Slashdot Mirror
Cheaters Sometimes Prosper
The Red Herring has a story discussing the cheating epidemic in online gaming. Discusses the problem from the point of view of the game companies, especially the ones producing console games who have to get it right the first time or face reissuing a huge number of CDs.
Remember Rene Magritte's famous painting. It's a picture of a pipe, with the caption "Ceci n'est pas une pipe." - "This is not a pipe." If you think about it, the caption is correct. There is no pipe. There is only a picture of a pipe. However, most people looking at the picture would say "Oh, that's a pipe." They wouldn't think to step outside the context, and properly reference the object as a picture of a pipe. This is simple mental laziness. We have come to associate representations very closely with the objects they are supposed to represent.
It's the same thing with how regular players and cheaters view games. When a regular player think of CS, or UT, or Quake, or whatever, they think of a game whereby one has to run around and shoot and hide and whatever else to win. They associate representations very closely with the objects or actions they are supposed to represent. However, cheaters think differently. They do not show the same kind of mental laziness. They see games for what they are: A client-server application with certain checks and balances in place which, if manipulated or hacked correctly, will yield some reward. This reward (represnted as kills, frags, bonus points, items, or whatever else in the game) also represents the cheater's resourcefulness in being able to manipulate the metagame, rather than the game. As such, it serves as a point of pride.
Regular gamers are playing a game which they perceive as real. Cheaters are playing a metagame whereby they manipulate the rules of the game to their advantage. Their measures of success are represented similarly, but this success is due to different sets of skills in the two cases. There is no comparison.
Case in point: Microsoft.
-- Guges --
Anything that has rules someone will try to cheat at. Everyone dies, right? Well, that doesn't stop people from trying to cheat death. Why? Rules inherently suck. They were made to be broken. A Christian man and woman get in a relationship. God says don't cheat. What do they do? You guessed it. They cheat.
So how do real-life games take care of this scenario? Well, let's take basketball as an example. You have two basic ways of handling cheating in basketball. At the organized level (ie. NBA), you have referees. They have the rulebook, and when someone cheats, they call a foul. In an online game, this would be akin to a server admin maintaining the rules. It would be even better if it was automated (ie. the game could identify cheaters). Hell, human players can detect cheaters, so why not computers? At the unorganized level (ie. street ball), you have mob rule. Jim travels, so Bob calls a foul. Jim says, "No way, dood." Bob's buddies nod their heads. What happens if Jim refuses to agree? He's either out of the game or beat up (or both). What happens if Bob keeps calling wussy fouls? Bob's either out of the game or beat up. In an online server, this would be akin to sort of moderation system. Players could identify another player as a cheater. If this person gets identified enough, he's kicked off. If some jackass starts going around fingering everyone as a cheater (or the cheater himself starts fingering everyone), he gets knocked off. Mob rule is very effective.
The thing is that game developers are never going to be able to stop people from creating cheats. The effective way to handle cheating is the same way any other real-life game handles cheating. You out the cheater. Unfortunately, game developers haven't developed effective ways to out cheaters, and so, you have a Wild West scenario in online gaming communities. If developers would stop fighting the phenomenon and start understanding it, they might be able to work in more effective coutermeasures.
First off, as others have stated before, the primary technical solution is to never trust the client. The following assumes that all appropriate technical measures have been taken to minimize the change of cheating.
That said, people will still find a way to cheat. The fundamental reason is that none of the "real-life" barriers to cheating currently exist in the on-line community. This is primarily due to these factors:
We can only defeat cheating through a change in the social system. The problem is primarily sociological, not technical. Here's how I'd go about it:
We can lick the problem, but it's not all in the game-designers' court. Some of the responsibility lies in the gaming community itself.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
Netrek does not have a large cheating problem. The true state of the game is known only to the server. Clients are given only the information that they would know. Clients use RSA keys to authenticate to the server. If a client is cracked, the client key can be quickly revoked and new clients distributed. If the clients are kept simple, several clients and keys could be distributed on a CD. Most clients would be under 100k. The art and graphics could be shared by all clients and take up the bulk of the CD. If anyone cracks one of the clients, its key can be revoked and there is no need to re-release a new CD. More clients, all randomly linked and encrypted on the disk, can be right there. The main thing is that the server only allows blessed clients to play, and only shares with any connection what it could know.
That scheme works in netrek because it isn't as popular as quake. Cracking these schemes doesn't seem to difficult by the speed in which they are done in the PC world. Proxy programs are one technique. They aren't going to crack RSA they'll use some other technique or some flaw in the process used. Software companies can't spend time doing security audits, they have to release yesterday since the 'technology' in the game is dating fast...
Netrek also runs at about 5 frames per second which isn't really good enough for quake.
I have a separate rant about letting clients know information that they shouldn't, and about letting clients decide what the state of the game is; I will spare you.
Having all the state in the server is ideal. Having the server do all the calculations is ideal. The clients can of course can try to run the simulation in lock-step with the server (which is hard without full knowledge) in order to provide a better player experience. Just like quake style game clients try and predict what will happen so that a delayed packet doesn't just cause them to freeze up. Making it run fast enough is the problem. Scaling to lots of players is an even bigger problem. Crossfire is doing things reasonably well though...
It still doesn't solve clients that help the player by auto-aiming and such. They don't need any extra information they just give the player better reaction times and mouse skills... These can be written as proxies which are hard to stop, though you can make life really hard for them... However, given enough late night hacking a few gurus could probably write a program that scans the video frame buffer (or just directly accesses the memory of the game process) and automatically shoots things it classifies as enemies. It can automatically shoot things by actually being the mouse driver and sending the correct mouse movements...
Of course programers should actually like the ability to write helper-bots - they turn the game into a pretty graphics version of corewars. That should give programmers the edge...
Believe it or not I haven't started RANTING yet... here we go...
<RANT>
Given time (and that game producers/authors wake up and see a possible revenue stream) you'll just choose a server that you know doesn't have cheats on it (or one that does, if that's the type of game you like).
Maybe the game defaults to use a public server, but you can send your credit card number to Blizzard/ID/whoever and be given access to the subscribers only server which is actively monitored for cheaters.
Or an seperate individual or company will see some money (or just not like cheating) and run their own server which costs money (or just requires some form of idenitification) and has very specific anti-cheating rules that result in cheaters getting banned.
The problem will be solved socially if it is solved at all. Technology isn't going to do it, and I don't think it's worth trying to solve it that way. Yes only give the clients the information they should have, it makes for better software design if nothing else. Yes use crypto to make cheating harder, it makes for cooler software if nothing else. Yes make it hard for cheats - but not if that means at the expense of programmer time that could have been spent fixing a damn bug, and not at the expense of windows software style piracy protection - must plug the fscking CD drive into the laptop in order to play the damn game (or download a small patch - gee which do I do?).
Solve social problems sociably. Cheating is classified as an anti-social activity by most (unless you're doing something where cheating is the point) so use social measures to reduce it or at least move it away from some places.
</RANT>
Cheaters sometimes win?
Yeah, right, next you'll tell me that winners sometimes use drugs.
Sorry, michael, but we had a lot of school assemblies about this and you're just wrong.
---------------------------------------------
Recursive: Adj. See Recursive.
So, instead of doing this: prepare data -> encrypt -> compress, do this instead: prepare data -> compress -> encrypt.
Any reason why that wouldn't work?
Special Relativity: The person in the other queue thinks yours is moving faster.
see, the thing to do is enable cheats for everyone, and see who's the best cheater.
... i give it 5 minutes.
i wonder how long they will get sick of having god mode on for everyone...
i can see it now... 'look, i can make you jump with my rocket launcher, hahahahaah'
Runnin' On Empty
I've always wondered why it is so difficult to vote against a player in Counter-Strike. You have to open the console and type listplayers to find the cheater's number, then type vote #### whatever number he is. A lot of people are too lazy to do this or don't know how. Some don't even know how to get to the console.
Game programmers should aknowledge the fact that there are cheaters and implement an easier way for other players to vote him off the server.
sometimes win. Smart cheaters always win.
--------------------------------------
No sig for you.
Available at http://www.PunkBuster.com (to lazy for html) stops many cheats for FPS games. I don't have the full list, but I use it for Counter-Strike. It's free, downloads quickly, and is very effective. (ie: any cheat that's in the program is totally blocked). It does require both the server and client to be running it for it to work :( If it ain't on the server if I have it running it doesn't matter at all.
--------------------------------------
No sig for you.
I mean, how much do you think you'd get for a fenced BFG 10K?
the liberator who destroyed my property has realigned my perception
the liberator who destroyed my property has realigned my perception
www.quantumheresy.com
I have a separate rant about letting clients know information that they shouldn't, and about letting clients decide what the state of the game is; I will spare you.