Slashdot Mirror
Game Developers Cracking Down on Cheating
Hector73 writes "ZDNet has an article discussing a growing concern for the makers of on-line video games. Cheaters and trolls are making it harder for casual users and newbies to get hooked on the on-line versions of games. Considering that on-line gaming may become the major revenue source for game makers over the few years, maybe they will actually do something about it."
I suppose it's not an optimal solution, but you can always lock down the server and only play with people you know. The drawback is, of course, that you won't always have a full server, but then, locking down the server is a good way to manage how much time you spend playing online =)
"Oh, I hope he doesn't give us halyatchkies," said Heinrich.
I don't know about you guys, but CSGuard and HLGuard have just about killed Counterstrike for me. If I go into servers without them there's no problem, with them and it's constant crashing.
I don't mind products to even the playing field (a 12 year old with OGC can ruin a whole game you've been in for hours), but when they interfere with game play, what's the point?
This is precisely why Microsoft announced that all of the Xbox's online games will be run off of Microsoft controller servers. They've seen how cheating can rapidly cause a subscriber base to shrink. By controlling everything themselves they hope to limit the damage done by those looking for ways to cheat. I imagine that just in case anything should go wrong, this means frequent backups that can be restored upon a users requests.
"Chances of RHIC-induced Armageddon are exceedingly rare, but... you never know." - MIT Physicist Bob Jaffe
Gamers should take power into their own hands. Some people will write cheats, so others have to write anti-cheats, and they don't have to be the fluffy "detect and block" kind either. Some jackasses at my school were cheating at CounterStrike, the only game worth playing, so I took it into my hands to write a little java app that crashes their server whenever they do it. Legal, maybe not, effective hell yes.
They stoped cheating, we started playing.
Black ice.
spawn_of_yog_sothoth
Great, now if only we can get rid of the plethora of bots and campers in Quake!
From excellent karma to terible karma with a single +5 funny post...
How long would Tiger Woods put up with the PGA if people took a mulligan any time they wanted?
When I buy a game, I'm purchasing the entertainment. If you're on there with autoaimers or speed-up cheats, you're taking my entertainment away.
I'm all for people having the right to cheat as long as they're clearly labeled as such. Heck, that might be interesting to have an all-cheaters league. Let the best cheater win. Keep them out of the other normal games.
Remember dongles of a by-gone era? (They were hardware that would "activate" your game by returning the proper answer to challenges given through the serial/parallel/etc. port). /lots/ of the game logic in the hardware? Besides fancy graphics, etc, I bet you could basically /cripple/ a game by having the basic maps/character stats/whatever be controlled by secure hardware attached on a USB slot. Since this solution would cost far less than the $49.95 for which a next-generation game retails today, why don't we see more "cheating isn't possible" solutions based on having lots of the "easy" (low-computing power) solutions based on a dongle attached via USB?
Well, why don't gaming industries today make dongles that have
There have been many attempts to do things about this. Plenty of bot detectors for the fps's. Between diablo 1 and 2 there were many changes made for anti-cheating concerns. If you look at the top of the changelog here. You'll see that anti-cheat protection is right on top. I believe its goin to be the same battle as OS security, and game console copy protection. There is always going to be something that somebody can do to cheat the system, and there will always be somebody willing to do it just to make themselves feel a little more powerfull.
edge
"It's all fun and games untill somebody looses a harddrive."
Designers should write in the ability for users to vote off other people they think are cheating. Usually it's obvious that certain people are cheating and so some mod writers for games like Counter Strike have already written this in. If enough people vote that someone is cheating, they will get booted.
This should be taken a step further though. If a cheater has been booted off a server a certain number of times, their cd key should be revoked or temporarily disabled from the master database. Then they won't be able to play online anywhere instead of simply moving to another one of the 1000's of servers.
The problem is this could be abused. People could vote against a player that just happens to be really good, but from all the games I have played the really good players almost never get booted off. It's always the real obvious cheaters that get voted off.
Outdoor digital photography, mostly in New Engl
The fact is that games can not simply act as a glorified frame buffer and transmit keystrokes and mouse movements to a centralized server and then display the results with minimal computation on the client side.
To get around the limits of network connectivity available to vast majority of people developers have to allow the client to render the graphics and interpret the input and then send back the minimum that is needed.
While we all know that open source generally increases security, when you're dealing with people who are trying to abuse features you can't let them know all your secrets. Open source security assumes that the people working together want access to each other, but want to keep others out. The game security model assumes you want to let anyone in, but keep them from doing bad things.
Thus unless you move all potentially abusable functionality to the server side, open source gaming will be limited except for games which tolerate low bandwidth and slow ping times.
Nascantur in Admiratione. (Let them be born in Wonder)
Well, we have seen valve put in code with Counterstrike 1.4 that checks to see if your opengl.dll is correct, to stop people with cheats like OGC. However, this sucks for all those using wine, becuase wine uses a hacked version of opengl to run windows games in linux. I've been cs free for about a month now, as a result.
The real irony is, wine will not load cheats (as far as I can tell), so people using wine cannot cheat. I had a similar issue with Cheating-Death.
=================
Unix is very user friendly, it's just picky about who its friends are.
The bottom line is that there are cheaters in every aspect of life, whether it be real or virtual. Game companies, much like governments, can only do so much. The rest of the problems people just have to live with. Virtual worlds will never be perfect and people will always try and ruin someone else's day.
=-=-=-=-=-=-=-=-=
Oh bother.
The main problem is that there is actually a rather strong, organised group of people out ther ewho distrubite exploits and hacks for online games, considering it their 'right' to cheat because they purchased a copy of the game. The problem is that when they do this they fail to take into consideringation the position of the other people who's gaming experiences they're wrecking.
Of course.. the difference between Man and Beast, when you get down to it, is being able to think about things frm someone else's point of view, so when you think about it, this shows you something about the mental state of the organised online cheater.
Even a Chimp can think about something from someone else's perspective...
The fundemental problem is that the game itself lies on the clients computer.... It is completly unfeasable to secure that program once it has been taken out of the shrink wrap...
Sure you can require frequent patches to fill the holes after release. Or maybe require a check-sum of critical files to play. Etc, Etc... But, there will always be people that are willing to figure out ways to by-pass it.
Just like computer security in general. You trade amount of security to functionality.
Heck. I remember when I had snake on Qbasic. I was 6 and had no clue about programming. But, I realized that Player1_Lives = 5 means something and I wanted to change it.. I understand that this is an oversimplified analogy that is completely missing the multiplayer side but, people will always want something for nothing and this is a way they can do it.
Probably the only way to completly secure a game from cheating is to make the client side as thin as possible but, of course the trade off is the server would have to work extremely hard (already a problem now, with server's designed as the thin ware)....
As solution will work itself out eventually.
I've played my share of online games, from the simple telnets to the varied mmorpgs. Technological and admin based solutions never seems to adequately solve any real poroblem.
You can boot players, ban IPs, reprimand, close servers, but the miscreants always find a way back in, because its an enjoyable game to them... annoying others.
The only viable solution I've ever come across is the social stigma. This method of self-regulations fails if the game doesn't implement a system of reliance on other players though. As long as several players are needed to band together to achieve certain goals, social stigma works.
Picture a mmorpg where you need 3 other players to help you defeat a certain barrier. There's no other way, its part of the game structure. If you're a cheater, others won't help and you're limited in your game play. Where's the fun now?
Game builders have to be aware that cheaters exist and really strive to construct game play in such a manner where players can self-regulate like that. Admins and code-limitations never seem to solve the real problem.
I understand that having a GM be the final arbiter can be both fair and unfair, so are there any/many instances where a non-cheater was expelled as a cheater?
I understand the example in the article (fighting a guy with twice your stats) perfectly-
I went to a live action role playing event (LAIRE for those who know) and it SUCKED. In the first round of combat, in one hit, the "npc" character completely decimated me. Yes, they were given orders by the GM's not to actually kill anyone.
NOTE: this message is free from any comments regarding Microsoft servers as military grade.
In the future, I would want to not be isolated from my friends in the Space Station.
I can see you you can crack down on cheating, most people don't like it, and would support that kind of action, but Trolls? How could you ever crack down on that without censureing(sp?)? I personaly like the /. method of moderation, because all the posts still show up, but we can choose how much crap we want to see. But how can you implement that in a real-time senerio? I don't see how without using server-side filters which people will object to, or client-side filters which has already been done before.
Sigs are out of style, so I'm not going to use one...oh wait..
When I buy a game, I am purchasing it. It's mine.
Technically no, read you licensing agreement. Strike 1.
That doesn't mean that they can come back later and take away my rights, like the right to cheat
No such right existed. However cheat all you want on your system in your single player environment or in a LAN environment with your buddies who know what you are doing, but when you connect to a public server you are bound by a terms of use in order to access that server. Strike 2.
You Have Been Trolled. You Have Lost. Have A Nice Day
Trolls are common in Counter-Strike, such as:
- Shooting teammates when friendly fire is on
- Shooting hostages no matter which team you are on
- Having the bomb and not planting it
- Repeatedly start and stop defusing the bomb when your teammates are waiting on you
- Get a friend to play for the other team, hang back until you are the only two players left and then run around and don't kill each other but pretend to knife fight and waste everyone's time
There are many ways to ruin such a game without cheating. These are also difficult to address from a developers perspective.
What?
It's not just the security of the servers but also the data packets. Authenticating packets as having come from the game itself not some hacking tool for example. Authenticating users is also troublesome, near-positive ID is needed to enforce policies. Relying on IP numbers and cd keys is insufficient. This topic is far more complicated than the article suggests.
And what about cracking the dongle? Like that hasn't happened before? Just store the maps on your computer.
You can't stop someone with tampering software on his own (or her own) computer.
Just, basically, dongles suck.
GNU guru and mainframe hacker
Games with huge numbers of people like EverQuest will suffer from a certain number of bad apples, just like the real world. They're ultimately going to need to rely on policing, technology can't solve everything.
Fortunately, many games don't have huge numbers of players. Quake games peak at a few dozen. Even as small scale games grow, there are practical limits that will keep size down.
There is a partial solution I haven't seen implemented yet: trust networks. To play, you generate a public key and share it with all of the other players. As you play, you mark other players as being friends. (You can also blacklist them, but it's easy for the other person to create a new identity, so it's only a very small part of the solution.) When you mark another player as a friend, your client provides them with a signature proving that you marked them as such. Then based on these networks of trust you can make judgements about who to play with. When you create a game, you might limit it to "my friends, my friends' friends, and 3rd generation friends if they have at least three references from 2nd generation friends." Maybe you leave a spot or two open for anyone to hop in on as a way to make new friends (and if they're a punk, you and your friends can blacklist him quickly).
This will make it harder for truely new people to make initial friends. Many gamers will know at least a few real-life friends who can give them a hand up. For the rest, they'll regrettably have to spend some time learning who they can trust. It's a shame, but it's just like real-life.
There are few details I'm admittedly handwaving (key revokation, special case exceptions), but they're all solvable problems. I'd really like to see a system like them when I play Quake, Half-Life, Diablo II, or Dungeon Siege online.
From the article (ya know, that thing you should read before commenting on its contents):
Kick. Ass. I know nothing about this company or their games, but I like them already.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
Cheaters do have a right to ceat, on their own servers.
What pisses us all off isn't so much cheaters, as it is deceptive cheaters that try to take advantage or ruin other peoples' fun. Ceating is easy in almost all games where there is any client software at all. I would oppose any game that tried to prevent my use of my computer just like I oppose any os or application that tries to monkey with my computer.
This problem is very difficult to solve because all a player needs to do is outsmart dumb software. That's pretty easy. Everybody knows when someone is using a headshot bot in counterstrike, but it's a little tougher to notice cheaters who pay attention to who is watching and how obvious they are being. I quit playing CS because of cheaters.
Blizzard beat most of the maphack/exploits on StarCraft just by continually patching the software. I think CS and Half-Life should take a hint. Modify the code so that people can't exploit it... often. It's tedious to stack traces for exploitable code, and if the code changes frequently then it becomes very very tedious.
My $0.02 will always be worth more than your â0.02, so
Because nothing guarentees the data getting to their carefully guarded servers is valid if their communication protocol is weak.
Aim cheats have nothing to do with server stored data. It all has to do with the fact the classic protocols requires all players in the field to tell all other players in the field their positions in the field. If you can snoop the positions of people then you can calculate an accurate "from the hip" shot with merciless robotic accuracy. If an aim cheat isn't possible, then you can just snoop the data and realize where the other players are hiding and their positing.
The way to beat cheaters is to apply tried and true security practices. Don't trust that the machine on the other end of the connection is really a client(so don't feed it any extra data beyond what it should need to know to function). Don't blindly accept any data coming back from supposed clients(does the client really have "permission" do what it is telling the server to do?).
Protecting the data is a good thing but just like server farms just locking the machines behind a door isn't enough. You have to secure the lines of transmition as well.
Still doesn't solve the problem. Even if you have a dongle, then you write some code that sits inbetween the dongle and the network that injects cheated packets and info to the server or lets you see more, etc...
(as a side note, all usb devices use more cpu then they should)
You will always be able to reverse engineer the protocol, it will just take more and more effort to do so..
Could encrypt the network packets as you send them, but someone can still patch the binary of the game to inject bad data into them.
Could encrypt the instruction code for the network play, until a valid key is obtained from a server, but then it has to be decrypted sometime, probably ahead of time to be good. Maybe if they implemented a hardware feature where you could give the processor an encryption key, and sent it an encrypted instruction stream, it would decrypt it on the fly. That would be hard to decrypt, unless the attacker were to get ahold of the key, then they could decrypt it.
Any way you look at it, someone, somewhere will be able to figure out a way around it. Social solutions are a much better way to solve the problems of cheating.
I play a lot of online MOHAA and trolls are as much of a problem as cheaters.
One of the most realistic ways to play MOHAA is with friendly fire on -- you have to know where you're chucking grenades and so on. However, it's nearly impossible because trolls will kill most of the team right at the spawn point. Some trolls block tight passageways or just play obnoxiously. In a full 8-user server, two trolls on one team can shift the balance of power so far its just not any fun.
Then there are cheat trolls that combine cheats with trolling behavior (noclipping under the road and killing people, for example) to be seriously obnoxious.
I don't know how you combat this, really. I think the best way would be enabling a kickban command that would kick a user from the server and then ban their IP, username, or both for a specified period of time. Banning IP blocks might be an option as well.
I know, I know, NAT, DHCP pools, etc etc will lessen the effectiveness of such techniques, but if you make it just annoying enough to troll people might stop and go back to making prank phonecalls or whatever they did before they messed with games.
TV Network cracking down on Tivo commercial skipping: bad
Microsoft cracking down on security hole advertisers: bad
AT&T cracking down on cable theft: bad
Game developers cracking down on cheating: good
To summarize:
Minority restricting a majority: bad
Majority protecting itself from minority: good.
Best introduction to the subject I've seen. Has things for everyone to think about and this was two years ago. I think games coming out now will have at least all these cheat prevention measures in them.
development.lombardi.com
From what I've read about the Army's promotional game, it's probably got one of the strictist anti-cheating things I've herd of. If you shoot too many civillians or ANY of your teammates, you're given a time-out, and if you do it a few times in a row, you're banned. Automatically.
As an aside, and I really hate to ask this, I still haven't figured out how to post a root-level comment. I mean, even the First Post-ers and gotse lamers can figure it out, but I'm stumped. Where's the "post comment" button?
- sig? who is this sig of which you speak?
Proxy cheats require 2 computers: the one you game on and a proxy that you connect to the server through. The proxy keeps track of what's going on in the game by analyzing the packets that get sent through it. It then makes adjustments (ie aiming corrections) to the packets as they are sent out to the server. This in no way involves breaking into the server.
The common transparency cheats are to a) replace the textures used on the walls with translucent/transparent ones or b) hack your video card's drivers. Neither of those affects the server in any way.
There's a multitude more of these types of cheats. I know because I used to run a decent Half-life and Counterstrike server. I got so depressed at the prevalence of cheating (and cheating accusations), I shut down the server and very rarely play any online games.
Monday is a horrible way to spend 1/7 of your life.
The other option (which I use) is to play on closed TCP-IP sessions. Online play for the most part sucks. If the cheating diminishes, the lag exponentially increases (even on my DSL line). Kind of a nasty catch-22.
The simple solution is to sell their damn server code and to stop harassing the open bnet project. However, that would screw them when they (inevitibly) move to a subscription system. Which will suck.
----rhad
Slashdot needs to interview Natalie Portman.
Most of the servers I play on generally give a lot of respect to the good players. I think one thing that helps are programs that display player statistics, like Psychostats for C-S. This program collects 2 weeks of playing info on certain players which you can access via the web... it is an awesome system. Not only can you check out how you rank, but you get a sense of how other players perform. If I see someone on there with a 37:1 k:d record, obviously I am going to watch that person for cheating. You can also see the patterns that makes a player good vs. a cheater. Frankly I am surprised no one writes a statistics analysis program for these sorts of things... there must be certain player stats that spike or behave differently for certain kinds of cheating.
A little cryptography plus a net of trusted compilers (as in people, not gcc) who produce signed binaries goes a long way. See Netrek, for instance -- most servers will boot you if you're not using a 'blessed' binary as determined via an RSA-based challenge. You can create modded clients all you want and unleash them on anything-goes servers; but while it's almost certainly possible to play on a blessed-only server, it'd be a hassle and isn't often done (e.g. rig a program to monitor the socket and redirect the authentication challenges to the 'blessed' binary, and otherwise send the data to the modded client).
Only the dead have seen the end of war.
The moral of the story? Cheating not only hurts the newbies who want to get into some online games, but also hurts those of us who play often and occasionally show a glimmer of skill.
"I'm a leaf on the wind. Watch how I soar."
-Hoban Washburn
How can Microsoft turn its back on cheating? I mean, cheating, lying and stealing, that's how they got where they are today!
Please, Microsoft, give us the freedom to innova... I mean, cheat!
Monty Burns put it best, "Cheating is a gift Man gives himself!"
I agree. Playing with people you know is probably much more fun too.
The only other solution I see is a -- and you've heard me say this before -- a web of trust. Integrate game-matching / chat and a PKI. Players will sign the keys (this can be abstracted in the GUI of course to make it simple) of players they trust and enjoy playing with.
Then it is up to the players, some may risk it and play with anyone, others might only play with close friends, and the majority might opt for the middle ground and play with any player within some distance of the web of trust.
You could do a lot of things with this. A client could chose to play any other client based on the number of signatures and their age (trusting it even if there is no path to it), etc.
Belief is the currency of delusion.
Cheaters and trolls are making it harder for casual users and newbies to get hooked on the on-line versions of games.
If they got rid of cheaters, they'd just be losing an excuse. Hell, I've been accused of cheating when I'm having an "on" night, and I suck. In the end, a player that is playing far over the head of the others on the server can suck the fun out of the game as effectively as one that's cheating. If they are really concerned with playability they'll probably need to come up with some sort of skill rating, as well, so that games will be competitive. That and a killfile ability so you can avoid some of the crap that gets posted to chat by some, without missing the say's from other folks. Actually, a filter that translated variations of "ur momma" to "my momma" would at least make it more entertaining...
I don't know about the viability of this but allow the central server to snoop in on the data sent to players, if the client isn't responding correctly given the inputs (ie server registers hit but the client doesn't) you know that client is cheating and you can block their IP. The only thing I wonder is how to ensure that only the central server can access the incoming data. Any ideas?
I stole this Sig
Here's an interesting one. What if one of the developers nailed a cheater, or the creator of a cheat who distributed it across the net for clearly malicious purposes with a DMCA violation?
At the Hollywood Stock Exchange simulated stock market, there have been problems with cheaters for many years. HSX cheaters - called "manipulators" and "shills" - use information tactics and coordinated buying and selling patterns to dishonestly make HSX dollars.
Internally we have an "SEC", which consists of individuals who seek out cheating patterns in the trading data. We also get suggestions from players as to who may be cheating and how they are able to cheat. HSX Traders that are "guilty" of manipulation are fined according to set procedures.
One of the most interesting cases of cheating was when we received an AIM transcript of real-time cheating behavior. It read like someting out of "Wall Street", except with lots of net slang. We busted them and fined their accounts (after an investigation and due process, of course).
Despite the "threat" that cheating poses to the "civility" of a game community, cheaters and the interesting tactics that they use no doubt make online games more interesting. I often ponder about how to better design game play which can harness the criminal instincts of simulated market manipulators (for the betterment of the game).
As cool as this sounds, I do not think that unleashing 1980's style "media raiders" onto the trading community will ever happen at HSX. HSX trades are transformed into marketing data used by movie production studios, hence requiring us to ensure that game play is fair, and, generally, that trades reflect the real media preferences of HSX traders.
- James
They need to take cheats out of the game all together.
That works real well until you realized that many players cheat by unfairly reading information with a different application or proxy.
A good example of this is the 'aiming' proxy, which is a proxy application that sits between your FPS client and the server. The proxy parses the packets sent beteen client and server. Since the client is responsible for telling the server what actions you make and the server is responsible for telling the client what all the other players are doing, the proxy applies a little bit of math to the two pieces of information and 'corrects' your shot so that it hits another player despite where you really aimed.
Unless your game can somehow telepathically guess where the players are, there's no real way to hide this information from the client. Encryption strong enough to prevent a reasonable crack is too math intensive to run at the same time, meaning that hard encryption just isn't the answer.
There are apps out there for all the FPS servers that attempt to detect this sort of thing, but most of them work by checking ratios. If you happen to get luck and exceed the ratio of possible good shots to bad shots, you're tagged as a cheater.
If you can read the client-server data stream, you can cheat.
That's why the answer to cheaters lies not only in designing applications to prevent cheating, but allowing players to flag cheaters and bump them from the game.
In MMOG's, this means that GM's should respond quickly, intelligently, and decisively to player complaints. In smaller scale actions, players should always have a 'cheater' button that allows them to collectively police the game by booting and banning malicious players.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Two words: Cheating Clans.
Many cheaters just don't care about the 'stigmas', but rather relish their negative reputations.
If you can identify cheaters from the server side, don't kick them off, just dump them into a dungeon. One where they can frag NPCs all day without affecting the other customers. That way, the cheaters keep playing, theyr're happy, and they're diverted from getting a new account and making more trouble.
The problem is if you don't let people cheat or pk they just find other ways to be annoying. They can chat bomb, grief kill. In diablo you just heard up enemies and put em near portals etc, in warcraft3 they can team up and then drop out in a 2X2 and let you get decimated by 2 opponents, there are endless ways to cause people grief in online games without cheating. Basically until there are no areseholes in the world there will be aresholes online, and to get their kicks they will find some way to ruin others experience. In any game more complex than solitaire someone can and will find a way to make in unfun for others. Guess people will have to learn to live with it online just like in the real world.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Ignore them.
Yes, it's hard, that's why there are so many cheaters and trolls.
If everyone collectively stopped playing when they see a cheater or troll they would go away.
But unfortunately most players cannot tell good players from cheaters, trolls from newbies, and will keep giving the attention the cheaters/trolls want so bad.
Check out the concept of blessed binaries sometime. They are cryptographically signed, making cheating quite a bit more difficult. Can't connect to the server if you can't decrypt their challenge.
Using your sig line to advertise for friends is lame.
Only Game Developers are trying to please consumers. The rest beat consumers over the head with the stick.
Shoddy code is the reason OGC works? Hardly. You can NOT trust anything on the client, and yet if the client can perform all the aiming and shooting for the player, how can you tell who's doing what? That's the real problem, and reactive detection is the only practical way to deal with it at this point... ;P
That, or me standing behind you with a baseball bat at the ready while you play.
Valve left the Half-Life code more "open" for a reason. Counter-Strike is the biggest. Mods don't show up often if you try to lock down your client code too much.
And it's the one that the designers of the open source multiplayer action game Netrek figured out from day 1. You accept that the clients will be compromised, and you design your server and your network model appropriately.
It's only very recently that commercial games developers are even beginning to understand this, and they're still not getting it right. For example, Counterstrike now attempts to check that your opengl.dll is correct. Fine, but that still relies on the client being uncompromised and reporting the correct number. That's a small barrier for a crackers with a hex editor.
They really need to get it through their heads: you can't trust the client. Every packet that comes in has to be assumed to come from a borg or robot client, and dealt with accordingly. What this means in practice is:
This isn't theoretical. I wrote a 'borg client for Netrek (bypassing the pretty darn good RSA binary check that still surpasses that in many commercial games), and found that it gave me at most a marginal advantage. It hardly effected my combat ability at all, and it made only a slight improvement to my strategic ability (by recording the limited information it received and making best guesses about what was actually going on in the game state). It certainly didn't spoil play balance like many FPS hacks do, and it didn't require any server fixes, because I simply could not exploit it very far to start with.
The reason why the Netrek developers understood all this was that it was open source (so it was trivial to hack up a client), and also that servers developers were somewhat separate from the client developers. The server developers could dictate the architecture and packets and the client developers had to work with what they were given. Contrast that with the way that commercial games development tends to get done, with the same people writing both server and client, with a mandate to get it working as quickly and easily as possible.
If I was back in commercial games development, this is the first change I'd make: separate the server developers and client developers, and only let them communicate through the code - and with the server guys calling all the shots. That sounds inefficient, but if you don't make the effort early on, you'll damn well have to do it later, once the problems are out there in the field. We need to fix the attitude endemic in commercial games development that there's never time to do it right, but always time to do it twice.
If you were blocking sigs, you wouldn't have to read this.
It's to the far right of the bar directly under the article which tells you what your current Mod Thresholds are.
Do not confuse duty with what other people expect of you; they are utterly different.Duty is a debt you owe to yourself.
Securing end client software has always been an extremely difficult problem to solve....
<Valenti>And this is why we need the CBDTPA.</Valenti>
Will I retire or break 10K?
There are traditionally two approaches to implementing a blessed binary. Compiling in a private key, and having the server ask for random bits of the executable hashed together. Either one of these can be hacked without too much difficulty- in the former case you use something like soft-ice to get the keys while they are in memory, and in the latter you keep a copy of the blessed binary around to do the lookups. Probably the best idea would be to do some sort of java or dot net downloaded code where the encryption keys changed on an hourly basis combined with hashing. As long as the time it took to hack the keys and hashing out was > your update cycle you could have cheat free gaming. Of course you need to be on reasonably fat connection in order to download a full game every hour or two...
Yes, like the overrated/underrated moderation options, which don't show up in metamod.
Why hasn't anyone pointed out the obvoius?
The point of the oh-so-disputed Bnetd project was
to counter cheats and trolls.
Set up your own server - invite your friends, and
kick out whoever you don't like.
So what M$, Blizzard and the others should do is turn the situation to their advantage,
stop selling server time - sell server software.
The more trolls out there, the more people will want to run their own server.
Maybe if they implemented a hardware feature where you could give the processor an encryption key, and sent it an encrypted instruction stream, it would decrypt it on the fly. That would be hard to decrypt, unless the attacker were to get ahold of the key, then they could decrypt it.
Smells like CBDTPA to me.
Will I retire or break 10K?
One of the best compliments I ever got on my Quake skills was being kicked off for being a reaper-bot. Nothing inflates your ego quite like the first time you're told you're too good to be human.
--Jimmy has fancy plans; and pants to match.
Running everything on the server-side ... needs lots of servers with fat pipes to work.
I'm not sure I agree with that ascertain. In a traditional network-game setup, the server sends all the info to the clients who them make a decision as to what can or cannot be seen. In the setup you're describing, the server only sends the client the information he could possibly know - which logically must be some subset of everything that exists in the game.
In other words, I think that more server-side processing would actually mean less network overhead.
The problem is that the server load increases linearly as each new client connects.
Furthermore, even this doesn't stop aimbots or firebots and those are, imho even worse.
From a purely protocol/programming standpoint it would be *VERY* easy to prevent cheating in online games. Remember that the distributed data state of an online game is in every way a distributed database synchronization problem. Additionally, the portions of the database that are "useful" as a cheat are, in any game, relitively isolated.
(One simple version of) What you have to do is align the key data elements in contiguous memory in a platform independent format and then do MD5 (or similar) checksums on it. Every few hundred {your favorite quanta here} transmit the new checksum to the game server. If a given client participant's checksum is wrong then reset the client, if the client persists in "going bad" then a cheat has almost certianly been used and the client is ejected and barred from the server for some time (say two days).
Now, to work, the game designers will have to actually learn how to do a few things like a proper checkpoint of a real time database, but that is the cost of data integrity.
Consider "Starcraft". The two areas where cheats come up are "map cheats" (where after the game is in play, a cheat "tweaks" the local map to give the player an advantage) and "unit tweaks" (where the attributes of a unit are changed to make it faster, invoulnerable, more damaging etc).
Now consider: durring startup the server builds the MD5 of the map definition. Durring a "checkpoint cycle" the server starts a snapshot of the unit configurations for the target client. The client transcribes a snapshot of the working data (map and units), creats the checksums with an exact timestamp and sends those checksum and timestamp to the server. The server rolls its log to the matching timestamp and does a checksum. If they don't match then there is a problem.
Consider the "unkillable unit" hack. In order to spoof the checksum the chekpoint code would have to "back out" the hack to get the unit flags back to spec and somehow account for the "wrong" hitpoints remaining.
Now a first-order drirtive of the problm would be if the main server "noticed" that the "base hitpoints + points repaired - points taken as damage" values didn't match in the first place, the checkpoint would not be necessary. For that simple check the server would have to track those three numbers instead of just "remaining health". It would be one of those "why is this unit still alive with a current health of -1288 points?" kind of conditions. The thing is the "Starcraft" engine doesn't seem to arbitrate things at that level. If it did, the "unkillable unit" hack would never have worked in the first place.
Then again, the "total cost" of duplicating all the data instead of just "trusting" the client is hugely trivial compared to the cost of, say, rendering a frame of graphics.
So if the engine designers would treat the games as a true distributed dataset. (You know, do a little integrity constraint checking.) Learn how "real" programs solve these problems in "real" (as opposed to "toy") applications and apply that known technology to their games, the cheats would vanish into the noise floor.
That of course, would require the companies to take a little manpower from the front-side gee-wiz rendering problem, send that manpower to school to learn some hard comp-sci of the boring data-integrity kind, and then pay them to beef up that "user shouldn't ever see it if it is working correctly" part of their system.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Will you lot stop making it out that cheaters are some desperate for attention, glory seeking mentally Ill people? Ive messed around with OGC in CS myself, and you know what? Its just funny. I was just sitting having a laugh and wondering how the program worked whilst a bunch of nazis went mad telling me I must have no girlfriend and be a 33 year old loner and must never win at anything (all wrong). Get the friggin point! Cheaters are just taking the piss out of you. Why be their entertainment by going all irate and showing yourself up? Theyre just normal guys like you: The only difference is theyre having fun and laughing their ass off and youre not. And btw HLGuard/CSProtector/WhateverItsCalled does not work. I bound my mousewheel up/down to activate/deactivate the OGC aimbot (thus I activated it when aiming at someone) and nobody ever suspected me (atleast not when I was trying to be subtle). Disclaimer: I only tried it to see what its like and whatnot. The experience was valuable: I feel like my eye for cheaters is far more honed than it was before.
loply.com
having more secure protocols
Mallory can inject her code into the client application and crack any "secure" protocol unless the hardware is trusted, and that can only happen if Congress passes the CBDTPA. Do you really want to give up all fair-use rights just to prevent online gamers from cheating?
having the server not tell each client what others nearby are doing (unless they are in sight)
How will the server quickly determine, during each frame, whether enough of the other player is showing (i.e. not right behind a corner or hidden in a dark shadow) without having to render each frame itself? And how will a server tell a player with good natural aim from a player using a subtle aim-enhancing code patch?
Will I retire or break 10K?
He's good all the time, he knows the levels well enough that he snipes hiding places pretty much at random, killing people he not only couldn't know about but did not in fact know about. He pretty much can't play on any server he isn't admin on anymore.
The only way I can see to distinguish cheaters from good players is social. Set up LAN arcades in public places, perhaps next door to the laser tag parlors. Give everybody the same brand of keyboard and optical mouse. Install code-integrity measures on the servers and clients. Cheating in this environment becomes impossible. So what if playing against somebody in Japan requires actually getting on an airplane?
Of course, you'll have to sign agreements with the games' publishers to get permission to do pay-for-play (called "public performance" in copyright law), but those shouldn't be that expensive.
Will I retire or break 10K?
If a majority of the particular gaming community doesn't want you there (for whatever reason--you're cheating, you're an asshole, you unbalance their game with your "superhuman skill") you should be out.
Once you beat the game, you're banned from ever playing it again? Way to kill replay value. That may work for the popular first-person shooters, where anybody can throw up an expert-players server, but it doesn't work as well for the MMORPGs where one entity often controls all the servers.
Will I retire or break 10K?
...maybe they will actually do something about it."
Yeah, it's too bad the game industry didn't have more money. If they did, they'd be able to pay to have something like the DMCA or SSSCA enacted against cheaters.
_______
2B1ASK1
The servers at NerdTreeHouse do an excellent job of detecting and banning cheaters. The resident CS guru, Village, really stays on top of things so people that play on the N.E.R.D. servers tend to return.
Cheat protection has all the same problems as copy protection, and is just as difficult to get working.
To recap a bit from other discussions: Let's say we have Alice and Bob that want to communicate securely. Say Alice is the content provider, and Bob is the consumer.
There are a number of ways for Alice to get content to Bob without Charlie being able to modify it. They could use private communication in close proximity in either Alice or Bob's location, use a previously-agreed-upon secret key, use public-key encryption, have a trusted third party validate the end result, etc., etc., etc.
Here's the problem with both copy protection and cheat-proofing: BOB IS CHARLIE.
Throws a wrench in the works, doesn't it?
To illustrate cheat-proofing problems: Alice (the game server now) needs to be sure that Bob (the game client) is unaltered, pure, or whatever you want to call it. Bob needs to send some bit of information without Charlie altering it. But BOB IS STILL CHARLIE. Argh!
Also, in the case of a client checking itself, Alice, Bob, and Charlie are ALL the SAME ENTITY. Rather sticky, no?
I got my Linux laptop at System76.
I think he's talking about PC games.
They are cryptographically signed, making cheating quite a bit more difficult. Can't connect to the server if you can't decrypt their challenge.
However, an experienced cracker can potentially insert an exploit into printf() and other functions of libc. Even if libc is static, a cracker can still attack the kernel. Neither the kernel nor the BIOS is blessed unless CBDTPA passes.
Will I retire or break 10K?
This article beautifully summarizes the conditions of cheating and where the online game companies have dropped the ball. Its one thing to prevent hacking. Its not EASY to do so, but with proper security auditing, it can be done.
In-game cheats are much more difficult to control and eliminate. Most of them require actions that no legitimate user would ever make, but the software is so complex, with modifiers upon modifiers, server crashes, timewarps, multiple game servers that have to pass user data from one to the other, etc. The chances of finding EVERY problem is slim. And while the obvious holes need to be patched, the only surefire way to stop cheating is to make sure the users won't do it.
DAOC has it right. There is no tolerance for cheating. You can't do it accidently. You intend to do so maliciously and therefore you're gone. If all the users realize that if they cheat they will be caught and they will be permanantly banned, then it will discourage such activity in the long run. Trolls of course are a different issue. myg0t and other losers have made it their sole mission in life to take pleasure in the misery of others. Groups to find honest players might help weed out some of those as well, but its difficult if you can't 100% control the people you play with. And people can easily ruin the gaming experience for someone in ways that don't violate a TOS.
For instance, in Ultima Online, there was a huge PK problem. While they were annoying, at least they generally played within the bounds of the rules, but not always. However, the real problems were the looters that had a notoriety which "protected" them from the good players because attacking them to protect a fallen comrade or to keep someone from robbing your house. They might have fixed it in future versions, but the whole idea of assigning notoriety to help people identify the good from the bad completely defeated the purpose of using it in the first place. Life would have been better off if there was no notoriety at all. People would learn quickly enough who was good and who was evil. And if you encounter some stranger on the road in real life you have no idea if they're good or not. And so should it be in the games. Let people police the game themselves. And when you encounter some random traveller on the road, you SHOULD be catious. And there can be skills to determine if that person was recently involved in a battle, and maybe even who it was they attacked/killed/etc. But this would be far better than being punished for protecting what belongs to you.
-Restil
Play with my webcams and lights here
Another way is if you kill more than X teammates, you get kicked, or kbanned for a period of time.
Then how will people who just bought a copy of the game yesterday and don't yet have full control of their input devices be able to play? How do we distinguish trolls from legitimate newbies?
Will I retire or break 10K?
The ZDNet article is missing the link to my original article which is what lead the news.com writer to interview me.
I can see why they left it out though, it calls a lot of the people they interviewed in addition to me names. ;)
while i have never had a problem with camping in the traditional sense, spawn camping (waiting at the opponen'ts respawn point to snipe them upon thier entry or reentry after death) is another matter altogether. It's not cheating in my opinion, however it is pretty cheap
Army's promotional game, it's probably got one of the strictist anti-cheating things I've herd of. If you shoot too many civillians or ANY of your teammates, you're given a time-out, and if you do it a few times in a row, you're banned. Automatically.
I don't know anything about "anti-cheating" features in the Army games, but the examples you gave - shooting civilians and teammates - may be "undesirable behavior", but it has nothing to do with cheating.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
First off, I'll start by saying that I AM a casual online gamer and have had a number of bad experiences with cheating. In fact, I ONLY play with direct connections to friends because of these problems. Quite frankly, I have been burned badly enough and often enough that I WILL NOT go online to play in a public game -- whether it is free or not. I've tried many times and have given up -- this really sucks since it seemed to have great potential. Here is why...
My first online game experinces was on Yahoo Games. It looked interesting: meet new people, have some fun. I was a newbie, and so, went to the newbie area. I a game of cards seemed like fun but was dropped out of the game (lag). When I returned to the server I was chased and verbally harassed (with swears) through 3 other card games. I've never been back... and will never go back.
Sometime later I regained my curiosity and thought I'd try Diablo online. Foolishly I took a high level character (can't remember how high, but had made it to hell difficulty) online and was killed instantly (twice! once in town!). I didn't know anything about 'hacks' then and persisted thinking this was due to server lag (or bugs). Then all of my equipment was stolen after a healing spell was cast on me. No backups, so goodbye all the effort. That was my last Diablo I game online.
The pattern seems to repeat itself with frightening regularity: Quake II: dead, dead, dead and dead again), Unreal Tournament: similar to Quake, Starcraft: rushed (after making no rushing agreements) and had defences repelled by infinite numbers of enemies and attacks that failed even with overwhelming technical and numerical superiority, AOE 2: faced impossible tech advances and armies, Diablo 2: PK'd in no-pk mode. The list goes on.
I make no claims to be an expert player in these games and would have no problem being beaten by a better player -- I find that's often the best way to improve! But, I have taken efforts to use the newbie areas to find other newbies to play with. Unfortunately, cheaters look at these areas as their playground too!
I give up. Too bad, it could have been fun.
Most MS servers are crack proof. How do you crack a box when it's constantly down due to BSODs?
Somebody seekms to be cheating, you watch them. If you catch the,impliment the security procedure for that situation.
Hire people to police in game, and look for clues. Hey, that guy has an 80% hit ration, while every on else has a 30% hit ratio. Maybe they're just that good, so watch, collect evidence, then prosecute.
You must also give the players a means to contest cheating acusations.
Of course all this costs money, what they really want is "how can we stop cheting for little or no cost"
that is a different animal, which boils down to, watch everybody, scan hardrives for files that imply cheating. of cousr your customers won't stand for that(nor should they).
SO what you have is a half ass way to try and prevent cheaters that stops nothing, and oonly pisses off non cheaters.
The Kruger Dunning explains most post on
- using strong security (cryptography, code signing, frequent patches, etc.)
- some sort of booting (by vote, by cheat-detectors, etc.)
Either way is not completely effective:- there is a trade-off between security and functionnality
- cheaters could create bot-players or/and aggregate in cheaters clans
Here is an idea I haven't seen yet.This would be a mix of technological and social solutions. Of course, the idea need to be careful analyzed. Here are some considerations:
i built and run edrugtrader.com (now moving to better colo facility so don't try to hit it, its down)
i built the game from day 1 with "how could someone use this to cheat" in mind. if MMORPG developers don't have that mindset their game WILL fail. redundant and flamebait, mod as you wish.
MARIJUANA, SHROOMS, X: ONLINE?! - E
Of course you need to define cheating.
If the developers of a world don't take economy into account, and I find out I can become rich by buying an item in one place, and selling it in another, is that cheating?
If A guy comes up to me and gives me all the coolest stuff for one credit, am I cheating?
If you say yes, I suppose if they same thing happend in real life , I'd be cheating then, too.
clearly, there are some obvious cheats, such as aimbots. but I have found that what people define as a cheat is not always considered a cheat by someone else. The two most common are like the examples I gave.
I don't think the example I gave would be cheating, but if the game developers thought they where, they could implement fixes in the code.
why do you think there is no right to cheat?
The Kruger Dunning explains most post on
How to stop it?
The usual problem is that the client software is untrusted, so you can't do anything unless you take a netrek like approach and design the game with non-instant weapons and then clamp down data transfer so bots can't see more than humans and perfect aim doesn't help.
That sucks because it doesn't reward good aim, and we're limiting weapon design due to some technological limitation instead of a legitimate game play problem.
What if you changed the equation and made the client software trustable?
My proposal would be to have the game engine take a dynamically loadable module for the networking and security checks.
Have the module by crypto-summed and verifiable, have it verify the client, and have it control the network interaction (all encrypted itself).
Now set the server up to generate these modules on the fly for each map, and force the player to download it on each map cycle, thus getting a new encryption seed/key to protect the network tunnel (no more proxy bots!), and constantly verifying the client (no client side hacks!)
I think this is a lot of hand-waving, and may not be possible, but OTOH, it might be. What would be left to do to plant a seed of trusted code on the client and then leverage it to trust the whole client?
I played Descent 2 for a long time on Kali, and there were always lots of cheaters. No need for Interplay to crack down.
Come on.
The fact is, most people don't use the hacks, thus its not a serious problem. Of those who do use the hacks, many of them only play against other cheaters.
The solution is to give the host of a game -- the person who started it -- the power to kick users out of the game temporarily or permanently; also give them the power to permanently ban IP addresses from that game.
I played Descent 2 on Kali for about 5 years (now I play Descent 3), and cheaters were never a serious problem.
Also, everyone seems to accuse you of cheating when you're just better than they are. "You move so fast in Descent, you must cheat"; "No, I just use triple strafing: travel in 3 directions at once".
social sciences can never use experience to verify their statemen
One possible answer is dumb terminals.
Once broadband gets the speed and latency necessary to run a videophone, it'll be enough to run games as a dumb terminal. Online games could, instead of storing and running the game on the player's local computer and sending only the most critical data over the line, run entirely on the server, sending only I/O data over the line. The code would reside and run on a few dozen servers under the developer's and publisher's control, rather than on millions of hard drives out of their control.
This would not only make cheating hard but it would also make copyright violation hard. It would also go against how people like to use their PCs, so this system would probably run on some living room box that AOL will rent to you.
That's a separate question. You asked if he thought gamecube should come with a CD changer.
Most PC games keep stuff on the HDD and use the CD to prevent multiple installs with one CD (you have to have the CD to play just as a security measure).
I know of no games that use a full 8 GB, anyway. But even if all games did have 8GB, I have 150 GB of space, not 40, so doing a full install should at least be a custom option.
And the anti-cheating organization? Come on. Don't these people have lives'? Its just a game. Lets not bring this to the level where we destroy the game because we take it so seriously, which sucks the fun out of it (prime example, chess). Also, many non-cheating players have no problem playing with players who use cheats.
When I played Descent 2 on Kali, I used to play against some of the people who had hacks so they could fire two EarthShaker missles at a rate as fast as Gauss cannons. It made me better, and was fun.
social sciences can never use experience to verify their statemen
Seems like you could eliminate a good portion of the MMORPG cheaters by imposing real-world penalties. Like, say, $75 per offense after three warnings. This would be particularly effective against twelve-year-old scrubs who need to learn that anonymity isn't a blank check... and whose parents are probably not thrilled with the $15/month fee in the first place.
Of course, there are obvious obstacles, else we'd have seen this done already... I suppose even a single false positive is unacceptable (for public relations if nothing else). But you don't need to nail every cheater; you don't even have to come close. Stick to verifiable, airtight cases -- by keeping logs, for example, to complement the human GMs used today -- and then make big, flaming examples of them.
This wouldn't replace technological solutions. Ideally, it would bring the amount of cheating down to a level where anti-cheats could be more targeted and perhaps therefore more effective.
I wonder if this might be inviting lawsuits... but considering the Evil that's already present in the typical EULA, I wouldn't expect any problems. IANAL.
---
Dum de dum.
Freedom is not the license to do what we like, it is the power to do what we ought.
Game publishers are obviously listening.
Interesting how they are always listening when it's 400,000x$15 per month, isn't it?
They often weren't listening when the Sims was being pitched, by the way...
Just an observation...
With encryption in place, man-in-the-middle is avoided...
Are you sure? Man-in-the-middle problem is a LOT harder to "fix" than just introducing encryption. That's the whole issue with online bots, and such: there is no easy way of making sure you're talking to the authentic client or to some proxy (I think John Carmack even said something of the sort in one of his .plan updates). Only decently workable way so far was to keep the communication protocols secret (and encode data to make it hard to figure out from just sniffing the packets), but that hasn't worked well anyway.
The client can always be decompiled (no matter what licensing you put on it) and encryption algorithm extracted, which would enable a custom program to make a totally authentic connection to the server. No way to prevent that.
"If anything can go wrong, it will." - Murphy
If you want to do this play Robot Battle. It's a game where you write a robot in a C-like scripting lanuage andload your robot and other's to fight each other in a 2D arena. Note this a Windows only program (try WINE on linux, I guess).
Centralization breaks the internet.
This is more than fair, and actually makes sense from a realism perspective. Real armies have to obey rules of engagement, why not gamers playing a military FPS game? The more I hear about "America's Army" the more I like it. Good going, Uncle Sam.
Knowledge is power. Knowledge shared is power multiplied.
An online game that I've been playing for a veeeery long time (Tanarus) used to be subscription-based, went free for a year, and has just in the last month gone back to a Pay-To-Play model.
Why?
Well, server costs and bandwidth costs, sure. But, this game is 6 years old, so the server costs are SIGNIFICANTLY less than they were when the game was in open beta in 1996. And, this game is owned by the same company that makes EverCrack; they've got bandwidth to spare.
Business issues aside, I think the major reason they went back to a Pay-To-Play model is that the cheating was getting out of hand. We see it in every other game; the older a game is, the more the code has been hacked, and the more cheats there are available. Verant wasn't terribly attentive to the Tanarus community once the game was released comercially, but one thing they *did* do was to issue regular patches to block cheaters. The big problem was, they wanted to just set up the server and move on to other things. However, the cheaters required them to commit some ongoing development time. And this past year, the cheating has been worse than I've ever seen it in the game.
They dealt with the cheaters in a very direct manner -- they canceled the person's login account, erasing their scores, and banned their IP when possible. The big problem was that most cheaters would simply recreate another free account, and use a different IP to log in (obviously, not a problem for dial-up or most cable modem users). I remember one guy saying that he had been banned 36 times in two days. Yikes!
The solution for Verant was to crank up the subscription model again. They aren't charging that much ($7/mo., but they bundle two other games with that). Credit card is required, no checks and no debit cards. Immediately, most of the unsupervised kids are gone (for better or worse) since they don't have CC's. Secondly, no spoofing of account information; you have to give accurate billing information, and you are now traceable through your credit card company; entering fraudulent info here could get you in trouble with the CC companies, who have deep legal pockets. Third, you are limited to the number of accounts you can launch by the number of credit cards you are able to use that have different names on them; no more infinite #'s of accounts. Fourth, Verant now has an easier time with legal recourse. IANAL, but I believe the fact that money in changing hands undeniably establishes that the player has entered into a contractual agreement with Verant to abide by the Terms of Service. There has always been a TOS screen that everyone has to click through in order to join the game, but I honestly don't know how that would stand up in court by itself.
We would all like for online gaming to be free, but charging for games, even if it's just a token amount, is a powerful tool for game companies to crack down on the hackers. The era of free online gaming will be drawing to a close in the near future, and not just because of profits. Hackers are pushing the game companies to it.
The logic of the original post is unbelievably faulty...there is no comparison between corporate bullying and game developers trying to make their game more fun.
Skipping commercials, pirating music, and stealing cable doesn't hurt or bother anyone but faceless corporations.
cheating at Quake III or Counterstrike annoy the hell out of everyone else that's playing fair and generally make the game a futile experience.
Game developers aren't taking people to court for cheating at their games, nor are they threatening to. In some cases, like Everquest or DAoC, they're banning accounts, but that's still a far cry from the ruinous litagations being put out by the likes of the RIAA and MPAA.
There's just no comparison between these events until the first time a game developer/publisher sues someone for an aim-script hack.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
You don't need cheating to ruin a new users experience.
As long as you have uniq IDs, and some degree of anonymity, you will have "better" players (either by skill or cheating) wanting to beat lesser players. It's some sort of easy ego boost I suppose, or the joy of bullying?
A simple example is Yahoo chess. I had a business associate admit to me that he regularly plays online, but uses chess software to beat all comers. He said the number of new players had steadily declined to the point where he didn't play much anymore because all the other players left were cheating as well (they even discuss what chess software they use in chat).
Even in legit games where there is a constant battle against cheaters (like many Unreal Tournament servers), what do you do when the majority of players still playing (not exactly a new game) are experts who are so good the game isn't fun anymore even for intermediate players (like myself) let alone new players? You can never attract new users to online play of Unreal Tournament because the existing userbase is too experienced.
This may be less of a problem where players don't compete with each other, but instead work against non-player characters (like in EQ). But in true competition games I don't see any easy answers even if cheating is somehow completely supressed.
Of course you need to define cheating
This is not the ultimate definition but it should give you the general direction I lean. I would consider cheating manipulating the game world outside of game's user interface. For example using a third party program that generates packets that spoof the game client or server. An unfair trade, player killing, etc. would not be cheating. Like it or not those are legitimate part of many game universes.
"I was merely commenting that some other games don't offer a good tutorial."
:)
True.. and there IS a balance. But I think any game that doesn't have a "practice round" for newbies isn't very smart.. why alienate your new players? They'll just take their $10 a month someplace else
You mentioned Ultima Online. UO has "Haven" for newbies.. only newbies are allowed in Haven, and you can't attack another player in haven. Of course not that many people like haven, or the idea of haven. They think UO "coddles" the newbies too much. Ignore them, they're crotchity jerks who think UO belongs to them.
Quake I/II/III were or still are closed source. Before the source release of I and II, there were a plethora of proxy cheats, etc. out there and the sources were closed.
Solving cheating requires NOT trusting the client- EVER. If you can come up with a playable game that meets that criteria, you'll have a relatively cheat-proof system. Problem is, that's really compute intensive and bandwidth intensive to not trust the client.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
There were hacks and cheats for Quake II before the source release. There's hacks and cheats for Diablo and Diablo II. There's hacks and cheats for most games out there. All of those are closed source or were at the time the hacks and cheats were made.
Security through obscurity doesn't work anywhere near as well as people keep thinking it does.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
" Michael Bacarella, a New York software developer and aficionado of online action games such as "Doom" and "Half-Life," envisions a system similar to eBay's feedback ratings, with game companies maintaining a central repository where players could rate one another for honesty. The result would be a " network of trust," with honest players given reliable tools to find one another. "
I'm a glass half empty kind of guy. I want to screen out the assholes.
And anyhow, a "network of trust" will NOT work. This isn't like Ebay, where you're probably dealing with only a few people a month, or in most cases less. (Even most sellers won't be dealing with more than a few per day) You will not get enough data for positive experiences.
But people already scream bloody murder about cheating. (Even in Diablo, which is so thorougly CRAWLING with cheaters that to not cheat is to not play) They would GLADLY contribute to a blacklist. It won't work positive and negative...only the negative will get results.
And I'd take it a step further than this centralized system for each game or manufacturer...centralized blacklists like for spammers would be wonderful. To make it so that once someone cheats too many times in a game, they can't play ANY game online again unless they change ISPs. (One result of this would be that people would guard their serial numbers with their life) The benefits to the industry as a whole might override the competetive pressure for companies not to share such information.
That would be the ultimate anti-cheating tool.
yeah, that's the way to play. everyone stay at the spawn points instead of getting/guarding the flag