[HN Gopher] Steam games will need to disclose kernel-level anti-...
___________________________________________________________________
Steam games will need to disclose kernel-level anti-cheat on store
pages
Author : jrepinc
Score : 320 points
Date : 2024-10-30 19:39 UTC (3 hours ago)
(HTM) web link (www.gamingonlinux.com)
(TXT) w3m dump (www.gamingonlinux.com)
| throwaway48476 wrote:
| After the crowdstrike disaster 3rd party kernel drivers need to
| be shunned for non critical applications.
|
| Games publishers have been bad actors in this space for a long
| time now. The genshin impact anticheat was used in a malware
| campaign. Rockstar was very misleading trying to imply their
| kernel driver not being compatible with the steam deck was valves
| fault.
| doublerabbit wrote:
| What decides critical or non-critical.
|
| One could argue that a game isn't critical but one could say
| it's critical to stop hackers.
|
| If you were to take the stance that gaming isn't critical than
| with that logic you're then claiming multiplayer hacking is a
| feature of the game.
|
| Doesn't do well for the community or the company. But nor do
| the rootkits do good for the consumer.
| throwaway48476 wrote:
| Critical as in "my gpu is a paperweight without a driver".
| sgjohnson wrote:
| GPU driver can technically be userland too.
|
| Look at what Apple has done in recent years. kexts (kernel-
| level drivers) are basically all but unsupported today, and
| both DriverKit and IOKit are fully userland.
| throwaway48476 wrote:
| Performance critical drivers are always going to be
| kernel mode.
| avery17 wrote:
| It hasn't stopped hackers though.
| caiomassan wrote:
| at least they need to search more than the first cheat
| option on google.
| lomase wrote:
| To be fair it stopped hackers for a while. Many people said
| Valorant did not have cheaters.
|
| But nowdays the Valorant community complains about hackers
| almost as the CS community.
| Nadya wrote:
| If they worked to any acceptable level of efficacy then they
| could be tolerated. They're only tolerated by people who
| think they work as well as they claim to work (security
| theater) but anyone who knows about the performance impacts
| and/or are tech-savvy enough to understand it is a rootkit
| and potential exploit (that would fully pwn your device)
| hates them.
|
| Some cheats are getting rather sophisticated now. There's an
| ever-increasing number of Pi-devices where the cheating is
| done externally.
|
| https://www.youtube.com/watch?v=QpvwjC1_Luo
|
| https://www.youtube.com/watch?v=revk5r5vqxA
| ThatPlayer wrote:
| They're also chosen by users when the game is filled with
| cheater. Counterstrike 2 is an example of this with players
| moving to FaceIT and ESEA (with kernel anti cheat) as the
| higher ranks of official competitive matchmaking are filled
| with cheaters.
| lomase wrote:
| FaceIT works better than normal matchaking, but I am not
| sure is because is a Kernel level anticheat.
|
| FaceIT only sells one thing, matchmaking, so they have
| people manually reviewing games. A thing that Valve will
| never do.
| tadfisher wrote:
| That's child's play. The vogue is PCIe devices that sniff
| draw calls, memory transfers and network activity on the
| bus.
| 2OEH8eoCRo0 wrote:
| > one could say it's critical to stop hackers.
|
| It's never critical to stop hackers in a videogame IMO. We
| need to stop being so damn serious about _gaming_.
| codebje wrote:
| Rampant cheating will wreck competitive multiplayer games
| fast, so there are perspectives from which this critical.
|
| (I'd still lean towards expecting game houses to find
| another way, kernel drivers are still client side trust
| mechanisms).
| heromal wrote:
| I think the point is that competitive multiplayer games
| are not critical. Scripting in e.g. league of legends
| probably doesn't register on 99% of humanities "top 100
| most critical things in my life" radar.
| 2OEH8eoCRo0 wrote:
| That was my point. We forgot we were gaming, probably due
| to all the money being thrown around.
| prerok wrote:
| For some people it's no. 1 priority in life. What's your
| point?
| codebje wrote:
| The LoL game development studio probably rates their game
| being a commercial success as a significantly critical
| thing.
| prerok wrote:
| Well, the problem is eventual consistency and these games
| have a hell to consolidate properly.
|
| One user is on a connection with 10ms latency, the other
| user is on 50 ms latency. Now, if first user does
| something, and second user can either do something to
| evade or can do something that actually prevents the
| first user from acting, how do you consolidate that?
|
| The actual timestamp of when exactly what happened helps
| immensely, but you have to trust the timestamp. And how
| can you know that is not manipulated?
|
| But... that's just the surface. Consider: one client uses
| a rendering that takes 25ms longer to show up and another
| client does not render textures/shadows etc. That client
| is faster and the sender can even send "official"
| response times, but would still give an advantage.
|
| So, I am not sure this can be solved serverside. But... I
| don't play these games anymore and would never opt for a
| rootkit to be installed just so I can play. I can imagine
| plenty of people, though, who would.
| lomase wrote:
| If not having hackes is critical for a competitive
| videogame CS and Dota 2 will be dead.
| kelnos wrote:
| I think you're framing this the wrong way.
|
| Is it fun to be a non-cheater, and join a multi-player game
| where there are other players using software cheats that
| let them easily beat you every single time?
|
| I'm pretty sure I would quickly stop playing that game, and
| demand the publisher refund my money. That's just not fun.
|
| And that's just as a casual gamer. For people who compete
| and win prizes, endorsements, etc., the stakes are a bit
| higher.
|
| I'm not saying kernel-level rootkits installed on
| everyone's machine is the answer, but letting people cheat
| isn't going to work either.
| RobotToaster wrote:
| Lets call them what they really are, rootkits.
| jrepinc wrote:
| This, so much this. Also often spyware.
| schmidtleonard wrote:
| First party malware.
| kulahan wrote:
| Can't wait to find out what China hid in Riot's Vanguard
| rootkit for all their games. It's 100% a conspiracy theory,
| but nobody can convince me it's perfectly clean, or if it is,
| that there isn't an easy way to add some power to it quietly.
| jsheard wrote:
| If I wanted to deploy a trojan horse then the last place I
| would try to hide it is in an anti-cheat driver that will
| without any doubt be exhaustively analysed by people
| attempting to bypass it.
| throwaway48476 wrote:
| State sponsored actors only target a few people and they
| only send the backdoored version to their target list.
| thesuitonym wrote:
| Ah yes, that's why stuxnet wasn't a big deal
| throwaway48476 wrote:
| What do you mean? They burned several high value 0days on
| a high value target. Why wouldn't China burn a high value
| backdoor on a target they deem valuable enough.
| bravetraveler wrote:
| Gamers are great targets. They'll disable security for
| higher polling rates. Not discerning, gladly walk to the
| slaughterhouse.
| phito wrote:
| There's a ton of gamers that like to figure out how the
| game itself works. There's a ton of them trying to figure
| out how anti cheats work, sometimes to cheat, but more
| often because they're curious, resourceful teenagers
| taking it as a challenge.
| bravetraveler wrote:
| Oh, I know. That's how my career was started. I made
| invitational in CS: Source _(CAL)_ and then sold cheats
| to pay for college. My first Real Job was through a
| teammate.
|
| Far more would have accepted a RAT and been deprived
| money than expressed genuine interest. Some did... not
| many. Most wanted the acclaim without the effort.
| Cthulhu_ wrote:
| But also there's parties there with a big interest in
| circumventing these securities, and have done so for
| decades. The new release of RDR for PC (shamefully asking
| $50 for a 14 year old game) was cracked within days, if
| not earlier, of its releae.
| vkou wrote:
| Ah, yes, getting your computer pwned is _just like being
| murdered_.
| bravetraveler wrote:
| l o l
|
| Fine, they'll gladly eat shit
| vkou wrote:
| How much shit, and how does it compare to the risk
| profile of, say, not wearing a five points seat belt and
| motorcycling helmet while driving, or a bulletproof vest
| when going to school, or an N95 mask literally
| everywhere?
|
| Security theorists are always ready to tell us about the
| horrifying risks of installing kernel-level code from a
| vendor, but can they actually quantify the likelihood
| times damage those billions of installations have
| inflicted on Joe Random's life?
|
| And contrast them to other risks that we regularly take
| in the name of comfort and convenience?
| bravetraveler wrote:
| I'm not really that interested in chasing this, but a
| point I do want to make: it isn't just risk.
|
| If you want to participate in a lot of these multiplayer
| games that place cheating far too highly, you can't use a
| hypervisor. You must have gaming device and computing
| device. They cannot be the same.
|
| That's fine for most, but I consider it shit. VFIO makes
| it possible for a big computer to make a smaller gaming
| one. Ask me how I know.
|
| My greater point is I don't care if I get cheated out of
| a finals match. I can actually speak from experience. I
| prefer autonomy over my devices. I kind of want to eat
| poop with them. A little.
| kelnos wrote:
| Funny that you initially used "Joe Ransom" as your
| example name (before your edit), as that describes one of
| the possible situations our friend Joe can end up in:
| malware that encrypts all his data and asks for a ransom
| to get it back.
| vkou wrote:
| Its possible. Roughly how likely is that to happen to him
| from installing a game with EAC? Are there a lot of
| documented cases of this?
|
| Is it more or less likely than them dying from the 'Rona
| because they didn't wear an N95 24/7?
| throwaway48476 wrote:
| China's national security assistance law came up in the
| TikTok hearings. There's no reason to believe that the CCP
| doesn't have the legal authority to compel Riot to push an
| update with a backdoor to a few select high value targets.
| gorjusborg wrote:
| Companies rule the United States. Companies that do
| business in China are ruled by China. Therefore, the
| United States is ruled by China.
| vkou wrote:
| The same line of thinking leads me to conclude that the
| world is ruled by the United States.
|
| Can we stop with the nationalistic hyperbole already, and
| discuss acute issues, instead of vague fingerwaving at
| the foreign boogieman?
| PaulHoule wrote:
| If it is written in C you can always introduce a buffer
| overflow or something similar by just adding a little bit
| of line noise here or there and nobody can prove it was
| deliberate.
| throwaway48476 wrote:
| It's closed source and the assembly is obfuscated. You
| don't even need to bother with plausible debiability.
| Cthulhu_ wrote:
| Surely the NSA has tools, people, resources etc to figure
| that out?
| throwaway48476 wrote:
| Dedicated to reverse engineering every update to
| vanguard? Huge waste of effort. They would probably just
| steal the source code.
| tapoxi wrote:
| I mean, they're not rootkits. Rootkits are either to gain
| root access (thus the name) or to hide something from a user.
| Anticheats don't do either of these.
|
| They expose a kernel API to allow games to verify the state
| of the system, and they're knowingly installed by the user.
| jolmg wrote:
| > They expose a kernel API to allow games to verify the
| state of the system, and they're knowingly installed by the
| user.
|
| Can you give examples of games where you do that?
| billyoyo wrote:
| Riot games use theirs (Vanguard) to improve detection of
| cheating software. basically the idea is by being on from
| the moment the computer is booted up it can validate the
| environment better.
|
| Here's a recent blog post by riot detailing their recent
| deployment of the system for league of legends, the
| biggest online multiplayer game in the world
|
| https://www.leagueoflegends.com/en-gb/news/dev/dev-
| vanguard-...
|
| towards the end it talks about how and why it works
| bigstrat2003 wrote:
| > They expose a kernel API to allow games to verify the
| state of the system
|
| And that API has root access... thus it's a rootkit.
| tapoxi wrote:
| The API doesn't provide root access, it's typically a
| simple "is this game running in a secure environment"
| read API.
|
| I really hate "it's a rootkit!" posts like this because
| it diminishes the severity of actual rootkits.
| bigstrat2003 wrote:
| Can you please clarify how an API which runs _in the
| kernel_ does not have root access? Because I don 't
| believe that's possible, but perhaps I'm wrong.
| AlotOfReading wrote:
| That's the promise of eBPF.
| brokenmachine wrote:
| How do you think it is able to tell if the game is
| "running in a secure environment" without having root
| access itself?
| lomase wrote:
| The thing is the Kernel does not have that API.
|
| The real solution, and not the hack Riot uses, is for
| Kernel to provide an API for anticheats, like it does for
| everything useland.
| OtomotO wrote:
| That's exactly what I tell my friends.
|
| I can't play certain games, because they don't run on Linux
| and even if they did, I am not gonna install a rootkit to run
| them.
| kibwen wrote:
| Getting a Steam Deck has done wonders for my piece of mind.
| I don't need to worry if whatever games I'm installing are
| malicious, because the machine is airgapped from anything
| critical.
| OtomotO wrote:
| Same, but I am only using it for couch gaming
| dark-star wrote:
| piece of mind? or peace of mind?
|
| /nitpick ;-)
| Thaxll wrote:
| And yet you install driver on Linux without knowing it, I
| mean Linux has 0 security for drivers.
| throwaway48476 wrote:
| When was the last time you had to install a Linux driver
| from out of tree?
| db48x wrote:
| Most people do install Nvidia's out-of-tree graphics
| driver. It is definitely a risk.
| OtomotO wrote:
| I am not using Nvidia since 2011. Last nvidia device was
| bought in 2007.
|
| Back then I migrated to Archlinux and in all these years
| I only had problems with nvidia. Since then they are dead
| to me :)
| Phrodo_00 wrote:
| > Most people do install Nvidia's out-of-tree graphics
| driver
|
| Most people that use Nvidia. I specifically don't buy
| Nvidia graphics cards or laptops that use them in my
| Linux computers because they're not in-tree.
| vidarh wrote:
| It's a risk, but a very minor additional one - if you
| trust their hardware with direct access to your PCIe bus,
| you have already given them the metaphorical keys to the
| vault.
| kelnos wrote:
| If you've already put a piece of hardware into your
| computer made by nvidia, installing a kernel driver also
| made by nvidia does not increase your risk at all.
|
| Installing some random anti-cheat kernel driver is not
| the same thing, at all.
| Thaxll wrote:
| Cheats and bots are ruining online games though.
| umvi wrote:
| Yeah life sucks when everything and everyone has to be
| untrusted (applies not just video games).
|
| The solution is to build trusted spaces again IMO.
|
| For video games assume that each user is trusted by default.
| As soon as they violate that trust by cheating, they are
| banned permanently for that copy of the game. If they want to
| be trusted again they have to buy another copy of the game to
| get another license. Make it hard to become a member of a
| trusted community and easy to be kicked out of a trusted
| community for violating trust. This would eliminate the vast
| majority of cheating and bots because most gamers are kids
| and having to buy a fresh copy will hit hard. If they abuse
| it enough, make them jump through more hoops like ip bans and
| computer fingerprint bans.
| codebje wrote:
| False positives would very much hurt in that model. But
| returning to a small multiplayer experience with chosen
| friends would work: the in/out decision is local and
| personal.
|
| It's only a problem when you game with strangers.
| billyoyo wrote:
| This is a naive take. Of course these developers already
| permaban cheaters. Firstly many of these games are free to
| play so "getting another license" is a non issue. They're
| doing hardware bans nowadays which are harder to avoid but
| not impossible.
|
| Half the battle is detection though. If you don't detect
| cheaters quick enough they ruin enough games that genuine
| players start getting frustrated and leave. Anti cheats
| help with this detection.
|
| Probably every anti cheat idea you can think of, in terms
| of detection, prevention and punishment, has probably
| already been tried by a large online multiplayer game. It
| is an extremely difficult problem to solve, a constant arms
| race.
| keyringlight wrote:
| It's going on a tangent, but one naive take which
| continues to amuse me when it comes up is community/third
| party servers and policing of cheating. As though
| delegating that responsibility is the goal or that it
| would scale to handle the size of modern playerbases
| including the ratio of admins to players to be able to
| monitor and respond to (alleged) cheaters
| throwaway48476 wrote:
| With community servers an admin only has to police their
| server, which is a fixed number. More players, more
| servers, more admins.
| ThatPlayer wrote:
| But as gaming has grown and become more mainstream, the
| ratio of enthusiasts who are willing to admin to casual
| players who don't has changed. Server sizes have changed
| over time with smaller games like 5v5 becoming way more
| common.
| daedrdev wrote:
| Talking just about games, this really doesn't work with
| free games. Even if there is a lengthy 'lockout' period
| from the real game, many games have rampant and cheap
| accounts for sale and doing so will make the game
| experience worse.
| bigstrat2003 wrote:
| Perhaps, but it's far better to have cheaters and bots than
| to have games require a rootkit to play them.
| Cthulhu_ wrote:
| Well no, because they ruin the online experience making
| people not play the game.
|
| (in theory, GTA online has had / still has huge problems
| with bots and cheats but still earns the publisher hundreds
| of millions a year)
| throwaway48476 wrote:
| They have problems because they're cheap and don't want
| to pay to host servers. They don't want to let people
| host their own authoritative server either because of the
| $billions in fake money.
| kelnos wrote:
| I think that's a matter of opinion.
|
| Personally I find both unacceptable: I won't play a game
| that requires me to install a rootkit, and I won't play a
| game where cheaters and bots run rampant, ruining the fun
| for everyone.
|
| So hopefully there's a solution to this that doesn't
| require a rootkit.
| evanriley wrote:
| And Kernel level anti-cheat isn't stopping them.
| ZYbCRq22HbJ2y7 wrote:
| Back when communities hosted servers instead of companies, it
| seemed less common, even though it was easier to do.
| ThatPlayer wrote:
| Because games were less common. If you look at community
| hosted servers now they commonly have more anti cheat, not
| less. Counterstrike with FaceIT and ESEA. Even FiveM for
| GTA V rolled out a custom anti cheat before it was added to
| the official game.
| prerok wrote:
| Life was a bit simpler then. At that point in time the
| leaders also did not get millions for their wins.
| orbital-decay wrote:
| _> The genshin impact anticheat was used in a malware campaign.
| Rockstar was very misleading trying to imply their kernel
| driver not being compatible with the steam deck was valves
| fault._
|
| I mean, nothing of this is new. ESEA, one of the most
| influential esports leagues, was caught using its anticheat _to
| mine Bitcoin_ in 2013. [1] This is long out of control,
| probably since the days BattlEye switched to ring0 in 2012 due
| to chronic cheating in the DayZ mod, or maybe earlier. Modern
| anticheats are full-fledged rootkits with extremely complex and
| targeted payloads siphoning customer data and hijacking all
| sorts of stuff, and that 's not a theory, they actively abuse
| players' trust and indifference.
|
| If you care about your data and the control of your devices,
| you should probably avoid them entirely, or at least use them
| on dedicated gaming PCs on a clean identity, and keep them
| separate from your LAN.
|
| [1] https://play.esea.net/forums/492102
| lousken wrote:
| Good, the sooner devs realize they need to do server side
| properly, the better
| forgetfreeman wrote:
| Aaany day now...
| teen wrote:
| I think most of these companies do do the server side properly.
| There are plenty of hacks that just make a client play ungodly
| well. Like macros, aimbots, cooldown tracking, auto-hex
| plopz wrote:
| I'm not sure about that first part, some of the biggest games
| like gtav is an embarrassment in the concept of never trust
| the client.
| Matheus28 wrote:
| GTA V is an exception because it's so easy to cheat in. I
| believe it's peer-to-peer with no verification among peers
| that what happened should actually have happened. It's
| basically impossible to secure that.
| Cthulhu_ wrote:
| I suppose that was an intentional choice, I can imagine
| running the amount of worlds that GTA has (iirc you only
| have up to 32 or so players in a world? Something like
| that) doesn't scale well cost-wise. IDK if AWS and co
| were up for the task yet back when. But since you earn
| in-game currency, not having a central authority check
| these things is... an interesting choice.
|
| I suspect GTA VI may improve on these things and have
| centralised/dedicated/anti-cheat-guaranteed servers. Then
| again, it never impacted their profit margins so idk.
| arp242 wrote:
| It's impossible to prevent cheating from the server-side only.
| Something like an aimbot can operate purely on information you
| _need_ to have as a client (to render the other players on the
| screen), and still be a huge advantage because it can respond
| faster than any human can.
| baseballdork wrote:
| Shouldn't that be detectable?
| heromal wrote:
| Without kernel level anti cheat you can detect (some) other
| usermode cheats, but not kernel level cheats. With kernel
| level anticheat, you can detect the vast majority of other
| kernel level cheats. Vanguard is effective enough that most
| successful cheaters are using external devices and DMA to
| bypass the kernel altogether (or they just use Macs because
| Apple doesn't allow Vanguard). And despite Riot's
| insistence to the contrary, they have not "detected" DMA
| cheats.
| Cthulhu_ wrote:
| It should be - if a server firehose streams all players'
| network data to an analysis thing, it should be able to
| detect patterns of impossible accuracy and response time,
| even though there is some margin for error due to e.g. lag
| and packet loss (iirc intentional lag / packet loss are
| some strategies cheaters use to obfuscate things like
| aimbots, e.g. generating movements that shoot someone in
| the head but holding them back for a second or so so that
| in theory a competent player could have done the required
| motions within a second instead of 1/100th thereof)
| gpderetta wrote:
| On the other hand an aimbot can operate purely on
| informations you /need/ to send in and out to the physical
| machine (input peripherals and the screen), so there's
| that...
| plopz wrote:
| I think server side statistical analysis can go a long way to
| detect stuff like that. Obviously its always a cat and mouse
| game between devs and cheaters, and there are always
| workarounds, but theres a lot more the devs could be doing
| without relying on invasive client side detection.
| evoke4908 wrote:
| I think the problem is that that kind of work requires a
| good deal of developer resources for a long time. What
| company wants to pay upkeep on a shipped product? You could
| save hundreds of thousands of dollars a year by shipping a
| rootkit to players and not worrying about server security.
| vkazanov wrote:
| Any company that makes big money on long-living
| multiplayer games?
| phito wrote:
| It would not only take a lot of developer resources, but
| also computing power.
| a_wild_dandan wrote:
| I suppose Valve, who trained a neural network to
| detect/ban cheaters exhibiting unnatural behavior.
| babypuncher wrote:
| It hasn't paid off very much, CS2 still has a rampant
| cheating problem. VAC has been a joke for years at this
| point.
| nicce wrote:
| It only needs to be good enough that people keep buying
| (or not) the Prime when their old account gets banned.
| There is good reason that it exist, also from cheating
| perspective.
| lomase wrote:
| Because CS2 does not have Overwatch, the AI VAC thing. As
| far as I know is only enabled on Dota.
|
| VAC is a joke until they ban players and all start to cry
| on reddit/discord.
| butterfly42069 wrote:
| BasicallyHomeless did a recent YouTube video on this.
| emgeee wrote:
| I've always wondered about this too. It should be pretty
| easy to recognize statistical outliers. I'm sure cheaters
| would start to adapt but that adaptation might start to
| look more in-line with normal skill levels so at least the
| game wouldn't be utterly ruined
| alex_lav wrote:
| This post is so interesting because it highlights the
| people that don't know anything about the requirements or
| state of cheats/anticheat. What you're describing is 10
| years out of date. Every modern cheat has a toggle, and
| (almost) every modern cheater masks augmented behavior
| with misses/native behavior.
| babypuncher wrote:
| The problem is that most cheaters don't just go full
| aimbot and track people through walls. That is a surefire
| way to make sure your account gets reported, reviewed,
| and banned regardless of what anti-cheat is in place.
|
| Serial cheaters cheat just enough to give themselves an
| edge without making it obvious to the people watching
| them. By just looking at their stats, it can become very
| difficult (though not impossible) to differentiate a
| cheater from a pro player. This difficulty increases the
| odds of getting a false positive, necessitating a higher
| detection threshhold to avoid banning innocent players.
| nicce wrote:
| Valve has adapted this kind of thing in Counter Strike
| for almost a decade.
|
| They try to make own matchmaking for possible statistical
| outliers so cheaters end up playing against each other.
| Of course, real good players can still get there and
| there are (at least used to) real humans on reviewing on
| those games to see if someone is actually a cheater. It
| is not a simple task, since you can cheat to be just
| slightly better than others and that is enough to be
| good.
| arp242 wrote:
| You can tune the aimbot to be as good as the server allows,
| maybe with a bit of variation to throw it off.
|
| And realistically, some real non-cheating players will by
| chance just have similar statistics to bots, especially
| since the bots will start doing their best to mimic real
| players.
|
| Also many players don't need to cheat all the time; just in
| that critical moment when it really matters. Didn't Magnus
| Carlsen say he only needs a single move from a chess
| computer in the right moment to be virtually guaranteed
| win? Something like that probably applies to a many people
| and fields. This is even harder to detect with just
| statistics.
|
| Also also reminds me of the "you can't respond in less than
| 100ms, and if start the sprint faster than that after the
| starting pistol then you're disqualified"-type stuff they
| have in the Olympics - some people _can_ consistently
| respond faster and there 's a bunch of false positives. Not
| great.
| darknavi wrote:
| Client <-> Server architecture can still take you a long way.
| Culling what you send to the client and relying less on
| client-side "hiding" of state, server authoritative actions
| with client-side prediction, etc.
|
| At the end of the day someone could be using hardware
| "cheats" but you can get down to a pretty good spot to stop
| or disincentivize cheaters without running rootkits on their
| devices.
| Rohansi wrote:
| Latency significantly reduces the effectiveness of culling
| via the server. There will always be a place for client
| side anti-cheat if games are running on players' computers.
| nicce wrote:
| Funnily, for example, using GeForce Now prevents almost
| all kind of cheats. Maybe the future of the competitive
| gaming is that you only use remote client for remote
| server which is hosted by the game company.
| arp242 wrote:
| You don't need a "hardware cheat"; just a program that
| reads the memory representation of stuff. This is nothing
| new and already how many cheating tools work, and is
| exactly what all these anti-cheating things are designed to
| prevent.
| lomase wrote:
| If you try to read memory nowdays the naive way, with
| cheatengine for exaple, you will get banned in any online
| videogame.
| nickphx wrote:
| if you have a large enough player base to sample, you can
| determine who is cheating with math. EA Fairplay is pretty
| good.. Steam's VAC is good, and not some kernel level
| nonsense..
| heromal wrote:
| VAC is absolutely terrible, are you kidding? You have to
| rage to get VAC banned.
| Rohansi wrote:
| To some degree, yes. But there are actually many cheaters
| that intentionally don't play perfectly to avoid detection.
| That way they appear higher skilled but still within human
| range.
| jsheard wrote:
| VAC is so not-good that there are not one but _two_ popular
| third-party matchmaking services for Valves games whose
| main selling point is much stronger (read: more invasive)
| anti-cheat than VAC, and one of them even charges a
| subscription to play, which highly skilled players gladly
| pay to get away from the cheaters in high-rank VAC servers.
|
| https://play.esea.net / https://www.faceit.com
| zamalek wrote:
| There is a startup attempting to use ML to find cheaters:
| https://www.youtube.com/watch?v=LkmIItTrQP4 (this video might
| be overly optimistic) - https://anybrain.gg
|
| They even _claim_ to be able to fingerprint players according
| their playstyle, thwarting all methods of ban evasion.
| Skepticism should be abundant here, but this one of the
| oldest tricks in ML: categorization /clustering. I'm
| cautiously hopeful.
|
| This would be server-side by nature.
| hypeatei wrote:
| What? The current PC gaming model where things run on a machine
| controlled by the user is fundamentally against solving the
| issue of cheats. You can't prevent everything server-side.
| throwaway48476 wrote:
| It's not about prevention, but detection.
| cobalt wrote:
| and it is a cat and mouse game between cheat and game devs
| hypeatei wrote:
| I'm not sure what point you're trying to make but in this
| context there is no difference. If you know someone is
| cheating, you prevent further cheating by banning them.
|
| Now I'll ask: how do you detect someone wall hacking
| automatically? No human review and no false flags. Go!
| throwaway48476 wrote:
| A prevention model would be like the xbox where technical
| measures are used to prevent user code. A detection model
| is server side and detects anomalies for bans.
| JoshTriplett wrote:
| > If you know someone is cheating, you prevent further
| cheating by banning them.
|
| If you think it's _statistically likely_ that someone
| _might_ be cheating, but you 're not sure, you can
| matchmake them with other people who might be cheating.
| JoshTriplett wrote:
| > how do you detect someone wall hacking automatically?
|
| You don't tell the client the location of anything they
| can't see.
| babypuncher wrote:
| This doesn't work well in real time games. The client
| needs to know another player is on the other side of that
| wall so it can
|
| * Play sounds from their actions * Actually be able to
| render them when either player comes around the corner
| without them obviously materializing out of thin air.
| daedrdev wrote:
| Far easier said than done
| Brian_K_White wrote:
| Not our problem.
|
| The problem of cheating in games does not weigh more than the
| users ultimate ownership of and control over their own
| property.
|
| No one has a right to a business model.
|
| They can do plenty enough server-side. It's not a blocking
| problem at all, it's just _easier_ to take over all control
| of the users pc for your own convenience.
|
| Everything, including all valid goals, is easier if you could
| just have the power to control whatever you want instead of
| having to cooperate and respect others and respect
| boundaries. It's no more valid than saying "Everything would
| be so much better if everyone would just do what I say.".
| Using that argument is invalid even if supposedly applied in
| service to some otherwise valid goal.
| babypuncher wrote:
| If a game is overrun with cheaters, people will not play
| it. You're basically arguing that whole genres of games
| should cease to exist.
| tzs wrote:
| > Not our problem
|
| It is if you want to be allowed to play with other people
| because...
|
| > The problem of cheating in games does not weigh more than
| the users ultimate ownership of and control over their own
| property
|
| ...when you play a multiplayer game what happens on _your_
| property affects what happens on the property of the
| _other_ players and often also on the property of the game
| company. If you want to be allowed to do that you might
| have to agree to do some things on your property because...
|
| > No one has a right to a business model
|
| ...no one has a right to play any particular multiplayer
| game.
| 0cf8612b2e1e wrote:
| I built a dedicated gaming PC a couple of years ago. Too much
| cowboy coding in the industry for me to feel safe running this
| code on my main computer. Even games for which I pay have
| supposedly* been scanning/uploading personal data presumably for
| some adtech purposes.
|
| Why should I ever trust a gaming company to take security
| seriously? There was a story a few years ago about how one guy at
| home debugged GTA5's atrocious loading times without any
| resources. Loading times which were notoriously bad and surely
| had a negative impact on revenue, yet nobody in the company could
| be bothered.
|
| *Never verified it, but I recall the new owners of Kernel Space
| Program were accused of reporting personal data files to the
| cloud.
| Cthulhu_ wrote:
| Oh yeah, that was down to a huge JSON file / slow JSON parser
| or something wasn't it? That was so bad.
| mattigames wrote:
| I still hope someday the European Union forces Steam to allow
| transferring of games "owned", even if it's time-restricted (e.g.
| can't transfer the same game twice in a month)
| Cthulhu_ wrote:
| Oh yeah, they did rule that you were legally allowed to
| transfer / resell digital games... but not that Steam & co had
| to offer the option.
| dark-star wrote:
| ...but you don't buy the game anymore, you acquire a license
| for using (playing) it.
|
| If you want games that you can re-sell, you will have to keep
| buying them on physical media (or on appstores that don't have
| DRM like GOG)
| mattigames wrote:
| I know, that's why I added quotes around "owned", so in other
| words what I meant is that the EU should force Steam to
| create the option to transfer that license among its own
| users.
| dark-star wrote:
| Yeah but I can just assume that this would also apply to
| e.g. Microsoft Windows licenses, and that Microsoft lobbies
| strongly against such a law (also every other vendor who
| locks software licenses to a particular end-user or
| licensee)
|
| Note that I wouldn't very much welcome such a law but I
| wouldn't bet on it happening any time soon
| AdmiralAsshat wrote:
| Do kernel-level anti-cheat measures even work if I'm running
| Steam as a Flatpak + Using the game under Proton? I (naively,
| perhaps) assumed the security sandboxing model of flatpak would
| restrict that level of access.
| LelouBil wrote:
| Does any Linux kernel level anti cheat exists ?
|
| If you're running under proton, it can't work. Proton/wine are
| not virtualizing a windows kernel, they are intercepting
| syscalls/library calls and running the equivalent linux code.
| tdb7893 wrote:
| Some anti-cheat has clients for Linux (the ones that don't
| generally just disallow playing on Proton). I don't think the
| Linux ones are kernel level but don't quote me on that.
| butterfly42069 wrote:
| The biggest giveaway the kernel level anti cheat is stupid is
| that Easy Anti-Cheat works on Linux without kernel level access.
| jsheard wrote:
| It only works on Linux if the developer allows it, because it's
| not nearly as effective on Linux. Rust (the game not the
| language) uses EAC but doesn't run on Linux by choice for
| example. Neither does Fortnite. Apex Legends uses EAC and does
| run on Linux, and now nearly every public cheat for that game
| targets the Linux version because it's such a soft target.
|
| I don't really like the status quo of installing random kernel-
| mode crap either, but nobody has a compelling answer for how to
| not make cheating absolutely trivial without it. Usermode
| anticheat barely does anything, serverside anticheat can only
| do so much, and the only other alternative is switching to
| console platforms which prevent cheating by giving the user
| zero freedom.
| ChocolateGod wrote:
| > game targets the Linux version because it's such a soft
| target.
|
| I was going to say games on Linux should require secure boot
| so cheat kernels and modules can't run, but then the kernel
| could just lie about it being enabled.
| jsheard wrote:
| Most Linux cheats don't even bother with kernel modules, a
| process running as root can read and write arbitrary memory
| in the game process without an unprivileged usermode
| anticheat having any way to know it's happening. It's
| embarrassingly easy compared to the hoops you have to jump
| through to _maybe_ avoid detection on Windows.
| NekkoDroid wrote:
| Still wondering what kinda special sauce that Blizzard is
| using in Overwatch. In my literal thousands of hours of
| playtime I encountered so few blatant cheaters its probably
| still in the double digit. Are there probably a good amount
| of cheaters I didn't realize were cheaters? probably, but
| does it really matter if you don't realize they are cheating?
| trissylegs wrote:
| PirateSoftware on twitch/youtube talks about his time at
| blizzard working on catching cheaters in WoW. Their methods
| are usually about figuring out how they're cheating and
| what behaviors cheaters follow.
|
| Before overwatch they had years of experience catching
| cheaters in wow.
| jolmg wrote:
| I've never seen a game request root privileges, and I would think
| installation of anything kernel-level would need that. None of
| the steam binaries have setuid nor capabilities set.
|
| Have anyone seen games that request root privileges?
|
| EDIT: I'm gathering from this[1] and the fact that no wine-
| related package have kernel modules included and no executable
| from any of those packages have setuid nor capabilities set, that
| this isn't really a problem in Linux, just in Windows.
|
| [1]
| https://www.reddit.com/r/linux_gaming/comments/gjzkzk/will_w...
| sadeshmukh wrote:
| Everything says "wants to make changes to your device". I
| accidentally installed EAC that way.
| keyringlight wrote:
| It's worth noting that when you first install it, steam asks
| to install a service to assist with its duties, presumably
| for most install tasks. Steam has been around long enough and
| that service is now trouble free that it became part of the
| furniture most ignore as part of the background. That's aside
| from how users may be trained to hit 'yes' on any permission
| box that comes up to swat it away and play the game.
| jsheard wrote:
| > It's worth noting that when you first install it, steam
| asks to install a service to assist with its duties,
| presumably for most install tasks.
|
| They do this because Steam was originally designed in the
| XP era when you could write whatever you want to Program
| Files without escalating to admin, and instead of
| refactoring where they put their files when Vista made the
| permissions more strict they started installing that
| backdoor service which lets them keep putting everything in
| Program Files without triggering UAC prompts all the time.
| It's a pretty gross and unnecessary hack, but I doubt
| they're ever going to fix it at this point.
| zamadatix wrote:
| The kernel level anticheats are almost always written for
| Windows. They are relevant to gaming on Linux because those
| games won't work on Linux even if wine/proton run the user
| space portions fine
| bjackman wrote:
| Not on Linux. Things are different on Windows, especially if
| you wanna play competitive games, I'm told.
| Topfi wrote:
| Does anyone know whether disclosure of Denuvo and similarly
| controversial "add-ons" does negatively affect sales? Maybe I am
| cynical, but I have come to the conclusion that whether it is
| always online DRM, rootkit-level anti-cheat or the need to have
| an account for offline play, community anger is often only
| maintained when a game had other things going against it from the
| get-go. Not against disclosing this of course, that is a great
| move for those who actually are willing to walk-the-walk, just
| asking whether we should perhaps temper our expectations on the
| impact of such a measure.
| dmonitor wrote:
| The most recent study I saw showed that Denuvo significantly
| helps revenue capture within the first few months of a game's
| release
|
| https://www.sciencedirect.com/science/article/abs/pii/S18759...
| grayhatter wrote:
| I can't figure out what that article is trying to prove.
| "When DRM remains uncracked, we can't detect any losses due
| to piracy." well duh. Does it otherwise effect sales? Do any
| small games use it, or just large studios?
| bitwize wrote:
| This.
|
| DRM is not going away because it _works_. And rightsholders
| _want it_. Ask anyone in any creative field besides
| programming -- DRM lets them put food on the table doing what
| they love.
|
| I really wish the anti-DRM crowd would go out and touch some
| grass.
| lomase wrote:
| As Gabe Newell said "piracy is a service problem"
|
| I could pirate every game I have on my Steam account. I
| don't do it because the added value that Steam gives me.
| bigstrat2003 wrote:
| Good. I absolutely refuse to compromise my system by using these
| things. Games should be required to let people know what they are
| signing up for.
|
| And if that means more companies choose to avoid kernel anti-
| cheat, so much the better. I'm still mad that I can't play
| Helldivers 2 - a freaking co-op game where cheaters can't pose a
| problem - because of this nonsense.
| Cthulhu_ wrote:
| > a freaking co-op game where cheaters can't pose a problem
|
| Winning doesn't give you any permanent rewards?
| pjmlp wrote:
| This is very much welcomed.
| andrewmcwatters wrote:
| I think the population of game developers and their knowledge of
| multiplayer networking is fundamentally getting worse over time,
| because I see things that should not be architecturally possible
| in a lot of newer multiplayer games.
|
| This whole thing anti-cheat thing is just a separate problem
| entirely, but it's so painfully exacerbated by the first.
| juunpp wrote:
| The anti-cheat also goes hand in hand with the predatory
| business models of "always online" and micro transactions.
| Those things sell because of advantage over other players or
| just social factors in the case of cosmetics. Wouldn't be as
| relevant in an offline game. But now, since the game is online
| (for business, not technical, reasons), we need some way to
| keep everyone honest.
|
| I'm just hoping this entire business model dies, along with the
| anti-cheat and everything else with it.
| bastard_op wrote:
| The problem is since Valve and Proton made windows games viable
| for Linux and the Steam Deck, most of that anti-cheat vermin does
| NOT work under Linux. Even if it did, if you run Linux, you
| likely take some objection to someone wanting to add kernel
| modules of unknown and/or ill repute to your pretty open-source
| kernel.
|
| Valve knows this, kernel-level anti-cheat is simply not practical
| for use with Linux as a consideration. Most game companies care
| zero for Linux in the first place, which means for us, we just
| end up inadvertently boycotting those games and bad-mouthing them
| regardless, but hey, it's only 1%.
| lomase wrote:
| I think the end goal of Valve is to support anticheats in
| Linux. But they want the Kernel to provide an API for it, so
| you don't need to run the anticheat like a driver.
| Jnr wrote:
| 1.9% already :)
| supportengineer wrote:
| Not a gamer - Is Steam basically a package manager like 'yum' or
| 'brew', but for games?
| dark-star wrote:
| more like an app store
| Jnr wrote:
| Yes, and also a store and a community platform.
| PeakKS wrote:
| More like flatpak/flathub since it has it's own runtime, with
| the addition of community features and purchasing.
| ranger207 wrote:
| Similar to Google Play with Google Play Services: both an app
| store and a set of services for games to use
| fngjdflmdflg wrote:
| I hate to say this but a large percentage (in fact, I believe a
| majority) of gamers simply do not care about invasive anti-
| cheats. Right now CounterStrike players are mostly begging Valve
| for kernel-level anti-cheat since their current solution isn't
| working at all. If anything, this warning will actually make many
| player's _more_ impressed with the game. That said, more consumer
| information is almost always better in any case, especially in
| this case considering that this is not a requirement of law but
| of a private company.
| logical_person wrote:
| Prop 65 went great! Let's get a warning out for every game with
| peer to peer networking while we're at it.
| dbrueck wrote:
| Oof, a lot of comments here showing lack of knowledge of the
| anti-cheat problem and/or out of date knowledge of the current
| state of the art.
|
| In short, if you choose not to run anti-cheat because you
| understand that these are opaque rootkits, good for you! That's a
| totally, 100% valid choice. But please keep in mind:
| - you are a tiny minority and not the target customer -
| online multiplayer games are an absurdly big business (i.e. there
| are huge incentives here) - no, you can't completely solve
| this server side - elite players are insanely good - they
| are by definition outliers, so looking for statistical outliers
| is not in itself a solution - game companies are highly
| incentivized to work with (or at least not antagonize) the elite
| players (so just throwing them in matches with cheaters is not a
| solution) - the stakes are high both for the devs and their
| users, so "pretty good" anti-cheat is usually insufficient
|
| You can sum things up by saying that kernel-level anti-cheat DRM
| is the worst solution, except for all of the other solutions.
|
| I'd love to see more curiosity from the HN community on this.
| This is a challenging technical problem whose solution (if there
| is one) is fairly valuable.
___________________________________________________________________
(page generated 2024-10-30 23:00 UTC)