Slashdot Mirror
Do Anti-Cheat Systems For Online Games Work?
Mr Wriggle writes "There is nothing worse than playing your favorite game online game, only to have someone frag you and your teammates blatantly using cheats. As many of you are aware, there are various Anti-Cheat systems available i.e. Punkbuster and Cheating Death. PunkBuster comes bundled in some games and is mandatory to play certain games on certain servers. I would like to ask the Slashdot community whether you think these systems work well, or do they cause more problems than they solve? Or is there a solution that the anti-cheat developers have overlooked? Additionally, is the locking-out of CD keys of people caught cheating the reason why more and more viruses attempt to steal CD keys of such games?"
Howabout a game that encourages cheating? Lag normalized, the constraints are the time you get to react to the incoming stream and build a response. Anything you can do with the incoming data is up to you. I know this gets away from "game" and more into code war, but that sounds more fun overall, especialyl if it lent itself to genetic algorithms. Eh, maybe I just miss Core Wars.
Whenever you have a game that keeps score you will have people who try, and many times find a way to cheat. Even when there is nothing to directly gain from it. For the life of me i can't figure it out
However, I think both the previously made comments and the news report itself is asking a different question for a different topic. Read the title again.
Do Anti-Cheat Systems For Online Games Work?
Note the fact that it merely states 'Online Games', yet everyone here is talking about FPS games. Well what about games like Warcraft 3? Theres currently no Punkbuster support for it (although Blizzard is doing a fairly good job at monitoring and banning cheaters). Theres no (effective 1st party) support for anti-cheating programs for Half-Life and its mods (Punkbuster and Cheating Death don't count).
What I'm trying to say is that this generation of anti-cheat systems is nothing more than a "warm-up" for next-gen games such as Half-Life 2 and Doom 3 (and maybe UT2k4 we'll have to see how its accepted though since its shipping on SIX CDs). We know pretty much anyone who considers themselves a gamer will pick up either HL2, Doom 3 or both so the chances of cheats being written is obviously high. When HL2 comes out (since its being released first), expect to see a complete change in the way anti-cheat systems are implemented in games.
Oh, and to answer the question: Yes, they do work. For now.
I agreee with malakai's philosophy: anything in the client is suceptible to attack by the local player. However, I do not share malakai's optimism that Palladium (and other DRM technologies) will solve any of this. Rather, it'll just be another level of the same "arms race."
It is a fundamental flaw to attempt to secure what is in the hands of the enemy (to paraphrase a well-said post below).
(OK, so I don't have anything of substance to add, yet. Sorry, I was deliberately wasting your time.)
um.. the solution to this is to play with people on your own level, and work your way up. most games have "newbie" servers, or try playing with friends on a LAN first. sorry, but i have no sympathy with you at all, saying "the only way I even have the slightest chance is if I cheat". if this was allowed, where would we draw the line? do you turn the cheat off when you're doing well "oh, but i was having so much fun". no. cheating = wrong. getting better the honest way is also so much more fun. if you really can't seem to get better, then find a better game (a better game for you, hell i have no idea what's a good game atm i haven't played a game in years :/).
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
Banning CD's keys sounds like a good idea to stop cheating but in the end it only hurts the naive players. Those who cheat generally have no problem scamming people out of their cd keys. They are already proved they are dishonest by cheating in the first place.
You, sir, are the problem and why we need anti-cheat systems in the first place.
Play games with single-player modes against bots to develop your skills. Play on heavily-populated servers where there is wide range of players and skills to challenge. Success does not happen overnight, like any game practice is essential to become decent at it.
Only a selfish clod would ruin the game for everyone else by cheating to cover his own incompetence.
I once got 343 kills on a CS server, with maybe a dozen deaths, over the course of a whole day. I wasn't cheating, I was just a lot better than the people on the other team. And they absolutely refused to learn from their mistakes.
Example 1: The idiot who always, always ran to the same hiding place to try for an ambush. After about two rounds, I started shooting through the crate to kill him. He claimed I was using a wall hack, but I really just knew he'd be sitting in the same place again.
Example 2: The other idiot who didn't know the map. He kept accusing me of using a speed hack to get to the target before him, but the real problem was that he was taking the long way around.
sorry for huge essay, but if you're not interested dont bother reading.
I only have experience with Punkbuster on RTCW and Enemy Territory - playing, running servers and modding a large forum.
Detecting cheats is the big selling point of PB, and fundamentally what it is for. How well it works at removing cheaters depends on your point of view. PB generally only picks up cheats the developers have found - those posted on cheater sites/forums or submitted by players who have come accross them. PB is then auto updated to scan the player's memory/hard disk and if it finds a match, the player gets kicked and the cheat violation logged on the server for the admin to look through and set a pernament ban.
Evenbalance have no qualms admitting the software is unlikely to detect cheats that are kept private, i.e. someone who makes his own and keeps them to himself. There are exceptions to this, for example if someone just modifies a detected cheat and doesn't change what gets picked up, or its a simple game file modification and PB simply detects the files are not as they should be (not logged as a cheat violation, but still stops them being used). Further, the detections are always going to lag behind the cheats being made available - though as said in a post above, the effort for the hacker is liable to be significantly more than that for PB to pick it up. PB also get paid for it.
So PB only picks up publicly available cheats? This in itself is more than worthwhile - you might still have cheaters, but maybe at most 10% (total guesstimate) of these guys can get past PB. 90% less cheating? Yes please. Sure I'd like 100%, but back on planet reality this isnt going to be a possibility any time soon. Anyone who cant figure that 90% less is massively better is either an idiot or likes cheating.
There is a secondary cheat detection method that comes with PB, although it is less reliable and takes significantly more effort for the admin. PB can be used to return a screenshot portion from the player. With this, it is possible for the admin to find someone who is using even a private hack they made themselves that is not detected by PB. Admins can set PB to automatically take these screenshots from all players, and also they can take screenshots at specific moments from specific players. The system isnt exactly perfect though, the admin will have to regularily download and look through all the shots taken, so it takes a lot of admin time for a relatively tiny hit rate. For busy public servers, this is liable to not be worth the effort (except where admin has spotted a dodgy player and so gets screens from him specifically), for example I've downloaded several hundred of these screens and only picked up one player cheating with it. However, for clan matches, this becomes much more worthwhile - both because there are far fewer screens to look through and because the "value" of a detection is far higher. A further weakness is that not all players return a proper screenshot to the server, I'll not go into why but the function is hardly reliable, though evenbalance have said they are completely rewriting the code to improve it. I havent seen on any cheater forum that anyone has sucessfully managed to write code to bypass it yet though, like they did for CS (NB: PB now is very different from PB in CS, where it wasnt even integrated to the game properly).
Actual detections are only part of the anti-cheat effect of PB however. The deterrent is at least as good as what it actually picks up. Nobody who has involved themselves in a bona fide community wants to get caught cheating, because they will lose their online buddies. And then there's the issue of having to buy a new game to play on their fave servers again...
I said earlier that detections are the selling point of PB. As an admin, I dont find detections to be the actual number one feature. The best part of PB is the bans are by GUID - a one way hash of the CDKey. Banned players stay banned, for them to come back to your server me
I play on Passworded servers, most of the time. Keeping the players to a 'elite few' allows for quite a different game than on the public servers.
Actually, this is the main reason Clans are formed. There just a bunch of people who want to play together, without all the idiots on the server with them. That, and the fact that if you play with the same people enough, you get to know who is good at what--and who to stay away from.
Also, having a teamspeak server helps out--as having private and secure comms between teammates (and not having it sound like crap) helps out a bunch. I can't tell you how much better my game is, when I have a mic and all my teammates do too. Having them listen to you helps, but at least this way you can yell to your teammates when a sniper is around the corner. And that isn't cheating. It happens in real combat all the time. duh.
Anyway... I think that the solution isn't having another client to check the client, but checking who you play with first.
Having used hacks for various online games (Counter Strike, Unreal Tournament, Quake 2, etc.) and having seen the source for them, and knowing many coders in the "aimbot" community very well, I can tell you there are plenty of cheaters out there.
Now, some of them are obvious (like me) and just go on, cheat, laugh and leave. Others actually try to play themselves off as being "good" players, which seems silly to me.
Cheating will never be prevented in online games that run on the PC platform. It's way too open. Game makers encourage people to make "mods". Beyond direct hacks for the games themselves, you have speed hacks, and ones that can hook into OGL to do various things to the graphics on the screen to help you out (ie, wireframe mode). Most aimbot coders are only motivated by anti-cheat technology. They see it as a coding around them as a challenge and a way to earn "scene points". I would also estimate, that for every aimbot/hack that is released to the public, there are two that are kept private.
If you want a fair game, you would have a better chance on a console (other than the xbox) where the OS, Graphics cards, and parts of the game source code might not be as well known and easily manipulated. Of course, then you have to deal with the llamas with game geneies
The best bet for cheat free gaming is to play on private servers with the same people over time, that you know don't cheat.