Slashdot Mirror
Combating Cheating In Online Games
mors writes "Gamasutra has an article about how game developers can make life harder for people trying to cheat in online games. It analyzes various ways of cheating, and how they can be made harder. It does stress that cheating can never be eliminated (at some point you need to trust the client machine, so crypto is not the ultimate solution), but can be made considerably harder."
I mean, who are we to criticize, but it does sort of suck when they only post x number of articles each day -- and one or two of them are often spent on news already reported on Slashdot before.
---
seumas.com
I find the hacking game clients far more exciting than using them to play the game.
Does my bum look big in this?
The problem was easily delt with by using authenticed binaries to prevent code modification.
That wouldn't fix the Counter-Strike Aimbot problem, it would just make it orders of magnitude harder to write, assuming they also turned off the ability to replace the models.
-
One solution to things like reflex augmentation is for a server to present false data to the client that cannot be perceived by normal players - the best example I can think of is a seemingly real quake player embedded (or moving) within a wall, or on the ceiling with a ceiling skin to render the fake player invisible to the normal.
The augmentation will try and go after the "fake" players, and the server could try to detect attempts on the fake players and shut down a client that went after them with regularity.
As the original poster of that text some months ago, I'd like to say I apreciate you finding the comment insightful enough to replicate here. I just thought I'd post a followup so I could collect any mod points that might be coming.
You might have actually got some mod points, too, if you'd bothered to add in the text from some of my replies to the responses of the original post.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
{rantmode}
Online gaming started for me with Xpilots. I tried to show someone recently xpilots, they just turned and looked away (7years my junior). I've recently played UT (Unreal Tournament) hell of a lot (even won the odd game online). But sometimes I'm running around, dodging and everything, thinking no-one is going to get me when "URGHHH!" or "ARRRGHHHH!" and I'm dead.
Now maybe there is a sniper doing a head-shot on me there, but sometimes it's too incredible to believe.
So... "Ask Slashdot: Anyone know good cheats to Online Gaming, Unreal Tournament in particular."
Hell - if I can't beat these "Gods", I may as well join them... thanks
Thanks
GC
-
End of message?
No---
What's cheating if the cheats are open-source?
{/rantmode}
Thanks for listening and modding me down!
GC
A funny cheat(but effective one) is to have spray logos AS counterstrike players. Spray it, hide nearby and when someone shoots at it and finally realizes it's a frozen/afk player(even though its not shaking) you come up and fire away!
Diablo2. Great Game, even though they didn't beta test the second boss enough. Online play is ridiculously dependent on packets describing where every enemy is, as well as every item. That's a lot of bandwidth to keep me from cheating. The Internet is too primitive to waste bandwidth on micromangement of games, especially when you have 700MHz processors that can handle most of the math. And all this to protect the integrity of "levelling up." Add to it that Diablo2 is a hack-and-slash. The quests don't change. There's no reward for having a high-level characters. There is no evolutionary change. The excessive packets to prevent cheating are overkill.
----------------------
Some of us it the first time. The artical has enough good content to deserve a repost or three.
What if players could choose to "ignore" anyone else on the server? If another player were "ignored", then you couldn't see them and they couldn't see you.
That would take away a lot of the power they have over other people. If everyone on the server ended up ingoring them then they'd end up annoying only themselves.
Of course, there are balance issues to consider. Would ammo grabbed by an ingored player be there for the ingoree? Would it be fair to have two people who couldn't see each other attacking another player at once? Still, I think a system based around the concept of having, in effect, a number of different games going on in the same server would be an interesting thing to try.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
That's the new AC "cheat" which gives you high karma.
Congrats Hemos, you just stole the repost record from Taco. Here is a link
Slashdot: Proof that a million monkeys at a million typewriters can create a masterpiece
I've had some limited experience with punkbuster, and it's not all its cracked up to be. It's not actually for half-life; it's for the Team Fortress mod for half-life. But just look at their faq:
Q: Isn't this a little bit like "Big Brother" watching us?
Note, their faq's answer was not a refutation of the "Big Brother" concern. They merely explained how more enforcement is good, and so by implication (though they don't come out and explicitly say it), "Big Brother" must be good.
In some cases, you may have to live without certain honest customizations and go back to original code or data files in order to play on PunkBuster monitored servers...Simply put, if you are one of the vast majority of honest people who just install a game and run it, then you have absolutely nothing to worry about.
They admit to sweeping too broadly, but then they justify it by the old adage of "If you're not a criminal, then you don't have anything to fear from the police". If punkbuster bans legitimate gameplay, then it cannot be considered a complete work.
So much of the replay value in games like TFC is in finding all those little ways to tweak your game play: not to cheat, but to find quirks and key sequences which while being perfectly legal, are not obvious to a novice and which give the practiced seasoned master and upperhand. It's no different from learning a different fingering on the violin -- you wouldn't accuse Yitzhak Perlman of "cheating" when he goes up to 7th position whereas your average 1st-grader is still down in 1st position.
Punkbuster has some noble intentions, but by sweeping too broadly in what is and what is not a cheat, it enforces a certain level of mediocrity on the players on its servers. I just hope they'll fix it soon.
-- Anne Marie
..is consider it to be normal game play, but still keep things fair. Specifically, the majority of cheats seem to be improvements to the user interface. These "cheats" should be a standard part of the game.
Anyway, I think the best way to fight online cheating is to give the game a scripting langauge to make cheating easy, but with the following constraints:
1) The scripting langauge will not give you access to informtion you should not have, i.e. behind the fog of war. This information limitation factor is essentially what seperates a "good" (user interface) cheat from a "bad" (defing the spirit of the game) cheat.
2) The game will "keep things fair" by sharing all your scripts with your opponent during network play.
Clearly, there will be people who write cheats to disable these two features, but there is a LOT which can be done to protect these two features since they are internal (i.e. you can not just write a program to figure out what is going on from the screen and click for you). Plus, it seems likely that information cheats will take MUCH longer to write then scripts and that better scripts would be more effective then information cheats. It's worth mentioning that just having a persons scripts will not give you much of an advantage in the short run since you would need to learn how to use them effectivly (this means that disabling the sharing of scripts might not really buy you as much as writing a few significantly better scripts).
Anywho, the point is to let the people who play the game improve on it's user interface. This will not keep the user interface simple, but it will be a very interesting game to play.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
It's thrilling just to keep a positive frag-count! ;)
---
seumas.com
for years and years netrek has been a multiplayer over the internet.. no one in all my years of playing has ever cheated. and its open source to top it all off!
why?
because the server requires the client to send an RSA key which is checked against a list of known "good keys" If its there, then the client gets authenticated.. if not, then the client gets booted.
Yes yes.. but how do you prevent trainers on the client end? well, its simple.. make the client stupid. The server controls all damage allocation, stats, etc... all the client does is recieve packets from the server and updates its display... so I don't understand why they don't simply do stuff like this??
I love to play chess, but I usually have to play with guys (I'm not a guy). Playing f-t-f, I have learned that almost all guys HATE losing to me (or anyone else, for that matter!). They care more about winning than about the game; for me, the game is more of a joint construction of sequences of elegant combinations, with beauty in the timing and surprises that unfold.
Learning to play chess at a reasonable level requires a fairly large investment of smarts and time. Recently I found an online site (www.gamecolony.com) with a beautiful interface in which players can chat and play various games, including chess. It didn't take long before I realized that some players have apparently learned to hack the game to disconnect those of us focussed exclusively on chess, rather than the java programs that manage the game and other parts of the interface. (This site maintains a rating for all registered players. When I am disconnected, I lose automatically, and the opponent's rating increases as mine goes down!)
Now, chess is certainly involving. And the hackers who disconnect me don't do it when they're winning... So I have to disagree with your position. Apparently, to many guys, winning really is everything.
Btw, I recommend the above site for chess players despite the occasional hacker (if you don't care about your rating, it's still a great place to get a game, almost any time, day or night). For those of you who love chess but do care about the rating, try www.chessed.com, where the interface is not nearly as adaptable or intuitive, but I've never been forcibly disconnected!
We were desicussing all of this and more with our develoerps at TEN many years ago, as well as presentign the issues at CGDC.
He's wrong though if he says that 'at soem poitn you have to trust the client". The answer is well knmown and predates on-line games, going back to secure database systems.
The answer is a model-view architecture. The model is kept on the server. The client is purely a view of what is going on. Any chaanges on the cleint distort only the player's view, not the actual game.
This modle isn't a panacea in that you are trading ease of solution in teh cheat-space for tougher scalability and latency-hiding issues, but in those at elast the suer isn't your potential enemy.
Before I go, I'm forced to somewhat defend myself in my own twisted way:
Lack of ethics ("before I went on my killing spree... I broke into his house")
Little do you realize, this was the ONLY person I ever looted. The reason why I did it was to teach the guy a lesson. See, I wasn't the only person given BO. I know at least ten (10) people who he ripped off. A few were my personal friends, others I never met. Was it right to loot his house? Sure it was. He stole everything he had. Maybe two wrong doesn't make a right, but by god, the guy quit a few days after we looted his house. That, my friend, is ethical.
Also it wasn't me that killed 40-50 people, it was my friend who I gave my UO account to, but it was me in the game. Sorry for the confusion.
Bully mentality (stealing and vandalizing characters)
I killed cheaters. Bullies pick on people that haven't done anything wrong. I pick on cheaters.
Gratified by the misery of others ("Oh it was great fun")
And I bet they had great fun cheating too. if I had anything to do with making them know how it felt, I did something good for other people playing the game.
Immature (munchkin character with cliched orphan background)
Would you like a detailed histroy of my character in UO?
Justification by boredom ("It sucked so we cheated.")
blah..
Collusion ("we went cheating")
and it was fun. =)
And I'd like to point out a couple of others:
Horrid spelling
Tragic grammar
Twisted usage
Damn government schools.
One is hard pressed to imagine someone who writes as carelessly as MarNuke successfully coding a borg or a bot.
Even if I could, way would I waste my time? I rather learn network security and sysadmin stuff anyways. Of course, I could learn to write a borg or a bot, but I consider it to be a waste of my time. What would be the monetary gain of such actions? Unlike you, I don't plan on sitting infront of a computer writing code for the rest of my life. I'm going into some other field other then IT in the next few years. I tell you what, if I ever need to hire someone to write code, I'll keep you in mind. Maybe you will be out of work and prehaps I can get you for a low low. :)
MarNuke and his ilk represent perhaps the largest faction of the cheater community, especially in MMORPG environments where success does not directly depend on skill alone...
Nope. In UO I did not depend on my skill alone. That would be stupid. I used my head and found a new way to make money. No, I did not cheat. I "looted" decayed houses. It took massive about of work, but the pay off were outstanding!! All I had to do is check out a section of the map each night, 8 sections total, chart the decay houses, mark ruins, discover when they switch by checking on them in a 6 hour period, keep a record of this, and then just show up when the house decays. I had to be there withen in 20 minutes of the house's decay. Sorry kids, you don't get rich by using skills, you get rich by using your head.
The fact is this: Cheating is a part of life. Deal with it.
In the game of life you either play by the rules and work your ass off, join the cheaters, or find a way to neither play by the rule or by cheating. The third way is the true way one become sucessful in life. Know the rules.
MarNuke
For starters, one of the netrek maintainers has come out and admitted that netrek has been spoofed recently.
Second, it's misleading to say "it's open source to top it all off" if the very mechanism that the game relies on for authentication is itself closed source. Almost all of the source is fully disclosed, but the key isn't, and that's crucial. It's much like Carmack's closed-source proposal a while back to fix Quake cheating, and it's only as secure as it is obscure.
If there were enough demand, then you'd see netrek's key cracked. What's keeping it legitimate here is a combination of social factors (collective assent by intended audience to play fairly -- the learning curve for netrek is simply enormous, and so the players are largely self selecting) and a closed-source technical hurdle to help keep casual lamers out.
-- Anne Marie
DAMN you for having a life!
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
My game doesn't actually have a client -- players use web browsers and telnet clients -- but the game has benefitted substantially from 'cheating'. In starship traders, there isn't really any way to cheat, per se, other than running more than the legal limit of ships. Bug exploitation and imbalances in the game, for example, are legal gameplay. My goal has been to fix those imbalances and bugs as they are discovered, and the game is much more robust as a result.
Now, if only I could find the time to write the ever-postponed java client...
Geeky modern art T-shirts
Valve and the CS Team were slated to not allow for any modified models, but due to the otherwhelming "No" from the gamming community, they opted not to. A rather crappy stance on cheating if you ask me, with the advent of "CS Pro Pak" The "Voodoo" Cheats, spiked models is one issue that could be quickly addressed by ALL game manufactures by simply not allowing people to modify their models. This is a quick, easy way to address a mounting problem. Not nearly as "Personalized", but 10 foot polls sticking out of ones forhead detracts from gameplay 10000 times more then sacraficing "Personality" for "Honesty"
Face it, people are smucks, and no matter what we do, some a-hole will cheat. The only way to rid on-line games of cheats is to rid the user. But I hope game designers (And third party people, like Reactive Software) continue to fight llamas!
Remember that for every elite technique someone creates, there is another eliter person who will find ways around it.
This has always happened and will always happen.
Cheating has nothing to do with the reward system, in my opinion. As you can see, first-person shooters suffer from it just as much as other games. It's just that some people don't get a thrill out of the challenge, only the winning, no matter how easy it is. Then there are those who don't enjoy the game itself, they just love ruining it for everyone else. These, I've found, are most common on multiplayer RPGs, like Ultima Online.
"Prejudice is wrong; you should hate everyone the same."
They claim to have developed a server monitor (only for half-life so far) that detects when people are cheating. Not going to summarize the entire site for ya, just go check it out.
psxndc
The emacs religion: to be saved, control excess.
I have no interest in chess, however I always thought that the best cheat for an online chess game is to buy the chess game with the best computer AI use it's moves against your online opponent. I've never done this, but it always struck me as the easiest way to cheat at online chess. Granted the "very best" players could beat even the "very best" computer opponent, however, if you wanted to pass yourself off as a good player online, this would do it.
Cheating only results from the breaking of rules and in the cases you cite I would not describe what you talk about as cheating (as long as people don't then misrepresent how they achieved those things). They simply allow those people to avoid the things they don't enjoy to spend more time on those they do. You could of course argue they are cheating themselves but I doubt they'd see it that way.
When I read a newspaper for enjoyment no one tells me I have to read the sports section, or fasion, or travel. And when I play a solo game it's my decision if I play on lowest difficulty, or use cheat codes, or even just sit there staring at the CD. I paid for the game and I simply want to have an enjoyable experience. I have also on occasions used FAQs to get me over sticky points in games.
It's only when I come to play with others that I have the obligation to observe an accepted set of rules. When I jog on my own I can run wherever I like, but when I run in a race I have to stick to the course. Similarly in games it is in the multi-player modes that cheats are frowned upon/objected to by the other players (I've not noticed the enemies in Quake complaining about cheat usage).
In fact one problem I have with a number of games developers is that they seem to think that it's their job to restrict player options in single player games (the worst are onerous saving restrictions). They want the player to play in exactly the way they think is correct. This is often counter productive as the most successful single player games are normally those that are the most open to being played however the user likes.
Gamma Testing - Where testing is extended to the full user community (AKA Shipping the Program)
I don't know if I consider that cheating. It's more of a creative use of a game feature to sucker other players.
.45 slug in the chest REALLY HURTS.
Face it, in real life, you'd be using the same kind of tricks to win. You'd be even MORE compelled, because taking a
This is as old as kicking sand in the other guy's eyes. (or maybe kicking someone in the nuts). It's called finding a weakness and exploiting it. It's only cheating if your opponent has no chance of learning and using the same tactic against you. I think the spikes thing was lame, and should have been fixed, because it wasn't an accurate portrayal of reality, which is what a simulation should be striving for.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
One solution to both this (and the cheating problem) is smaller communities, preferably of people who already know each other. If I'm playing against friends, the odds of one of them being someone who's totally obsessed with the game and spends 16 hours a day playing it are significantly lower -- someone who does that doesn't have much time for a social life in the first place. In a "global" gamespace, such as battle.net, the people who've devoted disproportionate amounts of their time toward the game are *exactly* the kind of people I'd be more likely to run into, as they spend more time playing in the first place.
Similarly, the friend factor is quite possibly the single greatest anti-cheating technique. It's a lot easier to trust a person not to cheat than it is to try and create a whole trusted client architecture.
[snip]
Sore losers would be the problem, and it's the similar to the reason that Slashdot moderation does not work as well as it could.
Moderation/ratings/etc need to not be anonymous. When you are looking at something unknown to you (whether it's a post to find out whether it should be at the top of your browser window, or a player to find out if you want to play with them), you go to the database to get a rating. But that rating should be weighted by how much you trust the people who assigned that rating. I don't want some cheater to look like they have a good score just because their fellow cheating clanmembers make them look good. Just as I don't want to read a +5 insightful post if the moderators were trolls who are trying to upset the system.
Player/post ratings are subjective and should be treated as such. In order to know the value of someone else's subjective opinion, you have to know whose opinion it is. There should be a web of trust, with everyone being held accountable for their decisions, not anonymously-given scores.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
One of the main problems with online games is that by the time I pick up a game and try it out online (like, 2 days after being released), the community is already playing at "pro" level -- they've figured out every subtle nuance, trick and "feature" in the game that gives you an edge. And all I wanted is to have a little fun. In this sense, whether they're cheating, or simply too good to be healthy, it's the same difference: not very fun :(
Do what a friend of mine does: talk with another player(on your side) over the phone. When one dies, the dead player goes to free-look mode and scouts out for enemies to take down for the other person on the phone.
Of all the months I've played Cstrike, I can't really say I've been in a round where there was rampant cheating going on. The closest I saw(yes, i know I'm not going to see big spikes coming out of me) were several rounds where all the Ts clustered together and basically headshotted anyone that came in their way in cs_prodigy. 3 of the player names were similar, so it seemed like damned CS bots were on the loose with super-fast reflexes and the same "go to the bombsite" course.
A friend of mine's been banned from 3 servers, not because of cheating, but because he's that good. For the first month I played(mind you, on a 350Mhz setup with horrible framerates) I was dying within the first 30 seconds of the game. Now I'm getting to the top spot or 2nd place for my team each time I play, so practicing for a few hours each day will make perfect.
But consider what reflex augmentation could do in Warcraft 2, for example. One could write a script that caused the "mouse" to "click" on your Town Hall and Barracks, automatically creating peons and ogres at a set rate, while you controlled everything else.
Oh, you mean like Starcraft? Moral: If you find a bug, find some way to turn it into a feature.
Will I retire or break 10K?
you're actually a German, and you used "the fish" to translate your post :)
It may look like I'm doing nothing, but I'm actively waiting for my problems to go away.
--Scott Adams
The problem seems to be that mostly we play with some time controls (I like 10 minutes plus 5 seconds/move, for example). Chess is so complex that even if the opponent could very quickly enter the current position when he sees he's in trouble, the computer would still need a relatively long time to come up with a best move. So a player who sees he's losing can most easily cheat by "bumping" his opponent (perhaps "authoritatively" replacing a java file to tell it I'm no longer online, since I actually have *not* been disconnected when this happens!), rather than continuing to make any move.
CRC's of the game state and so on are fake-able. Security is defiantly possible; it just takes a bit of thought when the game is written (which is suppose is the point of the article, just the ideas he points out are crap). Its not that difficult to stop cheating, as an example the "Voodoo" cheats that where mentioned above, the server just needs to send the positions of ONLY the other players that current player can see. Another problem with the C&C (Not sure if C&C has this problem its just a good example of the game type) style games is that the WHOLE game status is uploaded each update. The only thing that should be uploaded is what the client can see, it should not rely on the client to do the actual hiding of the enemy players. Same with the "massively multi-player online games" that where mentioned above, the server should maintain the status of the players, inventory changes should not be allowed from the client, only the server should be able to change it, when the player is actually given the item in the game.
The first problem with the "aiming proxies" is VERY difficult to solve, because any sufficiently practised player could do just as well as any computer if you have to deal with the sort of latencies that we have over the Internet. Especially if the server is implemented as I suggested earlier and only give the clients the locations of the enemies that are within the players FOV.
The last item is absolute bollocks, you should never need to hide any of the client side status, the server should track the status of each client. If any of them attempt to do anything that is invalid then its up to the server to stop them not the client, which has been said before can NOT be trusted.
Look at the commercial programs like credit card transactions that go over the Internet, NO trust is put on the client, imagine if it was up to the users computer to store they current balance of their current account. They have managed to make that secure so why the hell cant people do it with games after all they are both just programs. Admittedly its a bit more serious if you go changing you bank details but I'm sure you get my point.
That's a game that IMHO begs to be cheated at. There's too much fighting and it's all really boring, just the same thing over and over again.
But you have to go through all that to level-up in order to do the quest-type stuff that is the real fun... So grab a cheat, crank the level up, and just play the fun stuff.
Some people can't understand cheating in a single-player game... To me it's a way to play the fun bits of a game and then go on to another game.
As an example of a game that's 95% crap, Zelda64... It's all about running around kicking plants and jars to get gold. Whenever you actually have to do something quest related it's all scripted like 'get something from [the farthest away spot] then take it to [somewhere very far from that] then go talk to [someone hidden away very far from that]...' It's very dull.
But if you could just give yourself all the gold you needed you wouldn't have to play all the stupid little games, like grabbing fish in a bottle and selling them, or pulling up plants, or breaking bottles for gold then leaving the store and coming back and doing it again.
And people call the Zelda designer a visionary in the field of games. Hah. But then, many companies seem to copy his style. "Surround the hour of plot with fifty-nine hours of drudgery and claim it's sixty hours of gameplay!"
All it means to say you don't cheat it that you're too stuck in a rut to skip the dull shit.
(This is a completely different topic than cheating in multiplayer.)
At the very least, the article submission process ought to run a search for the title words.
If you search Slashdot for "Combating Cheating In Online Games" the second article that comes up (below this one) is the earlier post of this article in July.
The submission process should present a short list of matching headlines to the submitter for a quick scan before hitting submit.
You ain't seen nothing yet in regards to cheating!
It is simple. Just treat the client as part of the player when you design the server. I.e instead of
Game = Server + Client
Player = Human
design it like
Game = Server
Player = Client + Human
This means that the server should never send data to the client that the human should not have access to, and the server should accept any command that make sense in the current game state. Just like you wouln't display information in a single player game that the user should not have access to, or accept invalid moves made by the user.
With this design, the client is just a user interface. If someone creates a better player by improving the user interface, more power to them. Such improvements should be encouraged by making the client free software, preferable GPL'ed so people who improve the user interface (client) will have to disclose how they did it, if they want to share their improvements with other people.
I think this problem must exist in any networked multiplayer game, many moons ago we had this problem in the X game netrek. Im not sure but I think the first '(cy)borg' client came from someone pasting the firing code I wrote for the robot players into the human user interface. The problem was easily delt with by using authenticed binaries to prevent code modification.
As for people changing config files, or adding spikes to players, that is just an issue of poor design, not requiring your model to fix the same 'bounding box' as the model the other player is using is an obvious bug, cheating aside, all the cheater is doing is exploiting the fact that the game designers clipping code is inadequate. Same with the recoil or weapon effects.
-jon
Would 16-bit XORs work? Or would someone find a way to analyze all 65k combinations for consistency and break through in sufficient time to gain an advantage?
Your 500 MHz box can execute approximately 2^29 cycles per second. There are 2^16 distinct encryption keys. Provided a key takes less than 2^(29 - 16) ~= 8000 CPU cycles to check, a patched client can crack the protocol in one second.
Besides, if the client is copylefted Free software, the crypto is Free too and can be cracked quite easily (commented C/Python/Java/etc. is a lot easier to read than uncommented assembly).
Will I retire or break 10K?
How come, in discussions of networked communication with hostile processes (cheaters, gnutella spammers) NO ONE MENTIONS TRUST SYSTEMS?
Am I out of my mind, or is that clearly the way to go for *all* communication with potentially hostile servers/clients, etc.? Is the overhead required too high? I have never seen a good trust system implemented *once*, and I really really want to.
Actually, PGP public key distribution has good trust systems built in, what with signing other people's keys. But that's the only one I can think of. And MojoNation's trust system isn't implemented yet.
Ugh. Anyway.
--
There are no trails. There are no trees out here.
It must be acknowledged that some games are better than others as far as cheating goes. I personally despise cheating, as it takes away from the fairness of the game. When playing Diablo for instance, you HAD to cheat just to get along in the game. I remember player killers that were indestructible, you could just slash them for hours and they would not die, but they'd kill you with one slash of their sword. With as many cheats as there are for Counterstrike, I can still enjoyably play the game, and still beat many of the cheaters. Without cheating, I usually end up in 1st or 3rd place. If I had the mad haxoring skillz to make clients for these games, I wouldn't do it. I would use my skills for bigger purposes such as hacking online casinos. How come they seem to be cheat free (although colluding is an obvious problem in online poker rooms). Seems like there would be quite a bit more to gain from this. The best way to combat cheating is to goto your local lan party. They are popping up all over the world, you can goto http://www.lanparty.com to find one in your area. That way, at least if they're cheating, they can't hide behind their computers. If they're cheating bad enough, you can just walk over and drag them in the parking lot, and beat the #)*$ out of 'em.
This means that the server should never send data to the client that the human should not have access to, and the server should accept any command that make sense in the current game state.
The only way to make sure the players see only what they're supposed to see is if the data sent from the server to the player is the current state of the framebuffer. Otherwise, how is the player supposed to not know what's happening right behind a wall?
Will I retire or break 10K?
The object of the game [Nomic] is to change the rules so that you're the only winner.
Will I retire or break 10K?
Sure, it's fun to point out when it occurs, but with the load that they deal with (almost 300 submissions last time I checked), it's surprising it doesn't happen more often.
However, I think it would be worthwhile if they coded some sort of check into the system that would see if the exact same URL (not just a domain, but a full url pointing to a specific page) has appeared previously in other articles and provide brief summarizations for the staff person to read through and see if it is dealing with the exact same issue or not so they can make an informed decision without scanning 10,000 posts manually.
---
seumas.com
It's a pain. Not least becasue:
- If you play very well then you are instantly labeled a cheat by some.
- Some anti-cheating measures detract from gameplay.
For excample, one cheat in CS was "voodoo" dolls. A user replaces the player models with custom ones that have huge spikes sticking out of them. So, while you are hiding behind a wall, the spikes show through the wall and the cheater cans ee where you are. Now, one apporach to blocking this is to prevent users changing the models; but doning that removes the possibility of changing models to customize your game, by for example replacing the hostages by nude women. Allegedly.In conclusion, then, I'd like to say that cheaters suck.
~~~~~ BigLig2? You mean there's another one of me?
I didn't realize this for a long time, but a couple weeks ago I watched a kid play deer hunter. He started out by typing all the cheat codes. Suddenlly there were 10 times as many deer in the game, and they were all atracted to him. Then he shot them all.
Most of my friends when playing that game put wouldn't use the cheat settings if we knew them. (compare to the kid who memorized them) We pick a spot, and try to call a deer in, then we decide if we want to shoot it or wait for anouther. The only difference between that and real hunting is we aren't outside in bad weather.
In other words, some people don't get the concept of cheating, while others need to. The guy who cheats has a full walk through for tomb raider. I felt stupid for needing to consult a hint book to find the "good fromtz board" in planet fall, and I'm still kicking myself for not trying that despite how unobvious it is.
In high school one of my english teachers told me that when she reads fiction she reads the first few pages, and then the last page so she know how it turns out. I read books front to back. Give me an encyclopedia set and tell me to look up sweden and I'd rather read every entry before Sweden then just turn to that entry. It just doesn't seem right to read a book out of order (though given time pressues I normally will go right to sweden)
People are different. I don't understand everyone else. It doesn't make sense to me why someone would cheat. They do though, just like they get walk throughs and read the last page first.
It's funny how history seems to repeat itself, the X game netrek used to send the entier state of the universe to all players, including the location of 'cloaked' ships... but it would add a little note saying 'this ship is cloaked, dont let the user see it'........
Can anyone guess what the first cheating client was?
The fix was obvious, don't send the info if you couldn't see the ship. So then the server would only send you info on a cloaked ship when you were very close, causing the ship to flicker in and out (and to drift around because the location was a random offset from the true location).
The cheat for that was client programs that opened sockets to their teammates and not only let them know about cloaked ships but if more than one of your teammates could see the ship the client would average the multiple randomized positions together to cancel out the randomization.
You have to make the Client part of the Game and not part of the Player, its one thing to have a
better user interface, and netrek has multiple approved interfaces that are highly customizable but if you let people add machine assist to the Client it goes down hill immediately
-jon
This is a well thought out and reasoned commentary and if I had a mod point, I'd certainly give it to this post. You are absolutely right -- the problem comes from the style of game and how you know if you are doing well. Ultima Online begged for cheaters. Only a few cave-dweller types have the time to play the many-many hours to be considered good. But cheating creates that shortcut. The real way to eliminate cheating is to make cheating pointless. You'll still get people who will do it, but if the effort to do it doesn't reap great benefit, who would do it except the few who are doing it just to see if they can (which, IMO, is a good enough reason). The ways to make cheating pointless is turn the goals away from kill for reward to more intangibles. Instead of randomly spawning rare items, why not randomly spawning rare quests - but a lot of them. Also, start the characters out powerful. This almost immediately takes away that feeling of having to become faster, stronger, smarter and lets the player focus on puzzles and interaction. I personally hate spending the first five hours of a game scared of everything and everyone. There are other sociological reasons why people cheat, but developing stories that undercut kill/reward behavior and encourages interaction would be a prime starting point.
This is not the way to build a lasting empire.
I mean, who has time for searching and stuff? It's get up, post, get back under the sheets....!
---
seumas.com
Instead of (or in addition to) the technical solutions talked about here, can't there also be a human-based solution?
How about a feedback area after a game/session where people can talk about whether they thought their opponent(s) or allies were playing on the level? What they thought of their opponents' playing style?
There would have to be mechanisms in place to prevent clan partisanship, and maybe you'd have to implement some sort of sore-loser prevention, but if you agree that technical barriers will only last so long, a human-based system could provide a useful backup.
If it works on eBay (to a certain extent) and here (again, to a certain extent), why couldn't it work on battle.net?
At WorldForge, we're doing exactly this. The client is made available in source code form so that the player can customize it to make it work better for them. And we make all of the server code available for download so players can look through it and discern new tricks for effective playing. If in doing so, they uncover a bug that can be taken advantage of to the detriment of other players, then they're welcome to make use of it - sometimes this is the best way to test out how bad the bug really is.
If I don't think the bug is worth my time fixing, then any players sufficiently bothered by it are welcome to download the source code to the server, find the area causing the problem, fix it, and submit a patch. If I disagree with their patch or otherwise refuse it, well then at the least they have the permission to establish a new server and compete with me. So I will probably work hard to make sure to include the patch!
So I guess a lot of stuff I see called cheats, I think really should be honestly called 'bugs', and responsibility placed with the programmers rather than the players. Some stuff - like denial of service or similar - that's just plain mean, and out of the server programmer's hands to prevent. But a lot of the in-game cheating is preventable via code.
Maybe I'm an idealist, but the best way to harness the creativity of cheaters, is, IMHO, to establish an environment where giving out fixes to cheats has as much glory as identifying the cheat in the first place.
We also strongly encourage (even urge) players to get involved in the game development process. Our present game server is written in Python, and we will encourage and allow extension of it by direct coding (the amount of extension is limited by the slowness of Python). Our next game server (being coded now - in C++), will allow players to design assemblies and mechanisms in-game, and automate them with scripting, among other things. :-)
And of course, since the client is open source, you're welcome (and encouraged) to automate your character as much as you want. (In my opinion, if the game is so simple that you *can* program a super-bot that wins consistently, then the game lacks adequate sophistication. AI programming is tough, and if allowing for this kind of "cheating" encourages lots of people to gain skill at it, then this makes the (game)world a more interesting place! Besides, programmers are cool and deserve an edge. *Wink*)
The problem with the entire RPG genre of on-line games is that it isn't really the fun that hooks people in, it is the basic stimulus-response instinct that keeps people up all night playing Everquest or a MUD. By making you do things to get rewards (levels, new items, etc.), and by dishing them out a little at a time (with a fair ammount of randomization), these games tap into the same psychological conditioning scheme that makes old ladies spend their retirement checks all day at slot machines and BINGO games.
Since the satisfaction one gets in these games is usually the reward of a more powerful character, the mind begins to make the association of "better character == more fun", and cheating, or power-leveling, or "twinking" becomes very attractive.
The draw of these games is that they sort of let you live life in fast-forward. In a few dozen hours of gaming, you go from being a pathetic babe in the woods to being a massive warrior or wizard. Cheating speeds this up even more. It's a logical extention of the persuit of the goals the game establishes, really.
You don't often see the kind of rampant cheating that prevailed in Diablo 1 or Ultima Online when you are playing the FPS games. It seems that the shooters have acquired a sort of sports culture. To cheat at Team Fortress would be a lot like cheating at a pick-up basketball game. Neither side has more fun as a result, because the rewards of player-vs-player gaming comes from the joys of testing your skills against other people. Cheating in such situations is boring for both the cheater and the victim, even among younger kids.
It seems to me that the challenge that lies before those who wish to write on-line RPG's is to get a little farther away from the "kill monster, get a treat" format that is so common to these games. Good storytelling is helpful; nobody cheats at games like Myst. Creating a social environment that facilitates less of a "who's got the biggest *" mindset would also reduce cheating dramatically.
Mind you, I'm not saying that the typical hack-and-slash, smash-and-grab RPG does not have its place. I wore out a mouse on the first Diablo, same as the next geek. All I am trying to say is that game designers ought to start thinking beyond it, now that the current technology allows them to explore a lot of new avenues.
One solution to both this (and the cheating problem) is smaller communities, preferably of people who already know each other.
I agree. The real hurdle though is to find trustworthy opponents at roughly the same skill level who are *anonymous*. Yes I can sometimes hook up with a friend who likes the same game when we both have spare time, but the whole appeal of internet play is being able to play whenever I want with real people. It just seems almost impossible to find matches like that. Bots or pros -- they're basically the same thing to me. I'm devolving back into a single-player gamer.
This would not happen if playing these games honestly was as fun as it is supposed to be.
The problem with the entire RPG genre of on-line games is that it isn't really the fun that hooks people in, it is the basic stimulus-response instinct that keeps people up all night playing Everquest or a MUD. By making you do things to get rewards (levels, new items, etc.), and by dishing them out a little at a time (with a fair ammount of randomization), these games tap into the same psychological conditioning scheme that makes old ladies spend their retirement checks all day at slot machines and BINGO games.
Since the satisfaction one gets in these games is usually the reward of a more powerful character, the mind begins to make the association of "better character == more fun", and cheating, or power-leveling, or "twinking" becomes very attractive.
The draw of these games is that they sort of let you live life in fast-forward. In a few dozen hours of gaming, you go from being a pathetic babe in the woods to being a massive warrior or wizard. Cheating speeds this up even more. It's a logical extention of the persuit of the goals the game establishes, really.
You don't often see the kind of rampant cheating that prevailed in Diablo 1 or Ultima Online when you are playing the FPS games. It seems that the shooters have acquired a sort of sports culture. To cheat at Team Fortress would be a lot like cheating at a pick-up basketball game. Neither side has more fun as a result, because the rewards of player-vs-player gaming comes from the joys of testing your skills against other people. Cheating in such situations is boring for both the cheater and the victim, even among younger kids.
It seems to me that the challenge that lies before those who wish to write on-line RPG's is to get a little farther away from the "kill monster, get a treat" format that is so common to these games. Good storytelling is helpful; nobody cheats at games like Myst. Creating a social environment that facilitates less of a "who's got the biggest *" mindset would also reduce cheating dramatically.
Mind you, I'm not saying that the typical hack-and-slash, smash-and-grab RPG does not have its place. I wore out a mouse on the first Diablo, same as the next geek. All I am trying to say is that game designers ought to start thinking beyond it, now that the current technology allows them to explore a lot of new avenues.
Oh wow. I just got back into Dallas from Siggraph 30 minutes ago and discovered my mailbox filling up with emails from the /. side-effect. Just a couple quick comments on the discussion....
0) This article first appeared in print in the June 2000 Issue of Game Developer Magazine.
1) I didn't come up with the title. I honestly couldn't think of a catchy title, so I let my editor come up with one. As far as nit-picking over the useage of "Hacker" and "Cracker" - don't sweat it. Yes, I know the difference.
2) The most important point in my mind is that multiplayer cheating hurts other human players and is an order of magnitude different from the things we do when playing solo (single player) games. When a person realizes they are on the receiving end of a cheat - that another human being wants to do that to them - it's a hugely distructive feeling.
2a) People walk away from games and badmouth them to their friends when they think they are getting screwed. The better selling your game, the more this matters.
3) Many people have been emailing me and posting about things I didn't cover. I really appreciate it though I do already have some of it. When I wrote the article I had to keep it to about 7000 words, so I only got to cover about 1/2 of what I wanted to. Given the reception it has received, there will likely be a second article on the topic.
3a) Keep the comments and emails coming - I will try and respond to all.
That's all for now. I really appreciate everyone's input and thoughts on the matter.
-Matt Pritchard