That's such a hilarious quote, as it explains exactly why client-side anti-cheat is silly in the first place.
It's possible to calculate what information should be available to a client at a given time (and within of the motion range of the clients' latency), only send that data, and calculate the time delta between when a player should have been able to know something, and when they reacted to it.
A lot of games used to do that in the past, and some still do.
But it requires powerful servers. Gamers could self-host dedicated servers, but publishers put an end to that as it's not compatible with micro transactions.
Developers could host servers, but that's not as profitable as using p2p gaming where a random client is used as the server.
It's a self-made problem really, none of this was necessary.
But it's a simple issue of economics:
- you can't have cosmetic microtransactions if players can self-host and modify their own servers
- developers hosting servers is costly
- using a p2p architecture with the "server" running on a random gamers' computer is much more profitable
- but that requires trusting the client, which means
- client-side anti-cheat
Without the live-service lootbox gambling microtransaction bullshit that has infested the gaming industry, none of this would have ever been necessary.
You don't need client-side anticheat if your clan/guild is self-hosting your dedicated servers, you can just ban the obvious cheaters.
> Importantly, this work also highlights the defensive implications of such techniques. While Secure Boot and firmware integrity mechanisms would prevent this attack chain when correctly enforced, the explicit requirement for users to disable Secure Boot demonstrates how social and usability tradeoffs continue to undermine otherwise effective platform defenses.
This does make cheating harder, and does make it a cat-and-mouse game where signatures are revoked and they move on to a new driver, but the fact of the matter is - there are a ton of drivers out there and some of them will always be vulnerable in some way. To this end, I think focusing on client-side anti-cheat at all is a lost cause.
You connect the DMA PCIe card to a laptop/pc with USB, then it can read any memory on the game PC and display a radar on the laptop screen. They even sell mouse and hdmi/dp mergers, these allow the laptop to show an ESP overlay over your game and aimbotting by sending mouse inputs.
macOS, Windows and Linux has the technology. Why wait? Kill general purpose comp^H^H^H^H^ communism right now! Protect the children, save the capit^H^H^H^H nation!
