This is so funny because rust has one of the worst cheating situations and majority of their players are windows users, and theres lots of games that have anticheat that allows linux and have notably less significant cheating problems like marvel rivals. in reality rust doesn’t take cheating very seriously because if they did they would have more server side software that detects illegitimate behaviour like tons of other games do successfully… even most popular Minecraft servers have better functioning anti cheat that is completely server side than rust has while getting kernel access to your pc. its pathetic and lazy development tbh and this entire post from them reads like such extreme cope…
You must log in or # to comment.
Well the garbage takes itself out
I don’t play games that require anti-cheat. Simple as that. If a game is full of cheaters, I don’t play those games either. I am not going to have a windows installation just to play games. I am not going to have a console that only plays games. I am a simple man, if it supports Linux and doesn’t have anti-cheat I play. But also I don’t have friends so…
If your cheat detection runs on the client side only, you don’t have cheat protection.
Well, there only so much in gaming that reasonably can be done server side.
Sure, the server could identify that a player shouldn’t be visible and not transit that location to a client, addressing seeing through walls, in theory.
But once a player is hypothetically visible, aimbot can happen. If you are crawling in a ghillie suit in the grass, but the other player has a client that skips rendering grass and replaces the ghillie suit model with a suit made of traffic cones…
Now intrusive anti cheat isn’t worth it, but it is an unavoidable reality that it is up to the client to preserve the integrity.
Closest you get would be streamed gameplay, where the rendering even is server side. Also not worth it. But even then I could see cheating machine vision and faked controls to get an edge unfairly.
replaces the ghillie suit model with a suit made of traffic cones
lol
People who play games to cheat are the problem with the world. Born losers.
Skill issue.
Let’s do some math here, they said:
More cheaters using Linux than legit users (…) .01% of all players base
Let’s do a quick math. The maximum peak users for Rust was 259,646 concurrent users according to https://steamcharts.com/app/252490 . Let’s assume 60% (more than half) of all the .01% users were cheaters, congratulations, you got rid of all those 16 cheaters… I haven’t played much Rust, but I’m fairly confident that there’s a bit more than 16 cheaters there.
And that’s without getting into the whole client side anti-cheat doesn’t work.
You dont understand linux users have black magic hacks that ruined the game for every player on every server, their power cant be understated… Theyre a whole bunch of dangerous hardened criminals
I feel like some people think Linux is only for hackers and cybersecurity professionals
And genuine hackers and cybersecurity professionals have got way better things to do than cheat in Rust.
The cheaters are all obnoxious 12-year-olds who couldn’t land a single hit without the cheats, that’s why all the compilation videos of cheaters falling foul to fake cheat software are so funny. They’ll spend 10 minutes trying to go through a doorway without it ever occurring to them that something must be wrong.
🤣 beware the Linux users
“Do not tangle with the type of people who decide to put Linux on their PlayStations. Trust me, you are wasting your time.”
- Extra Credits host guy, like a decade ago.
It was the elite hacker 4chan, they hacked all their servers and stole all their ram.
every single one is a l44t hack3r bro
On Windows the cheating program it’s a simple exe that will get kernel access with a simple uac request.
Everyone, especially 12 years olds, are able to run it. (And maybe get malware/ransomware disguised as a cheating program)
None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that
None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that
aha! so you admit, IT’S POSSIBLE! Well aren’t we lucky we have microshoft who won’t let anyone recompile their colonels! shows you mr silly yunix!
;D
Never heard of Rust, but it sounds like something I can afford to ignore.
OS shouldn’t even matter to prevent cheating; do your anticheat validation server side. Anyone who knows anything about security knows the client side can never be trusted.
Ultra toxic survival game where you build a base, get raided by 4 guys with rocket launchers and bombs while yelling slurs at you. Then rinse and repeat.
Yeah Rust is super toxic indeed, bit I think that’s part of the appeal
Did you ever try getting gud?
Oh, I’m very good at avoiding games like that.
I thought that was the trans crab programming language
The garbage took itself out.
Does the anti-cheat break the game on Linux? Not buying the game. I don’t need that kind of crap in my life.
Hardware level cheat detection has always been a losing game. I’m a professional in similar area (not games) but it’s fundamentally impossible to do when you dont control physical hardware, it’s stupid. The only way to detect cheaters is machine learning based behavior analysis, period.
TL;DR: skill issue
The only way to detect cheaters is machine learning based behavior analysis, period
Either the entire game industry is incompetent, or you’re wrong. Machine learning is a powerful tool, but the only way? No chance.
Yes they are willingly incompetent because kernel anti cheat costs nothing while ML pipelines would cost thousands if not millions usd in compute and engineering every year.
Luckily now with AI boom it brought down many machine learning costs significantly as well so we’ll see much more server side anti cheat.
Entire game industry is incompetent as in “willfully not doing the best as long as it keeps selling, or not having resources to do it anyway”. I can believe that
even most popular Minecraft servers have better functioning anti cheat that is completely server side
Why isn’t this the standard everywhere? These servers prove that server side anticheat works.
It is. All games have this kind of server side verification which denies not allowed actions. The difference is in Minecraft it comes down to “no, you cannot fly, or” no, you cannot build a pig spawner because you don’t have one in you inventory". But in Counter Strike you need to decide if one player’s 14ms headsbot is legit, while some other player’s 20ms kill was not. Or if someone was acting on information they shouldn’t have (radar and wall hacks). That’s orders of magnitudes harder.
Generally speaking, the slower a game, and the less hand eye coordination are necessary, the easier is server side cheat detection. On the other side, there’s chess…
Well, yes, but, let me counter with this:
You can completely remove wall hacks from the equation by doing some FoV calculations in the server, this completely solves that issue, there’s no client side hack that would be able to show you enemies behind the wall because the server isn’t sending them to you.
And to the other point, if the 20ms kill is bad but the 14ms kill is good, there’s space to argue that the cheater is worse than the players so you don’t really need anti-cheat so solve that, Skill based matchmaking takes care of that for you, he would eventually be placed with people who are better than him even with hacks.
Sure, server side anti-cheat can’t capture everything, but neither can client side, but server side anti-cheat can make it so that your client side cheats are pointless, because they can’t make you better than everyone, you have to remain averageish, and if you’re consistently above average skill based matchmaking will bump you up and up until you’re going to lose even with cheats or you will be playing against other people with the same cheats as you.
Please see my other answer. Yes server side fog of war solves a lot, but not everything because it works with your FoV+some extra. On top of that there’s enemies’ sounds and objects that will make wall/radar hacks work.
Yes, skill based matchmaking would take care of the consistent not-inhuman cheater, but unfortunately the number of games getting that right can be count on two hands, I would say. It’s an interesting problem on its own for team based games.
I’ll reply to the server FoV there. Skill based matchmaking is hard to solve, but I think most games who have enough players to worry about anti-cheat to this level should have some level of skill based matchmaking in place, in my head that’s way more important than anti-cheat because even with cheaters the games are fun for everyone, and cheaters end up bubbling up into their own group.
Absolutely.
I’ve said this before about wall hacks. The only reason they are possible is because the positions of all players are being sent to the client and then the client just doesn’t draw them to screen. It would be extremely easy to simply not send the data for players you shouldn’t be able to legitimately see.
And you are not the first person to have this idea.
Most games do that to some degree. The thing is they are working with a threshold, which means they send your client the information of a few “extra meters” - beyond your field of vision. If they didn’t, enemies would sudddnly pop into existence, instead of smoothly running around the corner. Especially in fast paced games there’s nothing more frustrating than losing to this.
But there’s more: non visual clues. If an enemy is outside your vision, but makes a noise, you cannot give that information to the client without revealing the enemies position. It’s simply not possible (again, not without risking giving completely wrong info by the time it reaches the client).
Same goes for non-player objects, which are the result of a player’s action somewhere else. If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
We’d be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
Hmm very well said. Thank you for explaining that. Definitely a harder problem to solve than I thought at first.
If an enemy is outside your vision, but makes a noise, you cannot give that information to the client without revealing the enemies position.
Sure you can, for starters audio is a lot less reliable to pinpoint location than video, so the server can randomize the position somewhat and still be accurate enough. Not to mention that sound bounces off walls, so it’s not exactly wrong to give the point of origin of a sound as a wall nearby the origin or destination, and an even more advanced system could use ray tracing to calculate sound path and give you a fully accurate sound point that doesn’t reveal the source exactly.
If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
But again if you’re not sending the bucket position until it’s in FoV that doesn’t matter at all.
We’d be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
It’s not the end all, but it does take are of whole categories of hacks.
Still both can be calculated back to the source of origin. It may not be enough for a wall hack to reliably point out the enemies exact position, but definitely enough for a radar or proximity hack.
Edit: Your also completely ignoring the mandatory threshold where the server absolutely needs to send you enemy information already in order to avoid enemies popping into existence. The faster the game, the bigger that threshold.
And by all means, sound (in video games) is a pretty linear thing. You can only randomize so much, until players complain that it’s not reliable.
In the games were talking about these kind of additional info or heads-up are an unfair advantage in competitive play.
The solution sounds easy, but I do believe that if it was, we would see it in at least some current games.
You’re almost correct, but a sound bouncing off a wall sounds the same as something beyond it, or coming from a slightly different angle, just like how visually a reflection is “beyond” the mirror. Sure, you can try to calculate that back to the original location, but that’s not very accurate, nor does it tell you the origin of the sound, could be an enemy, could be a friend, could be random low sound spawns sent by the server to bait cheaters.
For the threshold I think it’s a lot smaller than you think, while a wall hacks that shows an enemy that will become visible the next frame is useful, it’s a lot less useful than current wall hacks.
As for the audio, you can absolutely randomize stuff enough that it’s useless to hacks but useful for players, because no person will hear a sound and know the exact source of it, only a general direction. Hell, most games don’t even do proper wall bouncing or other sound mechanics that would allow humans to pinpoint location in real life.
I find a number of problems with the level of authoritativeness that you speak and some of the arguments you’ve made.
The core of your first argument lumped together is that a small amount of extra latency is the same thing as “impossible”. This is obviously not true as even with some relatively fast paced genres, what is acceptable varies wildly. Maybe such an argument could be used for Valorant, but not for Pubg or escape from Tarkov (games that are already known for netcode slow enough that this would not truly/notably harm the experiences of players if they were designed for this from the start).
Same goes for non-player objects, which are the result of a player’s action somewhere else. If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
This example is contrived, and just the type of thing where there are a number of options available.
One could simply not send the bucket, send it with a delay, the bucket could not exist (the majority of games), the buckets origin could be randomized just enough to be at the tested limit of player perception, the game could include a trace shadow by default.
For every example like this, there are options available which aren’t entrusting a black box to access all of your data with a pinky promise.
We’d be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
There is no kill-it-all solution, and this is a clever little re-framing of the argument by you where the new solution has to be perfect, when the status quo can just be mid.
I don’t understand how you lump my arguments into “extra latency”. Server side anti cheat doesn’t add latency (I mean technically it does, but that’s not the concern right now), but latency is very much the reason for the downsides I pointed out. The smaller the margins, the higher the chance one of the two players doesn’t see the other coming solmoothly around the corner, but suddenly materializing in full view.
Your examples illustrate that very well. It’s OK for PUPG or Tarkov (and even there only long distances), but a hard for Valorant.
This example is contrived, and just the type of thing where there are a number of options available.
And now, instead of the irrelevant bucket, make the same argument for a relevant object - like a grenade, or tracers. You cannot just get rid of everything or implement random delays or randomized origins.
There is no kill-it-all solution, and this is a clever little re-framing of the argument by you where the new solution has to be perfect, when the status quo can just be mid.
It’s not reframing. The original argument I replied to claimed these hacks only exist because the server sends everything, and it would be extremely easy to fix this. Neither of which is true.
I don’t understand how you lump my arguments into “extra latency”.
Followed by
but latency is very much the reason for the downsides I pointed out.
Is wild to me.
Seems like you understand perfectly fine.
Your examples illustrate that very well. It’s OK for PUPG or Tarkov (and even there only long distances), but a hard for Valorant.
This is both you agreeing yet disagreeing with my argument and I don’t get the point exactly.
If its feasible reasonably, the point of your argument is diminished.
And now, instead of the irrelevant bucket, make the same argument for a relevant object - like a grenade, or tracers. You cannot just get rid of everything or implement random delays or randomized origins.
You’re fighting a strawman by pretending that my argument was ever to “just get rid of everything or implement random delays or randomized origins”.
My point applied in specific cases where relevant, and the dishonesty in your argument here is by acting like I am talking about not having a game. The bucket example was specifically about a bucket going towards a player from an unseen location with no line of sight.
For a situation like a grenade, the grenades direction becomes visible, somewhat randomized, from when the player should be able to see it. This presents no gameplay problems and solves the edge case of figuring out its trajectory for cheats, especially as a little bit of randomization results in a wildly inaccurate origin point.
As for the bullet, where are people shooting others without line of sight, where the bullets path would also simultaneously be visible? Its not a realistic scenario to bring up at all.
If we’re going to that extent, we might as well also then say that all client side anti cheat is worthless because you can use a secondary machine to read the ram of a primary machine or other such high effort cheating strategies.
It’s not reframing. The original argument I replied to claimed these hacks only exist because the server sends everything, and it would be extremely easy to fix this. Neither of which is true.
Firstly, it absolutely is reframing, because they never claimed anything was a kill-it-all solution. They claimed one thing was a specific solution for a particular problem, which it is.
The only part that you actually have shown good reason to disagree with is the last claim, as with the second you’ve admitted that it in fact would be effective, but that there would be downsides potentially (as if there arent downsides with every option).
My point applied in specific cases where relevant, and the dishonesty in your argument here is by acting like I am talking about not having a game.
It’s tellingly ironic that for you it’s totally okay to make a broad statement, then when being called out cut it back to “where relevant”. And in the same sentence you make a strawman yourself, claiming that I’m acting like you are “talking about not having a game at all”. If you want your arguments understood “where relevant”, maybe show the same consideration.
As for the grenade and bullet examples I simply disagree. Given a certain observable trajectory it’s freakishly easy to get a good enough point of origin to get an unfair advantage with that information. As for an example about the bullets, I believe there’s enough FPS games with tracers out there. An extreme example would be Unreal Tournament Instagib matches. Where you see literally all tracers - directed at you or not.
If we’re going to that extent, we might as well also then say that all client side anti cheat is worthless because you can use a secondary machine to read the ram of a primary machine or other such high effort cheating strategies.
Correct. Client side anti cheat can only make it so hard. Never impossible.
because they never claimed anything was a kill-it-all solution. They claimed one thing was a specific solution for a particular problem, which it is.
Yes, they said wall hacks would not exist if the server would only send what a user can actually see:
The only reason they are possible is because the positions of all players are being sent to the client and then the client just doesn’t draw them to screen.
And that’s not true. Wall hacks would still exist, as necessary information can be used to determine an enemies position. To a certain extend.
And yes, put to an unreasonable extreme it would eliminate wall hacks entirely. Just nobody would want to play such a game.
Have a good day.
True
Because they’ve been forced to implement server-side anti-cheat because they can’t implement it into the game because they don’t control the game and mojang don’t seem interested in adding much in the way of anti-cheat to Minecraft.
These other companies actually control the games they’re running the servers for, so they can go the simple route and put kernel level anti-cheat in the game, and then call it a day. Corporations will always take the easy cheap option, even if it’s not very good.
It’s almost like client side anti cheat doesn’t work and if proper server side anti cheat is made it wouldn’t matter what platform the client is on.
“never trust the client” is pretty much a motto of infosec, idk what the hell game devs expect
See, the wild thing is that I used to run with some actual hackers in GMod… and… I learned from the exploits that they did, how you actually design at least a game mode script that can’t be fucked, can’t be poked proded or queried directly.
Of course, if the actual exploit is lower level than what I’m writing at, well then I’m still fucked…
I can remember at least one GMod originated, lower level exploit, caused by Garry leaving some direct, unsanitized interface to Steam itself directly exposed via lua… which caused Steam/Valve themselves to step in and rewrite a part of all of Steam, because Garry is s fucking moron, and more or less allowed a virus/malware to propogate through Steam itself, independent of Garry’s Mod…
Never did figure out if any of the goobers I knew had any direct ties to that or not.
But anyway, fucking yes, literally never trust the client with anything beyond their own GUI, and barely trust them with that, don’t just let them click on anything in their screen space to see if its an item they can put in their inventory, do an actual server side vector ray trace, from the item to the playet, make sure the thing they clicked on is actually near them, put that all into a buffer that locks up if they’re calling it at inhuman rates…
It was so easy to item dupe and stat boost and even hijack other players accounts in so many gamemodes I saw.
Fucking one of them had the user set and enter a login password to ‘access’ their various characters, pick one to spawn as.
Problem?
… That gamemode was actually doing the id check via SteamID, duh.
The username/password thing was a fucking phishing scam, that game mode had a forum, everyone used the same user names, a bunch of people got their hotmails or whatever fucked, by the dev of that gamemode.
… Anyway… yeah, I learned all this infosec type shit first hand, in an earlier ‘FacePunch Studios’ production.
Fuck Garry, fuck FacePunch, these people are idiot clowns.
Roblox exists now, the GMod roleplay communities independently invented their own ways of monetizing their gamemodes via syncing to their sites and forums with payoal widgets, ya’ll missed the boat on that one, no one is going to play S&ndbox in anything close to GMod in its heyday numbers.
Garry leaving some direct, unsanitized interface to Steam itself directly exposed via lua… which caused Steam/Valve themselves to step in and rewrite a part of all of Steam, because Garry is s fucking moron, and more or less allowed a virus/malware to propogate through Steam itself, independent of Garry’s Mod…
That sounds entirely on Steam. The game is the client in this context, and Steam as the server shouldn’t be trusting anything from the client.
This was like, over a decade back, I don’t remember it in accurate detail, and also, Garry deleted all the old Facepunch forums, which I do remember having a lot of discussion about this…
But, best I can recall, it was something like a buffer overflow/memory space exploit, because Garry exposed a core Steam function, that normally is only called by other Steam functions, in c++…
Well, Garry decided to give basically a lua api / reference method of accessing it directly, allowing doing arbitrary code injection into it, from anyone running a GMod server or networked client.
So I mean yeah, you can say Valve should not have trusted Garry with low level access to Source and Steam, that that’s their bad, they should have expected he would create a serious security exploit out of naivette/hubris, like the proverbial junior sql db admin who just does ‘DROP ALL’ on prod, as an ‘experiment’.
Uh yep, I would agree with that.
… I think this may have had something to do with Steam’s, fairly new at the time, achievements system roll out, but I’m not sure if that’s correct.
EDIT:
For those that don’t know, the vast, vast majority of what GMod is, is basically just opening up core Steam/Source calls done in C++, opening those up to Lua, by mapping them with reference methods, and then allowing Lua scripting via those methods.
Then on top of that, you draw like, the item spawning menu, tool menus, make a standardized template for making a new tool or weapon (SWEPs) or entities, or players or NPCs, etc.
So uh, yeah, if you’re not careful with that, if you don’t know what you’re doing at the lowest level, that can be very dangerous and easily lead to uh, unforseen consequences.
I’m still confused why any game having a way to upload a worm into Steam is good and why it was uniquely a GMod problem. It sounds like a case of a problem waiting to happen and the first place it happened to happen was GMod.
sir, this is a wendy’s
Fuck you, take my order, stupid hallucinating AI drive thru working off an 18 year old microphone!
Oh Wait!
You’re closing half your locations after trying to push realtime adjusting prices.
Nah I’m good, I’m gonna be posted up at the abandoned Wendy’s, screaming at it all day long.
Get those pigtails in a hairnet, and my fries in a bag, thanks very much.
And this naïve understanding of infosec somehow makes people forget that this is not infosec, and there is more to anti-cheats than ignoring a client which says its travelling at warp speed.
The Problem is that that would increase the load on the server as well as make latency-mitigation much harder.
As with everything, it‘s always a tradeoff.
The issue with pure client side is latency. At some point, you need some kind of predictive client side to smooth out the gaps to feel playable, but that also can lead to rubber banding and jumping around.
It’s not a motto. It’s a given must design. (I have work context)
They’re totally different scenarios. How is the server supposed to know if a player has (e.g.) walls disabled and knows where the enemies are?
Because the client has to know where the enemies are while still hiding it from the player.
People who have no idea how things work and go off on quotes they see online is why these discussions are useless.
That’s the neat part: you don’t. If their idea of anti cheat means taking over my machine to scan everything that runs on it, it’s a lost battle. Either find a way to do it server side based on behavioral heuristics, or don’t bother.
Oh, so the only options are rootkits and server-side. Weird, I didn’t know the calculator app was one of those.
Because the client has to know where the enemies are while still hiding it from the player.
Why? :3 If a player shouldn’t be able to see someone, just don’t send their location.
But if they’re not rendered, what about their sound effects like walking, or something like their bullets?
This is actually an issue in War Thunder, where if the server thinks you shouldn’t be able to see a tank, it won’t render it, but this also causes it fairly frequently to not play noises from the tank like the engine or shots, and to not render projectiles from them either. So a teammate can die right next to you and you won’t know how because the shot wasn’t rendered on your screen even though you were looking in the direction of the enemy when they fired it. Or a tank with an engine louder than a semi truck will sneak up and kill you because the game simply decided that you shouldn’t be able to hear them.
Just send sounds too
So send their location then, since sounds have to be played from the player’s location in order to project from the right spot.
Only when you’re making sounds. Not when you’re being silent.
Depends on the game but largely enemies don’t need to appear in the client until they’re becoming visible to the player
So the server has to compute whether a single pixel of the enemy’s body or shadow is visible to every client? How does the client play spatialised audio for enemy footsteps if it doesn’t know where they are - does the server calculate that as well?
I mean, if the client is thin, with everything computed server-side, this works, but that’s not what games are.
Easy to say but if you use Unreal Engine it’s very hard to do that. Unreal doesn’t have a built in way to not replicate something not seen and the inbuilt networking is built on any action a player makes is tied to the player. So if you want to hear that player walking or shooting that player will exist on the client.
I love how in every anticheat discussion someone who actually knows something about how games work get downvoted into oblivion.
Finally someone who seems to have some sense of how things actually work and if course they get down voted…
Sure I get why people don’t like kernel anti cheat but they should at least understand the difficulties from not having it.
There’s been an increase in games that don’t give the client full knowledge of enemies. That data doesn’t actually need to be sent to the client if you can do checks on the server to know if they’re visible. Yeah, it needs to be simplified from a full raytraced solution from the camera, but it can be good enough that it isn’t much of a issue, depending on the game.
IIRC, some game (it may be Counter Strike, but idk) only gives your client player data for the “room” you’re in, and adjacent ones, or something like that. You can still see through walls near you, but you can’t see people on the other side of the map.
Yes, there’s always going to be a point where there’s nothing more you can do and you just have to hope for the best, and mitigate what you can on the client. Still, the naive “the client has to know where the enemies are” isn’t accurate. A well designed anti-cheat solution will try to come up with a solution for this. Sometimes it isn’t possible, but often there’s some amount of information that doesn’t need to be sent to players that can be hidden.
If your objection to client-side anti-cheat is that it “doesn’t work” what till you see what server-side anti-cheat fails to accomplish!
There’s no way with a pure server-side implementation to even try to work out whether the client is using an aimbot or wallhack. No solution is perfect, which is why the best solutions try to combine methods.
These people are delusional, don’t listen to them. Their cognitive dissonance drives them to jump through the biggest hoops to defend something that is simply flat-out wrong. You can’t beat most cheaters with a server side anti cheat only, unless you do what World of Tanks does and have everything server-sided which isn’t feasible for all games. Take CS2 or CS:GO for example. The game is riddled with cheaters, despite getting multiple VAC updates this year.
I don’t think it’s cognitive dissonance driving them, I think it’s hatred of rootkit anti-cheat that bleeds into other client-side anti-cheat.
People aren’t very good at separating different but related things, it seems.
Why would you even send the location of players behind walls? You can just do the visibility check on the server first. But hey that’s extra CPU cycles that they don’t want to be spending on helping you.
Visibility check of what?
- The player and their shadow and all visible effects on the game world -> congratulations, now the server needs a GPU per player.
- The player’s geometry? -> shadows pop into existence when the player’s arm appears around the corner, and the server is still way more expensive than it would be
- A volume around the player? -> Still allows a significant advantage, still requires significantly more horsepower, and the client still can’t do spatial audio
This amounts to making players use thin clients and putting all visual and audio rendering on the server if you want it to work and not suck. Will you be happy to save £1000 on your PC at the cost of having games cost £150 a pop? Thought not. Or did you think the “extra CPU cycles” were just free?
Many of the cheater ridden games don’t even do a simple CPU based PVS check on the server side. You don’t need a GPU for this because it’s super fast.
An example of strictness in protection using PVS: https://www.youtube.com/watch?v=8w1ICIBO3D4
Tarkov for example doesn’t even do a super simple check.
Oh and there’s many more performant methods such as https://github.com/87andrewh/CornerCulling
@FishFace @x00z my small thought -> i think today no solution can prevent “cheaters” because you can’t differ “cheaters” from users anymore if they want to.
Here is why ->
One PC is running the game -> a second PC emulates Keyboard and mouse inputs using a CAM (Capture Card) / Sound (microphon / digital capture) and an on the Game trained AI.So what does any “cheat protection” offer if they don’t protect against serious cheating ?
PS: “The only still working protection is lan play with control over hardware / software and players like done on real events”
Yes, there is no way to prevent all cheats. However, to prevent as many as possible, you need to use all available methods. It’s quite reasonable that kernel-level anti-cheat should not be available, as it it’s an overreach and a security risk. However, client-side anti-cheat is not that.
It’s a very hard thing to check for though especially with how complex the world can be in games today. Even if it was feasible you don’t know where a client will be in a few frames so you basically need to do a “what players can be seen from this general location” check. The higher movement speed the bigger of a volume is your possible viewpoint.
This is also ignoring all the things you need replicated even when you can’t see the player such as footsteps or them shooting or interacting with something.
I don’t pay multiplayer. That said, what if there is no anticheat? Would that level the playing field? Let everyone aimbot if they want to.
It will ruin the experience for anyone playing competitively in a ranked mode, which means invalidating that mode entirely. This drives players away from competitive games like CS, Valorant, etc. which is why those games all use anti-cheats.
Similarly if there is a persistent world or some state that the game relies on to make the game fun for everyone, e.g. extraction shooter, MMORPG, etc then if the game state’s integrity is compromised it loses meaning entirely. Imagine playing chess but your opponent can move the pieces any way they like; it stops being a game.
I do agree that games where everyone agrees on cheating should allow it.
You use both server and client side anti cheat.
Using only one will not work the way it should.
That, or cloud gaming needs to replace it.
All client anti-cheat have server components, otherwise they will be bypassed.
Get your anticheat code off my fucking cpu and onto your servers where it belongs.
Garbage games do this, simple as.
Absolutely. You know where all the players are and what they have. Just check if something that the client is reporting is IMPOSSIBLE and kick the player who threw the request. If you have a player who is performing at over a certain level of realistic performance, have someone manually check them to verify they’re legitimately that skilled and if so, flag the account as “actually just that good”. It’s the only reliable solution.
I’m not a gaming dev, but a full-stack web dev; is it not common sense that data needs to be validated on the server side, not client? I don’t really get why client-side “anti-cheat” is a thing, but may be missing something.
Not a game dev either but my guess would be the main reason is server performance/compute cost.
Any checks that are done on the client run on the users’ hardware instead of the publisher having to pay for more/better servers and electricity.I think the disconnect with most other types of developers stems from the respective goal hierarchies. In most fields of computing, correctness isn’t just a high-value goal - it’s a non-negotiable prerequisite. With online multiplayer games, one of your chief concerns is latency and it can make sense to trade some cheating for a decrease in lag. Especially if you have other ways of reducing cheating that don’t cost you any server processing power.
Also, aren’t many of the client side anti-cheat solutions reused in several games? If you’re mainly checking that the player is running exactly the same client that you published, I imagine the development cost for anti-cheat is lower.
TLDR: Money. It’s always money.
I think you’re wrong about one thing - it’s not about compute cost, but about complexity of accounting for latency. You could check if the player can see the enemy they’re claiming to have shot, but you really need to check if they feasibly could’ve seen the enemy on their computer at the time they sent the packet, and with them also having outdated information about where the enemy was.
The issue gets more complex the more complex the game logic is. Throw physics simulation into the mix and the server and clients can quickly diverge from small differences.
Ultimately, compensating for lag is convoluted, can still cause visible desync for clients (see people complaining about seeing their shots connect in CS2 without doing damage), and opens up potential issues with fake lag.
More casual games will often simply trust the client, since it’s better for somebody to, say, fly around on an object that’s not there for other players, than for a laggy player to be spazzing out and rubberbanding on their screen, unable to control their character.
You can also just check 1 in every 10 or 100 player actions
Hello game, yes, I am indeed actually on the other side of the wall, now inside the enemy’s base.
Aimbots and esp is client side only.
hmmm I see; could not at least aimbots still be detected on the server side?
Not 100% no. And any evaluation method you do will either allow more cheaters or catch very good players. Not to say this isn’t done because it totally is just that it’s very far from perfect.
Hell I’ve heard of cases where some really good streamers had to be an a special list of people to not kick/ban from this kind of detection because they’ve repeatedly been falsely detected. If you aren’t a streamer you will have a lot harder of a time to get unbanned though not just because you aren’t famous but also because it’s harder to prove your innocence.
I remember Valve placing honeypots that would be impossible for a honest player to see or reach, and banning in mass the players who fall for it after some time to avoid the adaptation of the cheaters. And that is a cheap yet effect way to clean the player base.
Other interesting strategy is to limit the client information available, of the character is not looking with a scope, the client doesn’t need to know if there is another player far in that direction.
Probabilistic analysis is not the only way.
But I know that some strategies would demand major reworks or good planning from the development phase.
Honeypots are not an easy solution either though unless you only really do it as a one off thing. And to be worth it you have to allow those cheaters to continue for some time before banning. You shouldn’t underestimate how adaptable cheats developers are.
Limiting information is easier said than done especially for circumstances that matters the most. And don’t forget people can still hear others through walls.
What performance threshold should that be? 10%? So 140,000 manual checks of CS:GO players? 1% is still 14,000. How are you going to check those people - go to their houses? If they don’t let you in just ban them? What about people who install cheats that allow them to perform as well as someone in the top 2% but not top 1%? They have a free ride?
It’s not possible to catch all cheats, but pure server-side cheat detection is basically worthless.
Doesn’t CS do it by using volunteers, showing clips to players waiting for matches or something where they can vote if the player was using cheats? I could be remembering wrong though, my CS knowledge comes entirely from watching klicksphilip :P
No, they don’t do that anymore. It ended with CS:GO.
CS has VAC which can issue VAC bans - unless something’s changed. They may also get volunteers to assess stuff idk.
Just look how well this went for Valve & CS2… It’s riddled with cheaters, despite having multiple updates to VAC over the year. This method only works for games like World of Tanks, where most things are server sided.
i wonder if this guy heard about counter strike…
