When (not if) cloud gaming truly takes off, and it will, we'll lose any and all control over our games. So long to modding, so long to messing with .ini files to get settings right, no decompiling games, no games preservation... The Netflix model approach, where we don't own anything, we're 100% reliant on them to provide us with the service, where servers can (and do) get shutdown at any moment after X amount of years of support.
A world where we don't own the games, just subscription services with extra fees for XP boosters.
The ultimate live service game that so many of the big companies love.
PS: Also means no more cheating by the standard methods.
In the next version of Windows, we're seeing a rapid acceleration in the amount of hardware/software fingerprinting and secure storage going on in home computing, with the introduction of the TPM 2.0 and UEFI requirements.
I am almost certain that Microsoft is progressing to be able to sell a completely hardware-protected memory address space to game developers, so that they no longer HAVE to worry about cheating. Because if everything from boot onwards is both signed and supports DRM, it's the perfect place to authenticate everything that happens afterwards.
This is interesting in that it will almost certainly lead to an explosion of DRM, DLC, and software sold via subscription models. And while this kind of thing will probably be initially well received by players hoping for decent anti-cheats, it will almost certainly lead to users forfeiting even more control to corporations over the final direction of the software programming.
(This kind of control may eat itself alive given enough time; we'll really only know after humanity has already gone that far!)
What's worse, MS and hw companies are joining efforts and may pressure Linux platforms as well (remember the story with the UEFI shim signature).
Want to mod, LAN, or play casually? Play locally.
Want to play without cheaters? Choose your friends wisely or play on cloud gaming.
Lack of DRM drives interest in the game, which drives interest in cloud gaming subscriptions due to wanting cheat-free gameplay.
Are you kidding? What's the most recent game you have that will let you set up a non-hotseat multiplayer game involving only computers you control?
I'll begin to worry when the speed of light increases, making gaming through streaming practical.
I understand you meant it in a different light but I thought I'd give it a mention.
In movies, everyone is now making their subscription services, that are really popular; while services for buying movies online existed for years and were not really all that successful.
You can buy movies on iTunes for maybe 15 years now and on Google Play for ... a while too; but it has never been as successful as Netflix, Disney+, HBO Max, Paramount Whatever, is now.
People just prefer the subscription model.
But maybe gaming is fundamentally different. Apple Arcade is not really successful, but maybe it's because Apple is being Apple, I don't know. Xbox... has a game pass thing? I don't really follow that that much
>You can buy movies on iTunes for maybe 15 years now and on Google Play for ... a while too
I don't know about itunes, but the last movie I ""bought"" on google play couldn't be downloaded, I had to watch it through their interface and firefox on linux was not supported. I believe they don't offer the thing anymore as well, probably happened during one of their countless service mergers and shuffles. I can't find it anymore, anyways. 0/10 would not license a movie through google again.
Do you know what isn't going away? The files I ripped from blurays that stores are selling for about five bucks a pice, 12 if you take three. Unless I get an mkv I can play wherever I want for as long as I have it, I'm not buying.
I think there's a solution that would let wood-tier players like myself avoid this kind of intrusive software, whilst keeping higher-level play clean though.
- Implement server-side anticheat detection, that will ban things that look like bots. As other commenters have noted, bots are indistinguishable from good humans from the outside. So, the server-side detection would ban both bots and good humans
- Have _opt-in_ client side anticheat detection. If you have this enabled, then you're exempted from the server-side detection. So, you enable this if you're actually good.
Could even make this part of the ranking mechanics. Maybe you _can't_ enable the client-side anticheat until the server-side one thinks you're sus. Then you get prompted to turn on the client-side support and get a cool badge or something.
This is a bad enough problem that it actually threatens the integrity of the game and the continued support from more casual gamers such as yourself.
As for your particular case (running a Windows VM with PCI-e GPU passthrough), that's... such a niche corner case that you're you just don't factor in.
We can agree that cheating will never be truly eliminated. It's a question of degree and it requires a multi-level solution ie both client-side and server-side.. The server-side detection has to allow for checking by a human with all that entails. It sounds like this is what they're rolling out with CoD Vanguard (Ricochet). It'll be interesting to see how effective this is.
Probably the biggest problem for the likes of Warzone and Fortnite is that the game is free. It means getting banned and having to create a new account is essentially zero cost. What about paid-for and earned cosmetics I hear you ask. Well, those are hacked too so it doesn't really matter.
But with Warzone, it was happening so often, I no longer give anyone the benefit of the doubt. I used to run into more than one blatant cheater per day. And now all my bad beats, I assume half of them are cheating, even if it's not exactly clear. It's ruined the game for me. I genuinely don't even bother to play anymore unless I'm playing with one of my friends.
I'm not saying it's not niche (it definitely is), but I just wanted to chime in and say I'm another one who does this.
Also I don't think "twitch streams" are a great sample of "normal level gameplay", most people there would be ranked comparatively highly in MMR I would have thought? That or I'm leaving tons of money on the table by not streaming my wood-tier CS:GO :D
Have you tried running CS:GO on Linux through Steam on Linux? It's officially supported and for me it runs as well as I expect on low-end hardware. Are there any performance reasons to want to run in a Windows VM instead?
I do worry that this push to ever-more-intrusive forms of anti-cheat will mean that games are less likely to run on Linux. If the source to your anti-cheat kernel module needs to be released under the GPL it's probably not going to be that effective for very long..
This is how it works in ARMA for instance (not sure if opt-in or opt-out though), the players can decide whether to install/uninstall the game's anti-cheat solution on their machine, and the people running the servers can decide whether they require the anti-cheat-solution to be installed. Since I almost never venture into multiplayer anyway, the decision for me was simple (uninstall the anti-cheat software).
> - Implement server-side anticheat detection,
This only works for "real" client/server games, not peer-to-peer games which usually only use centralized servers for matchmaking and some other non-gamplay-services.
That's somewhat similar to how FACEIT did it when I tried it for TF2. The serverside detection decided if you needed the client side detection.
My buddies started to play Valorant and they asked me to give it a try. I downloaded and installed it.
First major issue: Must start on boot and has to be running at all times. If you close it, you have to reboot the entire machine to play Valorant.
Second issue: (This has been fixed) All my VMs stopped working. I couldn't start any of them in my VMware Workstation.
Uninstalled Vanguard and Valorant shortly after. There should no reason an anti-cheats needs to run on boot.
The only point at which a company cares about cheaters is when the community starts to really get riled up about them and revenue drops.
COD Warzone has a full stats API and cheaters leap off the page. We're talking people with K/D ratios of, say, 10-20:1 or more. All they'd have to do is zap or flag those accounts automatically. But they don't care.
Just about any sort of public online game involving shooting has long stopped being fun for me because cheating is so rampant and blatant, and companies care more about policing talk on their discords and subreddits about problems with cheaters, than they do about addressing the cheaters.
You're right of course, if there's no $$$ to be made from people who won't buy the game if it has client-side anticheat, then why would they develop a whole second system just for people like me who don't want to run this crap, but want to play the game enough that they'll run it anyway?
So how about yes, let's focus on fixing the problem at hand, and if it's used for something else(like single player games) then I'll complain about it. Right now developers have my full support to use whatever methods they can to make sure the hackers stay out. The game can boot into its own OS for all I care.
Anticheat would just be icing on the cake of a dedicated game mode.
I actually find this to be pretty darn reasonable.
http://meseec.ce.rit.edu/551-projects/fall2016/3-4.pdf
https://www.youtube.com/watch?v=quLa6kzzra0 (for software discussion check around the 19:00 mark but the whole talk is incredible)
Then there's EFT (BattlEye) ruined by rampant cheating.
Then there's (was?) Combat Arms (multiple anti cheats over the years) ruined in-part by rampant cheating.
I wouldn't mind _that_ much if anti-cheats actually helped, but they don't.
A few months ago, their secondary system, "Trust Factor", was broken for an unknown period of time, which the communication to the community was a single tweet. During that period (probably a few weeks?), there was blatant cheaters in half the games I played.
I've moved to playing FACEIT (a third-party matchmaking service) recently, partly due to anti-cheat. I don't remember the last time I saw a cheater in FACEIT, while CSGO's matchmaking has cheaters in around 10% of my games (average skill player, ~2k hours over 7 years, high Trust Factor).
Because of the steam deck that would be pretty bad business, so maybe it's less about intrusiveness and more about that valve can't, without destroying their hedge against a Windows monoculture in gaming.
Giving Activision kernel level access on a private device, what an improvement.
It's essentially the same problem as DRM, which generelly can only hope to prevent piracy for a few weeks. The solution of the movie industry there was to add there garbage directly to the hardware.
A youngster getting into reverse engineering surely does not have deep enough pockets to spend several hundreds of dollars on buying the game over and over.
Too bad now you have to learn how to decompile a kernel driver and how to bypass that just to try and make a basic trainer.
I've actually figured out the permanent solution to cheaters. Oddly enough, I worked it out in Pokemon Unite, which doesn't have a cheating problem as far as I know, but does have items that you can buy to boost your character stats. The solution is easy: play a game with a good ranking system, and don't get too sweaty about the whole thing. People who use non-skill based tools like cheating or paid boosts will shoot right up the rankings and leave you behind to play in peace. If somebody has a cheating tool that is so subtle that they play all the way down at my level, it is arguably not a real help anyway.
But software augmentation doesn't just improve apparent skill, it can also distort gameplay. What if you're really skilled and you get matched with what amounts to a bot? Even if you're good enough to overcome the bot and win the game, it won't be the game you signed up to play.
The real problem here is "annoying play styles", something that humans are capable of indulging in without any software help. This is usually policed - ineffectively - by social pressure ("no camping!"). The real solution is an extension of the ranking system - a reputation system, which tracks sportsmanship. All of these problems ultimately stem from the practice of connecting vast numbers of anonymous strangers with each other - cheatbots simply aren't an issue when you play with your friends. This is a social problem.
Independent of that and completely niche -- a game where they specifically themed it as some sort of 'gladiatorial combat,' and ranked the players based on crowd response could be cool. I definitely wouldn't want that in every game, but it could be a neat spin-off.
A lot of games do this, and the cheater’s response is to deliberately lose a bunch of games so that they drop down to the lower leagues, where they can more effectively harass the noobs
I don't think I've seen any developer using EAC outright poo-poo the possibility so far, so that's somewhat encouraging...
None of the Kernel anti cheat work without being compatible with Linux which currently none of them are. EAC is supposed to be in the future but I doubt it will work.
No, it wont.
> How do they try to stop it now?
Generally, they don't. They have an in game reporting function, but it doesn't seem to do much good. Many cheaters live stream their exploits, seeing people through walls, getting 100%-accuracy-all-head-shots, etc. The net code that's responsible for reporting where you are aiming is separate from the data/code that reports where your bullets are sent, so some cheaters show off by shoot directly at the ground below their feet while magically killing people several hundred feet up above in a helicopter.
The experience is often pretty bad, and yet people still play the game...
Yes, it makes competitive/casual play crap. In CoD in particular, it is out of control.
> How do they try to stop it now?
A variety of ways, ranging from server-side analytics, player-driven report systems, manual review, the game inspecting its own state, processes that spy on your computer, and rootkits. Each and every one of these has different advantages and drawbacks.
> Do they really need a kernel driver?
Given how ineffective anti-cheat efforts in CoD have been, it's possible that they need a kernel driver to bring it under control. It's possible that a more talented team would not.
It's when there's a whole cottage industry around this that you know things are out of hand.
Oh that's good.
> Plus, the kernel-level driver only monitors and reports activity related to Call of Duty.
Oh, so in other words it reports everything since any software that might be used to cheat at call of duty is technically related to call of duty... Whenever I see this kind of vague verbiage it's never a surprise when it turns out the people who wrote it chose their words very carefully, to purposefully mislead people.
Edit: Oh, and they definitely say they monitor other software "that interacts with call of duty" later in the article.
Cheat software has to do things like nose around in the game's memory space that no legitimate program is going to do. It also contains in its memory space keywords common to cheat programs.
That sort of search isn't really invasive because generally anti-cheat software when it triggers takes an screenshot, and if you're playing the game, there's nothing personal on the screen. Maybe a process is fingerprinted as a known cheat package. Say your kill to death ratio or hit/miss is unusually good. Or you get reported by a higher than normal number of people. Or a human moderator pushes a request, for whatever reason. Or they get a hit on the 'greps' I mentioned, etc.
The goal is to see if you've got a screen overlay that betrays wallhacking (ie "glasswalling") or a cheat system's UI. That's all they care about.
My son plays both, but CoD really sucks. It is so obvious when someone is cheating.
DKOM(reading/modifying kernel structures directly) is alot harder to detect, and also alot more undocumented. To the point it takes someone in the field to make a cheat and bypass, vs someone with a decent level of application dev experience. And there's not many Kernel developers, and there's also such a limited amount of forensic/malware analysts that can code anything beyond powershell.
It is not always very obvious, at least on CSGO... there are some experienced/smart cheaters.
I don't like the practice, but I had to install it anyways to play Valorant with friends.
Heck, these days, even a GPU driver can be hot-swapped.
IIRC, some of the process was automated, some was player-reported, and some was done through human review. As a gamer averse to both cheating and spyware, I found this very appealing. I wonder how their systems have evolved since then.
The original youtube clip (v=ObhK8lUfIlc) has been made private, but I think this is a copy of the same video:
The biggest problem was: It didn't auto ban, just sent to overwatch (players watch a past game and vote for cheater or not, fully anonymized). This resulted in a massive clog when some guys I knew generated around 10k free steam accounts (with $3.5 of proxies), began queueing a few dozen at a time, rage cheating. A hell of a lot of games can be botted with free accounts and a beefy (server IIRC) rig; I think he told me he had about 100 accounts running normally in 10 separate Competitive games all against his own bots(rendering at 2x2 resolution so it ran okay, with cheats injected). They all got sent to overwatch but because so many games were being put through overwatch, the queue got overloaded.
This is called Vertigo boosting, because the bots all queued for Vertigo, an unpopular map, to increase odds that only their own bots would be in the game (and, coincidentally, minimize collateral damage to legitimate players). (though it's normally to rank up accounts, not to spam ow queue)
Hi eso :p
You have to attack this from an information theory perspective. If the client receives the information in any manner whatsoever, you must assume it is being used in the most adversarial way possible.
The AI problem is more complex, but that's more a function of how deep the gameplay is than how good the hacker is. Time constraints make pure machine vision bots subpar for fast-paced games that also have a complex tactical element.
Complexity and pacing of gameplay is going to eventually have to be one hedge against AI. It's effectively a continuous captcha.
With the release of YOLOv5, the rat race for cheater free games just got even more one sided.
They should invest instead in server-side models for detecting cheating, then it can't be circumvented and you don't need to bother learning all the different ways they can produce inhuman inputs.
Which is already the case and can't work for all use cases. how the server knows that you see behind walls exactly? And ML / heuristic stuff is very limited as well.
Detecting cheating, client or server side is very complicated and not even close to be a solved problem.
Inhuman inputs are a thing of the past. Kids these days can do some pretty wild stuff at high levels of play.
Kernel level drivers are also kind of useless, easy to circumvent, easy to reverse engineer.
Building a capable computer vision bot that can play World of Warcraft, Diablo and CS:GO is trivially easy to do these days. We're talking a few hundred lines of Python to build a working prototype that will track and kill and take objectives.
I have a computer vision Diablo 3 bot of less than 2,000 lines of Python that can run Rifts and and grind high level Grifts with complete success, including boss encounters and adds.
My World of Warcraft computer vision bot, long since retired, was under 8,000 lines and was sophisticated enough to get me some contract work with Blizzard to write machine learning algorithms to hunt for bots in the game world.
Also the server should not send info a legitimate client have no use of.
If it has 99% accuracy, then you're banning thousands of players
have fun dealing with tickets for them & review process
>Also the server should not send info a legitimate client have no use of.
do not games send "too much" in order to play around networking constrains?
Obviously you can't just automatically permaban people if the system is not based on a technical inspection of the player's system. Instead you have to bar them from playing for a few days or so.
Even VAC reverses bans sometimes.
If you are looking for a perfect solution there will never be one.
> do not games send "too much" in order to play around networking constrains?
Maybe the newest games does that. CSGO and other popular games send complete positions and what-not to every player.
Is it possible to stop this[1] kind of cheat without some kind of hardware verification?
So when someone is caught, with manual review for example, they won't be able to play again on the same hardware.
Cyberpunk 2077 (cough cough).
This is malicious and a massive overreach.
You always see huge backlash on the internet, but you never see low player counts.
The whole thing is that, if you don't want other kernel drivers touching Windows before yours loads, you have to load yours first (at least, I believe that was a point of contention last time). It'll probably be in the same light as how Riot Vanguard works in that it loads pretty early at boot, but only sends data to the server when you open the game.
This is the equivalent of forums vs. Facebook. The moderation on well-run forums is better than what Facebook can offer because it's done by real humans.
Instead, this sounds like a great application for machine learning. Train an algorithm to identify a wide suite of cheats using data passed to the server. It wouldn't work for P2P, but if your competitive matchmaking uses P2P then you have bigger problems.
[0] https://www.tomshardware.com/news/impossible-to-detect-cheat...
As a thought, one could make a game I imagine that actually encourages cheating and have the entire thing be an arms race in cheating tech, that sounds pretty fun .
While I don't like kernel level anti-cheat, its hard to disagree that its better than nothing and also hard to deny that cheating in competitive realtime multiplayer PC games isn't a huge problem.
It seems like EAC is going to be the standard for cross game HWID ban list. Again I'm all for it.
Everybody agrees it's a cat-and-mouse game. What's the endgame? Requiring signed peripherals to play? With mouse and keyboard detecting a heartbeat from the player, and gaze tracking?
Short of requiring implants with DRM and a proof of identity, I don't think cheating issues can be solved that way.
Some suggest streaming is the solution. It doesn't protect against ML-based bots, though restricting client info to the bare minimum is probably a good idea: if latency is good enough to allow streaming video, why not stream player position just in time, to prevent against the wallhacks-class of exploits?
ML-powered cheat detection on server side also sounds good, with the usual sanity checks (don't allow large speed, etc).
How to distinguish a good player from a cheater? Maybe have them pass a test on a trusted machine at a cyber café or so, and give them a "good player" badge to crank the anti-cheat detection threshold higher for them. There can't be that many good players, and identifying them sounds promising for future tournaments. Maybe a web-of-trust ring would help as well, with players vouching for each other, and staking their accounts too: when someone gets banned 10 years (permanent bans are just not nice), ban those who referred them 3 years, then 6 months, then 2, etc.
Also, I've been thinking lately at how this could be handled in open-source games, and if there's a way forward, I think it's that one.
At a high-level, game theory kind of approach, I don't think cheating can be prevented in incomplete information games. Two players could collude and exchange information, giving them an edge. This could be made part of gameplay (including vocal chats is probably part of this). Moves can still be checked against a given set of rules retrospectively: use a CRDT-like, directed graph structure to store player actions, check their validity, and when multiple players come in contact with new info, have them exchange that info and cross-validate it. Picture a card game for instance, but it's the same for a FPS.
The alternative is complete-information, where there is nothing to hide, and only the legality of a move has to be checked. For reflex-based games, it's hard to evaluate what level of proficiency to expect from a player. For strategy games, likewise (a player could use some AI tools to help them with their next move).
In the end, I think we have to go back to what makes playing a game fun. I have fun playing against bots, when they're my level. The only issue is being pitted against bots when I have no chance of winning. In that case, ML-based approaches can work to identify skill levels, and pitch opponents of similar skill against each other. Hopefully aimbots will play against aimbots this way. Also, legalize it, and have people declare what kind of assist they use. Heck, integrate it in the game. There's some people I like playing with, even though they are way less skilled: this could make it better for everyone. It would make games even more accessible to everyone, and make cheat providers redundant.
