Slashdot Mirror
Combating Cheating In Online Games
mors writes "Gamasutra has an article about how game developers can make life harder for people trying to cheat in online games. It analyzes various ways of cheating, and how they can be made harder. It does stress that cheating can never be eliminated (at some point you need to trust the client machine, so crypto is not the ultimate solution), but can be made considerably harder."
I mean, who are we to criticize, but it does sort of suck when they only post x number of articles each day -- and one or two of them are often spent on news already reported on Slashdot before.
---
seumas.com
I find the hacking game clients far more exciting than using them to play the game.
Does my bum look big in this?
Spawn camping is definitly cheap, but there are other places where you can camp then at spawn points. I don't see anything wrong with someone find a place where they can stay hidden and still get some kills in. Other players should be watching around them. These are 3d games, check everwhere!
treke
...if he weren't using the Automatic Complaint Generator
- Consult the dictionary frequently to avoid mispelling
The problem was easily delt with by using authenticed binaries to prevent code modification.
That wouldn't fix the Counter-Strike Aimbot problem, it would just make it orders of magnitude harder to write, assuming they also turned off the ability to replace the models.
-
Easy. It would be really hard for a bot to recognize the image on the screen; image recognition isn't that advanced. Plus, doesn't X11 have some support for input device authentication?
Will I retire or break 10K?
One solution to things like reflex augmentation is for a server to present false data to the client that cannot be perceived by normal players - the best example I can think of is a seemingly real quake player embedded (or moving) within a wall, or on the ceiling with a ceiling skin to render the fake player invisible to the normal.
The augmentation will try and go after the "fake" players, and the server could try to detect attempts on the fake players and shut down a client that went after them with regularity.
As the original poster of that text some months ago, I'd like to say I apreciate you finding the comment insightful enough to replicate here. I just thought I'd post a followup so I could collect any mod points that might be coming.
You might have actually got some mod points, too, if you'd bothered to add in the text from some of my replies to the responses of the original post.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Woah there! Back up off the LSD and shrooms before you compose your post.
Last night I shot an elephant in my pajamas. How he got in my pajamas I'll never know.
{rantmode}
Online gaming started for me with Xpilots. I tried to show someone recently xpilots, they just turned and looked away (7years my junior). I've recently played UT (Unreal Tournament) hell of a lot (even won the odd game online). But sometimes I'm running around, dodging and everything, thinking no-one is going to get me when "URGHHH!" or "ARRRGHHHH!" and I'm dead.
Now maybe there is a sniper doing a head-shot on me there, but sometimes it's too incredible to believe.
So... "Ask Slashdot: Anyone know good cheats to Online Gaming, Unreal Tournament in particular."
Hell - if I can't beat these "Gods", I may as well join them... thanks
Thanks
GC
-
End of message?
No---
What's cheating if the cheats are open-source?
{/rantmode}
Thanks for listening and modding me down!
GC
that sounds a lot like what Subspace has been doing for a long time... server side monitors that check for game cheats like twister and others.
eudas
Blessed is he who expects the worst, for he shall not be disappointed.
Of course you're right about the image recognition, I totally goofed on that (still, I wonder.. put a determined player/hacker on the problem.. maybe they'd invent some limited image recognition solutions!)
I thought I would tell you that We loved your comment and I told Sandy Peterson over on Age of Kings Heaven (www.ageofkings.com) when I first read this in Game Developers. It was EXTREMELY insightful and very well written.
I like to commend you on it, and say.. keep up the work as AoK still has its share of trainers that people claim work.
Winston
I can program myself out of a Hello World Contest!!
The winning team shall be the first team that wins.
eudas
Blessed is he who expects the worst, for he shall not be disappointed.
The game client is not trusted. We decided a while ago that we will only send data to clients that your character can perceive. So yes we will be doing los calculations. So if someone is invisible you won't see them. If they are sneaking behind you very quitely you won't see them. However if you hear them something will show up there indicating a sound. As you skills improve you might know what kind of creature it is by the sound of it.
I don't think this is quite as hard as some people make it out to be. It will certainly be challenge as as cpu speeds increase hopefully this will become less of an issue.
Kosh
Computer modeling for biotech drug manufacturing is HARD!
A funny cheat(but effective one) is to have spray logos AS counterstrike players. Spray it, hide nearby and when someone shoots at it and finally realizes it's a frozen/afk player(even though its not shaking) you come up and fire away!
'netstat' to get their IP address. Then teardrop/syndrop/+++ATH0 ping/whatever exploit works on winodws to make sure they learn their lesson. Very effective.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Diablo2. Great Game, even though they didn't beta test the second boss enough. Online play is ridiculously dependent on packets describing where every enemy is, as well as every item. That's a lot of bandwidth to keep me from cheating. The Internet is too primitive to waste bandwidth on micromangement of games, especially when you have 700MHz processors that can handle most of the math. And all this to protect the integrity of "levelling up." Add to it that Diablo2 is a hack-and-slash. The quests don't change. There's no reward for having a high-level characters. There is no evolutionary change. The excessive packets to prevent cheating are overkill.
----------------------
This is different from the ASUS drivers leaked, since they had a severe FPS impact.
And yes, it is annoying that if you are becoming good at CS, people start labelling you as a cheater. (Taken as a compliment since you know you are not cheating :)
I found a fast warez site: http://warez.it.kth.se
There are so many ways to cheat in Counter-Strike. From model changes to autoaim hacks to autoshoot hacks to the ASUS See-Through drivers, there are so many damned ways. Obviously, the see-through drivers were the worst, since they were hacked to work with any NVidia card. I have already proposed that all clients with the gl_vendor of Asus be banned outright from all servers (of course, this would spawn a desire to hack further into the drivers to change the gl_vendor, etc., etc.).
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
hmmmm.....all pressing issues? Not!
This is another view of the world.
Some of us it the first time. The artical has enough good content to deserve a repost or three.
This is why some of us don't even BOTHER watching local news anymore.
Deja vu! Today's edition of Bruce Scheier's newsletter also mentioned this article (Just finished reading). Bit like copy-poste...
What if players could choose to "ignore" anyone else on the server? If another player were "ignored", then you couldn't see them and they couldn't see you.
That would take away a lot of the power they have over other people. If everyone on the server ended up ingoring them then they'd end up annoying only themselves.
Of course, there are balance issues to consider. Would ammo grabbed by an ingored player be there for the ingoree? Would it be fair to have two people who couldn't see each other attacking another player at once? Still, I think a system based around the concept of having, in effect, a number of different games going on in the same server would be an interesting thing to try.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Well, how about SSL encryption? That doesn't rely on a shared secret, does it? Of course, once you go to public-key cryptography, things get a lot slower...
Your right to not believe: Americans United for Separation of Church and
Back in July I was working WAAAAY too much and getting settled into a new house and seem to have missed this story. If there weren't 100 posts with links to the old story, I might never have known this was an old story!
I bet you call news networks every day: "You fucks, you ran a story about Florida election results LAST NIGHT! HOW IS THIS NEWS!!!" I bet Elian Gonzales really drove ya nuts; I mean, it was the same story for WEEKS. If the same story twice a year drives you nuts, I mean, that must REALLY drive you nutz. It drove me nutz hearing everyday about the ethnic cleansing in Bosnia; I mean, just run one story and be done with it. I considered calling CBS News last night because they gave Putin's political title last night. I mean, when he took office, they listed his title; why run it again! And I almost called my PBS affiliate because they ran a documentary on POWs returned to the United States in the 70's! (I can't say which war because it has been covered many places before.) I mean, I could probably dig up all sorts of old news clippings about these POWs all the way back to the 70's, c'mon!
C'mon, if you have nothing better to do, folks...go get a life or something.
Stating on Slashdot that I like cheese since 1997.
for the record: the only online game i am playing is Quake3, and most of the time i even only play demo 'cause i don't have the full version on all my machines.
:-)
cheaters don't bother me one bit. i see one in a game, i go to another arena. i do like that id is taking care to make cheating a lot harder. but just so as long as say, 80% of the games i visit are cheater-free, i am content with that.
sure, cheaters spoil a good game, and why anyone would do it is beyond me. what's the fun in that? on the other hand, when i am at the receiving end of a cheat it's either obvious (people flying around/ invisible/whatever) and i leave. or, if the cheat is good, like an aiming proxy that sometimes misses, it's fine with me.
i mean, there are only so many Threshs out there, and playing against someone with an undetectable cheating proxy is like playing against a super-pro (except you know there is something wrong if someone hits 99% with the rail gun and still gets hit by my rockets... ).
anyhow, i enjoy a challenge every day
just make it so they have to go through a whole lot of effort to cheat.
That's the new AC "cheat" which gives you high karma.
I did not consider this falme bate I just hate cheating it really gets on my nerves, in strategy games and first person shooters its a pain. Epsecially in strategy games when its obvious a person is cheating. I dont know I guess I may have pissed of a cheater here or there my bad for thinking people should be honest in their gameplay. I know its only a game. And cheating will always exist in the gaming world, so there is nothing much I can do about it but bitch a little to let people know that I hate it. But who am I anyway just another faceless person in the masses of people who give a flying pikachues bleep what I say or do. Oh well back to work anybody who wants to frag me for being a bitch, On Quake three look the the player knurr and you can try and frag me...
If we refuse to be flexible, we are in effect opting out of the game of life. The world moves on without us.
This sounds great on paper, and would work reasonably well (see below) for PvE games (Player vs Environment) but will NOT work for PvP (Player vs Player) situations.
Consider, any multiplayer adventure game. You could use EverQuest or Ultima Online as examples.
Fact; to display the players, the client has to know their positions.
Premise; you can't transmit the location of other players to the client only when they are visible.
Reasoning behind this: The server would have to calculate visibility of every player to every other player constantly, which would cause two problems. Increased server-side processing, and inability for smooth gameplay because of predictive movement to compensate for latency.
Therefore one of two situations must occur: total client blindness, which would suck for the above reasons, or client trust, which means the client knows the position of the other players, and must be trusted. The problem with that is, the client you're so willing to release the source code to will be hacked to show players in glowing neon orange with voodoo spikes and by the way a side helping of autoaim. In an RPG with turn-based mediated combat, this is less of an issue since aiming is very gross (ie, you just need to face your target) and movement is slower, so hiding is more difficult, but it still is an issue.
The same problems apply to PvE issues as well. "Yes, I'd like a HUD overlay of where all the mobs are, and a map, and I'd like to script my client so that I can make money/kills/increase skills automatically. Thanks."
I'm not knocking you guys on the Worldforge project. I think it's an awesome effort and I am looking forward to the technologies you make available to the creative juices but not the programming skills to do these things from scratch.
But, be aware that your client may be hacked to give people an unfair advantage. It's not a "bug" to have predictive player movement to compensate for internet latency, but it does beg the question, how do you prevent cheating, even with the minimal set of information sent to the client?
Maybe your barbarian does 300 points of damage per swing, but guess what, he can only swing half the times as the guy with the sword. Diablo II addresses this a little, but it's seems to me that it's all about crafting a fantasy world where cheating doesn't get you all that much. If I had the answer, I'd be building it, so I'm sure it's not simple.
there are no stupid questions, but there are a lot of inquisitive idiots
Congrats Hemos, you just stole the repost record from Taco. Here is a link
Slashdot: Proof that a million monkeys at a million typewriters can create a masterpiece
I've had some limited experience with punkbuster, and it's not all its cracked up to be. It's not actually for half-life; it's for the Team Fortress mod for half-life. But just look at their faq:
Q: Isn't this a little bit like "Big Brother" watching us?
Note, their faq's answer was not a refutation of the "Big Brother" concern. They merely explained how more enforcement is good, and so by implication (though they don't come out and explicitly say it), "Big Brother" must be good.
In some cases, you may have to live without certain honest customizations and go back to original code or data files in order to play on PunkBuster monitored servers...Simply put, if you are one of the vast majority of honest people who just install a game and run it, then you have absolutely nothing to worry about.
They admit to sweeping too broadly, but then they justify it by the old adage of "If you're not a criminal, then you don't have anything to fear from the police". If punkbuster bans legitimate gameplay, then it cannot be considered a complete work.
So much of the replay value in games like TFC is in finding all those little ways to tweak your game play: not to cheat, but to find quirks and key sequences which while being perfectly legal, are not obvious to a novice and which give the practiced seasoned master and upperhand. It's no different from learning a different fingering on the violin -- you wouldn't accuse Yitzhak Perlman of "cheating" when he goes up to 7th position whereas your average 1st-grader is still down in 1st position.
Punkbuster has some noble intentions, but by sweeping too broadly in what is and what is not a cheat, it enforces a certain level of mediocrity on the players on its servers. I just hope they'll fix it soon.
-- Anne Marie
..is consider it to be normal game play, but still keep things fair. Specifically, the majority of cheats seem to be improvements to the user interface. These "cheats" should be a standard part of the game.
Anyway, I think the best way to fight online cheating is to give the game a scripting langauge to make cheating easy, but with the following constraints:
1) The scripting langauge will not give you access to informtion you should not have, i.e. behind the fog of war. This information limitation factor is essentially what seperates a "good" (user interface) cheat from a "bad" (defing the spirit of the game) cheat.
2) The game will "keep things fair" by sharing all your scripts with your opponent during network play.
Clearly, there will be people who write cheats to disable these two features, but there is a LOT which can be done to protect these two features since they are internal (i.e. you can not just write a program to figure out what is going on from the screen and click for you). Plus, it seems likely that information cheats will take MUCH longer to write then scripts and that better scripts would be more effective then information cheats. It's worth mentioning that just having a persons scripts will not give you much of an advantage in the short run since you would need to learn how to use them effectivly (this means that disabling the sharing of scripts might not really buy you as much as writing a few significantly better scripts).
Anywho, the point is to let the people who play the game improve on it's user interface. This will not keep the user interface simple, but it will be a very interesting game to play.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
It's thrilling just to keep a positive frag-count! ;)
---
seumas.com
Perhaps the right thing to do is not to ban them, but to stigmatize them. After you get caught cheating, you are marked as a cheater. Anytime you enter a game, everyone knows what you are. Then people can simply choose who to play with.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It's clear what's needed here, John Katz to do a deep probing expose on cheaters and their lifestyle complete with stories from cheeters arround america.
for years and years netrek has been a multiplayer over the internet.. no one in all my years of playing has ever cheated. and its open source to top it all off!
why?
because the server requires the client to send an RSA key which is checked against a list of known "good keys" If its there, then the client gets authenticated.. if not, then the client gets booted.
Yes yes.. but how do you prevent trainers on the client end? well, its simple.. make the client stupid. The server controls all damage allocation, stats, etc... all the client does is recieve packets from the server and updates its display... so I don't understand why they don't simply do stuff like this??
Oh well, back to FFVIII for me.
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
The article was saying that the reason reflex augmentation proxies are hard to stop is because they are running on another machine. If they were running on the same machine, then your client could scan for them (this has social implications, of course, was it Everquest that was doing this?) and report back a cheating attempt.
It seems to me that if the problem is a a proxy that inserts "aim" commands ahead of "fire" commands, then maybe running the client-server communication through an encrypted channel would solve the problem. I don't know if it would be fast enough, but I imagine it would be possible.
Your right to not believe: Americans United for Separation of Church and
This isn't much of a big deal in games like Total Annihilation -- you can queue a "producer" .. which provides, legally, what those games don't have.
And it makes more sense too..
If you were the human leader in Warcraft 2, wouldn't you tell the town hall, "We need to build 5 more farms, and I want you to train 20 workers. I'll be off maurading."
-- What doesn't kill you hasn't tried hard enough.
It was me :)...and you also stepped on my transporter...boy, was that funny.
--Clay
psxndc
The emacs religion: to be saved, control excess.
Ooh, I like that. :-)
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
psxndc
The emacs religion: to be saved, control excess.
I love to play chess, but I usually have to play with guys (I'm not a guy). Playing f-t-f, I have learned that almost all guys HATE losing to me (or anyone else, for that matter!). They care more about winning than about the game; for me, the game is more of a joint construction of sequences of elegant combinations, with beauty in the timing and surprises that unfold.
Learning to play chess at a reasonable level requires a fairly large investment of smarts and time. Recently I found an online site (www.gamecolony.com) with a beautiful interface in which players can chat and play various games, including chess. It didn't take long before I realized that some players have apparently learned to hack the game to disconnect those of us focussed exclusively on chess, rather than the java programs that manage the game and other parts of the interface. (This site maintains a rating for all registered players. When I am disconnected, I lose automatically, and the opponent's rating increases as mine goes down!)
Now, chess is certainly involving. And the hackers who disconnect me don't do it when they're winning... So I have to disagree with your position. Apparently, to many guys, winning really is everything.
Btw, I recommend the above site for chess players despite the occasional hacker (if you don't care about your rating, it's still a great place to get a game, almost any time, day or night). For those of you who love chess but do care about the rating, try www.chessed.com, where the interface is not nearly as adaptable or intuitive, but I've never been forcibly disconnected!
My topic is nothing new. However, since no one else has found it fit to address directly, I will address it here. But before I continue, allow me to explain that time cannot change a Cheater's behavior. Time merely enlarges the field in which Cheater can, with ever-increasing intensity and thoroughness, diminish our will to live. His argument that all literature which opposes jujuism was forged by uneducated proponents of quislingism is hopelessly flawed and entirely circuitous. As will be discussed in more detail later in this letter, this makes me fearful that I might someday find myself in the crosshairs of Cheater's savage publications. (To be honest, though, it wouldn't be the first time.) The cure for corruption, conspiracy, and treason must start by exposing the problem to people who care and are not themselves corrupted. Now, I could go off on that point alone, but I, not being one of the many irritable punks of this world, honestly have a hard time trying to reason with people who remain calm when they see Cheater marginalize me based on my gender, race, or religion. It should be intuitively obvious even to the most casual observer that when I first became aware of his covert invasion into our thought processes, all I could think was how if one could get a Ph.D. in Deconstructionism, he would be the first in line to have one. Cheater wallows in his basest behavior. Sad, but true. And it'll only get worse if Cheater finds a way to inculcate logorrheic morals. According to the latest scientific evidence, one can consecrate one's life to the service of a noble idea or a glorious ideology. Cheater, however, is more likely to perpetuate misguided and questionable notions of other recalcitrant hermits' intentions. Maybe he has a reason for acting the way he does, but I doubt it. Should we be concerned that he wants to poke and pry into every facet of our lives? I'll answer that question for you: Yes, we should undeniably be concerned, because he refers to a variety of things using the word "counterintelligence". Translating this bit of jargon into English isn't easy. Basically, he's saying that it is not only acceptable, but indeed desirable, to boss others around. At any rate, his cohorts have an inadequate grasp of acceptable scientific method and data interpretation. But what, you may ask, does any of that have to do with the theme of this letter, viz., that it is condescending and more than gutless to believe that his whinges epitomize wholesome family entertainment? The complete answer to that question is a long, sad story. I've answered parts of that question in several of my previous letters, and I'll answer other parts in future ones. For now, I'll just say that I must ask that his janissaries exert a positive influence on the type of world that people will live in a thousand years from now. I know they'll never do that, so here's an alternate proposal: They should, at the very least, back off and quit trying to cast the world into nuclear holocaust. As I've said in the past, if this letter did nothing else but serve as a beacon of truth, it would be worthy of reading by all right-thinking people. However, this letter's role is much greater than just to do something good for others. Cheater doesn't use words for communication or for exchanging information. He uses them to disarm, to hypnotize, to mislead, and to deceive. Lastly, I can't end this letter without mentioning that a Cheater has never been accused of objectivity.
If we refuse to be flexible, we are in effect opting out of the game of life. The world moves on without us.
We were desicussing all of this and more with our develoerps at TEN many years ago, as well as presentign the issues at CGDC.
He's wrong though if he says that 'at soem poitn you have to trust the client". The answer is well knmown and predates on-line games, going back to secure database systems.
The answer is a model-view architecture. The model is kept on the server. The client is purely a view of what is going on. Any chaanges on the cleint distort only the player's view, not the actual game.
This modle isn't a panacea in that you are trading ease of solution in teh cheat-space for tougher scalability and latency-hiding issues, but in those at elast the suer isn't your potential enemy.
Before I go, I'm forced to somewhat defend myself in my own twisted way:
Lack of ethics ("before I went on my killing spree... I broke into his house")
Little do you realize, this was the ONLY person I ever looted. The reason why I did it was to teach the guy a lesson. See, I wasn't the only person given BO. I know at least ten (10) people who he ripped off. A few were my personal friends, others I never met. Was it right to loot his house? Sure it was. He stole everything he had. Maybe two wrong doesn't make a right, but by god, the guy quit a few days after we looted his house. That, my friend, is ethical.
Also it wasn't me that killed 40-50 people, it was my friend who I gave my UO account to, but it was me in the game. Sorry for the confusion.
Bully mentality (stealing and vandalizing characters)
I killed cheaters. Bullies pick on people that haven't done anything wrong. I pick on cheaters.
Gratified by the misery of others ("Oh it was great fun")
And I bet they had great fun cheating too. if I had anything to do with making them know how it felt, I did something good for other people playing the game.
Immature (munchkin character with cliched orphan background)
Would you like a detailed histroy of my character in UO?
Justification by boredom ("It sucked so we cheated.")
blah..
Collusion ("we went cheating")
and it was fun. =)
And I'd like to point out a couple of others:
Horrid spelling
Tragic grammar
Twisted usage
Damn government schools.
One is hard pressed to imagine someone who writes as carelessly as MarNuke successfully coding a borg or a bot.
Even if I could, way would I waste my time? I rather learn network security and sysadmin stuff anyways. Of course, I could learn to write a borg or a bot, but I consider it to be a waste of my time. What would be the monetary gain of such actions? Unlike you, I don't plan on sitting infront of a computer writing code for the rest of my life. I'm going into some other field other then IT in the next few years. I tell you what, if I ever need to hire someone to write code, I'll keep you in mind. Maybe you will be out of work and prehaps I can get you for a low low. :)
MarNuke and his ilk represent perhaps the largest faction of the cheater community, especially in MMORPG environments where success does not directly depend on skill alone...
Nope. In UO I did not depend on my skill alone. That would be stupid. I used my head and found a new way to make money. No, I did not cheat. I "looted" decayed houses. It took massive about of work, but the pay off were outstanding!! All I had to do is check out a section of the map each night, 8 sections total, chart the decay houses, mark ruins, discover when they switch by checking on them in a 6 hour period, keep a record of this, and then just show up when the house decays. I had to be there withen in 20 minutes of the house's decay. Sorry kids, you don't get rich by using skills, you get rich by using your head.
The fact is this: Cheating is a part of life. Deal with it.
In the game of life you either play by the rules and work your ass off, join the cheaters, or find a way to neither play by the rule or by cheating. The third way is the true way one become sucessful in life. Know the rules.
MarNuke
For starters, one of the netrek maintainers has come out and admitted that netrek has been spoofed recently.
Second, it's misleading to say "it's open source to top it all off" if the very mechanism that the game relies on for authentication is itself closed source. Almost all of the source is fully disclosed, but the key isn't, and that's crucial. It's much like Carmack's closed-source proposal a while back to fix Quake cheating, and it's only as secure as it is obscure.
If there were enough demand, then you'd see netrek's key cracked. What's keeping it legitimate here is a combination of social factors (collective assent by intended audience to play fairly -- the learning curve for netrek is simply enormous, and so the players are largely self selecting) and a closed-source technical hurdle to help keep casual lamers out.
-- Anne Marie
DAMN you for having a life!
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
My game doesn't actually have a client -- players use web browsers and telnet clients -- but the game has benefitted substantially from 'cheating'. In starship traders, there isn't really any way to cheat, per se, other than running more than the legal limit of ships. Bug exploitation and imbalances in the game, for example, are legal gameplay. My goal has been to fix those imbalances and bugs as they are discovered, and the game is much more robust as a result.
Now, if only I could find the time to write the ever-postponed java client...
Geeky modern art T-shirts
"If you play very well then you are instantly labeled a cheat by some."
:)
I remember when i first started playing Quake II, all i did was practice practice practice with the rail gun. The first time somebody accused me of being a bot, i knew that i was doing pretty good.
Shameless Self Promotion : Webhosting at Blender Networks.
Valve and the CS Team were slated to not allow for any modified models, but due to the otherwhelming "No" from the gamming community, they opted not to. A rather crappy stance on cheating if you ask me, with the advent of "CS Pro Pak" The "Voodoo" Cheats, spiked models is one issue that could be quickly addressed by ALL game manufactures by simply not allowing people to modify their models. This is a quick, easy way to address a mounting problem. Not nearly as "Personalized", but 10 foot polls sticking out of ones forhead detracts from gameplay 10000 times more then sacraficing "Personality" for "Honesty"
Face it, people are smucks, and no matter what we do, some a-hole will cheat. The only way to rid on-line games of cheats is to rid the user. But I hope game designers (And third party people, like Reactive Software) continue to fight llamas!
If a player isn't good enough at a game to win within the rules, he or she is faced with three choices: a) stop playing the game. You don't see these people playing games anyway, so forget about them for the moment... b) try to get better. Huzzah for those of you who pick this. I applaud you. c) cheat. This is the same mentality as used to join gangs and such. People sacrifice being liked by others in favor of being respected. Strong hatred for someone at least indicates that you acknowledge that they have some power. If you didn't respect them, you'd just ignore them, which is what you should try to do anyway. So basically what I'm saying is that bitching about cheating is just about the worst thing you can possibly do. Other than actually cheating.
PUBLIC SPLIT ON WHETHER BUSH IS A DIVIDER -CNN scrolling banner, 10/15/2004
Remember that for every elite technique someone creates, there is another eliter person who will find ways around it.
This has always happened and will always happen.
Cheating has nothing to do with the reward system, in my opinion. As you can see, first-person shooters suffer from it just as much as other games. It's just that some people don't get a thrill out of the challenge, only the winning, no matter how easy it is. Then there are those who don't enjoy the game itself, they just love ruining it for everyone else. These, I've found, are most common on multiplayer RPGs, like Ultima Online.
"Prejudice is wrong; you should hate everyone the same."
They claim to have developed a server monitor (only for half-life so far) that detects when people are cheating. Not going to summarize the entire site for ya, just go check it out.
psxndc
The emacs religion: to be saved, control excess.
There are warnings on bnet about that. Still it is a stupid thing, luckily it doesnt help them much since newbies dont have the cool stuff/ characters. Battle net is at least hackproof against the real hacking like top character creation and idiot item building.
Make a man a fire and he will be warm for a day, set a man on fire and he will be warm for the rest of his life
For an AI class, I actually wrote an Othello-playing program. I modified it enough to have it consistently beat me, and have it completely customizable. As a test, I went on Yahoo games, and opened a "Reversi" game with my version running. I probably played 30 people before someone was able to defeat my program. I wasn't particularly interested in winning, but it was fun to see how well "my creation" fared in the real world.
What do wretched rascals, paltry social outcasts, and Cheating Bastard have in common? If you answered, "They all reduce social and cultural awareness to a dictated set of guidelines to follow," then pat yourself on the back. Let me start by stressing that I am not attempting to suppress anyone's opinions, nor do I intend to demean Bastard personally for his beliefs or worldviews. But I, for one, do contend that I must make the world safe for democracy. It is common knowledge that even if one is opposed to stentorian Comstockism (and I am), then surely, I am not up on the latest gossip. Still, I have heard people say that if you've read this far, then you probably either agree with me or are on the way to agreeing with me. While others have also published information about savage polemics, Bastard's factotums tend to fall into the mistaken belief that Bastard could do a gentler and fairer job of running the world than anyone else, mainly because they live inside a Bastard-generated illusion-world and talk only with each other. By and large, only the impartial and unimpassioned mind will even consider that his reasoning is circular and therefore invalid. In other words, he always begins an argument with his conclusion (e.g., that censorship could benefit us) and therefore -- not surprisingly -- he always arrives at that very conclusion. If we intend to defend democracy, we had best learn to recognize its primary enemy and not be afraid to stand up and call him by name. That name is Cheating Bastard.
If we refuse to be flexible, we are in effect opting out of the game of life. The world moves on without us.
When I get labelled a cheat playing CS I get a nice warm feeling as it means I'm playing well :-) Though there are times when I'm sure an opponent is cheating (ie consistently shooting me through walls and boxes with awp). If I suspect someone is cheating, as soon as I die I cam-lock on them. If they appear to be irrationaly shooting and getting kills I can be fairly sure they are cheating.
In conclusion, then, I'd like to say that cheaters suck.
Phillip.
Property for sale in Nice, France
I have no interest in chess, however I always thought that the best cheat for an online chess game is to buy the chess game with the best computer AI use it's moves against your online opponent. I've never done this, but it always struck me as the easiest way to cheat at online chess. Granted the "very best" players could beat even the "very best" computer opponent, however, if you wanted to pass yourself off as a good player online, this would do it.
Too true. I'll take care of that right now.
It may look like I'm doing nothing, but I'm actively waiting for my problems to go away.
--Scott Adams
..that someone should combate cheating in online games.
There should also be work done in combatting cheating, also.
Sorry... Couldn't resist...
Cheating only results from the breaking of rules and in the cases you cite I would not describe what you talk about as cheating (as long as people don't then misrepresent how they achieved those things). They simply allow those people to avoid the things they don't enjoy to spend more time on those they do. You could of course argue they are cheating themselves but I doubt they'd see it that way.
When I read a newspaper for enjoyment no one tells me I have to read the sports section, or fasion, or travel. And when I play a solo game it's my decision if I play on lowest difficulty, or use cheat codes, or even just sit there staring at the CD. I paid for the game and I simply want to have an enjoyable experience. I have also on occasions used FAQs to get me over sticky points in games.
It's only when I come to play with others that I have the obligation to observe an accepted set of rules. When I jog on my own I can run wherever I like, but when I run in a race I have to stick to the course. Similarly in games it is in the multi-player modes that cheats are frowned upon/objected to by the other players (I've not noticed the enemies in Quake complaining about cheat usage).
In fact one problem I have with a number of games developers is that they seem to think that it's their job to restrict player options in single player games (the worst are onerous saving restrictions). They want the player to play in exactly the way they think is correct. This is often counter productive as the most successful single player games are normally those that are the most open to being played however the user likes.
Gamma Testing - Where testing is extended to the full user community (AKA Shipping the Program)
The randomization problem can be avoided by using the same randomization for all players.
You can send much less information than X11, for a tile based game you can just send the tile numbers, and leave it to the client to draw the tiles.
You shoudl of course not send any information about what is behind a opaque wall.
One solution to both this (and the cheating problem) is smaller communities, preferably of people who already know each other. If I'm playing against friends, the odds of one of them being someone who's totally obsessed with the game and spends 16 hours a day playing it are significantly lower -- someone who does that doesn't have much time for a social life in the first place. In a "global" gamespace, such as battle.net, the people who've devoted disproportionate amounts of their time toward the game are *exactly* the kind of people I'd be more likely to run into, as they spend more time playing in the first place.
Similarly, the friend factor is quite possibly the single greatest anti-cheating technique. It's a lot easier to trust a person not to cheat than it is to try and create a whole trusted client architecture.
[snip]
Sore losers would be the problem, and it's the similar to the reason that Slashdot moderation does not work as well as it could.
Moderation/ratings/etc need to not be anonymous. When you are looking at something unknown to you (whether it's a post to find out whether it should be at the top of your browser window, or a player to find out if you want to play with them), you go to the database to get a rating. But that rating should be weighted by how much you trust the people who assigned that rating. I don't want some cheater to look like they have a good score just because their fellow cheating clanmembers make them look good. Just as I don't want to read a +5 insightful post if the moderators were trolls who are trying to upset the system.
Player/post ratings are subjective and should be treated as such. In order to know the value of someone else's subjective opinion, you have to know whose opinion it is. There should be a web of trust, with everyone being held accountable for their decisions, not anonymously-given scores.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I adgree! When Diablo 1 come out my friend and I played head to head for about a month. Then one day we figured out that the game sucked. So we went cheating. One of the best thing to do were to "steal" other people chars or even better replacing asshole char's, heh heh, with a char with a -500 hit points. Oh it was great fun.
In Ultima Online is wasn't so much as "cheating" it was the crappy interface that Orgin offered. It was slow to use and very limited. Most of the "cheating" were people using UOAssist. Sure there were hacks, but GM's PUT them in the game. I just grew so sick and tried of all the cheating that I had to find some other way to enjoy the game. Since UO was such a good game to Role Play in, I chose not to cheat but to come up with a stroy line so I wouldn't have to be involed in action that would lead to cheating so I could enjoy the game. The stroy line behead my 3 way GrandMaster (Mage, Warrior, Swords) were he was a troubled child. His father died and his mother was died horriable before his eyes and were forced to live on bucs den killing 100's of people. Becuase of this, he did not want to fight in his old age. Instead he would find other way of getting rich. He had a little under a million in assets, and he never made, sold, killed, or transported anyone. After his girlfriend back stabed him, he went on a killing spree. He ended up red and dead with about 40-50 kills.
Personaly, the rabid cheating ADDED to the game for me. It was more like LIFE then a game. In life people cheat, and there is nothing you can do about three things: you cheat, you sue (ask for a higher power), or detach yourself from it.
Of course, before I went on my killing spree, I ruined one asshole that gave me BO. Two months after the fact I broke into his house and allowed people to steal everything he had. It was great. After breaking in I opened moongates to a few cites and told people to help themselves. The GM were not happy but it was part of the game. I felt since he had cheated so many other people out of stuff, it was right. A few months later a house patch went into place that I believed prevent opening moongates. Hey! I had my reasons!! The guy was cheating and the GM wouldn't do anything!!
MarNuke
As it stands, for your own glory (or for another's shame) you will go as far as it takes. And if you can take advantage cheating, you will.
One of the main problems with online games is that by the time I pick up a game and try it out online (like, 2 days after being released), the community is already playing at "pro" level -- they've figured out every subtle nuance, trick and "feature" in the game that gives you an edge. And all I wanted is to have a little fun. In this sense, whether they're cheating, or simply too good to be healthy, it's the same difference: not very fun :(
Of all the months I've played Cstrike, I can't really say I've been in a round where there was rampant cheating going on. The closest I saw(yes, i know I'm not going to see big spikes coming out of me) were several rounds where all the Ts clustered together and basically headshotted anyone that came in their way in cs_prodigy. 3 of the player names were similar, so it seemed like damned CS bots were on the loose with super-fast reflexes and the same "go to the bombsite" course.
A friend of mine's been banned from 3 servers, not because of cheating, but because he's that good. For the first month I played(mind you, on a 350Mhz setup with horrible framerates) I was dying within the first 30 seconds of the game. Now I'm getting to the top spot or 2nd place for my team each time I play, so practicing for a few hours each day will make perfect.
But consider what reflex augmentation could do in Warcraft 2, for example. One could write a script that caused the "mouse" to "click" on your Town Hall and Barracks, automatically creating peons and ogres at a set rate, while you controlled everything else.
Oh, you mean like Starcraft? Moral: If you find a bug, find some way to turn it into a feature.
Will I retire or break 10K?
Multiplayer Game Cheating
Same article, same discussion. Come on people...
you're actually a German, and you used "the fish" to translate your post :)
It may look like I'm doing nothing, but I'm actively waiting for my problems to go away.
--Scott Adams
the same psychological conditioning scheme that makes old ladies spend their retirement checks all day at slot machines and BINGO games.
What kind of bingo games? You mean the GNOME vs. KDE bingo game for NES? I've seen a four-year-old beat several "old ladies" at that one.
Will I retire or break 10K?
Then why does a game like diablo2 have a closed version of battle net that is unhacked till now and is more popular than the open (cheater) version?????
Make a man a fire and he will be warm for a day, set a man on fire and he will be warm for the rest of his life
that FPS cheating isn't as prevalent as RPG cheating -- in FPS, there is nothing at stake. there is no persistence. you cheat, you win one game. in an RPG, the stakes are much higher. you cheat, you can acquire stuff that you keep indefinitely.
pezpunk
Internet killed the video star,
i could live a little longer in this prison
I think something's up, It appears I have just moderated my own post .. I thought that wasn't allowed .. or have the rules changed or something?
The CS game is exemplary of multiplayer FPS games because of the large punishment for dying. The point of CS is to prove that you are better than other people. Because of this, on the rare occasion that I see a cheater, he is immediately hated by his own team. Cheaters are hard to find on games with friendly fire enabled...
The only time I've seen someone cheat on CS (wireframe hack) he had to use flashbangs to get away from his own team so they'd stop knifing him.
--
There are no trails. There are no trees out here.
Hi! This is the Sig, blatantly attached to the end of this comment.
How hard would it be to write a proxy that would snoop an SSH connection if you had access to all of the key/password data? I suspect that even the script kiddies could probably do it! Encryption is not "the" answer to the problem.
The problem seems to be that mostly we play with some time controls (I like 10 minutes plus 5 seconds/move, for example). Chess is so complex that even if the opponent could very quickly enter the current position when he sees he's in trouble, the computer would still need a relatively long time to come up with a best move. So a player who sees he's losing can most easily cheat by "bumping" his opponent (perhaps "authoritatively" replacing a java file to tell it I'm no longer online, since I actually have *not* been disconnected when this happens!), rather than continuing to make any move.
CRC's of the game state and so on are fake-able. Security is defiantly possible; it just takes a bit of thought when the game is written (which is suppose is the point of the article, just the ideas he points out are crap). Its not that difficult to stop cheating, as an example the "Voodoo" cheats that where mentioned above, the server just needs to send the positions of ONLY the other players that current player can see. Another problem with the C&C (Not sure if C&C has this problem its just a good example of the game type) style games is that the WHOLE game status is uploaded each update. The only thing that should be uploaded is what the client can see, it should not rely on the client to do the actual hiding of the enemy players. Same with the "massively multi-player online games" that where mentioned above, the server should maintain the status of the players, inventory changes should not be allowed from the client, only the server should be able to change it, when the player is actually given the item in the game.
The first problem with the "aiming proxies" is VERY difficult to solve, because any sufficiently practised player could do just as well as any computer if you have to deal with the sort of latencies that we have over the Internet. Especially if the server is implemented as I suggested earlier and only give the clients the locations of the enemies that are within the players FOV.
The last item is absolute bollocks, you should never need to hide any of the client side status, the server should track the status of each client. If any of them attempt to do anything that is invalid then its up to the server to stop them not the client, which has been said before can NOT be trusted.
Look at the commercial programs like credit card transactions that go over the Internet, NO trust is put on the client, imagine if it was up to the users computer to store they current balance of their current account. They have managed to make that secure so why the hell cant people do it with games after all they are both just programs. Admittedly its a bit more serious if you go changing you bank details but I'm sure you get my point.
At the very least, the article submission process ought to run a search for the title words.
If you search Slashdot for "Combating Cheating In Online Games" the second article that comes up (below this one) is the earlier post of this article in July.
The submission process should present a short list of matching headlines to the submitter for a quick scan before hitting submit.
Social engineering or incharacter deception is the major method of cheating in Diablo 2. The most popular one is the "waypoint"request where someone asks for a waypoint, character2 plips over to one. While his client is on delay loading the new level char1 who already had the waypoint enabled declares hostile on char2 ports over and starts whaling char1 while the former is still frozen.
Fortuinately since these mainly rely on trickery, they're alot easier to guard against as opposed to the super-hacked characters of the original game.
You ain't seen nothing yet in regards to cheating!
My favorite, personally, was in Tribes, making the flag a 300 foot high, bright yellow happy face...
..the problems faced by the file sharing apps out there? There seems to be a lot of talk about fixing Freenet, Gnutella, etc. to filter spammers but there don't seem to be any solutions as of yet. Perhaps when they solve one, they will solve the other?
Personally, I don't think they will solve the problem. It's always easier to hack than to prevent hacks, is it not?
It is simple. Just treat the client as part of the player when you design the server. I.e instead of
Game = Server + Client
Player = Human
design it like
Game = Server
Player = Client + Human
This means that the server should never send data to the client that the human should not have access to, and the server should accept any command that make sense in the current game state. Just like you wouln't display information in a single player game that the user should not have access to, or accept invalid moves made by the user.
With this design, the client is just a user interface. If someone creates a better player by improving the user interface, more power to them. Such improvements should be encouraged by making the client free software, preferable GPL'ed so people who improve the user interface (client) will have to disclose how they did it, if they want to share their improvements with other people.
I think this problem must exist in any networked multiplayer game, many moons ago we had this problem in the X game netrek. Im not sure but I think the first '(cy)borg' client came from someone pasting the firing code I wrote for the robot players into the human user interface. The problem was easily delt with by using authenticed binaries to prevent code modification.
As for people changing config files, or adding spikes to players, that is just an issue of poor design, not requiring your model to fix the same 'bounding box' as the model the other player is using is an obvious bug, cheating aside, all the cheater is doing is exploiting the fact that the game designers clipping code is inadequate. Same with the recoil or weapon effects.
-jon
There are over 38,000 accounts on the system. You have to pick a name that isn't already in use, obviously. But I haven't had any reports on problems creating accounts lately.
The one you described wasn't taken and I created it without a problem.
Did you get an error message objecting to your attempted account names?
Geeky modern art T-shirts
Would 16-bit XORs work? Or would someone find a way to analyze all 65k combinations for consistency and break through in sufficient time to gain an advantage?
Your 500 MHz box can execute approximately 2^29 cycles per second. There are 2^16 distinct encryption keys. Provided a key takes less than 2^(29 - 16) ~= 8000 CPU cycles to check, a patched client can crack the protocol in one second.
Besides, if the client is copylefted Free software, the crypto is Free too and can be cracked quite easily (commented C/Python/Java/etc. is a lot easier to read than uncommented assembly).
Will I retire or break 10K?
This is one thing that Verant (makers of Everquest) did right. Every time they would find some new form of cheating, they would quickly patch the game and make it unusable.
If they didn't do this, the game would be ruined and all that stuff on eBay would be worthless. But some of it is still going for thousands of real dollars, so you can see they have been successful with their anti-cheating code.
I think I figured out the problem you had. You didn't click the 'new player' radio button. In that case, the system assumes you typoed your name and doesn't automatically generate a new account. ;)
Geeky modern art T-shirts
How come, in discussions of networked communication with hostile processes (cheaters, gnutella spammers) NO ONE MENTIONS TRUST SYSTEMS?
Am I out of my mind, or is that clearly the way to go for *all* communication with potentially hostile servers/clients, etc.? Is the overhead required too high? I have never seen a good trust system implemented *once*, and I really really want to.
Actually, PGP public key distribution has good trust systems built in, what with signing other people's keys. But that's the only one I can think of. And MojoNation's trust system isn't implemented yet.
Ugh. Anyway.
--
There are no trails. There are no trees out here.
It must be acknowledged that some games are better than others as far as cheating goes. I personally despise cheating, as it takes away from the fairness of the game. When playing Diablo for instance, you HAD to cheat just to get along in the game. I remember player killers that were indestructible, you could just slash them for hours and they would not die, but they'd kill you with one slash of their sword. With as many cheats as there are for Counterstrike, I can still enjoyably play the game, and still beat many of the cheaters. Without cheating, I usually end up in 1st or 3rd place. If I had the mad haxoring skillz to make clients for these games, I wouldn't do it. I would use my skills for bigger purposes such as hacking online casinos. How come they seem to be cheat free (although colluding is an obvious problem in online poker rooms). Seems like there would be quite a bit more to gain from this. The best way to combat cheating is to goto your local lan party. They are popping up all over the world, you can goto http://www.lanparty.com to find one in your area. That way, at least if they're cheating, they can't hide behind their computers. If they're cheating bad enough, you can just walk over and drag them in the parking lot, and beat the #)*$ out of 'em.
It's not too hard to do a search for the Author and turn up the original article...
This means that the server should never send data to the client that the human should not have access to, and the server should accept any command that make sense in the current game state.
The only way to make sure the players see only what they're supposed to see is if the data sent from the server to the player is the current state of the framebuffer. Otherwise, how is the player supposed to not know what's happening right behind a wall?
Will I retire or break 10K?
The object of the game [Nomic] is to change the rules so that you're the only winner.
Will I retire or break 10K?
Unfortunately, as the article rightly points out, there really is no way to absolutely assure that people can't cheat, so the best you can do is discourage them. In a turn-based Web game, the primary mode of cheating is to use multiple (dummy) accounts controlled by the same person in a given game, in order to gain an advantage (either play the dummy empires as artificial allies, or gut the dummy empires if they're nearby in order to gain an advantage more quickly).
Firstly, a registration process will be required -- when making a new account, you enter an email address, a registration code is sent via email (not Web) to that address, and the player users that code to validate the account and continue. With the proliferation of free email services, clearly this is not anywhere near enough, but the extra work (of having to create a new account) will tend to discourage the extremely causal cheater (the one that's cheating not because he's a die-hard cheater but because he's experimenting -- the most common cheater is a cheater of opportunity, not necessity).
Second, an auditing system will be set up that watches each game for suspicious activity. This includes the obvious, such as two accounts using the same IP address (which is not necessarily a clear indication of cheating, but is a red flag), to empires appearing to cooperate with one another, and so on. Obviously I cannot exhaustively list all the things I plan to check for, since that would defeat its purpose. The idea, however, is to set up an auditing system that can red-flag suspicious behavior (not necessarily cheating, but possibly), that a human must then examine to confirm or deny whether cheating is actually occurring. Except in some very special and obvious cases, determining when someone is cheating in such a game is not trivial, and will probably require detecting a pattern of behavior in several games.
Third is deterrence. Dictate a cardinal cheating rule: Anyone caught cheating will be banned from the game for life. Since people can use different machines, different email addresses, and different player accounts, this may not sound like much of a threat, but it is more effective than you might think: If you really want to play the game, then being banned means that from now on you're going to have to sneak in, which reduces the fun quite a bit. (Auditing services will also check for IP addresses of people who have been banned, etc., so the threat is not as empty as it may seem.)
All in all, I anticipate no major problems with cheaters when the game is released. The auditing systems should be able to keep on top of the few die-hard cheaters that are attracted to any turn-based Web game.
max
but this is OLD NEWS !
Actually, he ripped off the AC who ripped off the original author who wrote it on the July 25th version of the story.
Stay tuned for the fastest consecutive repost, fastest triplet reposts, fastest triplet consecutive reposts, etc etc etc!!!!!
Sure, it's fun to point out when it occurs, but with the load that they deal with (almost 300 submissions last time I checked), it's surprising it doesn't happen more often.
However, I think it would be worthwhile if they coded some sort of check into the system that would see if the exact same URL (not just a domain, but a full url pointing to a specific page) has appeared previously in other articles and provide brief summarizations for the staff person to read through and see if it is dealing with the exact same issue or not so they can make an informed decision without scanning 10,000 posts manually.
---
seumas.com
It's a pain. Not least becasue:
- If you play very well then you are instantly labeled a cheat by some.
- Some anti-cheating measures detract from gameplay.
For excample, one cheat in CS was "voodoo" dolls. A user replaces the player models with custom ones that have huge spikes sticking out of them. So, while you are hiding behind a wall, the spikes show through the wall and the cheater cans ee where you are. Now, one apporach to blocking this is to prevent users changing the models; but doning that removes the possibility of changing models to customize your game, by for example replacing the hostages by nude women. Allegedly.In conclusion, then, I'd like to say that cheaters suck.
~~~~~ BigLig2? You mean there's another one of me?
I didn't realize this for a long time, but a couple weeks ago I watched a kid play deer hunter. He started out by typing all the cheat codes. Suddenlly there were 10 times as many deer in the game, and they were all atracted to him. Then he shot them all.
Most of my friends when playing that game put wouldn't use the cheat settings if we knew them. (compare to the kid who memorized them) We pick a spot, and try to call a deer in, then we decide if we want to shoot it or wait for anouther. The only difference between that and real hunting is we aren't outside in bad weather.
In other words, some people don't get the concept of cheating, while others need to. The guy who cheats has a full walk through for tomb raider. I felt stupid for needing to consult a hint book to find the "good fromtz board" in planet fall, and I'm still kicking myself for not trying that despite how unobvious it is.
In high school one of my english teachers told me that when she reads fiction she reads the first few pages, and then the last page so she know how it turns out. I read books front to back. Give me an encyclopedia set and tell me to look up sweden and I'd rather read every entry before Sweden then just turn to that entry. It just doesn't seem right to read a book out of order (though given time pressues I normally will go right to sweden)
People are different. I don't understand everyone else. It doesn't make sense to me why someone would cheat. They do though, just like they get walk throughs and read the last page first.
Actually, it's direct lineage dates back to 1986, predating tw2002... TW2, a 99-sector game did exist then along with the original inspiration for the genre, Hewlett Packard's 'Star Trader'.
If you look closely, you'll see that playing it is very different from any modern TW variant. Most recently, it was derived directly from something called 'The Last Resort' about 1.5 years ago, with the TW-like scenario being added to TLR.
Geeky modern art T-shirts
It's NOT a more accurate count if you only hand count in EXTREMELY democratic counties. Consider this:
If you hand count votes in ANY county, you're going to find votes that weren't counted. If you do so in a county that is 90% Gore, it makes sense that about 90% of the thrown out ballots would be for Gore. Likewise, in a 90% Bush county, 90% of the thrown out votes would be for Bush. SO, merely counting ballots by hand may be accurate in that particular county, but it only skews the statewide vote. The only fair and reasonable way to hand recount would be to recount the entire state.
But... what about the other states??? Don't we want "accurate" counts there? My question is, when does it stop? Do we really trust the election officials in the United States enough to mandate an ENTIRE COUNTRY hand recount? Such a thing would take months, and would never bring a sense of finality to the election...
You say that Bush is a thug... I submit to you that ALL politicians are thugs.
why not create a game that's all about cheating...
If the client program is running on a un-secured computer then it can be hacked/cheated from. The article talks about several things that happen now, but I dont think anything can make it much more difficult. Anyone with the knowlege to hack a tcp stream or control system resources will always have the possibility to cheat, and it will be no more difficult for them than it is now.
:-P So I've been there.)
but everyone is forgetting one key point.
They're just Games.. not real life. your Q3 frags dont mean squat. or how many land holdings you have on game X.. it's entertainment. anyone taking it farther than the entertainment value really needs to take time away from their computer.
(This coming from me, a guy that played Quake I,II(still prefer Q1 though) online for days on-end, and was sucked in to the IRC land of fakes for 3 years... LOL
Do not look at laser with remaining good eye.
It's funny how history seems to repeat itself, the X game netrek used to send the entier state of the universe to all players, including the location of 'cloaked' ships... but it would add a little note saying 'this ship is cloaked, dont let the user see it'........
Can anyone guess what the first cheating client was?
The fix was obvious, don't send the info if you couldn't see the ship. So then the server would only send you info on a cloaked ship when you were very close, causing the ship to flicker in and out (and to drift around because the location was a random offset from the true location).
The cheat for that was client programs that opened sockets to their teammates and not only let them know about cloaked ships but if more than one of your teammates could see the ship the client would average the multiple randomized positions together to cancel out the randomization.
You have to make the Client part of the Game and not part of the Player, its one thing to have a
better user interface, and netrek has multiple approved interfaces that are highly customizable but if you let people add machine assist to the Client it goes down hill immediately
-jon
--
you must amputate to email me
--
you must amputate to email me
i read all replies to my comments
This is a well thought out and reasoned commentary and if I had a mod point, I'd certainly give it to this post. You are absolutely right -- the problem comes from the style of game and how you know if you are doing well. Ultima Online begged for cheaters. Only a few cave-dweller types have the time to play the many-many hours to be considered good. But cheating creates that shortcut. The real way to eliminate cheating is to make cheating pointless. You'll still get people who will do it, but if the effort to do it doesn't reap great benefit, who would do it except the few who are doing it just to see if they can (which, IMO, is a good enough reason). The ways to make cheating pointless is turn the goals away from kill for reward to more intangibles. Instead of randomly spawning rare items, why not randomly spawning rare quests - but a lot of them. Also, start the characters out powerful. This almost immediately takes away that feeling of having to become faster, stronger, smarter and lets the player focus on puzzles and interaction. I personally hate spending the first five hours of a game scared of everything and everyone. There are other sociological reasons why people cheat, but developing stories that undercut kill/reward behavior and encourages interaction would be a prime starting point.
This is not the way to build a lasting empire.
You silly moderators should read the previous discussion on this article. Some anonymous coward's just taking posts from there.
Instead of (or in addition to) the technical solutions talked about here, can't there also be a human-based solution?
How about a feedback area after a game/session where people can talk about whether they thought their opponent(s) or allies were playing on the level? What they thought of their opponents' playing style?
There would have to be mechanisms in place to prevent clan partisanship, and maybe you'd have to implement some sort of sore-loser prevention, but if you agree that technical barriers will only last so long, a human-based system could provide a useful backup.
If it works on eBay (to a certain extent) and here (again, to a certain extent), why couldn't it work on battle.net?
At WorldForge, we're doing exactly this. The client is made available in source code form so that the player can customize it to make it work better for them. And we make all of the server code available for download so players can look through it and discern new tricks for effective playing. If in doing so, they uncover a bug that can be taken advantage of to the detriment of other players, then they're welcome to make use of it - sometimes this is the best way to test out how bad the bug really is.
If I don't think the bug is worth my time fixing, then any players sufficiently bothered by it are welcome to download the source code to the server, find the area causing the problem, fix it, and submit a patch. If I disagree with their patch or otherwise refuse it, well then at the least they have the permission to establish a new server and compete with me. So I will probably work hard to make sure to include the patch!
So I guess a lot of stuff I see called cheats, I think really should be honestly called 'bugs', and responsibility placed with the programmers rather than the players. Some stuff - like denial of service or similar - that's just plain mean, and out of the server programmer's hands to prevent. But a lot of the in-game cheating is preventable via code.
Maybe I'm an idealist, but the best way to harness the creativity of cheaters, is, IMHO, to establish an environment where giving out fixes to cheats has as much glory as identifying the cheat in the first place.
We also strongly encourage (even urge) players to get involved in the game development process. Our present game server is written in Python, and we will encourage and allow extension of it by direct coding (the amount of extension is limited by the slowness of Python). Our next game server (being coded now - in C++), will allow players to design assemblies and mechanisms in-game, and automate them with scripting, among other things. :-)
And of course, since the client is open source, you're welcome (and encouraged) to automate your character as much as you want. (In my opinion, if the game is so simple that you *can* program a super-bot that wins consistently, then the game lacks adequate sophistication. AI programming is tough, and if allowing for this kind of "cheating" encourages lots of people to gain skill at it, then this makes the (game)world a more interesting place! Besides, programmers are cool and deserve an edge. *Wink*)
The article identified six types of cheating, but completely failed to identify any reasonable solution for the first one: reflex augmentation.
It is not terribly difficult to write a script to execute commands without the use of the mouse. In Quake 2, the only real effect was that some people had godlike aim - and this was usually pretty easy to spot.
But consider what reflex augmentation could do in Warcraft 2, for example. One could write a script that caused the "mouse" to "click" on your Town Hall and Barracks, automatically creating peons and ogres at a set rate, while you controlled everything else.
Would this even be possible to spot?? From the server side, it would just look like someone had insanely good reflexes. And, of course, it would be easy to tone it down just a little - occasionally have your script "mis-click" just to the left of the town hall, put in tiny delays, etc.
It seems to me that the only way to prevent reflex augmentation would be to force the player to play on someone else's computer with a very restrictive account... any thoughts?
The problem with the entire RPG genre of on-line games is that it isn't really the fun that hooks people in, it is the basic stimulus-response instinct that keeps people up all night playing Everquest or a MUD. By making you do things to get rewards (levels, new items, etc.), and by dishing them out a little at a time (with a fair ammount of randomization), these games tap into the same psychological conditioning scheme that makes old ladies spend their retirement checks all day at slot machines and BINGO games.
Since the satisfaction one gets in these games is usually the reward of a more powerful character, the mind begins to make the association of "better character == more fun", and cheating, or power-leveling, or "twinking" becomes very attractive.
The draw of these games is that they sort of let you live life in fast-forward. In a few dozen hours of gaming, you go from being a pathetic babe in the woods to being a massive warrior or wizard. Cheating speeds this up even more. It's a logical extention of the persuit of the goals the game establishes, really.
You don't often see the kind of rampant cheating that prevailed in Diablo 1 or Ultima Online when you are playing the FPS games. It seems that the shooters have acquired a sort of sports culture. To cheat at Team Fortress would be a lot like cheating at a pick-up basketball game. Neither side has more fun as a result, because the rewards of player-vs-player gaming comes from the joys of testing your skills against other people. Cheating in such situations is boring for both the cheater and the victim, even among younger kids.
It seems to me that the challenge that lies before those who wish to write on-line RPG's is to get a little farther away from the "kill monster, get a treat" format that is so common to these games. Good storytelling is helpful; nobody cheats at games like Myst. Creating a social environment that facilitates less of a "who's got the biggest *" mindset would also reduce cheating dramatically.
Mind you, I'm not saying that the typical hack-and-slash, smash-and-grab RPG does not have its place. I wore out a mouse on the first Diablo, same as the next geek. All I am trying to say is that game designers ought to start thinking beyond it, now that the current technology allows them to explore a lot of new avenues.
One solution to both this (and the cheating problem) is smaller communities, preferably of people who already know each other.
I agree. The real hurdle though is to find trustworthy opponents at roughly the same skill level who are *anonymous*. Yes I can sometimes hook up with a friend who likes the same game when we both have spare time, but the whole appeal of internet play is being able to play whenever I want with real people. It just seems almost impossible to find matches like that. Bots or pros -- they're basically the same thing to me. I'm devolving back into a single-player gamer.
Haven't we established that you can't have authenticated binaries / trusted clients?
No no, I copied it from the original from the 25th independantly from the AC.
...what does affect gameplay is this: 5% skill, 5% mod, 90% connection speed. I'm betting the folks that are having such a poor time playing are probably linked via 56k or less. Attempting to run with the big kids, who are DSL or two way cable accessed, will certainly yield very poor results.
a/s/l here. Sorry, adding domain tags to your s
There is another theory which states that this has already happened.
eudas
Blessed is he who expects the worst, for he shall not be disappointed.
I suppose it all depends on the ability to determine that someone has spliced modified dynamic library or not. If you can cheat by modification of the OS AND the program can not detect the modification then you have a problem, but if the app can detect that you are running non-standard drivers it can say
"put back the drivers that came with the game or we will tell everyone you are a scum sucking bastard..."
-jon
In massively multiplayer online games, most notably MMORPGs, integrity is everything. If people can't trust the integrity of other characters, they won't bother spending the time to build them. I think a lot of attention needs to be paid about how to keep server-side certain pieces of critical data.
First, the tradeoff: anything you keep server side on a trusted server is safe. Anything you load client side you can assume for the sake of argument will be possibly modified by a player. So, let's take a MMORPG: you have characters, monster, and various abilities all interacting. What is responsible for the integrity? The server needs to be. First, the all important player character should be totally stored server-side. No information about stats/abilities/etc is kept locally, and the server never reads any from the client. It just sends a scenario and accepts commands. A pristine client interprets options from the server to provide an interface, but just because you locally manage to send a "super fireball" command when you only have a regular "fireball", doesn't mean the server should parse that. It should obviously return an error. (and probably flag you for some sort of observation, cheater!)
In any event, the dichotomy between client and server matches that between cause and effect -- never let clients dole out effects, only accept input.
On to the more difficult problem, which is when the information you pass to the client is more than they should have, based on the fact that you cannot transmit it as-needed due to bandwidth/cpu/latency limitations. This is where innovation needs to occur. Things like handing over partial maps, or possibly breaking maps/info up into smaller pieces and giving them all out encrypted, then handing decryption keys over real time. (And this would be an art in itself? Would 16-bit XORs work? Or would someone find a way to analyze all 65k combinations for consistency and break through in sufficient time to gain an advantage?)
In a game which was not time-sensitive, obviously, this stuff should be kept server side. For example, I've never played age of kings, but I've played HOMM2/3, which are turn-based strategy games. In those cases, all data could be kept server-side, other than the revealed portion of the map. Because the players play each turn in succession, time is not a real issue. A few seconds for pulling data is not that important.
Anyhow, good article. This is definitely one of the biggest problems facing MMO gaming, and as multiplayer becomes more important to games, and as more games go MP-only, this will be critical. Bandwidth and lower latency will help alleviate the problem, but there's a lot of room, I think, for clever protection from cheaters.
This would not happen if playing these games honestly was as fun as it is supposed to be.
The problem with the entire RPG genre of on-line games is that it isn't really the fun that hooks people in, it is the basic stimulus-response instinct that keeps people up all night playing Everquest or a MUD. By making you do things to get rewards (levels, new items, etc.), and by dishing them out a little at a time (with a fair ammount of randomization), these games tap into the same psychological conditioning scheme that makes old ladies spend their retirement checks all day at slot machines and BINGO games.
Since the satisfaction one gets in these games is usually the reward of a more powerful character, the mind begins to make the association of "better character == more fun", and cheating, or power-leveling, or "twinking" becomes very attractive.
The draw of these games is that they sort of let you live life in fast-forward. In a few dozen hours of gaming, you go from being a pathetic babe in the woods to being a massive warrior or wizard. Cheating speeds this up even more. It's a logical extention of the persuit of the goals the game establishes, really.
You don't often see the kind of rampant cheating that prevailed in Diablo 1 or Ultima Online when you are playing the FPS games. It seems that the shooters have acquired a sort of sports culture. To cheat at Team Fortress would be a lot like cheating at a pick-up basketball game. Neither side has more fun as a result, because the rewards of player-vs-player gaming comes from the joys of testing your skills against other people. Cheating in such situations is boring for both the cheater and the victim, even among younger kids.
It seems to me that the challenge that lies before those who wish to write on-line RPG's is to get a little farther away from the "kill monster, get a treat" format that is so common to these games. Good storytelling is helpful; nobody cheats at games like Myst. Creating a social environment that facilitates less of a "who's got the biggest *" mindset would also reduce cheating dramatically.
Mind you, I'm not saying that the typical hack-and-slash, smash-and-grab RPG does not have its place. I wore out a mouse on the first Diablo, same as the next geek. All I am trying to say is that game designers ought to start thinking beyond it, now that the current technology allows them to explore a lot of new avenues.
Oh wow. I just got back into Dallas from Siggraph 30 minutes ago and discovered my mailbox filling up with emails from the /. side-effect. Just a couple quick comments on the discussion....
0) This article first appeared in print in the June 2000 Issue of Game Developer Magazine.
1) I didn't come up with the title. I honestly couldn't think of a catchy title, so I let my editor come up with one. As far as nit-picking over the useage of "Hacker" and "Cracker" - don't sweat it. Yes, I know the difference.
2) The most important point in my mind is that multiplayer cheating hurts other human players and is an order of magnitude different from the things we do when playing solo (single player) games. When a person realizes they are on the receiving end of a cheat - that another human being wants to do that to them - it's a hugely distructive feeling.
2a) People walk away from games and badmouth them to their friends when they think they are getting screwed. The better selling your game, the more this matters.
3) Many people have been emailing me and posting about things I didn't cover. I really appreciate it though I do already have some of it. When I wrote the article I had to keep it to about 7000 words, so I only got to cover about 1/2 of what I wanted to. Given the reception it has received, there will likely be a second article on the topic.
3a) Keep the comments and emails coming - I will try and respond to all.
That's all for now. I really appreciate everyone's input and thoughts on the matter.
-Matt Pritchard