban/hellban cheaters
| relatively quickly'. If the time/money cost of creating a new
| account is non-trivial, this can very well get cheating down to
| some acceptable level.
|
| Server-side statistics can be used in addition to this kind of
| client-side monitoring, but there's only so much that can be
| inferred from statistics. It may not be too difficult to
| determine if someone is using, say, an aimbot from statistics,
| but it's very difficult to determine if they are using a radar
| - because the cheater still has to make fuzzy, human decisions,
| based on the information that radar gives them - and because
| its difficult to tell radar apart from good gamesense.
| malwrar wrote:
| I used to write cheats for various source engine games (running
| vac), and later more interesting games like pubg which run
| battleeye. Those are two very different anticheats, and I think
| comparing them is interesting
|
| An important thing to point out is that it requires a lot of
| reversing work and low level knowledge to make a cheat, and
| usually at the end of the day cheats all end up with the same
| core features anyways. This means that there's a huge stigma
| amongst cheat developers around knowledge sharing, which makes
| a lot of that initial work all the more arduous. Anticheats
| further increase that initial work, and incur an ongoing
| maintenance cost since each update can break your cheat
| (especially of you specifically work to break the public
| methods that everyone is using).
|
| Last time I looked at VAC, it was doing stuff like looking for
| stuff like modifications to the .text section to detect hooks
| implemented by writing e.g. jmps to some injected code, but
| never actually adapted when people started just modifying
| vtable entries (most source engine constructs are exposed to
| developers as pure virtual cpp classes). Since they stagnated,
| it got easier and easier to cheat over time as more and more
| people spread knowledge on how to hook in an undetected way.
| Hell, in gmod some lua anticheat developer (gmod is a sandbox
| game with a lua scripting interface) found a vuln in the
| clientside lua implementation that allowed arbitrary memory io
| and used that primitive to implement checks for injected dlls
| when people started cheating at that level in that game, which
| was far more effective than VAC ever was.
|
| BE was another universe, it felt extremely prohibitive to touch
| the game in usermode & even in the kernel I started to feel
| cramped. You can still totally get past it, but it felt more
| like writing a very specific rootkit than actually making a
| cheat.
|
| So, from the other side, anticheats raise the cost of initially
| developing and maintaining a cheat. If used effectively, they
| can also kill paysites. I think they have value, even if they
| aren't achieving a 99.99999% success rate.
| swinglock wrote:
| Much like anti-virus software.
|
| What is BE?
| heinrich5991 wrote:
| BattlEye maybe.
| ximus wrote:
| BattleEye
| [deleted]
| [deleted]
| [deleted]
| [deleted]
| [deleted]
| sevenf0ur wrote:
| As someone that has played CSGO recently, it's still normal to
| come across cheaters. Server side cheat prevention is preferred
| when possible, but there are just too many opportunities for
| client side cheating in multiplayer FPSs. You can't prevent the
| client from auto-aiming or knowing the enemy player position
| behind a nearby wall. If you do not stay on top of cheating,
| cheaters will ruin your game.
| rasz wrote:
| You can track statistics of players aiming at same spot in
| enemy model every time, looking directly at other players
| behind obstacles outside sound range, you can send probes
| with bogus player position data behind a wall from suspect
| player and analyze reaction.
| CapsAdmin wrote:
| I thought the idea of this deep learning cheat detection was
| looking for subtle cueues?
|
| Like how someone wall hacking would behave differently from
| someone who is not. Maybe by reacting before the player is
| actually seen.
|
| Maybe I'm just thinking it's more impressive than what it
| actually is.
| temporarrry0923 wrote:
| >You can't prevent the client from auto-aiming or knowing the
| enemy player position behind a nearby wall
|
| Valorant and Edan.gg's defender [1] has the best fog of war
| system I've ever seen. CSGO has probably the worst; in fact,
| at one point, the game had NONE and sent player pos's to
| everyone at all times.
|
| I completely agree, but there are a lot of server-side
| mitigations that haven't been nearly as explored as I'd hope.
|
| [1]: https://edan.gg/defender
| judge2020 wrote:
| I'm a little skeptical that that's the case. When I cheated
| in CS:GO years ago (1856 days ago in 2016), I specifically
| remember being unable to see where people went at the
| beginning of the round, and sniping double-doors on dust2
| showed people only when they were about to pass by the
| opening. This was on official competitive servers, so maybe
| you only mean self-hosted servers don't have FOW.
| temporarrry0923 wrote:
| I mean, it has fog of war, yes. It's not as good or
| strict as it could be. I have seen discussions with the
| devs and they say that if it is more "strict" (ie hiding
| player positions until they are closer) would be more
| taxing on CSGO servers, AND would screw with high ping
| players (they would experience pop-in).
|
| Check out https://edan.gg/defender to see the comparison
| between CSGO and a better FoW system.
| nitrogen wrote:
| I'm not a CSGO player, but I assume you also have to be
| able to play e.g. footstep sounds for someone coming up
| around the corner, so you at least need to send the info
| that someone is nearby.
| half-kh-hacker wrote:
| Another source engine cheat dev here. Source has had
| dormant entities at long ranges in culled-off areas
| [sectors of the map demarcated by func_areaportal]
| since... as long as I can remember.
|
| Your cheat couldn't see those players because the server
| was doing a very cheap and primitive visibility
| calculation, deciding the player entities are dormant for
| you, and choosing to not send you the data for them.
|
| This is different from the later-enabled player PVS
| system, which does more expensive ray casting once you
| get a certain distance away, which cut down on wallhack
| cheats a lot more [although they are still very useful]
| slezyr wrote:
| > From what I have read and watched, it has been very
| successful.
|
| Let me guess, you have not played CS:GO? There is an insane
| number of obvious cheaters, more than in other games I played.
|
| Also, there is TeamFortress 2 that's just has been abandoned
| and they can not an anti-cheat to it, it seems.
___________________________________________________________________
(page generated 2021-09-23 23:00 UTC)