659 comments

[ 5.8 ms ] story [ 404 ms ] thread
After the crowdstrike disaster 3rd party kernel drivers need to be shunned for non critical applications.

Games publishers have been bad actors in this space for a long time now. The genshin impact anticheat was used in a malware campaign. Rockstar was very misleading trying to imply their kernel driver not being compatible with the steam deck was valves fault.

What decides critical or non-critical.

One could argue that a game isn't critical but one could say it's critical to stop hackers.

If you were to take the stance that gaming isn't critical than with that logic you're then claiming multiplayer hacking is a feature of the game.

Doesn't do well for the community or the company. But nor do the rootkits do good for the consumer.

Critical as in "my gpu is a paperweight without a driver".
GPU driver can technically be userland too.

Look at what Apple has done in recent years. kexts (kernel-level drivers) are basically all but unsupported today, and both DriverKit and IOKit are fully userland.

Performance critical drivers are always going to be kernel mode.
It hasn't stopped hackers though.
at least they need to search more than the first cheat option on google.
To be fair it stopped hackers for a while. Many people said Valorant did not have cheaters.

But nowdays the Valorant community complains about hackers almost as the CS community.

It's because nowadays cheats run on a secondary machine, often a Pi,so rootkits have less impacts.
If they worked to any acceptable level of efficacy then they could be tolerated. They're only tolerated by people who think they work as well as they claim to work (security theater) but anyone who knows about the performance impacts and/or are tech-savvy enough to understand it is a rootkit and potential exploit (that would fully pwn your device) hates them.

Some cheats are getting rather sophisticated now. There's an ever-increasing number of Pi-devices where the cheating is done externally.

https://www.youtube.com/watch?v=QpvwjC1_Luo

https://www.youtube.com/watch?v=revk5r5vqxA

They're also chosen by users when the game is filled with cheater. Counterstrike 2 is an example of this with players moving to FaceIT and ESEA (with kernel anti cheat) as the higher ranks of official competitive matchmaking are filled with cheaters.
FaceIT works better than normal matchaking, but I am not sure is because is a Kernel level anticheat.

FaceIT only sells one thing, matchmaking, so they have people manually reviewing games. A thing that Valve will never do.

That's child's play. The vogue is PCIe devices that sniff draw calls, memory transfers and network activity on the bus.
Performance impact is overblown, it was proven that the lost of perf is marginal when implemented properly.
Proven by who and what proof? Because Denuvo is the only one outspoken about how it doesn't impact performance despite all evidence to the contrary and they provide no evidence of their own beyond claiming it doesnt. Then saying they'll prove it doesn't and then backing out of proving it.

https://www.resetera.com/threads/irdeto-backtracks-on-plans-...

DRM and anti-cheat aren't the same though. That link is talking about denuvo DRM, not denuvo anti-cheat. Also, just because one implementation impacts performance doesn't mean they all have to.
I'll believe it when Irdeto manages to provide any evidence amounting to more than "Just believe us".

Both the anti-tamper and anti-cheat affect performance and it's incredibly noticeable to anyone who isn't building a new bleeding-edge hardware PC every year or two.

What is the name of the tool that he is using on the 2nd link you shared? You know for science.
> one could say it's critical to stop hackers.

It's never critical to stop hackers in a videogame IMO. We need to stop being so damn serious about gaming.

Rampant cheating will wreck competitive multiplayer games fast, so there are perspectives from which this critical.

(I’d still lean towards expecting game houses to find another way, kernel drivers are still client side trust mechanisms).

I think the point is that competitive multiplayer games are not critical. Scripting in e.g. league of legends probably doesn't register on 99% of humanities "top 100 most critical things in my life" radar.
That was my point. We forgot we were gaming, probably due to all the money being thrown around.
No-one likes playing with a cheat in Uno, either, and the table stakes for Uno are pretty low.
For some people it's no. 1 priority in life. What's your point?
The LoL game development studio probably rates their game being a commercial success as a significantly critical thing.
Well, the problem is eventual consistency and these games have a hell to consolidate properly.

One user is on a connection with 10ms latency, the other user is on 50 ms latency. Now, if first user does something, and second user can either do something to evade or can do something that actually prevents the first user from acting, how do you consolidate that?

The actual timestamp of when exactly what happened helps immensely, but you have to trust the timestamp. And how can you know that is not manipulated?

But... that's just the surface. Consider: one client uses a rendering that takes 25ms longer to show up and another client does not render textures/shadows etc. That client is faster and the sender can even send "official" response times, but would still give an advantage.

So, I am not sure this can be solved serverside. But... I don't play these games anymore and would never opt for a rootkit to be installed just so I can play. I can imagine plenty of people, though, who would.

You might be able to match-make between clients with similar latency and then "enforce" that latency server side by delaying things that "happen faster" then the previously measured latency
No, this implies that actions are in response to something. This is not true. I can shoot my gun at any time, and even randomly. It does not depend on an opponent starting to move.
Remember that you don't need perfection: you need people to believe that they're likely enough to get caught that they don't want to use a pre-canned cheat, and you need just enough cheat detection mechanisms to make it hard for people to make new cheats. Not all of that has to be technological: you can spread rumours that your cheater ban waves are bigger than they actually are, for example, and that'll keep more people from even trying in the first place.

You don't have to trust the timestamp - and you shouldn't. You can use a bunch of methods to go from untrusted to grudgingly accepted: requiring monotonicity means cheating clients have to be permanently slower rather than selectively slower. Having tolerances for out of order packet rates or accepted deltas before discarding player actions will have some false positives for players on terrible networks, but will also reduce the impact of any possible timestamp-related cheats.

It can't be fully solved server side, not without sacrificing acceptable performance. I reckon it can probably be dealt with enough on server side to keep cheating to a tolerably low level. It's probably cheaper to just license a windows rootkit though.

If not having hackes is critical for a competitive videogame CS and Dota 2 will be dead.
Keeping cheating to a low enough level that players don't quit in frustration (or never start playing due to bad press) is critical. Eliminating it entirely is not.

Valve added vote kicks to CS to help keep cheating (and other antisocial behaviours) under control - it seems pretty important to them.

> (I’d still lean towards expecting game houses to find another way, kernel drivers are still client side trust mechanisms).

Well, this problem simply can't be solved server-side only. Client-side can't be validated without rootkit (and even then it's not enough, but enough to deter majority of cheaters).

I think you're framing this the wrong way.

Is it fun to be a non-cheater, and join a multi-player game where there are other players using software cheats that let them easily beat you every single time?

I'm pretty sure I would quickly stop playing that game, and demand the publisher refund my money. That's just not fun.

And that's just as a casual gamer. For people who compete and win prizes, endorsements, etc., the stakes are a bit higher.

I'm not saying kernel-level rootkits installed on everyone's machine is the answer, but letting people cheat isn't going to work either.

Community-run and moderated servers easily fixed this issue decades ago. Maybe video games should be fun centers of community again instead of maximally isolating and atomizing skinner boxes designed to make children addicted to endlessly practicing and competing at worthless skills so the sunk cost keeps them buying loot boxes
Lets call them what they really are, rootkits.
This, so much this. Also often spyware.
Can't wait to find out what China hid in Riot's Vanguard rootkit for all their games. It's 100% a conspiracy theory, but nobody can convince me it's perfectly clean, or if it is, that there isn't an easy way to add some power to it quietly.
If I wanted to deploy a trojan horse then the last place I would try to hide it is in an anti-cheat driver that will without any doubt be exhaustively analysed by people attempting to bypass it.
State sponsored actors only target a few people and they only send the backdoored version to their target list.
Ah yes, that’s why stuxnet wasn’t a big deal
What do you mean? They burned several high value 0days on a high value target. Why wouldn't China burn a high value backdoor on a target they deem valuable enough.
Gamers are great targets. They'll disable security for higher polling rates. Not discerning, gladly walk to the slaughterhouse.
There's a ton of gamers that like to figure out how the game itself works. There's a ton of them trying to figure out how anti cheats work, sometimes to cheat, but more often because they're curious, resourceful teenagers taking it as a challenge.
Oh, I know. That's how my career was started. I made invitational in CS: Source (CAL) and then sold cheats to pay for college. My first Real Job was through a teammate.

Far more would have accepted a RAT and been deprived money than expressed genuine interest. Some did... not many. Most wanted the acclaim without the effort.

But also there's parties there with a big interest in circumventing these securities, and have done so for decades. The new release of RDR for PC (shamefully asking $50 for a 14 year old game) was cracked within days, if not earlier, of its releae.
Ah, yes, for most of us, getting our computer pwned is just like being murdered.
l o l

Fine, they'll gladly eat shit

How much shit, and how does it compare to the risk profile of, say, not wearing a five points seat belt and motorcycling helmet while driving, or a bulletproof vest when going to school, or an N95 mask literally everywhere?

Security theorists are always ready to tell us about the horrifying risks of installing kernel-level code from a vendor, but can they actually quantify the likelihood times damage those billions of installations have inflicted on Joe Random's life?

And contrast them to other risks that we regularly take in the name of comfort and convenience?

I'm not really that interested in chasing this, but a point I do want to make: it isn't just risk.

If you want to participate in a lot of these multiplayer games that place cheating far too highly, you can't use a hypervisor. You must have gaming device and computing device. They cannot be the same.

That's fine for most, but I consider it shit. VFIO makes it possible for a big computer to make a smaller gaming one. Ask me how I know.

My greater point is I don't care if I get cheated out of a finals match. I can actually speak from experience. I prefer autonomy over my devices. I kind of want to eat poop with them. A little.

Funny that you initially used "Joe Ransom" as your example name (before your edit), as that describes one of the possible situations our friend Joe can end up in: malware that encrypts all his data and asks for a ransom to get it back.
Its possible. Roughly how likely is that to happen to him from installing a game with EAC? Are there a lot of documented cases of this?

Is it more or less likely than them dying from the 'Rona because they didn't wear an N95 24/7?

China's national security assistance law came up in the TikTok hearings. There's no reason to believe that the CCP doesn't have the legal authority to compel Riot to push an update with a backdoor to a few select high value targets.
Companies rule the United States. Companies that do business in China are ruled by China. Therefore, the United States is ruled by China.
The same line of thinking leads me to conclude that the world is ruled by the United States.

Can we stop with the nationalistic hyperbole already, and discuss acute issues, instead of vague fingerwaving at the foreign boogieman?

I wasn't being serious.

Sorry to offend your motherland. You deserve all the social credit coming to you.

(comment deleted)
If it is written in C you can always introduce a buffer overflow or something similar by just adding a little bit of line noise here or there and nobody can prove it was deliberate.
It's closed source and the assembly is obfuscated. You don't even need to bother with plausible debiability.
Surely the NSA has tools, people, resources etc to figure that out?
Dedicated to reverse engineering every update to vanguard? Huge waste of effort. They would probably just steal the source code.
The NSA just needs a call to Riot headquarters to ensure their rootkit is also included.
The vanguard drivers are signed by Microsoft, the procedure for which includes a safety audit by Microsoft.

The driver is just what the developers say it is (as with all other anti-cheat). It provides an untempered interface for the userland anti-cheat to use to get info from the kernel. Because modern cheats tend to alter the output of kernel syscalls by running in the kernel themselves.

I really don't see why anyone needs to think it's anything more than that.

If Tencent needed to spy on you so badly there's no reason kernel anti-cheats need anything to do with it...

It says something about Microsoft when they OK a known harmful bootkit that expects your computer to act like an XBox with a fancy keyboard (but not too fancy), requests invasive changes to UEFI that have broken systems, and have an overall opacity that rivals an Arthur C. Clarke Monolith.
>The vanguard drivers are signed by Microsoft, the procedure for which includes a safety audit by Microsoft.

Did the crowdstrike driver get the same audit?

EAC and other kernel-level anticheat software will dynamically load and execute signed payloads at runtime. Does Vanguard do this? If so, does Microsoft check these payloads?
> EAC and other kernel-level anticheat software will dynamically load and execute signed payloads at runtime

Are you sure about that?

MS usually don't bother with driver audit... They mostly rely on EV certificate to check driver dev is a proper legal entity.

If they audit properly, they should not let the Asus AuraSync driver certified at the first time. (basically opens PORT instruction to every userland app, unristricted)

Drivers are generally not audited by Microsoft to be signed, you only need to register your EV cert to get it signed. Cheat developers have registered their own/gotten their hands on EV certificates to create a kernel driver cheats. Anti cheat like Battleeye also download anti cheat modules at runtime to obfuscate what they do.
The level of sophistication that can go into a hack when sponsored by a nation-state is incredible. Just remember Stuxnet all the way back in '06 or whatever it was. Tech was a lot less advanced nearly two decades ago. It's not right, imo, to leave your safety up to this process.
I mean, they're not rootkits. Rootkits are either to gain root access (thus the name) or to hide something from a user. Anticheats don't do either of these.

They expose a kernel API to allow games to verify the state of the system, and they're knowingly installed by the user.

> They expose a kernel API to allow games to verify the state of the system, and they're knowingly installed by the user.

Can you give examples of games where you do that?

Riot games use theirs (Vanguard) to improve detection of cheating software. basically the idea is by being on from the moment the computer is booted up it can validate the environment better.

Here's a recent blog post by riot detailing their recent deployment of the system for league of legends, the biggest online multiplayer game in the world

https://www.leagueoflegends.com/en-gb/news/dev/dev-vanguard-...

towards the end it talks about how and why it works

> They expose a kernel API to allow games to verify the state of the system

And that API has root access... thus it's a rootkit.

The API doesn't provide root access, it's typically a simple "is this game running in a secure environment" read API.

I really hate "it's a rootkit!" posts like this because it diminishes the severity of actual rootkits.

Can you please clarify how an API which runs in the kernel does not have root access? Because I don't believe that's possible, but perhaps I'm wrong.
That's the promise of eBPF.
I'm already counting down the days for eBPF to blow up in our face. But admittedly, it's the cheapest way of gaining more capabilities and privileges than you need, thus it's here to stay.
The API itself has root access, but does not give user space root access, is what I think the commenter is trying to say.
How do you think it is able to tell if the game is "running in a secure environment" without having root access itself?
The thing is the Kernel does not have that API.

The real solution, and not the hack Riot uses, is for Kernel to provide an API for anticheats, like it does for everything useland.

That's not really possible as long as the kernel allows the loading of arbitrary user-provided modules. Because the cheater will certainly run the cheat that requires kernel mode. If it's run in kernel mode, the API call can be intercepted.

How does the anticheat then work? Corewars. It's a cat and mouse game between the cheat provider and the game developer.

One would need a secure base layer, where also the MS anti-cheat lives, and all drivers can only run in a layer between this base layer and userland. I think that's already done for most of the graphics stack.

On the other hand, I am not convinced I want a system where I cannot load arbitrary kernel mode code if I choose to do so.

Windows only loads arbitrary modules if you enable some debug mode no? If not they need to be signed. But not a big hoop for cheat developers, they can get an EV cert to sign their own cheat kernel module or abuse a vulnerable kernel module.
That's exactly what I tell my friends.

I can't play certain games, because they don't run on Linux and even if they did, I am not gonna install a rootkit to run them.

Getting a Steam Deck has done wonders for my piece of mind. I don't need to worry if whatever games I'm installing are malicious, because the machine is airgapped from anything critical.
Same, but I am only using it for couch gaming
piece of mind? or peace of mind?

/nitpick ;-)

OP shares with others
And yet you install driver on Linux without knowing it, I mean Linux has 0 security for drivers.
When was the last time you had to install a Linux driver from out of tree?
Most people do install Nvidia’s out‐of‐tree graphics driver. It is definitely a risk.
I am not using Nvidia since 2011. Last nvidia device was bought in 2007.

Back then I migrated to Archlinux and in all these years I only had problems with nvidia. Since then they are dead to me :)

> Most people do install Nvidia’s out‐of‐tree graphics driver

Most people that use Nvidia. I specifically don't buy Nvidia graphics cards or laptops that use them in my Linux computers because they're not in-tree.

It's a risk, but a very minor additional one - if you trust their hardware with direct access to your PCIe bus, you have already given them the metaphorical keys to the vault.
If you've already put a piece of hardware into your computer made by nvidia, installing a kernel driver also made by nvidia does not increase your risk at all.

Installing some random anti-cheat kernel driver is not the same thing, at all.

But you are not installing a random anti-cheat kernel driver, you're installing anti-cheat kernel driver provided by a game you've already put on your computer. It's very much the same thing.
User space is not the same as kernel space.

User space applications can't access hardware or physical memory. They can't bypass permissions enforced by the OS. None of that applies to hardware or kernel drivers.

Where did I say they are the same? We have a kernel-space thing (anti-cheat or gpu driver) and a user-space thing ((a game actually talks to both) that talks to a kernel-space thing.
I understood that you were making an analogy between installing a piece of hardware and its associated kernel driver with installing a game and its associated kernel anticheat.

When you install a hardware device you are trusting the manufacturer with full access to your machine, so installing a driver does not give them any more powers. You have already "unlocked the door".

When you install a game that runs on user space you are not trusting the vendor nearly as much as you are trusting a hardware manufacturer. Installing a kernel anti cheat is granting them a level of trust and access to your machine that they didn't have before.

> When you install a game that runs on user space you are not trusting the vendor nearly as much as you are trusting a hardware manufacturer.

I'm not sure where this trust comes from. I absolutely do not trust any hardware vendor. I just have no choice here.

I've always appreciated the forthrightness League of Legends deployed here (talking about introducing a kernel driver for anti-cheat: https://www.leagueoflegends.com/en-au/news/dev/dev-null-anti...):

> This isn’t giving us any surveillance capability we didn’t already have. If we cared about grandma’s secret recipe for the perfect Christmas casserole, we’d find no issue in obtaining it strictly from user-mode and then selling it to The Food Network. The purpose of this upgrade is to monitor system state for integrity (so we can trust our data) and to make it harder for cheaters to tamper with our games (so you can’t blame aimbots for personal failure).

A few things to consider here:

- This is an abnormal case. Most hardware will work with in-tree drivers. Indeed, few vendors provide out-of-tree drivers for Linux.

- Nvidia is an established and reputable source. We aren't talking about some small hardware developer who doesn't have the resources to create secure drivers.

- Most Nvidia cards have in-tree drivers. There is a loss in performance, but the option usually exists.

Those who do, choose to do so and generally take responsibility for their actions. It's not the same as tainting a kernel and just winging it.
Approximately no one with a Steam Deck installs Nvidia's out of tree graphics driver (because the Steam Deck is built on AMD).
You gotta think about surface area and risk when comparing apples to oranges here.
Hmm, here’s a thought I’ve never had (but might be obvious to others).

Could I run windows as a VM guest under Linux and play Fortnite in that (with good GPU performance)? I don’t mind their rootkit running on some dedicated VM - I’ll just consider it my Fortnite unikernel.

(I’m also ok with the host OS being Windows or MacOS).

The anti-cheat will be very unhappy when it performs a bunch of arcane heuristics and determines it’s running in a VM.
Why would that matter? Pretty sure running in a VM doesn't facilitate cheating.
Running a VM gives the parent the ability to read/write arbitrary memory without [even rootkit] anticheat being able to detect, which can facilitate cheating, and therefore can earn you bans. The whole point of the rootkit is that the game can confirm that you don’t have any way to read/write arbitrary memory.
Isn't Windows running under a hyper-v hypervisor these days anyway?

In practice, I'd settle for a peer Windows OS, like the WSL2 kernel, with the rootkit seperate from my main work one. Can I run two copies of Windows simultaneously as peers?

(comment deleted)
Ultimately, this is why we have consoles. We can have rootkits, or we can have cheating. Nobody has solved cheat prevention without rootkits. If you can, you’d make millions, if not billions. It’s not like the game creators want to have software on your system that has the potential to brick your system.
By this logic wouldn't chess and go need to be played after cavity searches? Cheating is enabled by tech but based on what people decide to do.
Chess and go aren't anonymous at levels people care about, and they don't have game publishers and creators expecting a return on investment.
Not sure if you're referencing it but there was a recent scandal where it was suspected someone playing against Magnus might have had a wireless butt plug to enable some cheating...

The sibling comment makes a point about anonymity, I find these discussions interesting in comparison with the only online competitive game I play these days. It's Tekken, and neither the current rendition nor the previous one had any real form of anti-cheat. For the current Tekken 8, supposedly some players have been banned after manual review from the company of replay data, which of course doesn't scale. But at the same time it doesn't really matter. Cheaters don't seem to be that prevalent, their ability to spoil the experience of a match is limited by the fact that matches are short, and people can spoil the experience in non-cheating ways like plugging, lag switching, using a weak computer, and for some sensitive players they'll get unreasonably upset by ki charging/teabagging/taunting/continuing an attack after KO. The status of the highest rank is also not that much -- the most status comes from performing well at the big in-person tournaments, where it's going to be harder to cheat and players are somewhat de-anonymized. If the positive incentives to cheat are minimized in the first place, you don't need so many negative incentives like rootkits.

(It always amazes me how custom controllers and even keyboards are allowed in fighting game tournaments, officially certain macros are banned and at least for Street Fighter certain modes of leverless controllers got banned, but it'd be hard to perfectly enforce. And it's been hilarious to see the increasing use of fake buttons or controller-hiding covers/jackets because it was assumed some players were able to see inputs out of their peripheral vision before they were registered in-game and adjust.)

Running games in a VM appliance or an immutable container type of environment could be neat. Or some kind of hardware device. Like a console on an expansion card that could enable a secure environment while still letting you use your hardware.
> Ultimately, this is why we have consoles.

Nah. Consoles were a decade late to the online gaming party, and online gaming on consoles (counting Xbox Live as the first concerted attempt) has only been around half as long as consoles as a product segment have existed.

The real solution is games designed for playing with friends and treat all non-friend players as potentially malicious.

Early first-person shooter games had this figured out (small servers with 20-30 regular players, the server admin could choose to ban you), RTS games have this figured out, many MMOs have this figured out (interact with non-friends sometimes, but they have to 'join your party', etc.)

Playing with random strangers on the internet who may want to grief/destroy your game, be incredibly toxic, or cheat against you in general.. that's the cost of playing with random people in a completely public forum.

But people largely want matchmaking. They don't want to deal with having to find a server of like-minded players, they want to hop in a lobby with maybe a few friends, pick a map pool, and go.
This is a false dichotomy. Genshin is single player. Some people play multiplayer only with friends. The only legit use for anti-cheat is competitive multiplayer with strangers.
And in the case of Vanguard, a bootkit.
Cheats and bots are ruining online games though.
Yeah life sucks when everything and everyone has to be untrusted (applies not just video games).

The solution is to build trusted spaces again IMO.

For video games assume that each user is trusted by default. As soon as they violate that trust by cheating, they are banned permanently for that copy of the game. If they want to be trusted again they have to buy another copy of the game to get another license. Make it hard to become a member of a trusted community and easy to be kicked out of a trusted community for violating trust. This would eliminate the vast majority of cheating and bots because most gamers are kids and having to buy a fresh copy will hit hard. If they abuse it enough, make them jump through more hoops like ip bans and computer fingerprint bans.

False positives would very much hurt in that model. But returning to a small multiplayer experience with chosen friends would work: the in/out decision is local and personal.

It’s only a problem when you game with strangers.

This is a naive take. Of course these developers already permaban cheaters. Firstly many of these games are free to play so "getting another license" is a non issue. They're doing hardware bans nowadays which are harder to avoid but not impossible.

Half the battle is detection though. If you don't detect cheaters quick enough they ruin enough games that genuine players start getting frustrated and leave. Anti cheats help with this detection.

Probably every anti cheat idea you can think of, in terms of detection, prevention and punishment, has probably already been tried by a large online multiplayer game. It is an extremely difficult problem to solve, a constant arms race.

It's going on a tangent, but one naive take which continues to amuse me when it comes up is community/third party servers and policing of cheating. As though delegating that responsibility is the goal or that it would scale to handle the size of modern playerbases including the ratio of admins to players to be able to monitor and respond to (alleged) cheaters
With community servers an admin only has to police their server, which is a fixed number. More players, more servers, more admins.
But as gaming has grown and become more mainstream, the ratio of enthusiasts who are willing to admin to casual players who don't has changed. Server sizes have changed over time with smaller games like 5v5 becoming way more common.
It's not possible to completely solve this problem with technology.

High level chess players (GMs) can win with just a few bits of information transmitted to them by a cheating accomplice (a cough if it's a critical position to spend extra time on, etc). Similarly, high level gamers only need the slightest of edges to win, and therefore only need the slightest of cheating.

That's why I think trusted user bases are the way to go. My initial ideas were naive, but I think the core idea is solid. If you had to pay $1000 to enter a "trusted club" which uses your hardware fingerprint, and all of your online interactions in a game were guaranteed to be with other people who paid $1000 to be in the club, would that not be a large deterrent to cheating?

That's just elitist though isn't it? These games are enjoyed by players from all over the world, including massive numbers of players in countries with far less average disposable income. Its common in many countries to go to an internet cafe to play these games as they don't own their own hardware even.

It would also massively reduce the number of players. Competitive multiplayer games rely on large active playerbases for fast and fair matchmaking. That's why free to play has become the dominant model for these games. If you have to pay $1000 to play one of these games, they have no chance vs. the competition.

Obviously you can't completely solve this problem, but you can minimize it as much as possible.

Also these sorts of "trusted clubs" do exist for certain games (e.g. FaceIt for CounterStrike) but ultimately it still just relies on anti-cheat to establish that trust.

Money is just one way of establishing "trust clubs". Time is another. For free-to-play games, you could make it so that users are peered with other users who have put in the same amount of time into the system. So if you've gone a whole year without being flagged for cheating in the system, you'll be paired up with other users who have also gone years without being flagged.

If you create a new account, you'll be peered with other new accounts (low trust). Still possible to cheat, but the cost is very high (years of effort to get accepted in the best trust clubs)

CSGO used to have that, more or less. You could play for free but then you were not in the "prime" matchmaking pool. Only by paying, something like 13€, and registering your phone number, which could only be registered once, would you get prime matchmaking. I thought it made quite a bit of sense but I think they scrapped the system in CS2.
Talking just about games, this really doesn't work with free games. Even if there is a lengthy 'lockout' period from the real game, many games have rampant and cheap accounts for sale and doing so will make the game experience worse.
Perhaps, but it's far better to have cheaters and bots than to have games require a rootkit to play them.
Well no, because they ruin the online experience making people not play the game.

(in theory, GTA online has had / still has huge problems with bots and cheats but still earns the publisher hundreds of millions a year)

They have problems because they're cheap and don't want to pay to host servers. They don't want to let people host their own authoritative server either because of the $billions in fake money.
I understand that cheaters suck. I'm saying that in this case, the cure (kernel access) is worse than the disease.
I think that's a matter of opinion.

Personally I find both unacceptable: I won't play a game that requires me to install a rootkit, and I won't play a game where cheaters and bots run rampant, ruining the fun for everyone.

So hopefully there's a solution to this that doesn't require a rootkit.

You definitely don't play games, this is one of the reasons why people stop playing games.
And Kernel level anti-cheat isn't stopping them.
Back when communities hosted servers instead of companies, it seemed less common, even though it was easier to do.
Because games were less common. If you look at community hosted servers now they commonly have more anti cheat, not less. Counterstrike with FaceIT and ESEA. Even FiveM for GTA V rolled out a custom anti cheat before it was added to the official game.
Life was a bit simpler then. At that point in time the leaders also did not get millions for their wins.
Because those were community servers often built around community. There weren't a lot of them either.

If admins allow cheating - people that want to play would leave the server

If live in a non-metro area, you probably have a handful of server your latency allows you to play on - getting banned would be a big suck

Now you just click "play game" and you get match with some strangers you might never play ever again with. Financially, those privately hosted servers no longer make economical sense for game publishers.

Back then you could just quit the server/match if somebody was obviously cheating (or they got banned).

With competitive matchmaking cheaters can hold players hostage until the end of the match, as leaving incurs penalties and cooldowns that temporarily ban you from playing.

There are also cheaters on old games (Modern Warfare II (2009)) that will inject code into your client to disable the quit menu, so you have to dashboard. I can't imagine what psyche someone must have to not only cheat, but force people to play against them.
That was not my personal experience. CS and Warcraft 3 community lobbies featured rampant cheating. Way more than CS:GO and Dota 2.
This is why I preferred console gaming. You never encountered cheaters until very late in the console's generation. Crossplay ruined that.
> The genshin impact anticheat was used in a malware campaign. Rockstar was very misleading trying to imply their kernel driver not being compatible with the steam deck was valves fault.

I mean, nothing of this is new. ESEA, one of the most influential esports leagues, was caught using its anticheat to mine Bitcoin in 2013. [1] This is long out of control, probably since the days BattlEye switched to ring0 in 2012 due to chronic cheating in the DayZ mod, or maybe earlier. Modern anticheats are full-fledged rootkits with extremely complex and targeted payloads siphoning customer data and hijacking all sorts of stuff, and that's not a theory, they actively abuse players' trust and indifference.

If you care about your data and the control of your devices, you should probably avoid them entirely, or at least use them on dedicated gaming PCs on a clean identity, and keep them separate from your LAN and your non-gaming digital life.

[1] https://play.esea.net/forums/492102

People really need to find a better word than 'rootkit' to describe software that users willingly and intentionally give root access.
I think it's fair to say that a lot of users have no idea they're doing so, hence why changes like the one in TFA are necessary to encourage transparency around these practices
I've ran the installer for Vallorent. I don't remember it telling me it was going to go run code in ring 0. And I would likely have ended the install there if they listed any of the downsides.

For most gamers you'd have to invoke Cloud Strike, to explain whats happening. They play games not study CS.

I agree, we need something that emphasizes that it executes undesired functions. "Trojan horse" would fit better but it's associated with computer virii now. I think I would call it something like "Traitor software".. it generally does the functions you installed it for and pretends to be normal software but then when you aren't looking it betrays you later.
It's quite literally kit running as root...
It's quite literally not. Root is technically a user with extra rights (including modifying the kernel, but there is still an API the root user has to go through). This is running as part of the kernel. It's not running in userland "as root".

A rootkit is something that gives other users the power of root.

That's taking it too far. By that logic, rootkits can't exist for Windows because the super user is called "Administrator", not "root".
Crowdstrike isn't even the worst case. The SolarWinds disaster is the worst case scenario.

You have a closed source rootkit designed for finding data in raw memory (like passwords from an unlocked password manager), loaded into many gamer's machines, which many software engineers are. Some anti cheat explicitly support's arbitrary remote code execution by design. Many people mix their personal password vaults with their company's, which means that if you successfully hack an anticheat company and you can read the raw memory of an opened password manager with a program that is already designed to scan all processes memory, you now potentially have extremely valuable credentials. A small portion will even do things like add their 2fac keys into their vaults.

Here is Gabe Newell's thoughts on AntiCheat that are very relevant to this thread: https://www.reddit.com/r/gaming/comments/1y70ej/valve_vac_an...

Of course the other problem is the 23andMe problem and enshitification. Even if the data uploaded by anti-cheat isn't used right now, the storage of data alone creates incentive for abuse.

Something slightly related happened recently. A bit of malware that was distributed as a mod for BeamNG was installed by a high up Disney employee, who was also logged in to some internal work stuff. The hackers were able to leak huge amounts of company data.
I just want to spam skill shot with ranged-heros on Aram 1-2 times a week. No way I am running vanguard for that!!!!
(comment deleted)
Good, the sooner devs realize they need to do server side properly, the better
I think most of these companies do do the server side properly. There are plenty of hacks that just make a client play ungodly well. Like macros, aimbots, cooldown tracking, auto-hex
I'm not sure about that first part, some of the biggest games like gtav is an embarrassment in the concept of never trust the client.
GTA V is an exception because it's so easy to cheat in. I believe it's peer-to-peer with no verification among peers that what happened should actually have happened. It's basically impossible to secure that.
I suppose that was an intentional choice, I can imagine running the amount of worlds that GTA has (iirc you only have up to 32 or so players in a world? Something like that) doesn't scale well cost-wise. IDK if AWS and co were up for the task yet back when. But since you earn in-game currency, not having a central authority check these things is... an interesting choice.

I suspect GTA VI may improve on these things and have centralised/dedicated/anti-cheat-guaranteed servers. Then again, it never impacted their profit margins so idk.

It's impossible to prevent cheating from the server-side only. Something like an aimbot can operate purely on information you need to have as a client (to render the other players on the screen), and still be a huge advantage because it can respond faster than any human can.
Shouldn't that be detectable?
Without kernel level anti cheat you can detect (some) other usermode cheats, but not kernel level cheats. With kernel level anticheat, you can detect the vast majority of other kernel level cheats. Vanguard is effective enough that most successful cheaters are using external devices and DMA to bypass the kernel altogether (or they just use Macs because Apple doesn't allow Vanguard). And despite Riot's insistence to the contrary, they have not "detected" DMA cheats.
Advanced DMA/IOMMU attacks are hard, soft and firmware specific. In order to detect it, you'll have to do a ton of very expensive work all the while you risk destroying the customers soft, firm and hardware. Good luck explaining the judge what you did.
It should be - if a server firehose streams all players' network data to an analysis thing, it should be able to detect patterns of impossible accuracy and response time, even though there is some margin for error due to e.g. lag and packet loss (iirc intentional lag / packet loss are some strategies cheaters use to obfuscate things like aimbots, e.g. generating movements that shoot someone in the head but holding them back for a second or so so that in theory a competent player could have done the required motions within a second instead of 1/100th thereof)
Nope.

Evolutionary pressures on cheaters drives them to get better.

Eventually someone finds a stable chink in the server armor and it is exploited en masse.

The goal is to make it inconvenient to cheat on average.

There’s probably some ratio of games with cheaters to games without cheaters that players can tolerate that governs this.

On the other hand an aimbot can operate purely on informations you /need/ to send in and out to the physical machine (input peripherals and the screen), so there's that...
I think server side statistical analysis can go a long way to detect stuff like that. Obviously its always a cat and mouse game between devs and cheaters, and there are always workarounds, but theres a lot more the devs could be doing without relying on invasive client side detection.
I think the problem is that that kind of work requires a good deal of developer resources for a long time. What company wants to pay upkeep on a shipped product? You could save hundreds of thousands of dollars a year by shipping a rootkit to players and not worrying about server security.
Any company that makes big money on long-living multiplayer games?
It would not only take a lot of developer resources, but also computing power.
I suppose Valve, who trained a neural network to detect/ban cheaters exhibiting unnatural behavior.
It hasn't paid off very much, CS2 still has a rampant cheating problem. VAC has been a joke for years at this point.
It only needs to be good enough that people keep buying (or not) the Prime when their old account gets banned. There is good reason that it exist, also from cheating perspective.
Because CS2 does not have Overwatch, the AI VAC thing. As far as I know is only enabled on Dota.

VAC is a joke until they ban players and all start to cry on reddit/discord.

BasicallyHomeless did a recent YouTube video on this.
I've always wondered about this too. It should be pretty easy to recognize statistical outliers. I'm sure cheaters would start to adapt but that adaptation might start to look more in-line with normal skill levels so at least the game wouldn't be utterly ruined
This post is so interesting because it highlights the people that don't know anything about the requirements or state of cheats/anticheat. What you're describing is 10 years out of date. Every modern cheat has a toggle, and (almost) every modern cheater masks augmented behavior with misses/native behavior.
This thread is full of armchair developers who see a problem and immediately think, "Oh, it's easy, just do this simple thing I just thought of," as is there haven't been billions of dollars and decades of research spent on this problem.
According to the latest study [1] estimating how much money cheat developers make annually it is an upper limit of ~ $75M. I would say that the very liberal estimation of anti cheating efforts will cost maybe $100M annually. That does not include only research efforts but actual cost of tackle them (extra compute, reviewers...etc). This is unrealistic but even through to reach the point of billions (2-3 billions) you would say that Gaming companies were spending on average $100M since the beginning of personal computers era (on research only). This is not something that is hard to believe even with the most liberal interpretation.

So I think it is fair to say the there haven't been billions of dollars of research spent on this problem.

[1] https://www.dexerto.com/gaming/anti-cheat-study-reveals-chea...

That's only looking at western audiences. In 2020, Tencent said that the cheating market in China is worth $293M annually [1]. In China there are many individual games making billions in annual revenue. PUBG bans over a hundred thousand cheaters every week. I don't think adding up to billions is too farfetched, if you count globally over the decades, although it'd be close.

There are also the costs of the opportunities that cheating prevents from happening. Development would be much faster and more types of games could be made.

[1] https://www.scmp.com/tech/apps-social/article/3099893/chinas...

Thanks for bringing that up to me. I did not include the largest gaming market and it seems more plausible now this the OP estimations make sense.

Edit: I missed that you are the same commenter that I replied. sorry about that

The problem is that most cheaters don't just go full aimbot and track people through walls. That is a surefire way to make sure your account gets reported, reviewed, and banned regardless of what anti-cheat is in place.

Serial cheaters cheat just enough to give themselves an edge without making it obvious to the people watching them. By just looking at their stats, it can become very difficult (though not impossible) to differentiate a cheater from a pro player. This difficulty increases the odds of getting a false positive, necessitating a higher detection threshhold to avoid banning innocent players.

Valve has adapted this kind of thing in Counter Strike for almost a decade.

They try to make own matchmaking for possible statistical outliers so cheaters end up playing against each other. Of course, real good players can still get there and there are (at least used to) real humans on reviewing on those games to see if someone is actually a cheater. It is not a simple task, since you can cheat to be just slightly better than others and that is enough to be good.

Good players are statistical outliers. False positives are hard to avoid with this kind of approach.
You can tune the aimbot to be as good as the server allows, maybe with a bit of variation to throw it off.

And realistically, some real non-cheating players will by chance just have similar statistics to bots, especially since the bots will start doing their best to mimic real players.

Also many players don't need to cheat all the time; just in that critical moment when it really matters. Didn't Magnus Carlsen say he only needs a single move from a chess computer in the right moment to be virtually guaranteed win? Something like that probably applies to a many people and fields. This is even harder to detect with just statistics.

Also also reminds me of the "you can't respond in less than 100ms, and if start the sprint faster than that after the starting pistol then you're disqualified"-type stuff they have in the Olympics – some people can consistently respond faster and there's a bunch of false positives. Not great.

> Also many players don't need to cheat all the time; just in that critical moment when it really matters. Didn't Magnus Carlsen say he only needs a single move from a chess computer in the right moment to be virtually guaranteed win? Something like that probably applies to a many people and fields. This is even harder to detect with just statistics.

The difference is that IRL chess and a typical FPS game have very different availability of datasets. IRL chess has both fewer moves per game, and fewer games played in short succession than typical FPS games. Also, with FPS games there is a single metric to evaluate -- the shot landed or missed -- compared with chess where moves are ranked on a scale.

So I'd argue that it would be much easier to do a statistical model to predict a cheating aimbot than it would a cheating IRL chess player. I don't believe Magnus's proposition holds for prolific online chess players when they do dozens or more blitz/bullet games in a single day.

> Didn't Magnus Carlsen say he only needs a single move from a chess computer in the right moment to be virtually guaranteed win?

That's because he's an elite chess player. Him cheating once per game could make the difference between being number 1 or number 10 but either way he's up there.

But for you or me, cheating once per game wouldn't make a difference. We'd still be ranked as nobody plebs. To get ranked high enough for people to know our names we would have to cheat dozens of times a game, and experienced players would easily peg us as cheaters.

Try cheating on chess.com, if you cheat enough to make a meaningful difference their servers will automatically nail you with statistics.

  Didn't Magnus Carlsen say he only needs a single move from a chess computer in the right moment to be virtually guaranteed win
If we are thinking of the same quote, iirc he said all he needs is a prompt from computer "there is a winning move here"
Yeah, maybe – don't recall the precise quote off-hand. But the gist of it was "I need very little help from a chess computer to have a huge advantage".
Is the main problem with cheaters that it's unfair, or that it feels unfair/ruins the experience?

Because if you force all the cheaters to hide well enough to look like "normal" players, no one will know, and the game feel will not be negatively impacted. Outside of the tippy top of competition where money becomes involved, it's kind of irrelevant if the game is technically fair, as long as it feels fair to everyone.

Client <-> Server architecture can still take you a long way. Culling what you send to the client and relying less on client-side "hiding" of state, server authoritative actions with client-side prediction, etc.

At the end of the day someone could be using hardware "cheats" but you can get down to a pretty good spot to stop or disincentivize cheaters without running rootkits on their devices.

Latency significantly reduces the effectiveness of culling via the server. There will always be a place for client side anti-cheat if games are running on players' computers.
Funnily, for example, using GeForce Now prevents almost all kind of cheats. Maybe the future of the competitive gaming is that you only use remote client for remote server which is hosted by the game company.
Yes, but even some cheats are possible through streaming. Basic things like scripted no-recoil all the way to aimbots based on image recognition. People are even using AI to recognize and highlight players on your screen - and even some built into monitors!
There are hardware cheating setups that utilize an external camera+device with basic image recognition and spoof a normal mouse over USB. From software's perspective, all you see on the client side is normal mouse inputs from a Logitech or razer mouse.

At the very least, this is less capable than wallhacks from reading memory.

Yes, it is true that you can use optics still, but everything memory related is always much more effective and can completely prevented. No need to use rootkits.

I would say that it takes few years still before people have good enough hardware before AI can be used in real-time. You can use OpenCV and train things against specific game to get a decent performance with image recognition, but it is not that reliable.

You don't need a "hardware cheat"; just a program that reads the memory representation of stuff. This is nothing new and already how many cheating tools work, and is exactly what all these anti-cheating things are designed to prevent.
If you try to read memory nowdays the naive way, with cheatengine for exaple, you will get banned in any online videogame.
Even having CE installed on your machine - or software like IDA or Olly back in the day - is enough for some games to immediately permaban you. In some cases, having virtualization enabled and having VM software on disk (VMware, wsl2, etc.) can trip up some anticheats.

The average player isn't a developer and doesn't need such things, so some game devs defer to the side of caution. The false positives are a miniscule and acceptable fraction of players.

if you have a large enough player base to sample, you can determine who is cheating with math. EA Fairplay is pretty good.. Steam's VAC is good, and not some kernel level nonsense..
VAC is absolutely terrible, are you kidding? You have to rage to get VAC banned.
False positives with no process for recourse and nice perfect fingerprinting to prevent ban evasion is better?

I think they intentionally have the knob turned all the way up to 0.1 initially, for PR and lube reasons.

To some degree, yes. But there are actually many cheaters that intentionally don't play perfectly to avoid detection. That way they appear higher skilled but still within human range.
VAC is so not-good that there are not one but two popular third-party matchmaking services for Valves games whose main selling point is much stronger (read: more invasive) anti-cheat than VAC, and one of them even charges a subscription to play, which highly skilled players gladly pay to get away from the cheaters in high-rank VAC servers.

https://play.esea.net / https://www.faceit.com

There is a startup attempting to use ML to find cheaters: https://www.youtube.com/watch?v=LkmIItTrQP4 (this video might be overly optimistic) - https://anybrain.gg

They even claim to be able to fingerprint players according their playstyle, thwarting all methods of ban evasion. Skepticism should be abundant here, but this one of the oldest tricks in ML: categorization/clustering. I'm cautiously hopeful.

This would be server-side by nature.

It makes it way easier to detect it. If a player can pre move their aim to be at the point near where the aimbot would take it by using a wallhack they can hide the action much more clearly. If they're constantly doing 180 no scopes you've got a pretty good indication something is wrong.

Also if your guns aren't _perfectly_ accurate then the aimbot can't actually predict much of anything.

What? The current PC gaming model where things run on a machine controlled by the user is fundamentally against solving the issue of cheats. You can't prevent everything server-side.
It's not about prevention, but detection.
and it is a cat and mouse game between cheat and game devs
I'm not sure what point you're trying to make but in this context there is no difference. If you know someone is cheating, you prevent further cheating by banning them.

Now I'll ask: how do you detect someone wall hacking automatically? No human review and no false flags. Go!

A prevention model would be like the xbox where technical measures are used to prevent user code. A detection model is server side and detects anomalies for bans.
> If you know someone is cheating, you prevent further cheating by banning them.

If you think it's statistically likely that someone might be cheating, but you're not sure, you can matchmake them with other people who might be cheating.

That seems flawed as you would punish people who are playing well. Statistics are great, but you'd inevitably match legitimate players with misfits, ruining their experience.
> how do you detect someone wall hacking automatically?

You don't tell the client the location of anything they can't see.

This doesn't work well in real time games. The client needs to know another player is on the other side of that wall so it can

* Play sounds from their actions * Actually be able to render them when either player comes around the corner without them obviously materializing out of thin air.

Not our problem.

The problem of cheating in games does not weigh more than the users ultimate ownership of and control over their own property.

No one has a right to a business model.

They can do plenty enough server-side. It's not a blocking problem at all, it's just easier to take over all control of the users pc for your own convenience.

Everything, including all valid goals, is easier if you could just have the power to control whatever you want instead of having to cooperate and respect others and respect boundaries. It's no more valid than saying "Everything would be so much better if everyone would just do what I say.". Using that argument is invalid even if supposedly applied in service to some otherwise valid goal.

If a game is overrun with cheaters, people will not play it. You're basically arguing that whole genres of games should cease to exist.
I'm saying no such thing. I'm saying that that wrong is no excuse for the other wrong.

There are infinite ways to attack any problem, and it's not a requirement but a choice to persue only certain ideas vs others.

For instance, these approaches are based on removing agency from all users for the supposed goal of dealing with the bad users.

But there is no law of physics that says that is the only way to do that.

You could go the opposite direction and empower all users to deal with bad actors themselves just like in real life where anbasshole simply gets avoided or punched in the nose, which works by the simple math that the bad actors are outnumbered by everyone else. They still always exist but they are relegated to operating in the corners and shadows.

But their low level presence is a fact of life no matter what. Oppressive regimes don't get rid of them either. The sales pitch is we'll protect you but in fact they don't any better than you could have yoirself.

A company that has an easier option and has no other value meter than money divorced from any consideration of how it is attained, simply has no incentive to bother doing anything but the easiest thing. That's the only reason they want the keys to your house, because you stupidly give them, not because they need them or have the tiniest right to demand them to protect their entertainment business.

We have a working solution that some games still use, dedicated servers with admins that can investigate and ban people themselves. Has its own suite of problems but it works well against cheaters.

But skill based matchmaking type games where you're matched with random people is fundamentally incompatible with this model, that is why the person you responded to you said that you're suggesting that these games should cease to exist.

> Not our problem

It is if you want to be allowed to play with other people because...

> The problem of cheating in games does not weigh more than the users ultimate ownership of and control over their own property

...when you play a multiplayer game what happens on your property affects what happens on the property of the other players and often also on the property of the game company. If you want to be allowed to do that you might have to agree to do some things on your property because...

> No one has a right to a business model

...no one has a right to play any particular multiplayer game.

> The problem of cheating in games does not weigh more than the users ultimate ownership of and control over their own property.

What the users want to use their ultimate ownership and control over their own property for is preventing cheating.

It's not like Riot is forcing this on people against their will, people just don't like playing against cheaters.

The only place I ever hear complaints about kernel anti cheats are people complaining because they want to use Linux and it isn't supported or forums like Hacker News, where people paradoxically care so much about peoples computing rights that they are perfectly happy to limit what gamers are allowed to do with their computers.

What a bizarre take. If people consent to installing these invasive anti-cheat systems, then it doesn't matter if anyone has a "right" to a business model or not; in that case their business model is working.

> They can do plenty enough server-side.

No, they can't. The amount of responses in these threads by people who have no idea what they're talking about is... well, probably not surprising, unfortunately.

This is the same (correct) argument against the effectiveness of DRM: if you put things in the hands of a user and client you don't control, then it is a cat-and-mouse game to try to maintain control of those things.

Sure, a naive cheat program of 20 years ago will today obviously look like a cheater. But if you have a cheat that statistically makes you look like a skilled non-cheating player (these things exist today!), the server isn't going to be able to catch you.

I'm not saying that justifies letting another party install what is effectively a rootkit on your hardware. I personally won't do it; I just live without games that require it, and that's fine. Maybe there is some middle ground where some form of client-side anti-cheat can reliably run without kernel-level permissions. But it's a lazy, ignorant argument to just say that game companies haven't come up with it yet because it's "easier" to write a kernel-level system.

DRM is often removed after a little while since it is meant to delay the cracking at launch, where most people are going to buy. Anticheat is not.
DRM does not help me, the honest buyer, to enjoy the game. Anticheat helps me, the honest buyer, to enjoy the game.

Would I prefer a world where kernel-space anticheat is not needed for the games I like to play? Yes. Is that realistic? Probably no.

I think you merely lack imagination and are simply not the one to ask to work on the problem. I don't speak from ignorance.
The bizarre take is granting a shred of validity to anyone who says "I need the keys to your house and bank account and a webcam in your bath room to protect the marketable value of my game service so that other platers will rent server access from me."
Not all types of games require this kind of anticheat. But this competitive type like CS/Valorant/MOBA games that use skill based matchmaking and rankings does require something that approaches fair play to even work as a produc. So the user must make some sacrifices to get there due how open and easy it is to manipulate things on x86/Windows for the PCs administrator.

Would it be reasonable to only sell this kind of game on console like hardware? Sure, but people have and use PCs and will have to make this choice themselves. And its not like user space software is not bad for privacy as any process your user runs can read all your files and even memory of other processes.

> . But if you have a cheat that statistically makes you look like a skilled non-cheating player (these things exist today!)

Then we've achieved our goal.

https://xkcd.com/810/

I'm not advocating for taking away users rights, just pointing out that the current model doesn't really jive with the desire to stop cheaters. This is going to be a never ending cat & mouse game.
I basically agree with this. Which is why I run a Linux box for gaming, and why I don't play games that have this problem.

I used to play Quake-likes, and there are people who are just that good out there, but it assuages the ego so much more to call them cheaters. I saw this all the time on CS - as soon as someone even halfway good joined, everyone called them a cheater and the game dissolved. I eventually realised that this is not an anti-cheating problem, but a community/personality problem with the people that like playing these games. So I stopped.

It could eliminate a lot of these issues theoretically
I built a dedicated gaming PC a couple of years ago. Too much cowboy coding in the industry for me to feel safe running this code on my main computer. Even games for which I pay have supposedly* been scanning/uploading personal data presumably for some adtech purposes.

Why should I ever trust a gaming company to take security seriously? There was a story a few years ago about how one guy at home debugged GTA5’s atrocious loading times without any resources. Loading times which were notoriously bad and surely had a negative impact on revenue, yet nobody in the company could be bothered.

*Never verified it, but I recall the new owners of Kernel Space Program were accused of reporting personal data files to the cloud.

Oh yeah, that was down to a huge JSON file / slow JSON parser or something wasn't it? That was so bad.
They wrote their own json parser which used strlen() all over the place, which is O(n), resulting in O(n^2) complexity for json parsing. The guy shimmed the function to return a cached response if it was called with the same string consecutively, which it was for parsing the JSON. The JSON contained the items in the real-money store btw.
Why would anyone ever write their own JSON parser? There're countless libs available that are hyper-optimized.
I still hope someday the European Union forces Steam to allow transferring of games "owned", even if it's time-restricted (e.g. can't transfer the same game twice in a month)
Oh yeah, they did rule that you were legally allowed to transfer / resell digital games... but not that Steam & co had to offer the option.
...but you don't buy the game anymore, you acquire a license for using (playing) it.

If you want games that you can re-sell, you will have to keep buying them on physical media (or on appstores that don't have DRM like GOG)

I know, that's why I added quotes around "owned", so in other words what I meant is that the EU should force Steam to create the option to transfer that license among its own users.
Yeah but I can just assume that this would also apply to e.g. Microsoft Windows licenses, and that Microsoft lobbies strongly against such a law (also every other vendor who locks software licenses to a particular end-user or licensee)

Note that I wouldn't very much welcome such a law but I wouldn't bet on it happening any time soon

You can, and people do, resell Windows licenses in Europe. Microsoft seethes about it, but can go fuck itself, because this is legal.
Do kernel-level anti-cheat measures even work if I'm running Steam as a Flatpak + Using the game under Proton? I (naively, perhaps) assumed the security sandboxing model of flatpak would restrict that level of access.
Does any Linux kernel level anti cheat exists ?

If you're running under proton, it can't work. Proton/wine are not virtualizing a windows kernel, they are intercepting syscalls/library calls and running the equivalent linux code.

Some anti-cheat has clients for Linux (the ones that don't generally just disallow playing on Proton). I don't think the Linux ones are kernel level but don't quote me on that.
The biggest giveaway the kernel level anti cheat is stupid is that Easy Anti-Cheat works on Linux without kernel level access.
It only works on Linux if the developer allows it, because it's not nearly as effective on Linux. Rust (the game not the language) uses EAC but doesn't run on Linux by choice for example. Neither does Fortnite. Apex Legends uses EAC and does run on Linux, and now nearly every public cheat for that game targets the Linux version because it's such a soft target.

I don't really like the status quo of installing random kernel-mode crap either, but nobody has a compelling answer for how to not make cheating absolutely trivial without it. Usermode anticheat barely does anything, serverside anticheat can only do so much, and the only other alternative is switching to console platforms which prevent cheating by giving the user zero freedom.

> game targets the Linux version because it's such a soft target.

I was going to say games on Linux should require secure boot so cheat kernels and modules can't run, but then the kernel could just lie about it being enabled.

Most Linux cheats don't even bother with kernel modules, a process running as root can read and write arbitrary memory in the game process without an unprivileged usermode anticheat having any way to know it's happening. It's embarrassingly easy compared to the hoops you have to jump through to maybe avoid detection on Windows.
Right, provenance is an issue.

I suspect the only way that might balance everyone's interests would be to set up a separate OS installation for competitive games. This could be done via bare-metal dual boot, via a hypervisor, or just by having a completely different computer for playing games on (what I have). At least in that world you still have a lot more freedom than you do on console, such as the ability to mod games that don't need anti-cheat (which is almost all of them).

Still wondering what kinda special sauce that Blizzard is using in Overwatch. In my literal thousands of hours of playtime I encountered so few blatant cheaters its probably still in the double digit. Are there probably a good amount of cheaters I didn't realize were cheaters? probably, but does it really matter if you don't realize they are cheating?
PirateSoftware on twitch/youtube talks about his time at blizzard working on catching cheaters in WoW. Their methods are usually about figuring out how they're cheating and what behaviors cheaters follow.

Before overwatch they had years of experience catching cheaters in wow.

(comment deleted)
I've never seen a game request root privileges, and I would think installation of anything kernel-level would need that. None of the steam binaries have setuid nor capabilities set.

Have anyone seen games that request root privileges?

EDIT: I'm gathering from this[1] and the fact that no wine-related package have kernel modules included and no executable from any of those packages have setuid nor capabilities set, that this isn't really a problem in Linux, just in Windows.

[1] https://www.reddit.com/r/linux_gaming/comments/gjzkzk/will_w...

(comment deleted)
Everything says "wants to make changes to your device". I accidentally installed EAC that way.
It's worth noting that when you first install it, steam asks to install a service to assist with its duties, presumably for most install tasks. Steam has been around long enough and that service is now trouble free that it became part of the furniture most ignore as part of the background. That's aside from how users may be trained to hit 'yes' on any permission box that comes up to swat it away and play the game.
> It's worth noting that when you first install it, steam asks to install a service to assist with its duties, presumably for most install tasks.

They do this because Steam was originally designed in the XP era when you could write whatever you want to Program Files without escalating to admin, and instead of refactoring where they put their files when Vista made the permissions more strict they started installing that backdoor service which lets them keep putting everything in Program Files without triggering UAC prompts all the time. It's a pretty gross and unnecessary hack, but I doubt they're ever going to fix it at this point.

I don't think this is why -- Steam actually sets permissions on its subdirectory so that any user can write to it. (This means that while installing mods, for example, I can write to that directory without having to deal with UAC/sudo.)
Although I'm not fully linux knowledgeable, I think they put everything under the user profile in ~/.local/share/Steam for similar reasons so they can do software installs with no elevations. They're not the only ones taking that approach though, it's become common across OSes to offer an easy/quick installer that dumps itself in your user profile because that's seems to matter most to getting users up and running.
The kernel level anticheats are almost always written for Windows. They are relevant to gaming on Linux because those games won't work on Linux even if wine/proton run the user space portions fine
Not on Linux. Things are different on Windows, especially if you wanna play competitive games, I'm told.
From my understanding, if you play an EAC game on Linux with Proton, you're not really running the same EAC as Windows players. You're running a lite version that runs as a regular user and it tries to provide at least some level of protection like verifying game files or detecting anything clearly out of place that it can detect, but obviously it doesn't have the permissions to see everything running on your system or install a kernel module. This does mean cheaters could probably just cheat on Linux to bypass it more easily, so anticheats like EAC will put Linux support as an opt-in toggle which some developers choose not to enable.
Does anyone know whether disclosure of Denuvo and similarly controversial "add-ons" does negatively affect sales? Maybe I am cynical, but I have come to the conclusion that whether it is always online DRM, rootkit-level anti-cheat or the need to have an account for offline play, community anger is often only maintained when a game had other things going against it from the get-go. Not against disclosing this of course, that is a great move for those who actually are willing to walk-the-walk, just asking whether we should perhaps temper our expectations on the impact of such a measure.
The most recent study I saw showed that Denuvo significantly helps revenue capture within the first few months of a game's release

https://www.sciencedirect.com/science/article/abs/pii/S18759...

I can't figure out what that article is trying to prove. "When DRM remains uncracked, we can't detect any losses due to piracy." well duh. Does it otherwise effect sales? Do any small games use it, or just large studios?
[flagged]
As Gabe Newell said "piracy is a service problem"

I could pirate every game I have on my Steam account. I don't do it because the added value that Steam gives me.

> I could pirate every game I have on my Steam account.

According to the CrackWatch subreddit, there were 29 games released with Denuvo in 2024. Of those, only one has been cracked and it was done via a demo bypass [1].

You can pirate many games but not, for example, Final Fantasy XVI.

[1] https://old.reddit.com/r/CrackWatch/comments/p9ak4n/crack_wa...

Maybe I should clarify, I personally can see the value to cooperations of having protections in place during the initial sales period, when these meassures have been shown to make an impact. My comment was more pointed at the fact that of the people I personally know that are very much opposed to the use of Denuvo specifically, very few wouldn't buy a game they want because of its use, yet they still very consistently complain about the presence of Denuvo. Essentially, my point was that from where I am sitting, a large contingent of gamers complain about things without adjusting their behavior accordingly. I also feel (again, purely subjective) that the less someone complains about pre-ordering, the less likely they are to actually engage in pre-ordering.

That being said, beyond the first few months, I remain convinced that overly aggressive DRM does negatively impact game preservation, which is why I like the compromise some studios started engaging in of removing certain DRM meassures a few months post release. I recently bought two racing games from my childhood on eBay as new-old-stock physical media. One of the twos aggressive and no longer maintained DRMs made my Windows VM unbootable and I cannot access the game without relying on the work of pirates in circumventing that.

Also, I will point out that defending DRM as something that protects artists as you did doesn't fully track considering one of the uncracked Denuvo games in the list you linked is Hi-Fi Rush, an exceptional game and financial success that was critically acclaimed and made by talented creatives who are now out of a job [0], not because of piracy, but because of corporate mismanagement.

Whether and by how much DRM can protect profits, we can discuss that for days, but I have yet to see evidence that it ever directly benefits the creatives you mention, not least because outside of corporate games studios, where ones job security doesn't appear linked to game quality or sales, in the indie scene, few if any can afford solutions like Denuvo, so the one place where developers could directly benefit from it, they can't either.

Circling back to preservation, artists generally want to be able to learn from eachother and games outside the current generation can have immense value for that. Even and sometimes especially those games that are unlikely to ever receive a re-release (which often do make changes from the original experience), so I very much feel it isn't optimal if future generations of artist will have a hard time accessing past media due to overly agressive DRM meassures protecting corporate profits within only the first few months past release.

[0] https://www.pcgamer.com/gaming-industry/microsoft-announces-...

I could pirate every game on my collection but one, EA FC 24, wich uses Denuvo.

It also runs very bad, brings my CPU to its knees, and can't keep 60 FPS with a 500$ GPU, maybe cause Denuvo maybe not, but I will think twice the next time I buy a game with Denuvo.

Gabe newell has 0 value in that discussion, Steam is defacto the monopoly on PC, when you make billions by not doing anything and taking 30% on every game it's less of an issue.

The other funny thing is that Half Life 2 came out with full blown DRM that only decrypted when the game released.

A better example would be GOG.
I think a lot of the anti DRM crowd (who aren't just into it for piracy) believe;

1. DRM works (or more precisely, it has gotten somewhat better at working over time).

2. It will proliferate to everything that can possibly have electricity in it.

3. In the long run this will lead to an authoritarian dystopia which will make modern China look nice by comparison.

By 2124, you will own nothing and you will be happy, or the Neuralink Assistant chip you were given as a kid will restructure your brain to "correct" this deficiency of happiness with your situation.

This is only half satire, I do truly fear this is the direction that improved information technology will move the political economy equilibrium.

DRM is not going away because the extra power it provides can be monetized.- Shareholders and investors want money at all cost. Ask anyone in any creative field. Very few are rights holders. They have food on their table despite DRM and their rights being coerced from them.
FYI - Denuvo paid for that study.
Good. I absolutely refuse to compromise my system by using these things. Games should be required to let people know what they are signing up for.

And if that means more companies choose to avoid kernel anti-cheat, so much the better. I'm still mad that I can't play Helldivers 2 - a freaking co-op game where cheaters can't pose a problem - because of this nonsense.

> a freaking co-op game where cheaters can't pose a problem

Winning doesn't give you any permanent rewards?

Why would that matter? If someone gets rewards that they didn't earn, it doesn't negatively impact anyone else.
This is very much welcomed.
I think the population of game developers and their knowledge of multiplayer networking is fundamentally getting worse over time, because I see things that should not be architecturally possible in a lot of newer multiplayer games.

This whole thing anti-cheat thing is just a separate problem entirely, but it's so painfully exacerbated by the first.

The anti-cheat also goes hand in hand with the predatory business models of "always online" and micro transactions. Those things sell because of advantage over other players or just social factors in the case of cosmetics. Wouldn't be as relevant in an offline game. But now, since the game is online (for business, not technical, reasons), we need some way to keep everyone honest.

I'm just hoping this entire business model dies, along with the anti-cheat and everything else with it.

Strange take. These things are being put forward by major companies who hire very good engineers. Riot Games makes the most popular game in the entire world (League of Legends) and they use kernel-level anti-cheating. I interviewed with them and found their test to be one of the more difficult ones I’ve taken. I’m not under the impression they lack the necessary knowledge.
Poor networking -> need for anti-cheat

Does not mean:

Using anti-cheat -> poor networking

Ops comment is absolutely true. Engineers in games who are good have high incentive to 5x their salary and lifestyle by doing anything else.

This was not true in 1997. The industry also just attracts a different crowd, more adjacent to film and entertainment than it used to.

Your interview experience at one company isn’t representative of the entire industry.
I definitely think it's just a business decision being made in some cases.

Your developers have just built and demonstrated a functioning multiplayer prototype. They want to spend 3 months to rewrite some of it for better security, and 3 months to implement the missing features and make it fully functioning. You just got off a call from a sales person for an anticheat vendor who gave you a strong pitch, so you say no to the first 3 months because it's cheaper to just add anticheat than to pay 3 months of salary on this.

The problem is since Valve and Proton made windows games viable for Linux and the Steam Deck, most of that anti-cheat vermin does NOT work under Linux. Even if it did, if you run Linux, you likely take some objection to someone wanting to add kernel modules of unknown and/or ill repute to your pretty open-source kernel.

Valve knows this, kernel-level anti-cheat is simply not practical for use with Linux as a consideration. Most game companies care zero for Linux in the first place, which means for us, we just end up inadvertently boycotting those games and bad-mouthing them regardless, but hey, it's only 1%.

I think the end goal of Valve is to support anticheats in Linux. But they want the Kernel to provide an API for it, so you don't need to run the anticheat like a driver.
But will a canned, defined api ever be good enough? As soon as someone paints a border, someone will step over it. It's the reason security products in windoze as well as anti-cheats require kernel-level access, and why outages like the crowdstrike one a few months ago occur and why microsoft lets it (for now).

It's an arms race, and no api will ever be good enough to keep a miscreant from working against logical choices. If I have to play a game that I have to assume someone is cheating, I really don't want to play that game, or at least with others of dubious reputation. This is why I run my own server for games I like to play with others I trust.

If someone wants to play competitively publicly with anti-cheats, they should opt-in to do so, but I'd like the option to not, and simply play local or private instances with my own general TOS. If diplomacy fails, a ban option for the server.

1.9% already :)
Not a gamer - Is Steam basically a package manager like 'yum' or 'brew', but for games?
Yes, and also a store and a community platform.
More like flatpak/flathub since it has it's own runtime, with the addition of community features and purchasing.
Similar to Google Play with Google Play Services: both an app store and a set of services for games to use
Yes; but more like the apple App Store - they take a cut, and (to some/varying extent) try to ensure some level of legitimacy / quality.
Like 10% of Steam is yum/brew. The other 90% is:

* GUI

* managing installations, including things like Proton to run Win32 games on Linux, and Fossilize to precompile shaders

* bandwidth-saving stuff like being able to transfer games locally

* being able to play remotely in a variety of configurations: LAN, WAN, or having a friend connect to your local session ("Remote Play Together")

* pretty good support for mapping any controller you have to any controller inputs a game wants

* cloud saves

* a bunch of community features like forums and broadcasting

* family sharing

* a VR runtime

* marketing for devs (regular sales, algorithmic recommendations etc)

* an API for devs with various services

* the backend infrastructure for all of the above

It's been around for a long time so it's quite feature-rich at this point. Lots of things that generally make sense to have.

and telemetry
More like an app store, which is really just a GUI/payments/licence layer on top of a package manager.
I hate to say this but a large percentage (in fact, I believe a majority) of gamers simply do not care about invasive anti-cheats. Right now CounterStrike players are mostly begging Valve for kernel-level anti-cheat since their current solution isn't working at all. If anything, this warning will actually make many player's more impressed with the game. That said, more consumer information is almost always better in any case, especially in this case considering that this is not a requirement of law but of a private company.
Prop 65 went great! Let's get a warning out for every game with peer to peer networking while we're at it.
I get the argument, but if that is more than a strawman argument to you, I am bewildered. Making a network connection is infinitely less problematic than having root level access to a kernel (translate to windows language for NT)
> Prop 65 went great!

The secondary effect is that business will stop using processes and chemicals which require them to carry this warning. You've effectively created a new market segment.

Are the labels annoying to the point of comedy? Sure, but it's not /your/ behavior we were trying to modify.

Seeing the warning everywhere has mostly desensitized people to it, which makes it ineffective.
Doesn’t matter in a world of AI powered hacks. Kernel level anti cheat isn’t detecting the yolov8 model fine tuned on the head of my enemies.
This video suggests you can catch this type of cheater without even a kernel level anti cheat:

https://youtube.com/watch?v=x-EbjGSRyKA

There’s a lot of other stuff in the video but if you skip the robot building parts at the beginning he talks about an anti cheat system he developed with another person.

Behavioral analysis (the thing he's talking about) doesn't work that well and has a hard precision limit due to the nature of online gaming. What the player sees, what the server sees, and what other players see are entirely different things. I'm not even talking about plausibly deniable things like visual sound location.

Nobody's using complicated stuff like this in practice though, as there are easier methods. But of course this path can be taken, and it's not possible to block easily.

it's not always easy to tell if it's just a player playing weirdly or a mistuned AI though. Maybe the player just have too low mouse sensitivity so it is always a little lagged, maybe it's actualy AI. There is no easy way to tell, and require manual judgement in a lot of cases.
Aimmy is still undetected everywhere except overwatch last I checked:

https://github.com/Babyhamsta/Aimmy

And it's likely that most detection systems can be trivially fooled by me ChatGPTing the code around the way mouse movements are implemented to act slightly different / use a different compiler or something to get different file hashes on the core tool.

You don't need kernel-level cheats to bypass VAC, nor kernel level anti-cheats to catch cheaters.
>nor kernel level anti-cheats to catch cheaters.

Do you have some examples of good anti-cheats that are not kernel-level? Do you have any that are as good as Riot's Vanguard? I'd prefer examples of FPS games since these are the most mechanically skill based compared to other genres that have more strategy, but would like to hear any examples you are thinking of. Lastly, if you say server-side, that may work, but many companies don't seem interested in it due to the cost, at least IIUC.

As someone that plays CS2 and Valorant regularly...

Vanguard hasn't been effective for a while now. The cheating situation is a lot worse than CS in my experience, but every discussion gets shutdown because... well... it's Vanguard.

With CS2 I have talked to many players about this and everyone says the same thing: "There's a very noticeable decline in cheaters above 10k Elo."... personally I have pushed beyond 15k and briefly above 20k Elo and the amount of cheaters have steadily declined (although less obvious cheats, eg. wallhack, are probably more common at that level) - for Valorant it has pretty much stayed at a constant amount of "cheatiness" across the ranks.

CS actually has a rich history of features, functions, services?... that aren't strictly anti-cheat...

Overwatch gave players the option to "police" others players replays - this wasn't only against cheating, but also griefing.

Prime? Is it still even a thing? It was great when CSGO went F2P... all the cheaters just annoyed the non-prime players (F2P).

The ominous Trust factor which is probably the single most effective piece in making my personal experience great. But there's no real way to tell?

Also, VacNet - which is running? is AI based? banning players? lowering their trust factor?... with Valve there's no real way to tell most of the time, but it's probably existent in some shape, way or form.

Not to say that CS2 has solved cheating, it's far from it - but neither has Valorant.

I have a very hard time believing that the rate of cheaters go down in high elo. IIRC the new CS2 leaderboard still regularly features cheat companies on it (eg. config by [cheat dev] as the leaderboard name.) I myself do not have any data to back up that claim, but yours completely goes against what I have experienced.

I think the point about wallhack being more common in higher elo is more likely. I would add that some forms of trigger botting and recoil control cheats are actually more difficult to tell than wallhacking. Spinbotters don't get very high elo because they get mass reported because of how blatant they are, likely not due to VAC. I would need some real evidence to believe that claim (although as I said I similarly have no evidence myself to convince you to accept my claim).

One thing I can say is that I do frequently meet cheaters in CS these days, and the issue has gotten so bad in my experience that many cheaters even announce at the start of the game that they eg. have wallhack. Or one team member will turn on cheats if a game is getting close towards the end of the game. Also, the main reason FACEIT exists is for its anti-cheat, and on FACEIT there are almost no reports of cheating, and it's a big deal when it happens. If VAC was really working now we would see more people leaving FACEIT. I must ask when you started playing CS? Because the only way your post makes sense to me is if you started playing around the time when CS2 came out, which indeed did have more cheaters then it does now, but that was truly an exceptional level of cheating and I don't think that is a fair point of comparison, especially as a comparison to Vanguard.

I admit to taking claims about Vanguard at face value and I've never played Valorant (in part due to Vanguard, as I don't want to install a rootkit). But what you say about Vanguard also completely goes against what I have heard about it.

You don't have replay in valorant, you can't be sure if the other player was cheating or not, in CS you can
I absolutely support your claims about the leaderboards, it's an obvious show of cheating in CS2. There's also a strong incentive for cheating companies to be there so it might not be descriptive of the average experience. However, I can't speak for that level as my peak was barely over 25k (top 1%?) and the leaderboards are simply orders of magnitude away from that.

Regarding cheaters announcing they're cheating - I haven't encountered that in a long time, but I have heard of it often enough from new players... so it might be an issue with trust factor, but who knows?

I have actually been playing CS off and on since around 2017 - at least in my experience the current cheating situation isn't worse than it was back then, but it's also not better. The only time it was meaningfully better was when prime released around 2021.

However, it's also true that I started playing more after the release of CS2... and the aforementioned 10k Elo mark was a real pain point for me and my friends. Every time we were due to pass it we ran into cheaters, smurfs and even a server crash once (incredible luck?). After over 3 months we made it past 10k and climbed above 15k Elo within 2 weeks. - This is my experience and I have heard similar stories from other players. (Although ranks have been massively imbalanced at that time as well, which partly explains this?)

Nevertheless, it's good to have a discussion about cheating - in CS2's case the experience can be so different depending on the region, ELO, trust factor, ... with Valorant the discussion simply gets shutdown way to often because of "Vanguard" and without a replay system you're just left to your own devices.

They should implement honeypots like they did with Dota 2: https://www.dota2.com/newsentry/3677788723152833273

but yeah I can agree, my friends say CS2 is full of cheaters, I have played 7-12k rating and I got only a few cheaters throughout this whole year of CS2.

and they say they keep playing Valorant because there's way less cheaters than CS2.

Blizzard’s Warden + their legal team. While not strictly an FPS directed solution, I can play Heroes of the Storm in more places without breaking my system like Vanguard does for League of Legends.
My question would be can't the netcode be improved to prevent this in the first place? The fact that all players receive full game state enables this. In the early 2000s this made sense. Does it still today?
That will only protect you against wall hacks. This is a strategy known as fog of war. The server will not send the positions of players far from you. However, you still need to send the positions of players near you, but still behind walls, otherwise lag compensation won't work properly.

This doesn't protect you against trigger bots (shoot automatically when you put your mouse on a target), aim bots (snap to targets, ranging from obvious hacks to very minute adjustments), and others.

> lag compensation

That's already done entirely server side. It could only be. If you mean predictive positioning from the client side you can do that with far less state than gets transmitted today, and you could factor in the other players momentum on the server side to see if prediction would even be necessary in a given frame or not.

The server could also send lots of phantom updates so the player client has no idea which objects are real and which aren't. The hacks could work around this but it would take a lot of power to do so. There's room for asymmetric counterhacks here.

As for the other types of bots those are far less useful and more detectable by naked eye without wallhacks, which ironically, is because lag compensation is server side, these hacks do not have a deterministic outcome when used.

When you look at a video of what a wallhack enables and how much state data gets transmitted that shouldn't be, I would be embarrassed to have such unworthy netcode in the 2020s. They've had 20 years and have done next to nothing.

Not to forget positional sound. Which is real part of these games and for that you need to send some information to clients.
Both CS and Valorant has had it for years, MOBA games as well. It works when you have maps with simple geometry.
(comment deleted)
As a counter strike player, I definitely shy away from the invasive anti cheat stuff… but I’d let valve inject it into my veins if it meant I could actually play and not suspect everyone of cheating all the time. Mostly because Valve has earned my trust. I won’t install games from other companies using similarly invasive techniques though.
While I trust valve, I'm not willing to mess up with my workstation to play.

Also, there's hardware cheats, so I don't need a rootkit on my machine, but a server side thing that properly weeds bad players out through reports/trust and automated bans.

Reports only work so well. Overwatch has MANY cheater in spite of vigorous reporting.
Yeah, I generally trust Valve but gaming is definitely not important enough to me to give them kernel access to my system. I’m sure many gamers disagree with me though.
> a server side thing that properly weeds bad players out through reports/trust and automated bans.

No. No no no.

Automated bans via the report system is very well-known to be abused.

Even if you implement a "trust" system where initially, all your reports are manually verified by game staff until its determined your reports are correct until your reports are acted on automatically, all it takes is a player to just be "good" until their trust is high enough, then start reporting people who don't actually deserve it.

And I'm not convinced that server-side anti-cheat can be effective. You have to rely entirely on heuristics. Sure, a simple aim-bot that instantly snaps someone's aim right on someone's head might be detectable, but one that simply lets you see through walls certainly won't be if the player doesn't make it stupidly obvious by pre-aiming around every corner.

Valve wouldn't purposefully backdoor you for nefarious purposes. But any such code is not nearly reviewed enough to be sure it is free of unintentional backdoors that could be exploited by third parties.
Trust in a company plays a huge role here
I take it community moderation tools like voteban/votekick aren't sufficient anymore?

They worked pretty well for pub matches back in CSS and 1.6, where it was pretty trivial for anyone to cheat or bot for free with minimal effort. I wonder what changed.

In a normal 5v5 match, you need everybody else on the team to vote yes to kick the cheater. If they're queued with someone else (which is very likely) then you've got no chance
But you couldn't. After all, there's a lot of hardware based cheats that even KLA can't reliably detect.

If you're "not sure if someones cheating or just good", maybe that's a mental problem with you? Put differently, if all cheaters were perfectly hidden (aka looked exactly like a real player of that skill level), would you still care? If yes, you seem more interested in a morality than actually enjoying the game.

Do you think a large percentage cares about cheats in general?
Yep. I would call myself a privacy focused person, but given that Windows is the primary platform for PC gaming, and I trust Microsoft about as far as I can throw a their corporate headquarters, the platform is already compromised. Treat it accordingly, play your games. Maybe watch your adult films and write your memoirs on a different system than your gaming rig.
Ideally, players would be given both a choice and a clear breakdown of what’s actually being collected or monitored.
The anti-cheat problem is long-running and complicated. If you choose not to run anti-cheat because you understand that these are opaque rootkits, good for you! That's a totally, 100% valid choice. But please keep in mind:

  - you are a tiny minority and not the target customer
  - online multiplayer games are an absurdly big business (i.e. there are huge incentives here)
  - no, you can't completely solve this server side
  - elite players are insanely good - they are by definition outliers, so looking for statistical outliers is not in itself a solution
  - game companies are highly incentivized to work with (or at least not antagonize) the elite players (so just throwing them in matches with cheaters is not a solution)
  - the stakes are high both for the devs and their users, so "pretty good" anti-cheat is usually insufficient
You can sum things up by saying that kernel-level anti-cheat DRM is the worst solution, except for all of the other solutions.

I hope to see more discussion on possible solutions and tradeoffs - this is a challenging technical problem whose solution (if there is one) is fairly valuable.

[edit: hopefully fixed the tone, per feedback]

Why isn't server-side anticheat a possible solution? Cheats can spoof inputs purely through visual output as well, meaning there cannot be full trust client-side.
Oh it's a solution, it's just worse than kernel-level - as it's much easier to bypass.
Not an expert but I've done a little reading and basically the combination of real time actions and a network makes it intractable, you end up just having to trust the client on some things (or having to make trade offs like a client potentially not having the information needed to display the game state to the player, or choppy/unresponsive gameplay as a function of latency).
>some things

Any specific examples? I hear this said all the time and it's almost never true.

Movement, for example: many decide to just let clients be fully authoritative over their positions and then act shocked when teleport hacks drop. Just keep track of the player's max move speed server-side, continually validate, and flag if they consistently move faster than is possible according to the server. No one is ever saying you have to validate inputs server-side in lock step with zero client-side prediction whatsoever and enforce 200ms of input lag for all players.

It's not teleporting that's hard to deal with, it's aimbots and wall hacks. You have to trust the client with enemy position information that it shouldn't be able to see yet, and trust their shot position inputs.

Also, constantly flying around and teleporting is easy to catch, but using it in small bursts is very powerful and harder to catch.

>You have to trust the client with enemy position information that it shouldn't be able to see yet

That seems like something that would be solvable with location-style differential privacy. Report a number of plausible locations to the client small enough that it can efficiently anticipate them all, but large enough to prevent being able to auto-aim or wall hack. Run some bots or actual player movements recorded from other matches, originating from roughly the same point where you last saw the real opponent.

>constantly flying around and teleporting is easy to catch, but using it in small bursts is very powerful and harder to catch

Even small violations of continuity seem like they'd be observable server-side, no? I've not studied this, but presumably clients must be constantly phoning home with their position.

> That seems like something that would be solvable with location-style differential privacy. Report a number of plausible locations to the client small enough that it can efficiently anticipate them all, but large enough to prevent being able to auto-aim or wall hack. Run some bots or actual player movements recorded from other matches, originating from roughly the same point where you last saw the real opponent.

Has already been done in COD: Warzone. Varying levels of success, cheat developers end up heuristically eliminating fake players.

> Even small violations of continuity seem like they'd be observable server-side, no? I've not studied this, but presumably clients must be constantly phoning home with their position.

This issue usually is game/game-engine dependent and is achieved either by exploiting bugs or manipulating lag compensation. Not exactly a very common thing.

> Even small violations of continuity seem like they'd be observable server-side, no? I've not studied this, but presumably clients must be constantly phoning home with their position.

Jumps in position are not always illegal: network issues, quirks from physics-based forces, glitches in the game, are all very common and can all cause unexpected positions. Differentiating from bannable offenses is not easy. Yes, there's always heuristics you can use to narrow down possible issues, but you have a limited CPU budget: You need to be running multiple instances per machine, each updating 60 times a second, serving dozens of players, sending and receiving constant updates to and from all players 30-60 times a second, while simulating physics, large worlds, complex player states, and synchronizing the states of thousands of objects. It's tricky to get everything right and performant. And people will get extremely mad if you make a false positive.

> That seems like something that would be solvable with location-style differential privacy. Report a number of plausible locations to the client small enough that it can efficiently anticipate them all, but large enough to prevent being able to auto-aim or wall hack. Run some bots or actual player movements recorded from other matches, originating from roughly the same point where you last saw the real opponent.

But what is the client suppose to do when actually seeing the real position? At someone the waveform needs to collapse and reveal the real location. The only way to make the fake locations indistinguishable from the real ones is to make them a real enemy player from the client's point of view. But then you stumble across all these fake enemies that don't do anything? You could place them in unreachable positions so normal players wouldn't ever find them. But then the heuristics for checking if a client "knows" about the position is still quite fuzzy. Also, visuals aren't the only giveaway of an enemy location. Audio is also location based. Playing fake audio would be detrimental to normal players' experiences.

Having said that, the unreachable-fake-player technique is not bad, it can cut out some low hanging fruit. But it's only part of the equation of a robust anti-cheat solution. It's complex to implement and only gets you some cheaters.

A simple example is clock timing in chess, you have to trust the client about when it received and when it sent if you want to avoid treating everyone as a cheater and penalizing genuine latency.

If I remember right an anecdote from someone in the trenches was along these lines for a more complicated real time game, though I think the peer comments have the more typical types of problems. I looked for the thread I was reading this in but came up dry, sorry!

A good anti-cheat solution needs both client side and server side components, they complement each other.

You also need active human involvement, both as moderators and evolving the anti-cheat technology over time.

We're mostly talking about FPS here, you've got 2 main cheat categories: aimbots and esps (visibility hacks)

Esps are purely client side, they read actors from game's memory and draw a client side overlay. It's impossible to protect against these on the server. Even if you had perfect culling from the server (didn't send players behind walls for example) you'd still have semitransparent surfaces like foliage and smoke. There are people making good money in PUBG just making enemy textures that are easier to see. You need kernel anticheat to prevent the cheat reading the memory. Also you want to take screenshots periodically and detect overlays.

Aimbots in the olden days could be detected on the server because their movements were instant, precise, unnatural snaps. But these days cheat developers have wisened up. Again the best protection is to prevent the cheat from reading the games memory in the first place, some anticheats go as far as to try to prevent input from any artificial device (so the cheat can't create mouse movement)

There are also movement hacks, but I don't think that these are really common these days. You can detect protect against these on the server side

Just adding that occlusion only works with games that have simple geometry, 90 degree corners, straight corridors, enclosed areas and no large difference in elevation. So its useful in games like CS or Valorant, but will not work well in open games like Battlefield or Escape from Tarkov.

There's also DMA based cheats that will read memory with another computer which can then output an ESP overlay to a HDMI or DP merge box that will show both the game and overlay on your monitor. They can also do aimbot by adding mouse inputs to a device you connect your mouse.

Websites sell DMA cards and these other devices together.

> I'd love to see more curiosity from the HN community on this.

I'd love to see more curiosity from developers - the disappointment is mutual. Instead of attempting to systematically stop all forms of cheating through innovative or competitive methods, it would appear the industry is converging on dangerous half-measures and excusing it with evidence from a clearly failing system.

What should we, the users, expect? Perfect, cheat-free software that surveils us endlessly, or "good enough" security that lets users decide for themselves which servers are suitable? Let me cast my vote, and I know which ideal I consider realistic and attainable.

> I'd love to see more curiosity from developers

Developers spent millions on Anti-Cheat. It's why entire products like EasyAntiCheat and BattleEye exists.

Valve spent a LOT of time and effort on VACNet, a server side machine learning based Anti-Cheat primarily trained only on CS:GO verdicts and it was awful still.

Developers know the common methods used by cheaters. That includes exploiting known vulnerable kernel drivers to run code in the kernel. The only way to monitor for this is to utilize a kernel module loaded before that of the cheater. That's why the current state of Anti-Cheat is the way it is.

The developers of various anti-cheats like Vanguard have been very transparent about this.[1]

[1]: https://www.leagueoflegends.com/en-us/news/dev/dev-null-anti...

While all of what you're saying is true, I think it is worth noting that historically a large chunk of this problem was solved by communities hosting servers. I agree that in the matchmaking era, remote attestation via kernel-level anticheat is the inevitable solution that you converge to after a few iterations.

And yes, servers would often kick out people who were too outside of the general skill level, even if they weren't cheating. As (say) a p80 player, playing against a p99 player feels roughly as bad as playing against a cheater. (But of course the p99 player is doing so honestly.)

> historically a large chunk of this problem was solved by communities hosting servers

Yes and no.

I lived through that era too, and there are serious scaling problems: at some point, trying to banhammer griefers with rotating IPs becomes a full time job, and then the public servers turn into a dumpster fire.

Yeah, having written that I was thinking about this as well. There's a lot of unpaid labor involved in that model. Maybe, between rootkits and that kind of exploitation of humans, rootkits are the less unjust option.
I'd be curious how many anti-cheat rootkit vendors that there are out there, though. It seems like the sort of industry that consolidation to 3-4 larger, more well-funded vendors would be beneficial in terms of security.

Versus everyone rolling their own or using smaller / cheaper solutions.

Solution: submit them for an account ban.

The games that have the most cheating either:

1. don't do account bans

2. don't limit account creation

You can trivially limit account creation by just charging money for the games.

I think free to play is where the market has ended up.

I get it, though, I kind of stopped playing competitive games after it became all about the F2P grind. Even cosmetics-only F2P hits a part of my brain that I try keeping in check. I just play single-player and cooperative games now.

When one enters the career and/or family stage of life, it doesn't make sense to compete against people who have the time commitments of neither. ;)
Account bans + community servers don't work either, as the chain of custody for evidence is tainted.

I say consteval was caught cheating on the server I run, and that account should be banned.

Am I, my server's admin, lying?

Probably you need some kind of "court" system. Or maybe if enough dedicated servers say you're cheating, they just ban you.

Yes this is more effort but from the company's perspective they outsource most of the effort to free labor. It can probably be abused if enough admins from different servers band together though.

From a labor exploitation point of view it's really hard to argue that that model is better than kernel-level anticheat.
Exploitation is a strong word. A lot of admins like running servers, and some even make money via ads. This is the case in TF2.
Not at all correct! Nothing of what was said is true. The actual reality is:

* Microsoft makes piles of money from Gaming * Microsoft got involved with Gaming to damage Linux adoption and corporate support (Sony/Linux/Playstation) * Microsoft spends massive amounts of attention on gaming to lock in the general public to Windows * Microsoft continues to lose to Linux * Microsoft uses cheating to lie about open source being 'something something' cheaters

The fact of the matter is that Microsoft has absolutely no interest in an open source solution to these problems and are using these issues to lie, mislead and spread FUD in some absurd fantasy world where only some superior microsoft driven closed source solution is the only possible way this can be solved. All of that is a complete lie. Nothing more.

A smart linux and free software lawyer would be wise to file a class action lawsuit for discovery documents inside Microsoft where one would undoubtedly find piles of emails between the executives hell bent on doing everything to damage Linux adoption have stupidly wielded this unidentified axe which is actually a -4 cursed boat anchor.

Anyone that tells you that computer security or trust can only be done with proprietary software is lying to you for their own benefit.

Sorry, where did Microsoft come in? I'm not sure what Microsoft thinks but I do see both the ups and the downs of remote attestation.
> I'd love to see more curiosity from the HN community on this.

These kinds of sweeping comments are as frequent as they are tiring. There are other comments like yours in this thread and yours is currently at the top. It has nothing to do with a lack of curiosity, you’re simply seeing the contrarian dynamic at play.

https://news.ycombinator.com/item?id=24215601

I appreciate the feedback - I've edited the comment to hopefully do better. Thank you for taking the time!
Rejoinder: Blizzard’s Warden. No bootkit, no invasive system configuration required, even plays nice with “niche/enthusiast” platforms like Linux, doesn’t even care if your keyboard isn’t a bit niche too.

Thought: If they expect a console level of lockdown, why do they bother writing for the PC? If I wanted a $game_console, I’d buy the console.

Hmm... isn't Blizzard's main FPS title Overwatch though? Cheating seems pretty common in that game (and there are tons of forum threads where people are complaining about it).
Forum threads aren't a great measure of cheating though, given the toxicity and inability of the average gamer to admit "the other player was better than me."
There are tons of forum threads about gamers complaining about every single game in history. Seriously, most gaming forums are incredibly toxic.
I have about 1500 hours in OW and OW2. I can't recall ever playing with/against a cheater.
> game companies are highly incentivized to work with (or at least not antagonize) the elite players

Actually, this is generally untrue. Companies BELIEVE this but often times, these players are a vocal minority put on pedastal and they often end up making the game worse for the general player base.

Sorry for not being more clear, I was referring to the advertising or promotion that comes via the elite players. Take Valorant, for example. Riot Games leveraged their League of Legends user base and gave early access to high-end players and that apparently played a big part in helping its popularity take off. Now it has a robust presence in eSports, again helped by the high-end players.

It's not uncommon now for popular professional streamers to get early access to new features/modes because the game companies know that those players can help build or retain the player base.

Are they popular because they are the best, or because they are entertaining ?

I wouldn't discount those mediocre (or even outright bad) at the game, but moving huge audiences...

>no, you can't completely solve this server side

This is what every dev who can't be bothered to implement relevancy filters says when their server broadcasts the locations of every hidden player to every other player every tick and wallhacks drop a week later

Exactly what can't be fixed server side? Are you just talking about aimbots and other situations where script kiddies can trivially author bots that generate optimal inputs? Because at a certain point that's more a problem with shitty, boring game design that got stale 20 years ago; if the top of your game's execution ceiling is "can the player click on heads perfectly" you have bigger problems

Relevancy filtering is more for network traffic optimization, it doesn't really help with cheating in most cases. In a FPS, for example, the actors the cheater most wants to know about are almost always also network relevant.

But taking a step back, for fast games (like an FPS), the latency requirements drive you to send semi-secret info to the client (like the positions of other players), and so that's where things start to break down. But the traffic in the other direction is a problem too, as you have all of the scenarios in which the messages to the server (e.g. aim info, timing of weapon of firing) can be spoofed or engineered.

The motivation for the client-side anti-cheat systems is to extend as far as possible the envelope of what is considered trustworthy - i.e. if they can't solve the latency problem, then they try to make the client more trusted.

It's impossible to completely solve the problem, so it's about finding a solution that solves as much of the problem as possible. Unfortunately the main thing going for kernel anti-cheat is that most users don't care that they have to let someone root their machines to play a game, though the tide would likely turn if there were a high publicity exploit.

"All cheats can be trivially solved server side, as long as I exclude all games I don't like, which are also the games where the problem is hardest to solve and most relevant to the discussion."
Server side can not do anything about ESP or aimbot as they rely only in information that the server must provide the to the client. ESP can be curbed somewhat by obfuscating objects not in their view, but how effective this is depends very much on map geometry as the server must send it at some point. It works okay in games like CS/Valorant (that already has it implemented for years) but does basically nothing in Battlefield/Apex/Escape from Tarkov as they have very open maps. Aimbot can be configured to be pretty much indistinguishable from the best players.
Do you think it will escalate to the point that client side checks will be worthless? Say in 5yrs I can let an AI watch the screen and control the mouse and keyboard. From the rootkitted computer, it can't tell I used an external AI to control the USB keyboard and mouse.
Just use local servers and player validation signatures. Faceless matchmaking is bullshit. Local communities win. Don't mix e-sports with casual game-play. Just like you don't need a security detail for the average person, you don't need invasive anti-cheat for the average gamer.
Perhaps true of competitive games. But I find anticheat mainly exists to protect microtransaction games. And generally those games aren't worth playing, so having the little badge on steam can help avoid wastes of time.
Yeah… it’s more that the anti-cheat itself provides surface area for RCE’s than the anti-chest company using it nefariously.
I've just reinstalled GTA V last week and I was very surprised to find out that I now have to install a rootkit to run it.

They had the balls to add a mandatory kernel extension into a game that I've bought 10 years ago and that I wish to play in single player only.

I find it utterly ridiculous. As usual, piracy would have been the superior experience.

Readers can search keyword Grand_Theft_Auto_V_v3095-Razor1911 for further information on experience options.
One of the reasons I run a PS5 instead.

AFAIK, there's fewer cheaters on PlayStation current-gen than on PC, and I don't have to worry about anti-cheat kludges corrupting my "rig".

You mean all the anti-cheat options are pre-built into your rig?
Which is fine on a device that you only use for gaming, or am I missing something?
Well, you run untrusted code in your local network.

Then again, we all trust our "smart" devices even if we really don't.

I suppose a separate network would be the safe option (if you trust your router).

That said, have there been rotten meat attacks using "temporarily above temperature" fridges?

Are vegans just applying a defensive strategy against those?

Not nearly every "gaming PC" is used for only that.

When I grew up, I had one PC to do everything: Homework, gaming, learning to program, storing the single copy of treasured family photos, gaining painful experience in why to make backups before modifying the MBR to dual-boot Linux...

Especially with iPads and Chromebooks becoming more prevalent in an education context, a "gaming PC" might well be the only computer that gives the user full control over it that many children have access to these days.

Computers were much more expensive back in the days and would be obsolete much faster.

Nowadays for 50€ you can have a decent second hand computer with an older gen core i5 and 8 to 16GB of memory. That is plenty enough to run qubesOS.

I get where both sides are coming from.

On the one hand, buying a console and a reasonably spec'd laptop is clearly the better value. I did this during college, and both my laptop, and my console both lasted about a decade without requiring any upgrades. I did this again with the PS4. You wind up spending far less than you otherwise would trying to keep a gaming pc reasonably up to date, and both devices are optimized for their usage.

On the other hand? At some point most of us will realize that we've been successful enough that we don't have to optimize for value, and we can choose 'all of the above'. I now have a PS5 AND a stupidly overspec'd AI / gaming desktop. I've enjoyed having both.

Yes, so you don’t have to run a rootkit on a machine that you might file your taxes on.
I would bet 90% of people here have at least another laptop if they have a gaming PC, if you’re concerned about being compromised by rootkits, just do your taxes on that.
There's nothing "just" about compromising one of my machines so badly that I don't trust it to file my taxes on any more.
So you own one machine and Rockstar owns the other?
Well that was supposed to be the deal with the PlayStation, too.
Yes. It's kind of an odd situation, because it's one where it's a benefit to me if other people are running anti-cheat. A limited sort of remote attestation that the people you're playing with aren't running certain kinds of software that peeks into or alters the memory image of the game or its graphics drivers.
You’ve just got Sony watching over you and transcribing your audio conversations with friends.
“Shoot that guy” “Ok”

Super valuable stuff.

Training data for AI
Sony is training the AI drones for the battlefields of the future from gamer conversations
Can't wait to hear "Who you challin lil bro" as I get shot in the ass by a drone.
Not only future drones will get better at killing you, they will also learn to shit talk after doing that
Or more likely, listening to background noise to spy on what family members are saying and listening for marketing/brand trigger words. It may not be very human audible but if it's machine audible it will probably be scraped.
This is the exact reason why is started with streaming services for games (Gfore/boosteroid/game pass). Next the anti-cheat thing I also spend less waiting for updates. And this way I can still play these games with my buddies.
Add ‘-nobattleye’ to the Steam command-line launch options and you can play single-player without any installs.

(Rockstar really should’ve made this a separate launch option like other games do)

> (Rockstar really should’ve made this a separate launch option like other games do)

This is what happens when a producer's/product manager's cherished KPIs come before UX.

In their mind, adding a toggle in the launcher would lead to lower engagement and player acquisition.

We, the players, fail to recognize how our gaming experience can be enhanced by using social features like leader boards, guilds, or in game chat. We are not enlightened.

Think about all the fun and exciting connections you'd miss out on if all the social crap was off by default or in an easily accessible place.

I'm honestly surprised it's a command line option. My guess is that the requirement originated externally.

If the decision came from an external party, it's likely from publishers
> This is what happens when a producer's/product manager's cherished KPIs come before UX.

> In their mind, adding a toggle in the launcher would lead to lower engagement and player acquisition.

Not "in their mind". It does and they have the data to show it. Very frustrating situation.

It's GTA, if they want to get to Mars... release six there. Just shoot the gold copy out there. People will show up.
Not sure if, at this point, it costs SpaceX more money to get to Mars, or Rockstar Games to develop GTA 6. AAA budgets are insane (with IMO meagre results - I don't like most of them).
A lot of time and money goes into AAA games and I think there’s an inverse relationship at play where the higher the budget is, the more risk averse the studio is. So you end up with a whole suite of AAA releases that all play it safe and just copy small innovations from each other, nobody really daring to push the envelope too far.

I don’t really enjoy those games either any more. Too big, too long, and the gameplay feels more like running errands and checking off a todo list than having fun.

Release cycles in the 90s and early 2000s were pretty tight, slowly getting longer as storage and graphical firepower increased. 3D was totally new and studios were trying out all kinds of crazy ideas for games. These days you can basically expect 90% of mainstream releases to follow the same playbook.

Yeah, it's just me being an idealist and projecting.

I acknowledge what the analytics show, but always allude to the hypothetical casual loner segment who we lack data on because we pushed them away or we don't measure things relevant to them.

I'm a boomer millenial, or whatever we're called now, and never took to online gaming, so I'm part of this segment.

Casual loners are irrelevant to the monetization and in game economy people, resulting in relegation to second class status.

Until someone figures out a way to milk this segment for that juicy recurring revenue, consumable$, $kins, etc..., we must accept our fate, largely an afterthought.

I'm disagreeing with everything you're saying here.

Not because you're wrong.

But because I'm in this picture and I don't like it, and I just found out that "boomer millennial" is a fitting descriptor.

Goddamit.

You’re in denial now; you’ll work your way to acceptance soon enough (as someone who’s done the same thing).
Thanks for the chuckle, brightened up my day.
Yet we are the people who started gaming on PCs -- we made consumer 3D accelerators profitable and spent the time writing about them on forums in the 90s and 2000s. We certainly have the power to move markets.
People who can't be monetized sometimes are valued in their opinions. If someone principled really likes a thing, it can gain more popularity by others who trust that person adopting it. Maybe not loners. But there's still reason to make users happy because viral marketing impact cannot be measured well.
> I'm a boomer millenial, or whatever we're called now, and never took to online gaming, so I'm part of this segment.

And you are not alone - apparently 53% of gamers (total) prefer single-player games, [although this falls to only 30% in the 16-19 years age-group]. https://www.midiaresearch.com/blog/most-gamers-prefer-single...

I wonder how much of this is familiarity (i.e. I play games in the style I did when I was sixteen) versus people in older age-groups having less sustained time for gaming (i.e. grabbing twenty minutes while the baby sleeps) and single-player being inherently better for that use-case.

Part of it is reflexes too. I used to love fast paced FPS games as a teen and was actually pretty good at them until my early 30's. As time went on, I started noticing I was doing consistently worse in 1v1 firefights. I started gravitating towards games that had a 'slower' way to contribute like playing vehicles in the battlefield series.

As time goes on I've gotten more and more into single player games, especially games that let me build stuff.

REAL-TIME multiplayer is worse for that use case. There's no reason a game that is asynchronous, like an old school play by mail game, couldn't be fun for twenty minutes when you have time, and maybe there's a limit or a turn involved so you don't get too ahead, and your partner does their thing when they get time

I have wanted to see a game like that for years and years. I think this is why chess.com is huge with the youths, as it fits my description and is fairly unique -- I just don't personally care for chess.

it's a little old but check frozen synapse - top down tactics games like that have done asynchronous multiplayer a decent bit
This is because the multiplayer games we played at 16 are 10-15 years old. You literally can’t go back to those happy memories again. You play halo 3 today you get wrecked by the people who haven’t stopped regularly playing in over a decade. And when you try and play the latest fps game you go this sucks, its not halo 3.
Government regulation of toxic waste dumping negatively impacts profit margins. We have the data to prove this, very frustrating situation.
To be fair, the societal harm from deciding to play multiplayer instead of single player is probably a few orders of magnitude less than toxic waste in the water.
Granted, but how about the societal harm from an exploitable bug in one or more of these rootkits? Millions of gaming computers could wreck some havoc in the hands of an even slightly creative attacker not restrained by moral or economic considerations…
But that's why the government had to regulate it. If companies have financial incentive to do something they're going to do it, to make them stop that incentive must be removed. I don't think that comment was intending to justify the situation.
That would not be a frustrating situation, that would be a great situation (the harm is being blocked).
People cannot say no if you never ask for informed consent. If the PC is personal then a root kit is a violation.
> We, the players, fail to recognize how our gaming experience can be enhanced by using social features like leader boards, guilds, or in game chat. We are not enlightened.

> Think about all the fun and exciting connections you'd miss out on if all the social crap was off by default or in an easily accessible place.

Were you being sarcastic with these lines?

Call of duty 6 launches the single player campaign from the main launcher and I noticed they advertise the anti cheat stuff being enabled (I forget what it’s called). For a single player game. Smh.
Achievements are serious business
I think it’s also no longer possible to play the single player of these games offline.
Piracy shouldn’t feel like the "premium version" of a product...
But the reality is that it often is.
I have a friend who first pirates a game and then decides whether to support the game creators or not
Yeah, I think this is a good approach, just keep in mind that bought games may not be playable after some time due to silly reasons.
Ownership is the premium version of a product. Turns out piracy is sometimes the only ownership option. Everything else is just a subscription, license, service.
It raises questions about how we define access versus ownership in the digital age.
This is true for watching NFL.

Option 1: subscribe to 7 streaming services which each have some unpredictable subset of games

Option 2: go to some website that has all the games

The MLS did this with their Apple deal (pay a maximum of $120 for a season and you're guaranteed to get every league match of the season through the "TV" app), and it's been reasonably successful. That said, the league used that money in part to bring in Lionel Messi, and his significant international following came along with him, so it's hard to parse out how much of that is because they made the games easy to access (with the significant asterisk that Linux and Android users are stuck with a web app) versus his singular impact.

The other part of this is that MLS is significantly smaller (~$275m in non-team-sponsorship revenue in 2023) than other North American leagues (the NHL, the next-largest league, had ~$6.75b in non-team-sponsorship revenue in 2023), so I don't know how reasonable it is for other leagues to follow the MLS's path.

What's even worse is with this update they completely cut off Linux users. It had been performing better than on W*ndows but they had to ruin the game.

Surely this is foreshadowing the future of GTA VI and will have the same problems of being unplayable.

As he said, pirating is the better option. I'm guessing all pirate releases of GTA V will run perfectly on Linux.
You mean Proton users who have been doing everything they can to shit on the developers releasing native Linux games because "it runs 0.00001% faster on Proton so why bother with a native port". It's not like there haven't been people warning you that no official support means the games can stop working at any time and you won't have any recourse.
So why didn't you pirate it? At some point people need to stop complaining and start putting their money where their mouth is.
It had already been bought some time ago, this was stated as a reinstall.

Using a pirate copy now might avoid the rootkit, but it would not send a message to the publisher as they'll not see a difference between not getting any money for this new install and not getting any money for this new install. Any difference in a numbers-playing stat, if the pirate version doesn't call home to be counted in those, is likely not significant.

I stopped getting Rockstar games for PC when the Steam store page for Max Payne 3 was lying that a rockstar club account was only required for multiplayer. Turns out it was mandatory for single player too instead.

I did get GTA V for playstation, and indeed you can play single player without the rockstar account. Probably Sony forcing them to allow that, I don't think they did it out of the goodness of their hearts.

However, every time you start the game you get a screen pushing you towards multiplayer. And the single time I did click on some multiplayer related options, they spammed my playstation system notifications with 'there are new events in GTA online' even in weeks I didn't start their title at all.

So... good bye, rockstar. Your games are getting too big for their own good anyway.

We need to stop normalizing the idea that businesses can change the offer of a purchased product after the fact.

> These companies are all run by CEOs who got their MBAs at Darth Vader University, where the first lesson is “I have altered the deal, pray I don’t alter it further.”

https://pluralistic.net/2023/12/08/playstationed

Big game publishers will inevitably flex the “we can impose any restrictions we want at any time, go sue us” in your face at some point. Piracy is indeed the superior experience, unfortunately, though I would add a caveat that as a rule it does not apply to indie titles.

(At least while they stay indie… Not long ago I was reinstalling Minecraft after a long break and found out that Microsoft has the balls to demand that I verify a phone number to play a game I bought more than 10 years ago. Like with GTA V’s rootkit, they don’t care if you want to play single-player—once you’re locked out of the loader, you’re locked out and no human will help you.)

Honest question.

Would a Windows10-11 user be able to tell there are "rootkits" embedded in installations, without looking at the (optional) disclosures made available now on steam ?

In other words, what guarantee is there that if i'm buying a game from Steam, or say GOG, that there's no quasi-malware riding along with the game install ?

in general anti cheat will advertise that it has kernel level access and might need admin permission during install

if you're worried about hidden stuff I'm not sure how you could tell

Are these anti-cheats kernel modules? Asking because I only play two games on Linux and they do not use rootkits. If so one could at least prevent the installation using a couple sysctl variables [1]. I do not recommend putting this in /etc/sysctl.conf or in the .d directory as it can break OS updates among other things... I would instead put it in a startup script so that it can easily be disabled and the node rebooted. This would be in the cases the game installer wants elevated privileges and silently tries to install the modules. Obviously it will break the game but maybe that will happen soon enough so that one can request a refund for the games that did not disclose the rootkit. Once these are set to 1 on a running system the only way to set back to 0 is to disable that startup script and reboot as it becomes immutable on a running system. Your OS update tools should also be wrapped to check if this is enabled, warn you and politely abort until it is unset. The failure conditions are not strictly binary and may work, or appear to work until the machine is bricked.

Related to this it may be worth installing something that does checksum snapshots of the filesystems to see if a game has tampered with system files. OSSEC, chkrootkit or even a cron job that just does this manually and runs diffs. While some package managers have this functionality they will usually ignore files outside of the package manifest that may get picked up by the system. Immutable off-system backups are of course good too.

    # do not put in /etc/sysctl.conf, instead use a startup script or a script that is run prior to starting Steam.
    sysctl -w "kernel.modules_disabled=1"
    sysctl -w "kernel.kexec_load_disabled=1"
[1] - https://linux-audit.com/increase-kernel-integrity-with-disab...
There are two trends in the broader multiplayer game ecosystem which I think are worth highlighting:

1. More games are trying to cut costs with ad-hoc P2P servers, meaning that sometimes important logic is occurring on a not-so-trusted machine.

2. More games are using a revenue model which may be threatened by consumer-side tinkering.

For example, imagine a cooperative game that uses a P2P server, and the host has done something to make it much easier for the squad to get a drop of the Super Special Loot (#1) and the rarity of the loot through gameplay drives many players to purchase it though an in-game store.

Critical login happen at client machine is how fps games work at all. It's way too late to judge every hit on server due to the latency. A 40ms latency is 3 frame lag even on a 60fps monitor. And It can be a lot worse in a lot of cases. The server may detect some hit that is too far off and impossible. But it have to trust what client says as long as it is on some reasonable range or the game won't even work.

And that reasonable range isn't that small. It is enough to make every bullet that was supposed to shoot on air shoot on the enemies' heads.

Did you mean to post that to a different subthread?

I'm familiar with FPS networking, however I'm talking about a trend where a customer-machine is designated to act as a game-server, so that the company can avoid paying to host one in a dedicated but more-secure fashion.

If that machines happens to be the attacker's, then their scope for chicanery is so much greater than just wallhacks or aimbots.

For example, they might temporarily or permanently grant everyone equipment that is otherwise locked behind some grind-wall, where the company hopes to make money selling a "level boost". While not totally malicious, it's definitely a "hack" the company will oppose.

kernel level anticheat is not enough.

client inputs have to be trusted, and there is no provenance. the kernel has no visibility of inputs.

i’m shipping a 100 player matchmaking game now. clients tick at 360hz, server ticks at 120hz. fair up to 60 ping, which covers entire continents. servers are metal, not vms. epyc 4244p with 2Gbps egress, 1 server per 15 minute game. mitigations=off and nosmt on all clients and the server.

i love steam, but won’t be releasing this there.

it’s reboot-to-play, a modified archlinux iso that boots directly into the game from a usb drive.

i control not only the kernel, but the os, and every running program. you don’t get cortana. you don’t get discord. you don’t get spotify. you get the game. for the duration of play, your pc becomes an arcade machine.

still, this is not enough.

to play ranked, you’re going to have to get a handcam over your left shoulder. it will see head orientation, both hands, full mousepad, and screen. you’re also going to use fixed mouse speed, mousepad size, and monitor size. reviewing any players inputs will look familiar, since everyone is playing with identical settings and setup.

kernel anticheat is not enough. we need a reproducible full os setup, down to running programs and network connections.

even that is not enough. we need provenance of user inputs hooked right up to the game replay system, so you or anyone can review engagements from any parties perspective.

obviously this should all be opt in. not everyone wants to play ranked, and whole-os anticheat should help even without input provenance.

have you ever wondered if you died to a cheater or a god? do you wish you could never wonder again? i do. soon, i won’t.

I assume this is satire, because nobody would play a game with those requirements.
i would never joke about cheaters, spammers, or other netizens of ill repute.

if this is a challenge, consider it accepted.

link in bio.

I wouldn't be so sure. Life has taught me that people will accept damn near anything in order to get the entertainment they want. If you worked your way up to the point OP describes slowly, over time, I wouldn't be at all surprised if people shrugged and said "it's just what you have to do if you want to play those games".
to be honest, all of this would be worth it just to never have to listen to fortnite streamers whine about cheating/bugs/ping/serverlag/stormsurge/etc ever again. i understand why they whine, but i just don't want to hear it anymore.

i sympathize with their pain, and i have the solution.

You could just not listen to fortnite streamers at all, problem solved. No need for absurd technical measures that are not going to fix anything in the end anyway.
their complaints are valid, and should be addressed. who is pushing the needle with battleroyale? we just accept technical debt as a permanent state of affairs? i think not.
could be made necessary for pro players many of them were caught cheating
I opened the website in his profile and joined the discord.

Yes there's a discord for this.

welcome to the team. reboot-to-play is the future.
honestly, we have consoles for this dude
exactly! what we need is more power, and more mouse room.

anyone playing fortnite ranked already has the needed hardware, and the motivation.

if you haven’t won a solo build game on 1440p 360hz, you haven’t ever actually played a video game.

> if you haven’t won a solo build game on 1440p 360hz, you haven’t ever actually played a video game.

I think this is the most insane thing you've written here today, the one thing I truly disagree with. I'm not sure you even agree with it, given you seem to already understand well the difference between casual, competitive, and hardcore competitive play. But are you aware of solo play?

the distinction i’m trying to draw, is that while the term gaming is beloved, it is a very large umbrella. i don’t have a new term to offer, but i stand by what i said. 1440p360 solo build win IS a different type of thing than launching a rocket in factorio. we are going to need new terms.

it’s not about casual vs competitive. it’s about how the game feels to play, and how the adrenaline hits your blood stream.

All of this, when you can just play on console. I know cheaters theoretically exist there, but in low enough numbers on my PS5 games that they don't impact my user experience.

Kudos to your insane game plan. Gonna be hard to get any marketing from Twitch streamers though.

thanks! if the plan isn’t insane, why bother.

ps5 can’t play 360hz and can’t use performance mode graphics. consoles are great, but esports will always be on pc.

input cheats are common on pc and console, there isn’t a difference anymore.

dual pc streaming will work fine. maybe we include obs in the iso at some point, but probably not.

also, this game is mnk only. next game will be controller only. gotta keep inputs standardized or fair play isn’t possible.

> thanks! if the plan isn’t insane, why bother.

This is the only reason you need to keep going.

> ps5 can’t play 360hz and can’t use performance mode graphics. This [0] is your game. Without running it (because I'm not installing your OS on my machine, no offence) there's no reason that wouldn't run at 360Hz on a PS5. A PS5 is an 8 core machine with a dedicated GPU; it's going to be vastly more powerful (and has the advantage of being standardised hardware) than the random beater laptops your players are going to run. If you're talking about rendering at 360Hz - How many people realistically have that sort of monitor? And if they need to splash out £250 for it, we're getting close to the price of a console _anyway_ where you can play other games too.

> consoles are great, but esports will always be on pc.

Except for fighting games, sports games, and most importantly CoD.

> input cheats are common on pc and console, there isn’t a difference anymore.

Theoretically, yes. Practically speaking, input cheats are widespread on PC, and non-existant on console. (that's not to say XIM and co don't exist, but they're nowhere near the adoption level that's seen on PC).

[0] https://better.game/#/

i mean, i haven't built an os. it's just standard archlinux with minor conf. my binaries will run, but they would regardless of the platform.

i can't tell users to go into bios and turn off smt. i can tell them to boot an iso, and have it preset to do that via kernel cmdline. owning the os means i can tune the network stack, the os, the kernel, anything that helps performance. the game itself has minimal config, only keybinds.

i'm really targeting one player base: fortnite ranked/competitive players.

fortnite competitive does exist on console, but barely. it's an after thought, and the game can barely run, even on ps5. most importantly, it doesn't let you set graphics to the settings every pro uses. on console you have default high graphics. all serious players migrate to pc.

the game will run on beater laptops, but it's not a great experience. the players i'm targeting all have desktop pcs and 1080p240 monitors already. if i can get 1% of 1% of fortnite ranked players to try, that would be inglorious. if it's just me haning out with 99 aws servers, that's fine too.

i want there to be an on ramp for new players, but optimizing for low end spec is not a goal. especially with 100 players all standing next to each other, low end hardware falls over. will probably have to limit to 50 or even fewer players depending on how much low end hardware shows up to play.

input cheats are common on console for fortnite, i'm not sure about other games. reads video from hdmi, mitm controller outputs. multiple generations of that, some of it works on pc too, and then pc has a whole new host of similar tech.

input provenance is the only real solution that i can see. the rest is shadows on a cave wall.

> can tell them to boot an iso, and have it preset to do that via kernel cmdline. owning the os means i can tune the network stack, the os, the kernel, anything that helps performance. the game itself has minimal config, only keybinds.

I think this is an interesting idea. Lots of things we do are done the way they are because they've always been done like that. "Turn off Antivirus" has been common advice for PC players for as long as I can remember, this is a neat way to handle all of that stuff by default (nobody needs windows search indexing a scratch folder for a video game).

> most importantly, it doesn't let you set graphics to the settings every pro uses. on console you have default high graphics. all serious players migrate to pc.

One of the reasons people migrate to PC is _because_ of the customization that you're locking down.

> reads video from hdmi, mitm controller outputs. multiple generations of that, some of it works on pc too, and then pc has a whole new host of similar tech.

How does your system defend against a HDMI capture device and a USB device that pretends to be a keyboard?

where we are going, we don’t need graphics config. cyberpunk and cortana will always be there, only a reboot away.

handcam anti-cheat and the replay system is how we deal with non-human inputs. ranked only.

in pubs, you may encounter a cheater. hopefully owning the whole os makes that easier to detect, but i’m not sure it will.

What an incredible testament to the lengths men can be driven by spite.

I would like to try your game, sir. But my problem is the people trying to take over my computer. I am not going to solve that by letting you take over my computer.

Let's talk system requirements- could I get away with running it on an old junker laptop?

possibly, depending on the gpu. wickedengine requires modernish gpu.

spite was definitely a part of it. at a certain point while playing and watching fortnite solo build, i wondered why there are so many bugs and if i could fix them. i wanted to understand why ping advantage and storm surge have to exist. this game was my journey to find out. it has been a privilege and a joy every single day.

as far as security, you’re asking the right questions. the typical gamer showing up in my discord doesn’t, so i guide them to them.

if you boot my game, you’ve booted an archlinux iso. what could i do? i could read/wipe your disks, so you should make sure they are encrypted/backedup. i could probe your network. i could maybe even install bios level persistent malware. i could do anything a userspace app with admin can do.

none of this is different from a windows app as soon as you click yes on the admin popup thingy which every multiplayer game needs.

reboot-to-play is better, because assuming you use bitlocker, i can't read every file on you c drive, unlike every game you've installed from steam. i also can't mess up your windows registry, or any other os config.

the reboot-to-play build process is not yet open, but soon will be. even then, the game binary it will download and run is not open.

this and more is explored in the faq on the games site, let me know if you want more answers up there!

the purpose of reboot-to-play is not to corrupt your disks. its purpose is to get all players into an identical state, for fairness, and to avoid finicky windows tweaking for performance. everyone’s pc is a special snowflake. what we want for multiplayer is identical arcade machines. every time you boot, you're in the correct state.

running software is ultimately about trust. you can trust epic, or riot. you can trust steam or apple to vet user provide apps. you can trust me.

do you want to trust me? that's up to you. i would say, wait for launch, watch some streams and videos, and see if it looks fun!

launching soon. working through final matchmaking issues now.

While I appreciate the lack of self promotion, I don't see any name or link for your project in either comment. Can you share one? I'm sure I'm not the only curious person.
DOS era "insert game disk 1 and reboot to play" vibes.
building an archiso, flashing it, and then booting is very satisfying.

[x670e][~/repos/WickedEngine/Protoverse/reboot-to-play][better-game][us-west-2][-][master]

>> bash flash.sh /dev/sda 1224736768 bytes (1.2 GB, 1.1 GiB) copied, 52 s, 23.3 MB/s

[flagged]
handcam anti-cheat is the future.
[flagged]
then they are not ranked ready, and can play pubs.
How does that scale? Handcam anticheat works well for exams and Olympiads where there's limited people and plenty of time to review footage after it's over, but I can't imagine it would work well on Fortnite or Counter Strike unless you staff entire offices reviewing footage full-time. Though I'm also doubtful there'd be many people willing to run an untrusted OS on their computer just for a random game so maybe you wouldn't have that much footage to begin with
the plan is to let users report bad engagements.

when you lose a fight, you drop into replays without leaving the game. scrub back like in a video editor, and watch the engagement from the other players perspective. the handcam footage is available here. cheating should be obvious. report or no, then return to the game, where you can spectate the rest of the match like a ghost.

fortnite replays are commonly used by pros, but less so by more casual players. their main issue is that you have to leave the game to get to replays. they also only kind of work, and don't show full server fidelity. our server ticks at 120hz, and replays are full fidelity.

lots to figure out still, but that's the idea. ranked won't launch for a while, but i wanted to design around anti-cheat from day 1.

failure is a distinct possibility with this game, that's ok. success would be interesting too.

i'm not quitting the day job to build this game. if it never makes a dime that's ok.

i started this to study fortnite and understand it's tradeoffs. turns out, it's mostly just tech debt and accidents of history. i wanted to see if i could do better, and i could.

very interesting approach here, but i wonder if steam could provide a way to distribute this game in its current form.

maybe a generic steamos image with console-level isolation, and make the game steamos-only perhaps?

no offense, but there might be a sliver of the pie that don't like cheaters but also don't mind running something as invasive.

i might distribute a usb flashing downloading thingy in steam, but it’s not a priority.

the goal is to be minimally invasive. you don’t have to install anything!

i don’t fight your misconfigured pc, you don’t worry about me scanning your c drive.

nothing to install, configure, save, or lose.

How do you stop anyone from modifying the image?

Can you stop them from using DMA hacks?

Can I boot the image in a VM?

not possible to stop modification, but i will be heavily surveilling the system, and i know exactly what it should look like. the process tree is known in advance.

handcam anti-cheat and replays will handle provenance of inputs. non-human inputs are cheating.

you could try to boot in vm, but performance will suffer. the server moved off vms for the same reason.

the only thing i really care about is non-human inputs. if you get really creative with booting the game, and aren’t nefarious, i’ll set phasers to stun.

Anti-cheat is always an arms race. A modified image can report anything it wants to your surveillance.

That said, you can win that arms race for a while by doing something sufficiently innovative, different and specialized and you may have that here. I doubt this approach offers a permanent solution though.

Edit: I do think there is a lot to the idea of not trying to put all players through the same level of anti-cheat security. The anti-cheat needs of competitive players is very different from casuals and offering different levels of anti-cheat based on those levels. How amazing would it be if other games did the same and let players choose the level of anti-cheat to use and to require.

eventually gen-ai may be an issue, but we’ll have to see. likely it will always be asymmetric, easier to detect than create. it will make cheating more expensive at a minimum, flawless live video at 1080p60 matched to game inputs will cost gpu time. then we turn up handcam fidelity. 120fps. 1440p. the sky is the limit.

handcam-anticheat is ranked only. pubs has good old fashioned try-our-best anti-cheat. aka thoughts-and-prayers anti-cheat.

Hey man I just play games to have fun. I guess fun isn't for everyone.
outlandish. i will get laws passed that require you to play and enjoy my game. how dare you, sir.
Making a webcam work on every hardware configuration is very difficult. I don't think this is possible.
really? usb webcams? i suppose it’s possible, but this seems unlikely.

very well, ranked will then require specific hardware. i’m gonna have to build more test pcs. 9800x3d 7700xt b650m looking pretty clean.

Is there a system in place for when my identical brother who is leagues better at your game than me hops on my account and proceeds to mop the floor with the competition?
For most games these days there is thanks to skill based matchmaking. Your brother will be matched up with people in your skill bracket and will absolutely wreck them. Then whenever you get back on you will have moved up in skill thanks to big bro and will now get wrecked until you get tossed back into the lobbies you belong.

People generally hate this though because for one it makes most games into way too serious sweat fest with everyone so closely matched. And for two it doesn’t even stop the entire reason it was built which was to protect the noobs. The elite players can just tank like an nfl team for a few rounds and go back to stomping noobs.

Thanks, although I was joking since I thought I was responding to a satirical post. Turns out OP is developing such game for real.
sbmm wouldn’t fix this, as skill is at the account level and changes slowly.

what does fix this is handcam anti-cheat, which makes it trivial to identify the operator by their hand movement patterns, arm size, etc.

you can review not only the match you are in, but all previous matches. full fidelity replays + handcam = a brave new world.

account sharing is not allowed in ranked. in pubs, go crazy.

Cheating is a human problem. The technology just makes us feel in control.

I will not be playing games that make me feel like a prisoner. The experience taking standardized tests is enough for one life.

i respect your feelings and your choice. happiness, privacy and security are important.

there are however legions of fortnite players who would mortgage their lives for a better game. a handcam without audio during gameplay seems a more reasonable and low price to pay. time will tell what gamers think! very exciting.

Valve now catches cheaters using machine learning, which analyzes the demo. Apparently they catch a lot of cheaters this way, and it's more reliable than player reports.

But to be really honest: it's impossible to prevent cheaters. The only way is to play with friends, or to change the incentives of the game where it becomes less interesting to cheat.

For example, a game like counter strike will have a lot of cheaters because you can earn skins and sell them. There are also a lot of players who will buy cheats, because the game is just so popular.

The game design and engine design can also help to prevent cheating.

Honestly, you cannot solve corruption, you need to change the game or the players.

In my view, the Counter strike community is quite toxic, but very profitable for valve, which is why they don't care if their players behave poorly. CS is a nice game but human nature is what it is. You don't find recommendable people playing CS, most gamers play something else because that community is just so terrible to interact with.

i’m trying to align monetization and all other incentives in the direction of a better game.

yet cheaters will still cheat.

non-human inputs IS cheating. period. there is no information cheating possible in this game.

input provenance is the only anti cheat that has a chance.

full fidelity 120hz server replays with handcam seems a good place to start.

we’ll see how it goes!

I'm booting your OS in a stealthy hypervisor and operating my cheat logic from there.
and i will award you cash from the bug bounty pool!

then you will be banned from ranked, unless you have a clever way to synthesize perfect handcam video.

in which case, you get the entire bounty pool and 10% profit for 6 months.

then you will be banned from ranked.

the bugs won’t discover themselves. i salute you.

They didn't already? O.o I thought Steam was better than that.
I built a separate Arch Linux box just for Steam gaming. I will never log into any of my sensitive accounts -- email, banking, etc. -- on that machine. It's a Framework laptop so I can physically keep the camera and microphone disconnected. I basically treat it like a public terminal.
This is the way.
Yep, same here. I have a dedicated gaming machine because I’m afraid to expose my banking information.
dedicated hardware is a good idea, but too expensive for many. dedicated os is a good first step.
Do you truly expect any steam games to have anything like a root kit that’d exfiltrate your credentials?

I feel if this were the case literally anything I install on my PC would be suspect. Installing ssh would be a much more scary thing than a random steam game.

No, he expects the root kit will open up his machine to automated worms.
The concern is that malicious actors can take advantage of what is certainly a poorly written rootkit.
>Do you truly expect any steam games to have anything like a root kit that’d exfiltrate your credentials?

https://www.bleepingcomputer.com/news/security/steam-game-mo...

"Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.

Once installed on a compromised computer, the malware will collect cookies and saved passwords and credit cards from web browsers (Google Chrome, Yandex, Microsoft Edge, Mozilla Firefox, Brave, Vivaldi), as well as Steam and Discord info.

It will also look for documents containing 'password' in the filenames and for more credentials, including the local Windows login and Telegram."

That's not a steam game, that's a user mod (read: random binary downloaded from the internet and executed). Also, it doesn't need kernel level access to do any of that stuff, it can get by just fine with normal application level permissions.

This is no different to downloading a random binary off the internet and being surprised it's malicious.

I've been wondering is how long before we get a 'PC-console' dedicated gaming device, there's certain aspects where PC is falling into the gravity well of the console model. Whether that's the technical aspects like how far you can lock down for security (and who's security) or DRM, whether people only want a nice front end, whether everything should be managed by a defacto 'good' platform holder versus allowing companies to do their own thing (clients or commerce). At some point such a thing looks like a more expensive ultra-pro console.

Then that has to be balanced against the freedom aspect where people want flexibility to build a workstation how they want and do what they want on it, and expecting it all to work (windows games being supported on non-windows is a more common issue now). PC casts the broadest net and catches a lot of different desires, similar with how high-end and low-end seem to be splitting over the past ~5 years rather than being a continuous spectrum I wonder if there will be distinct types of PC for gaming (eg set models like the old Commodore Amiga) or if trying to resist splits does more harm than good.

Speaking for myself, I would never buy such a thing. The reason I game on PC is because I need a decent PC for work anyway, so building one that can also game is cheaper than buying a console.

If I was really concerned about security I'd sooner dual boot into a second OS that had nothing on it, than buy a second box just to game on.

Yep, a lot of this comes down to "who's security" and what everyone can take as a foundation to build trust upon, or what their thresholds are
That's what "steam deck" is. A dedicated gaming device that is still also a general purpose computer that you have full control over.
> root kit that’d exfiltrate your credentials

Yes. I truly believe some janky random anti-cheat kernel module could very well capture telemetry about my keystrokes to a log and then send that log off to a server.

At the very least I don't trust that it's secure enough to be in the kernel of a machine for which I require any degree of trust in its integrity.

at that rate why bother using arch for the box? unless you never touch online multiplayer games, i can understand that it probably works for you.
I've heard good things about the Framework laptops from a modularity perspective, but how are the thermals? Can it have a dedicated GPU?
so anti-cheat, but not drm?