Fighting Online Game Cheating in Hardware

Monk writes "Multiplayer games these days have one problem. Cheating. Cheating is out of control because of failed attempts by software such as Punkbuster, and VALVe's Anti-cheat (VAC). Now it seems that could change change with Intel's own Anti-cheat Software/Hardware."

there is no technological fix

[circletimessquare]

for a social problem

anything designed by a man can also be broken by a man

the only remedy for human antisocial activity is human social activity. no technology will change that fact. and if you think it can augment those who intend good, then you're right but you must also bear in mind that it can also augment those who intend evil

this applies to security cameras, file trading on the internet, etc. as well as game cheating

Re:there is no technological fix

[smtrembl]

Given a game server, if he knows about the core limitations of a game, he can check the data for derogations, no? Then a user can only pirate it's rendering experience, but that's mearly all there is to it!

Re:there is no technological fix

Anything designed by a man can also be broken by a man? I guess that means all strong crypto schemes were invented by females?

Your statement is a gross oversimplification. There are games in which it's technically infeasible to cheat: how would you cheat in a game of NetHack, played through telnet on a remote server such as nethack.alt.org, without access to that server?

How would you cheat if we were to play a game of Go over the 'net? You could, of course, simply have someone else—a better player—play the game for you, but that's not really "cheating" if I'm playing a fair game against your chosen champion.

Re:there is no technological fix

[robbiethefett]

Agreed. It sounds like a noble act of leveling the playing field, but if the kiddies can't aimbot or wallhack, they will just fall back on old favorites; ghosting. There is no combination of hardware/software that can keep someone from picking up a cell phone.

Re:there is no technological fix

[smtrembl]

What I mean is that the game logics ARE the game. Your rendering experience may vary... It's just an interpretation of the logics. If we start thinking game logics, you can no longer cheat at user level! What you call "cheaters" here is simply people interpreting the game data, not modifying its logic. It should be the designer's goal to make the game as centralized as possible and leave only the state data be interpreted.

Re:there is no technological fix

[IamTheRealMike]

It's also not really true. VAC and PunkBuster were indeed beaten, largely because the companies behind them weren't willing to put the required effort in (VAC went for long periods with no updates at all). Companies that put more effort in and know what they're doing, like Blizzard, have successfully fended off things like WoW!Sharp with anti-cheating software.

Re:there is no technological fix

[Kjuib]

wouldn't the next step to be switching games back to a boot system. Think how great it would be to not have worry about all the OS cycles being used. Booting into a game would allow the game ULTIMATE control over what software is run. If anything it could be used for tournaments.

Re:there is no technological fix

[UbuntuDupe]

Creative interpretation of game data can be cheating. I remember a while ago (and I'm by no means an expert game hacker) I learned from a site how to change properties of objects in Halo. I used that to make the walls transparent so I could see people coming around a corner and behind walls. It made flag camping pretty easy, and I held off a veteran CTF team for about 10 minutes.

Now, you're right that the server could control more, so it decides what you can and can't see, for example. But this is hardly a straightforward design question. The more data you have to read from the server, the more likely you are to experience lag.

Re:there is no technological fix

[robpoe]

So, you're going to make the cheat developers jump ahead. Instead of injecting their software into the wall code, they're going to have to inject their software into the anticheat code, to pass keystrokes into it as it shoots the guy down the alley..

Why waste money with this? Blizzard's Warden is pretty robust from an anticheat stand. Ok, sure, it's spyware too. http://news.bbc.co.uk/1/hi/technology/4385050.stm - See this or google Blizzard Warden spyware .. of course don't mind the lag that Warden causes.

You can clap all the DRM and encryption on this issue you want,but it won't do any good. At the end of the day, the PC still has to keep stuff in ram, unencrypted, for the CPU to be able to run it. Until Intel makes some kind of RSA type on the fly on-cpu encryption (which I'm going to patent, btw) so you just encrypt your program with their public key ... Then cheating, extracting HD-DVD keys, etc will still succeed.

Re:there is no technological fix

[smtrembl]

You're missing the point. The servers knows there is poeple out here but YOU don't always need to know where they are, except if they can be seen from your POV. This is just on example! In an online chess game, where the rules are fixed, I would challenge you to trick the server other than by hacking it. There is two things: Game data and interpretation of this data.

Re:there is no technological fix

[mikael]

how would you cheat in a game of NetHack, played through telnet on a remote server such as nethack.alt.org, without access to that server?

A nethack playing bot?

Or maybe a simple 'telnet/ssh' session that could do useful things like predict the direction of where a wand ray is going to ricochet.

Re:there is no technological fix

[Kjella]

To go back to classic crime term "Motive, means and opportunity". You can either try to take away their motivation, take away the means or take away the opportunity. Time and time again we've shown that to change human nature is very very difficult. To take away the means is usually to take away the tools, which are usually overbroad and takes away legitimate uses. Taking away the opportunity is usually the most appropriate and effective.

I have a lock on my door. It's to take away the opportunity. It's a lot better than trying to outlaw lockpicks and crowbars and everything else that might be used for breaking and entering, and it's a lot easier than to remove, tag or secure all my belongings so there's no point or to make sure burglars are tracked, arrested and punished with such efficiency that it doesn't pay off, even if the door was open.

Any sort of security, locks, alarms, encryption can probably be broken if not directly, then indirectly. Would it be a challenge for a pro team to break in here, install a keylogger and capture my encryption password? Hell no. But it's a pretty good defense against anyone casual, it's mostly about keeping honest people honest. Which is really a nice way of saying most people are crooks, they just haven't gotten the right opportunity yet.

Re:there is no technological fix

[AnonymousDivinity]

there is no technological fix for a social problem. anything designed by a man can also be broken by a man.

I don't know about you, but I for one like having locks on my doors. Are they 100% perfect at keeping determined individuals out? Of course not. But that's not their purpose. These kinds of measures merely need to make an activity "not worth it" to those who have some motivation (the aforementioned societal problem). Economic deterrants do work well, at least on a statistical basis.

As for cheating devices, if one were to construct an anti-cheating system that would require a hundred million dollars worth of high tech, rare equipment to break - do you think some gamer is just going to have that kind of money lying around? I'm not saying Intel's solution is of this nature, but this absurd notion on slashdot that technology cannot help/solve societal problems is total bullshit. A lot of social problems are highly context/environment dependent (mostly as a result of human psychological quirks, and evolutionary behavior), and technology can do a lot to alter the environments where people interact to the point where many harmful behaviors are discouraged or stopped altogether.

Re:there is no technological fix

[MrMr]

I think you will find that North Korea for instance has succeeded in combining hardware/software in precisely such a way.
Don't underestimate human ingenuity in either direction...

Re:there is no technological fix

I don't believe any current borg is capable of winning NetHack.

You're right that you can expend a probably awesome effort to synchronize a cheat program with the RNG(your game is being played on a remote server, so you can't just search through memory—the client is completely untrusted), but only if the server is using a PRNG and not a "true" (physical-source) RNG(or, in practice, a high-quality PRNG).

Re:there is no technological fix

Back in the C64/Amiga days, most games were of the "throw away the OS and take over the system" variety and it didn't matter. They were still cracked, and trainers added.

Only if the tournament were local and you could verify that the players were booting from media that you supplied them could this be effective.

Re:there is no technological fix

[robbiethefett]

I think you will find that North Korea for instance has succeeded in combining Kalashnikov rifles/Party-controlled death squads in precisely such a way. There you go. I fixed that typo for you.

Re:there is no technological fix

[kahei]

It's true -- not because of technological limitations, but because of the nature of the problem.

The problem is:

"People keep subverting or working around the technical infrastruture of this environment."

The solution can never be:

"Change the technical infractructure of this environment." ...because they'll keep right on subverting it.

I'll tell you whut, though -- before they nered the whole system into another 'run round and shoot everything and get bored' game, there was a working solution for Day of Defeat.

That solution was:

"Involve only people who will *not* subvert the technical infrastructure of this environment, because they are interested in playing the game, not in being u|3er l33t."

Re:there is no technological fix

[The+Clockwork+Troll]

The social problem has an obvious solution: accountability.

If banning of an anonymous ID is the worst any cheater might endure, and they know it, they're going to operate as you would expect someone with impunity to operate.

The obvious solution has obvious problems. The social solution leaves a worse taste in our mouth than cheating. That's why we're chasing it technically.

Re:there is no technological fix

[Dogtanian]

Anything designed by a man can also be broken by a man? I guess that means all strong crypto schemes were invented by females? I was thinking along those lines too; not a good argument. He'd have been better off pointing out that the main problem with inventing "secure" peripherals is the same one that bedevils all "secure" devices- the owner still has to have the encryption/decryption key or technology in their possession.

At its crudest, what's stopping someone from wiring up the keyboard to.... anything they like?

Re:there is no technological fix

[mcrbids]

there is no technological fix

... like a safe

for a social problem

like theft

anything designed by a man can also be broken by a manm

eventually

the only remedy for human antisocial activity is human social activity. no technology will change that fact. and if you think it can augment those who intend good, then you're right but you must also bear in mind that it can also augment those who intend evil

So why do you lock your car? Front door? Why do you have a PIN for your bankcard? Why do you have a password?

You're looking at security as a black/white scenario where any potential breach is considered equivalent to any other. But, like all of life, it's shades of grey, with a relative risk evaluated against the costs of implementation and use. Utimately, security comes down to a cost/benefits analysis, and the appropriate degree and implementations of security is what's important.

Security == restriction. No restrictions cause rampant abuse. Too many restrictions prevent important things from happening. The trick is to find a reasonable balance point in the middle.

Is it worth the price of distributing SSL certificates to improve security for EMail of roving employees? (I think so) Is it worth the price of requiring roving employees to set up a VPN to access company resources? (I think not)

Re:there is no technological fix

[NeverVotedBush]

But as you load the server with more than just telling everyone where everyone else is and such, you now make the server have to be more powerful and maybe even exotic to be able to be simultaneously monitoring every player's environment, making decisions, checking for cheating, etc.

Re:there is no technological fix

[owenomalley]

Actually, there is a technological fix, but it certainly has nothing to do with hardware. (The hardware approach is a really bad idea, by the way. It requires way too much dependence of the hardware and software platform, including blocking emulators.) The right fix is to support social networks and karma. It should be fine to create games that are limited to your transitive friends. Or create a game limit to people with good karma. Since it works for the most part with slashdot and ebay, I bet it would work for online games too. *smile*

Re:there is no technological fix

[charlieman]

What we need is the chuch of gaming!

Re:there is no technological fix

[aichpvee]

This is just another way to sneak "trusted computing" into people's computers. We've seen this topic here before, if not this exact article (I'm not going to read it because it smells of dupe).

Besides, should we really be using Valve as a role model for secure programming? These guys are THE WORST.

Re:there is no technological fix

[Bombula]

Seems like social solutions work better than technical ones anyway, at least in my limited online gaming experience. I used to play counterstrike and BF2, and cheating was fairly common, but when enough people complained that a person was cheating that person got kicked and banned. That's a social remedy. My guess is that stuff is going to work better than technical remedies in most cases. Other human players are still better at detecting cheaters than hardware or software watchdogs. If players are encouraged to watch each other diligently and report suspected cheating, and if people get kicked/banned after being reported 5 times or whatever, then social pressures will create a non-cheating environment. There is room for abuse of this system, of course, but in general it settles into a cheat-free equilibrium for most of the time.

Re:there is no technological fix

[SanityInAnarchy]

Sibling is wrong that you'd have to duplicate XP. You'd have to duplicate Linux, because it'd be a HELL of a lot cheaper than licensing XP, or developing your own drivers.

But here's why that's a bad idea:

1. Modern OSes are fast. You're really not losing a lot of cycles to the OS, compared to what developers willingly throw away in order to make development easier -- many games have significant chunks of the game logic written in a scripting language.
2. It can be nice to multitask with a game. For example, I run my MMOs in a window, next to an IM client, a web browser, and a notepad. This is even nice with an FPS, for example, to have an ssh window open to control the game server with at a LAN party.
3. It'd be entirely too easy to run the whole thing in a hypervisor or emulator. Failing that, you could do tricks like a chroot in Linux... I'm sure Windows has tricks I don't know about, or maybe something custom. Notice how much cheating there is on Xbox Live, and they control the boot CD and the entire console.
4. It would be slow, unless you used the hard drive as a cache -- which kind of starts to defeat the purpose, as you could modify the files in the cache. If you use checksums to prevent that, you still have to boot from the DVD, which will take some time.
5. Any way you use to prevent someone from just burning a hacked version also prevents backup copies. But I guess that's "copy protection."
6. It would be difficult to patch. The patching system, if you had one, is yet another way someone could potentially hack it.
7. It would be difficult to use the hard drive, for caching, patching, or saving. Some people have weird BIOS RAID configurations, some people have real RAID, some people have SATA, some have IDE, some have two hard drives, some have many partitions. The only way this could possibly work is if you had a custom partition for that game, or a fixed directory on an OS partition -- the first requires you to repartition just to install a damn game, and the second requires you to have a specific OS installed.
8. At tournaments, there's no real need for custom hardware. Just clone a disk image around, and don't give any players access to the game before they start playing -- during which time they get no Internet access and no custom disks, except config files they've supplied ahead of time for scrutiny.

Let me tell you one thing it would be good for, though: LAN parties. I've been meaning for awhile to make a DVD of UT2004 (maybe minus a few maps), Quake3, Doom3, etc, probably based on Ubuntu, so that people who bring a crappy, spyware-infested computer to a LAN party at least have a chance of getting into the game with a decent framerate, without us having to format them and install a pirated XP (which we have done).

Currently, we ask that people bring their computers a day early -- even to a small, 10-person LAN party -- so we can check them out, and decide if we want them on the same subnet as our own, and maybe clean them up a little -- not to mention do mass-installs of whatever games we're playing.

But, even here, it's a backup, because it won't work for all games, and the ones it does work for almost certainly have Windows ports, or we can just install Linux partitions everywhere. It's a LAN party, so we can look over someone's shoulder and physically beat them if they cheat, and it's much faster to boot an OS off your hard drive and launch the game, because hard drives really are that much faster.

It's actually not a horrible idea, though. Someone founded a company based on it, but they didn't get very far. They were called "Gentoo Games".

Re:there is no technological fix

[EsbenMoseHansen]

In an online chess game, where the rules are fixed, I would challenge you to trick the server other than by hacking it. There is two things: Game data and interpretation of this data.

There are at least 2 possibities: Changing the rendering of the incoming data in a favorable manner (e.g. highlighting opponents, pickups or what-have-you) and having a custom client that plays or help you play. The classic example is the aimbot, that is a client that helps you aim your shots.

Re:there is no technological fix

[Cheesey]

You're right that you can expend a probably awesome effort to synchronize a cheat program with the RNG(your game is being played on a remote server, so you can't just search through memory--the client is completely untrusted), but only if the server is using a PRNG and not a "true" (physical-source) RNG(or, in practice, a high-quality PRNG).

Now that is an interesting hack. Nethack appears to just use the libc random functions which are most definitely pseudo-random and seeded from time(), so it should be possible to predict what will happen in the game given certain movements, allowing a cheater to effectively "play ahead" on his own machine, taking snapshots which allow bad moves to be undone. The best move sequence can be sent to the server.

Depending on your viewpoint, this might not even be cheating, because you are simply using your knowledge of the game's internals in order to play better. You are not using dynamic information about the current game, but rather using static information about the game software. Some Nethack players take notes about items they find in order to help identify them - you can identify many items if you know how much a shopkeeper will pay for them, for example - but no-one would consider this to be cheating, even though it makes use of information that is normally hidden in the source code.

Finally, on another point, some people do use scripts to play on nethack.alt.org. It's a good way to grind your way to the top of the scoreboard. The scripts aren't clever enough to play for you, but they can repeat a sequence of actions to raise your score. It's not nice, and really the game should make it impossible to grind a high score in this way, but it's not really cheating as it could be done by hand.

Re:there is no technological fix

[irc.goatse.cx+troll]

latency of two moving people around some obstacle means you either let them both know where eachother is before they should be able to render, or you'll be able to induce lag to allow yourself to teleport around the game which is just as bad.

Then theres issues of "can it be seen through?" for example when I replaced all fences (which in a real engine blurs to solid after some distance). Is it cheating to tweak your drivers with rivatuner to change how it blurs them so you can see through them? What about replacing the texture with an empty texture?
Replacing the enemy models with sold colors?

Even defining cheating with 100% accuracy is impossible, saying you can stop cheating is laughable.

Re:there is no technological fix

[SanityInAnarchy]

The servers knows there is poeple out here but YOU don't always need to know where they are, except if they can be seen from your POV.

Not always, but often. You can sometimes hear their footsteps, or see them on your radar.

There are possible tradeoffs, but none really acceptable. For instance, the server could send you a streaming video of your radar screen (it's not very big), and streaming audio of potential footsteps, but that would use a lot more bandwidth and server CPU. And when you consider the logical conclusion -- playing the WHOLE GAME that way -- well, figure the server needs one awesome videocard for everyone playing, and enough bandwidth to stream HD video to every player...

But short of that, you'll have cheating, and even there, you can have cheating anyway -- for example, a semiautomatic gun with a very rapid rate of fire, meaning whoever has a rapid-fire mouse wins.

In an online chess game, where the rules are fixed, I would challenge you to trick the server other than by hacking it.

Certainly, but that's chess -- though you CAN cheat by having a computer assist you, if you're worse than the computer.

Re:there is no technological fix

[yahooadam]

yeah but although that may be gone, things like WoWGlider are still as prevalent as ever

Just because 1 main cheating system is gone, there is another to take its place, this has and always will be true

Of course since the warden has been updated a lot, the number of cheaters is pretty low, but with VAC which hasn't been updated enough there are still quite a lot of cheaters, of course you can see that VAC actually works quite well because if you go onto an Unprotected server you will see the number of cheaters

Re:there is no technological fix

[SanityInAnarchy]

So, you're going to make the cheat developers jump ahead. Instead of injecting their software into the wall code, they're going to have to inject their software into the anticheat code, to pass keystrokes into it as it shoots the guy down the alley..

Except without access to the wall and the guy, it won't know where to shoot.

Why waste money with this? Blizzard's Warden is pretty robust from an anticheat stand.

That's Blizzard's. I somehow doubt that it would work for other games, and if it would, you'd have to license it from Blizzard. And it causes lag. And really, for what -- so they can stop people from auto-crafting and auto-hunting, which isn't possible in a good game (auto-hunting isn't, in some better MMOs).

You can clap all the DRM and encryption on this issue you want,but it won't do any good.

It kind of has, though. At least, it seems to me that cheating doesn't work the way piracy does, it works more the way antivirus does. (Which is not the best kind of security, but it sort of works.) Basically, either you'll have like two people cheating for a long time, and it's a lot of work for two people to crack the anti-cheat stuff -- their time is better spend practicing to where they don't have to cheat -- or you have 20,000 people cheating, and if that many people can find the cheat, so can your developers, and then you just screen for that specific cheat.

At the end of the day, the PC still has to keep stuff in ram, unencrypted, for the CPU to be able to run it.

Missing the point of trusted computing. Unless you have custom-manufactured RAM, it's useless to have unencrypted stuff in RAM that you can get to. And I'm not even convinced that would help.

Until Intel makes some kind of RSA type on the fly on-cpu encryption (which I'm going to patent, btw)

Except then you'll have it unencrypted in the CPU registers! Ohnoes!

Or, more realistically, the cache. But even at that level, consider that you'd need a damned good crypto chip to do RSA faster than the CPU can deal with the data. It'd probably have to be better than your CPU anyway!

Re:there is no technological fix

[ravenshrike]

Troll? TROLL? Alright, who the fuck has a hard-on for North Korea?

Re:there is no technological fix

[rtechie]

Time and time again we've shown that to change human nature is very very difficult. Nonsense. You may have noticed that people are no longer urinating in the streets, as was customary 100 years ago. Your average 3-year-old today behaves better than adults did a century ago. There's all that civil rights stuff too. Contrary to what some people seem to think, human behavior is in fact extremely malleable.

Online cheating is not "human nature". It needs to be considered "socially unacceptable" to cheat and there needs to be tangible punishments associated with doing it. Take the behavior of purchasing characters, items, gold, etc. for MMORPGs on Ebay. This is cheating, pure and simple. Using aim-bots is also cheating and Valve, Microsoft, and other online game providers should be zero-tolerance on this. They should stick in their bullshit license agreements that if they cheat on the service they have to pay a $50 "reactivation fee" EVERY time you cheat. And not just MMOs. If you cheat they block your CD key and you have to either purchase a new key or a new copy of the game. Sure a few whiners might sue, but I suspect that most cheaters are little brats and unlikely to defend themselves in court.

The reason they're not doing this now is that they fear lost revenue. As gamers we should pressure them to bring the hammer down.

Re:there is no technological fix

[PyrotekNX]

I'll probably get modded down as redundant. Put simply, you can't solve a social issue with a technological one.

1. Find a social issue
2. Invent a quick fix using technology
3. ?????
4. PROFIT!!!

Re:there is no technological fix

[Brian+Gordon]

It's really the same thing. The server tells you where players are, whether you need to know or not. It trusts the client not to reveal any unnecessary information to the player. But if you've got a custom or modified client that can send the correct hashes or responses or whatever to the anti cheat mechanism on the server, there's no way for the server to know if you have ESP and have enemies highlighted through the walls and their health displayed onscreen. The next step is to simply allow the program to at least partially control your inputs, though if it doesn't act enough like a human then you've broken the perfection of the system and you can be busted by the server. But it's all just client modding.

Re:there is no technological fix

[Workaphobia]

Is cheating a social problem? I don't see why you can't look at it from a technological viewpoint. The system's policy specifies what should or should not occur. The fact that people are able to defy these expectations are a flaw in the implementation or design of the system, thus a bug that should be fixed.

On the other hand, many systems are beyond consideration for technological perfection, so we just accept that it's up to the users to not exploit the situation. And then it is a social problem, as you say.

Re:there is no technological fix

Shooting cheaters on the spot would be a solution, though it would raise new problems: how to dispose the bodies. Vivoleum is a good solution for that new problem.

Re:there is no technological fix

[Hyperspite]

I think the difference is kind of like the problem with DRM. The client has to know stuff (in order to not overburden the server), but it has to keep certain things secret from the player. Sound like CSS anyone?

Add the cheats as features to the game

[Slim+Backwater]

How about just adding cheats as elements to the game? Players like radar? Add it. The ability to see through walls? Auto aim, auto trigger? Make them power ups. Don't fight it, integrate it.

Re:Add the cheats as features to the game

[boaworm]

Because many of these games aim to be realistic, that's why people play them. Adding an "aimbot" as a powerup is not something that would have happened the 101:rd airborne when they dropped down over normandy, so when you play that scenario, neither do you want it or should have it.

Re:Add the cheats as features to the game

Yeah, make an FPS game where everyone automatically has immortality, omnipotence, omnipresence & every conceivable weapon.
Sounds a lot of fun.

Re:Add the cheats as features to the game

[Blakey+Rat]

Oh yeah, Diablo II online was SOOO FUN. You have to install an anti-cheat hack to undo the cheat hack that someone installed to undo your last anti-cheat hack. Everyone spent more time hacking the damned game than playing, and nothing in the game was worth anything. Do not want.

Re:Add the cheats as features to the game

[Cylix]

Because someone would come out with an anti-aim, anti-whatever and turn all of those new features off.

You just can't win with these damned kids.

Re:Add the cheats as features to the game

[Aleksej]

Those who claim that the above is an inherently bad idea that wouldn't work in any game at all, should check BZFlag.

Re:Add the cheats as features to the game

[sheetsda]

I think it would be more interesting to create a game that was specifically designed to be hackable ten ways from Sunday. The objective of the game would be to develop the best program to play the game.

Re:Add the cheats as features to the game

[kasperd]

The objective of the game would be to develop the best program to play the game.

That kind of games are fun for those of us who know how to code. Most of the gamers out there wouldn't stand a chance in a game that involved coding in order to play it. But there still remains a few questions, do you run the program on your own machine talking to a server? If so, is the program supposed to play by itself, or is each player going to be a person and a program cooperating? Are people with a beafy machine and a fast Internet connection supposed to have an advantage? You probably cannot design it such that they will not have an advantage. Alternatively, you submit your program, and everything is then run in a controlled environment.

Re:Add the cheats as features to the game

[SanityInAnarchy]

This sometime works, and sometimes not, and sounds like a weak justification if you do cheat. (The reason I'm not cheating too doesn't mean I'm a noob, it means I like the game when played legitimately.)

For example: Radar works well. However, I would not want radar in a game which does not already have it -- the game could be designed to deliberately force you to listen to footsteps. Also, even radar often has limitations -- for instance, a player crouching and moving slowly might not show up on the motion sensor, and radar has a limited range.

Seeing through walls is almost never normal, and kills camping. Camping is a legitimate tactic. It also kills any kind of partially-destructable environment -- if you can snipe through a wooden box and get a perfect headshot, then wooden boxes are worthless as cover.

Auto aim and auto trigger are incorporated into some games. For instance, there is a mod to Quake 3 Arena called AlternateFire, which adds alternate (right click) weapons to the game, as well as additional powerups. Quad Damage generally alternates between the Quad and "Accuracy", which effectively gives you an aimbot, with certain weapons, within a certain (large) radius. But it still requires you to click, and it's still limited to that radius, and those weapons -- and to when you have the powerup; would it be fair if someone had Quad Damage all the time?

Auto trigger would be more like the melee weapon of UT2004. The "Shield Gun" can be charged up, and will then fire when an enemy is close enough.

I prefer tightening it down on the server side. Have the server not send updates of other players' positions constantly, only when there's a line of sight, or maybe if they are close enough for footsteps, as an example. More importantly, have a competent admin and a decent voting system for when the admin is not there. And in general, I consider cheating to be a part of online games, and I can beat the cheaters, often -- but that does not make it alright, and does not mean that one game should be changed to a fundamentally different one just because one type of gameplay is more susceptible to cheating.

And some cheats, particularly glitches like item duping in Diablo, never make any sense at all as a legitimate addition. Timing tricks, maybe, but free rare items, no.

The reason for cheating is generally not because someone wants an improvement to the game. The main reasons for cheating are because you can (for someone who likes looking at hex code all day, who wants a challenge), and because you want to win, and maybe because you have an ego and something to prove, perhaps because you have a small penis... But let's face it, if you really wanted to play a different game, you'd play one. If you really wanted to improve a game or invent a style of gameplay, there's all kinds of moddable engines, even good open source ones (Quake 3). It would probably take much less effort with source code than without, I would think.

Re:Add the cheats as features to the game

[Torvaun]

The Rainbow 6 games had that heartbeat sensor. Saw through walls and everything. You couldn't be using that and a gun at the same time (as of the last Rainbow 6 game I played), and someone could be using his anti-heartbeat sensor to sneak up behind you with a shotgun. That was still pretty cool.

Enemy Territory had leveling up, so that the more you used the sniper rifle, the less your point of aim would move around. That's not quite the same thing as an aimbot, but it's more realistic.

I'm not positive what auto-trigger is, it sounds like something that automatically shoots when you're aiming at an enemy. A lot of the time, I wouldn't use something like that even if it was available. Give up my element of surprise by shooting him from long range with a pistol? No thanks.

Re:Add the cheats as features to the game

[lena_10326]

Those who claim that the above is an inherently bad idea that wouldn't work in any game at all, should check BZFlag.

I checked it out and played a little. Anyway. The cheats in that game appear in a controlled quantity (as flags), equally available to all. The kind of cheats the article refers to are cheats only available to a select few circumventing the rules. They're also hidden. Cheats built into the game intended to be used are called powerups, which makes the game interesting, whereas hidden cheats makes the game futile.

Powerup != Cheat.

Re:Add the cheats as features to the game

[Saville]

Attempt 1) get shot down
Attempt 2) get shot down
Attempt 3) get stuck in tree and then shot
Attempt 4) get shot down
Attempt 5) get stuck in tree and spend 5 minutes press the 'escape' key then get shot on ground
Attempt 6) get shot down
Attempt 7) kill some nazis then get shot
Attempt 8) get shot down
Attempt 9) get shot down
Attempt 10) get shot down
Attempt 11) get shot down
Attempt 12) be sneakier and kill more nazis then get shot
Attempt 13) download FAQ and type special 'idkfa' cheat and walk around like Rambo and have more fun playing the video game as escapism where you become a hero. You've just had your fill of realism, now you want entertainment. You want to play the role of the top 1% that didn't die or get wounded instead of just another peon.

Re:Add the cheats as features to the game

[Oligonicella]

Then play Rambo to begin with.

Re:Add the cheats as features to the game

[Oligonicella]

By the way, notice Rambo isn't ever on a team?

Re:Add the cheats as features to the game

[Draek]

if you *must* cheat to enjoy a game, do so in single-player where you won't annoy honest people. Cheaters in multi-player games are assholes, pure and simple, no excuses about it.

but personally, even in SP I'd rather improve my skills with each failed attempt rather than cheating my way out of it... as a matter of fact I'm playing through Rainbow Six: Rogue Spear right now, and even though it took me more than a day to finish the first mission alone with all my team members alive, I felt accomplished when I finally did it, whereas if I had just typed 'godmode' or whatever, and just ran through it I would've been just dissapointed and bored as heck. And if I had seen a floating "Invincibility" power-up in the middle of the map, I would've gone and uninstalled the game right there, and ask the store for a refund.

Re:Add the cheats as features to the game

[Workaphobia]

That's actually how BZFlag got a number of its powerups.

*sigh*

[Verte]

The Quake fiasco has already taught us plenty about this: don't trust the user.

Re:*sigh*

[localman]

Ah, ESR. I like this quote:

"If Quake had been designed to be open-source from the beginning, the performance hack that makes see-around-corners possible could never have been considered -- and either the design wouldn't have depended on millisecond packet timing at all, or aim-bot recognition would have been built in to the server from the beginning."

Which is really just another way of saying that it wouldn't have been developed at all. Great solution.

I hate cheating too, but I'm afraid it'll always be there. I just assume on public servers that there is some cheating. When I get sick of it I set up a private game with people that I trust.

Cheers.

Re:*sigh*

[Verte]

I've written for similar scenarios, and the correct way is probably not to send the position state of the other players unless visible. That might sound like a lot of computing power is required and a lot of bandwidth would be used, but cutting planes can be tested on regions in three multiplications, two additions, and a compare, per player. Actual per-player state that would need to be sent would likely be what weapon they were holding, the angle of their legs, their position [a three vector] and their orientation [at most a three vector]. The set of vertices of the actual character model do not need to be sent, but can be held in arrays pending the location of the player. Of course, since this was not the mindset that the developers worked with, it's not what happened. I haven't seen the source myself, but something tells me it could have been done. With a little meditation on the subject, security like this isn't always that difficult or that expensive- in fact, it's usually the Right Way. The question is, will this hardware stop cheating? It just makes me wonder if the developers ran the idea past someone with a degree in information security first and didn't like the response, or didn't bother.

Re:*sigh*

Oh God... Why do people always assume everybody is stupid?

Obviously all Quake games clip entities against the PVS/PHS. But you can't have precise clipping, otherwise players (and all entities) would magically pop up unless your latency to the server was 0. So stuff that's right beyond the corner has to be sent too. Also, sounds.

If it was that easy, it'd be fixed by now.

There was some stuff like Cheating-Death that did what you suggest on the client side, moving invisible entities behind the player, but obviously it's still cat&mouse.

Re:*sigh*

[Verte]

I'm not saying it's that easy, what I said wasn't even a first order approximation on how to share state in networked games. But the moment you realise that you're designing a network game, you need to start assuming the worst. Assuming the client understands all the information you've sent it, and can send anything it likes. Attempting to lock down hardware that you don't control anyway isn't the answer- it's thinking about the value of the information you're sending.

Of course, what you're saying is right- you can't hard clip without a margin to account for latency [and partially visible characters]. Especially when the server must calculate this, because then you're talking about the latency of a round trip. So you're always going to have SOME players possibly seeing through walls. But, planning for security often makes a significant difference.

Wall hacking

It appears to be yet more DRM designed to ensure that peripheral inputs match those received by the game.
This does not address the issue of cheats that allow the player to have information that he would otherwise not have, such as seeing through walls. Nor can it detect proxies.

Like all DRM, it sounds like it will cause legitimate users more problems than it will cause to cheats and crackers.

Re:Wall hacking

[saibot834]

I don't think DRM is the solution to multiplayer cheating (I use the term 'multiplayer cheating' to distinguish between legitimate cheating against bots and cheating while playing against other players). Like all the copy restrictions show us, any DRM restriction can and will be cracked sooner or later.

There is another way to stop multiplayer cheating: Don't give the client information. Why are you able to code a wallhack? Because your computer knows where the enemy behind the walls is. DRM doesn't work, so we have to assume that everything your computer knows, you might know, too. But if your computer doesn't have the information about players behind a wall, if only the server has this kind of information, then there is no way for you to code a wallhack.

Why should your computer have the information who is behind the wall? There are two reasons why that is so: If the server has to calculate everything what you do, that
a) costs much calculating effort
b) takes much time (you have to send the information what's on your screen over the internet, instead of just to your monitor)

With Moore's help (and his law) we may be able to solve a), however I don't have a fix for b). Do you have?

Re:Wall hacking

[jettawu]

I was wondering if someone would mention proxies. I have seen a network proxy based hack in action. They are a very formidable weapon against anticheats. No anticheat the server admin used could detect it because the cheater was running the proxy on an entirely different system than the game itself. Not only that, but even if it did run on the same system, an anticheat would be unlikely to catch it since it wasn't modifying any of the game code or memory... just modifying game data as it went out on the network. That said, they are usually more difficult to create than anything else. If you do any web searching, it is much easier to find anything other than a network based hack. I'd like to see a chip on a board detect a network proxy. As far as the game is concerned, it's running as it usually does, and the server as well.

Not in the game anymore

[Joebert]

Nobody seems to care how good a game is, "the game" is all about finding ways to cheat no matter which game you're playing.

Re:Not in the game anymore

[illegalcortex]

Not really. The real problem is that there's always a small minority that wants to cheat. They drive off the large majority that just want to play a good game.

Re:Not in the game anymore

[Joebert]

If only it were a small minority.
If you get anyone away from other people, they'll cheat if they know they can get away with it.

Nobody cares about the game, they just want to win & they'll do anything to do it as long as they know they aren't going to get caught.

That's just what I see happening.

Re:Not in the game anymore

[qlayer2]

I play multiple online games, with punkbuster support- and the simple fact is that 99% of the people cheating are untrained dupes who download trainers which also contain a number of viruses, and they aren't doing it to get an advantage in the game. They are just doing it to get a rise out of the honest players. The 1% that are smart enough to write their own scripts and use it for an advantage, are usually terrible enough at the game that their "advantage" doesn't matter much anyways. Most respectable servers will boot these people in a short amount of time, and they have zero effect on anyone else. So why would I pay for a terrible hardware solution to a problem that doesn't affect me, or 99% of the population? If you want to force it on big money tournaments go right ahead, but the average game player has no need or desire for this type of product, and won't use it.

Re:Not in the game anymore

[Saville]

Maybe for a dozen people in the world smart enough to figure it out, but the majority of people are casual users that just want to log in and play a game or two of their favourite RTS or FPS or do a quest in their favourite MMO. Or just chat in forums about games. Very few actually want to spend the effort to cheat.

Re:Not in the game anymore

[Joebert]

Very few actually want to spend the effort to cheat.

It only takes one person to figure out how to cheat.

This is computers we're talking about here, as long as a program can be written to automate steps to take in order to cheat, people are going to cheat.

Re:Not in the game anymore

[novus+ordo]

"The sure way to be cheated is to think one's self more cunning than others"

Re:Not in the game anymore

[skrolle2]

That depends on the players.

I was at a friend's 30th birthday party and happened to mention to his 13 year old nephew that I'm playing World of Warcraft. It quickly became apparent that the two of us simply weren't playing the same game. He was very interested in finding holes in the world, finding exploits, using private servers, getting twinked by higher-level friends, and owning non-twinks in the battlegrounds. He was still mid-lvl after a few months, and wasn't really into the whole quests thing.

I'm high-level, I've been in the same raiding guild for two years now, and we're slowly but steadily progressing through the endgame raid dungeons. I don't really care about PvP or twinking.

We're both aiming to "beat" something in the game, it's just not the same things. Not all players are like him, and not all players are like me. And I really hope that his type is not in the majority.

Damn it!

[olehenning]

How am I supposed to cheat now?

Re:Damn it!

[dvice_null]

> How am I supposed to cheat now?

Use hardware emulator?

Re:Damn it!

[Kazymyr]

You could use the Homer Simpson solution.

Re:Damn it!

[lord_sarpedon]

For some classes in WoW, that actually works surprisingly well.

Re:Damn it!

[DeadChobi]

For hunters you need two drinky birds. One to hit autoshot, and one to hit aimed shot.

It does!

I suggest we call it "Battle Of The Gods"

It seems rather futile though..

[boaworm]

The whole concept of anti-cheating is based on making a chip comparing input on mouse/keyboard to input into the program.

So how about:

1: Software that wraps this chip, and returns "true" all the time ?
2: Cheats that does not emulate keyboard or mouse input ? (like radars, spike skins, you name it)
3: Software that generate keyboard/mouse interrupts ?
4: The fact that someone would not buy a CPU/MB with anticheat stuff in it if you intend to cheat. You'd just have a dummy driver emulating this hardware or something.

This only seems to be able to solve a very small portion of cheats.

Nothing beer and engineering can't conquer.

[bigattichouse]

So it compare's key/mouse input from the user.. so you get some engineering students and build a par-port output that loops back in as mouse and keyboard-shunt input. A good afternoon or 3 and some beer, and a few engineering students could overcome that problem, and be selling the solution to cheat-software-makers before the intel crap hits stores.

Stinks

[rvalles]

Doesn't it reek of vendor lock-in?

Wow!

[smiltee]

Exactly like DRM, I am sure this restrictive method will work flawlessly! I think Intel is making the right choice by using something you can't update against an entire army of hackers!

so it's..

[jimbug]

a key logger?

The concept is simple, the chipset records all input from the keyboard and mouse, and the game does the same.

sorry, to clarify

[Verte]

All you can ever hope for is checking that the packets sent by the machine are those sent by the machine. You might be able to control how the software behaves on the machine, but you will never stop a user without your hardware protection from sending the exact same packets.

Solution: The Istrate

[kaufmanmoore]

This handy device fits in a computer's 5.25" inch bay and if it detects cheating a razor sharp knife comes out and relieves the offending player of the little (as is always the case with cheaters) piece of manhood that the loser has left. (Towels to clean up blood not included).

Re:Solution: The Istrate

[Kjella]

I'm afraid there's prior art for that idea here though his aim was a little higher. Given the ratio of asshats who'd do it on the innocent compared to those inflicting rightful justice to those that deserve it, you shouldn't give the control codes to just anybody. Just give them to me.

Great..

[Khyber]

I'm looking forward to the time when I can't play a game online because some POS hardware/software thinks that my MP3 or video encoder is a cheat mechanism.

Lame, very lame. And you KNOW this will eventually happen. Some harmless software program running at the same time as a game will screw your online play without lube.

Why can't the game devs shift focus away from DRM & etc. and try building a solid product that doesn't NEED a third party anti-cheat software running? It's called internal testing, FFS. You made the software yet you can't find the holes, meanwhile some smartass 15 year old Russian just reads your code and goes "Oh! Look at what we have here!"

Re:Great..

[Odiumjunkie]

Why can't the game devs shift focus away from DRM & etc. and try building a solid product that doesn't NEED a third party anti-cheat software running? It's called internal testing, FFS. You made the software yet you can't find the holes, meanwhile some smartass 15 year old Russian just reads your code and goes "Oh! Look at what we have here!"

Because there are some types of cheating that it is just not possible to identify or prevent through a well-designed client. If the game is one that computers can play better than humans (or can play some aspect of better than humans), then software can be written that simulates human user input but is actually computationally controlled. There isn't really a way to prevent this completely, because at some point your sufficiently advanced aimbot is indistinguishable from an excellent human player.

Think of it this way: you can't alter the rules of chess played through the mail in such a way as to stop me using a computer to "cheat". The problem isn't the rules of correspondence chess, the problem is that computers are better than many humans at chess.

Re:Great..

[JNighthawk]

Maybe you've never worked on games before, but you seem very naive about it.

Sure, you can build an ultra-secure game that will be near-bulletproof, but you know what? That game wouldn't be fun. You'd have to wait for server auth before you could do anything, so this would only work for non-real time games.

And, finally, on top of what I said, the direct issue brought up (keyboard/mouse movement spoofing) cannot be fixed by games. Period.

Re:Great..

and try building a solid product that doesn't NEED a third party anti-cheat software running

-5 clueless.

Re:Great..

[antiMStroll]

Gaming's hope is a technical solution less draconian than not encoding multimedia while playing online?

Re:Great..

[brkello]

1. This has nothing to do with DRM. 2. Obviously you don't know what you are talking about because you can write perfect software and still have cheats. The cheats aren't hacks in the software, but hacks in the communication between the client and the server. They do this in many different ways....seriously, how can they stop a cheat if it was placed on a different computer than the game was running on that is intercepting the packets and altering them to give an advantage? Seriously, just don't talk about software because you are clueless.

Re:Great..

[Khyber]

yor answer is CRC hash checking between client and server files. Guess you don't play much Q3 or UT to know this. Also, simpler multiplayer games (Like worms or scorch3d, etc. have no issues with cheating in multiplayer, because of the crc checking in config files. wallhax are flaws of the engine and map construction, not server/client communication.

I do more than enough attempts at cheating. I do it just to try to see if it works. You assume I know nothing. Quit making an ass out of yourself.

Oh, plasma pong has no way to cheat either. Any corruption in the data stream causes instant game shutdown. tried it, doesn't work.

Re:Great..

[toxicity69]

I'm looking forward to the time when I can't play a game online because some POS hardware/software thinks that my MP3 or video encoder is a cheat mechanism. Actually, Half Life did this way in the beginning with "HLAmp". HLAmp was an addition to the GUI in-game that would allow you to control Winamp from inside the game. Valve or whoever at some point decided it was a hack, and banned anyone who used it. Even after several thousand explanations from pissed off gamers, they kept that rule, as I believe it had to do with stopping piracy or something.

Re:Great..

[Jackmn]

yor answer is CRC hash checking between client and server files. Guess you don't play much Q3 or UT to know this. Also, simpler multiplayer games (Like worms or scorch3d, etc. have no issues with cheating in multiplayer, because of the crc checking in config files. wallhax are flaws of the engine and map construction, not server/client communication.

The code for checking the CRC of the files on the client must be stored on the client, where it can me modified. Both Quake 3 and UT can both be cheated in. Your client must be able to know where your enemy is at least a few moments before you can actually see him because of latency issues, making wallhacks possible. It is entirely possible to write a bot for plasma pong. The code that shuts the client down must be stored on the client, where it can be circumvented. You have absolutely no clue what you are talking about. Stop spreading misinformation.

Re:Great..

[Khyber]

Guess you've never heard of server-based authentication. Fail. I've programmed games before, it's becoming rapidly apparent you haven't.

Re:Great..

[Jackmn]

Guess you've never heard of server-based authentication

Servers can't magically authenticate clients without the assistance of the client. For this to happen some code must be placed on the client. This can be directly modified or sandboxed. Anything that can detect these modifications must also be stored on the client, where they can again be directly modified or sandboxed.

You can divide a traditional multiplayer game into three parts - the client, the protocol, and the server. So long as the client follows the protocol the server cannot tell if anything is amiss. The server must trust the client at some point. You cannot protect the client from itself.

Changing the server won't fix this, changing the client won't fix this, and changing the protocol won't fix this.

You do not know what you are talking about. Stick to subjects where you do.

Well, I'm not impressed.

[dannycim]

A friend of mine plays the Final Fantasy XI MMORPG on PlayStation 2. I rigged a little box with a bunch of timers, relays, the heart of a USB keyboard which can repeat timed sequences of game macros without supervision. It works wonders for some "skill-upping".

Intel's little trick wouldn't detect that as it involves no software at all, no injection of keyboard events. As far as the console is concerned, it's a keyboard, period.

I could go a whole lot more sophiticated and build a USB box that would emulate both keyboard and mouse events. Marry that with software that can "look" at the screen data and recognize patterns, and you'd have yourself an automated player.

Go ahead Intel, invent better traps. We'll invent better mice.

Re:Well, I'm not impressed.

[MysteriousPreacher]

You sound quite talented and definitely in a minority. In WoW anyway, most botters are just people who downloaded an app like Glider. If they had to go through the hassle of building hardware or ordering pre-made hardware, a lot will just give up.

Re:Well, I'm not impressed.

[Animaether]

There's keyboards which have this sort of thing already built-in. If people -really- want to 'cheat' that way (is it cheating - or is it just using better hardware? Is a widescreen monitor cheating when compared to a 4:3 monitor because you gain a couple of degrees of vision horizontally? Is using a headset cheating when compared to the person who doesn't have one? etc.) they always can.

That said... the keyboards/etc. have a bit of a signature... the timing on the moves being the same within a few milliseconds, etc. It can be detected. Go ahead, build another better mouse that adds random delays. But you're going to be one of very few to make that sort of effort. As long as the vast majority of cheaters stand no chance in the game, the rest will still have a good playing experience.

Re:Well, I'm not impressed.

[nschubach]

What's sad about this is that I recently played a Beta of an MMO called Sword of the New World. The leveling process was so long I actually created macros for my G15 to handle the characters while I went to bed. If the leveling curve on it wasn't so steep, I never would have thought about doing it. Personally, I think if the game would reward people in faster increments they wouldn't resort to "cheating" or macros except to simplify patterned commands. BTW, I actually bought the G15 as a programming tool, not as a gaming keyboard.

Re:Well, I'm not impressed.

[ZorbaTHut]

I'm not entirely sure I believe this.

In WoW, most botters are, indeed, people who just downloaded an app. This is because the app works. If the app didn't work, they might go and do something more complicated, such as forking over $20 or $30 for a cheap hardware gizmo that does something like what the original poster is talking about.

"People are lazy, and therefore won't go any further effort" is a fallacy when people don't need to go to any further effort. Once that becomes necessary (I mean, if that ever becomes necessary, which I personally doubt) I would suspect that a lot of businesses would spring up.

Re:Well, I'm not impressed.

[Miseph]

This also brings into question the value of such cheats. If a cheat must be weakened so as to avoid notice, the eventually it needs to be weakened to the point where it doesn't even qualify as cheating any longer. Your home-made bot that acts exactly like a normal player in terms of imperfect timing and lack of percievable omniscience isn't a terribly effective way of cheating.

Re:Well, I'm not impressed.

[vertinox]

Marry that with software that can "look" at the screen data and recognize patterns, and you'd have yourself an automated player.

Already done.

There is no technological fix for this. Eventually, AI will be so good that it will be hard to tell if a player is human or AI. Since the AI will be another computer with a web came and keyboard inputs, there is no detection.

Unless you requite a Voight-Kampff test before being allowed to play online.

Re:Well, I'm not impressed.

[vertinox]

Your home-made bot that acts exactly like a normal player in terms of imperfect timing and lack of percievable omniscience isn't a terribly effective way of cheating.

Except for the fact he doesn't have to be there in person to reap the benefits of the bot at a later time. Otherwise known as gold farming...

Re:Well, I'm not impressed.

[antiMStroll]

I'm impressed but the subset of cheaters who would go to so much effort is much, much smaller than those willing to install a software hack. If the latter herd can be thinned than those who will go to the effort will stand out that much more in gameplay too.

Re:Well, I'm not impressed.

Yup. I have a macro on my Logitecg G15 keyboard that will switch to rockets, jump and do a 360 and fire at the ground behind me. I get gobs of kills that way because noob's like to tailgate and try to get you from behind. it's a cheat in essence but it's highly effective. Just like adding battle mode buttons, I need to squat and take out your knees? G1 drops me to the ground dodges left with a right turn, switches to shotgun and fires 2 blasts. Works great when I come up against someone from around a corner. by the time they react I'm already lower and firing the shotgun WAY faster than I can do it by hand.

works great and really is the only way to fight agsint the aimbot asshats.

Re:Well, I'm not impressed.

[edittard]

Slashdot - where we can't get a date, but we don't have to play with ourselves either. We get a computer to do it.

Re:Well, I'm not impressed.

Granado Espada.... Sword of the New World

Yeah, the leveling curve is kinda steep once you get up to say 40 (compared to WoW anyways compared to EQ its insanely easy).

Still I just go to bed with my characters still logged in and a command to 'guard here' Wake up... wowee! A couple level ups. I don't even need the macros.

Re:Well, I'm not impressed.

[MysteriousPreacher]

Yeah, I suppose since people are willing to pay for gold and power-levelling, they are probably just as willing to buy a hardware device. I may have understimated the laziness of people.

Re:Well, I'm not impressed.

[Miseph]

So the benefit is that he can skip the tedious not fun parts by, essentially, having a bot do it all at about the same efficiency as a human and using this bot to give 24/7 coverage while he eats, sleeps, goes to school, has a life outside of WoW, etc?

Sorry, but I just don't see where the problem comes in. Heck, I think a lot of problems could be solved by simply building a bot into the game... if everyone could skip the tedium of mindless grinding by having a bot do it while they sleep, or even better by having the server automatically distribute gold according to some sort of average table while a character is not currently in use, then it could make the game more fun for everyone AND completely defuse the farming and bot problems.

I know, I must be crazy or something.

define mouse

[Loconut1389]

What about tablets, tackballs, and people who have multiple USB pointing devices hooked up- monitor them all?

You got to be kidding me

Who would exert any effort on this problem? Aren't there enough real problems like cancer, famine, and missing bees that we can get Intel working on? Is cheating in a game really the priority for our greatest minds?

Or you could just play Xbox...

[Blakey+Rat]

This is actually already implemented by Microsoft in their Xbox and Xbox 360 consoles. I like knowing that, while Microsoft can't do much about exploitable bugs in the games (the sword-flying in the first version of Halo 2, for example), they can easily boot people from the network if they know they've modified their hardware in any way to enable cheating. It would be interesting to know what their record is, and whether anybody's figured out how to bypass the system.

Re:Or you could just play Xbox...

[Lord+Kano]

I have no desire to play the console shuffle anymore. I did that in the early years, I had an atari 2600 nearly forever, then I had the Sega Master System, NES, Sega Genesis, TurboGrafx 16, Super NES, TurboGrafx CD, Atari Jaguar and Playstation. I've lost interest in the mad dash to buy a new system every 2-3 years. I play computer games.

LK

Re:Or you could just play Xbox...

[superanonman]

Would it be such a stretch to take the composite video output of a game like Halo 2 into your video-in and use a pixel-scanning aimbot to do USB output spliced into your controller wiring? It would probably take some voodoo coding, but it is more than possible.

Re:Or you could just play Xbox...

[Blakey+Rat]

... good for you? How is this relevant to anything?

Also, the mad dash to get new video cards is at least as bad as the mad dash to get new consoles and, if anything, happens far more often than new consoles come out. All you're saying is that you're no longer interested in being bleeding edge. That's fine, but don't make it sound like some holy mission from God or something.

Re:Or you could just play Xbox...

[Lord+Kano]

How is this relevant to anything?

It's why so many of us only play PC games, you stupid ass.

Also, the mad dash to get new video cards is at least as bad as the mad dash to get new consoles and, if anything, happens far more often than new consoles come out.

Perhaps for you. I upgrade my video card every 1.5-2.5 years. I buy upper middle of the road cards. I won't spend over $150 for a card. If you bought the Playstation, Saturn, Dreamcast, XBox, Playstation 2, Xbox 360 and Playstation 3. You've spent far more than I have on video cards.

All you're saying is that you're no longer interested in being bleeding edge.

Bleeding edge? Please. We're talking about video games, not base jumping.

LK

Re:Or you could just play Xbox...

[Blakey+Rat]

It's why so many of us only play PC games, you stupid ass.

Yes, but that's not relevant to the comment you were replying to. I posted that Microsoft's already implemented such a system for their Xbox console, and you replied with a list of reasons you play PC games instead of console games. That's a fine post, but it has NOTHING TO DO with the comment you were replying to, and it has nothing to do with Intel's new hardware designed to prevent cheating. It was entirely off-topic, especially ironic from someone with a link to posting guidelines in their sig. Thus my reply.

You stupid ass.

Re:Or you could just play Xbox...

[Lord+Kano]

Yes, but that's not relevant to the comment you were replying to.

Sure it is. I was countering that I don't care what anti-cheating steps Microsoft has incorporated into the XBox, because I won't ever buy one. There are many people just like me who won't ever buy a console. It's because of people like us that PC games continue to exist. It's because of people who cheat on our chosen platform that anti-cheating technology is necessary.

LK

Re:Or you could just play Xbox...

[Blakey+Rat]

With that explanation it's slightly relevant. But the original reply, sans that explanation, still has nothing to do with anything.

I say "slightly" because I never claimed that PC games don't need anti-cheating technology, so you're replying to an argument I didn't make.

Re:Or you could just play Xbox...

[Lord+Kano]

No explanation should have been necessary. It was the obvious conclusion to draw.

It was a reply to your claim that we "could just play Xbox", the fact of the matter is that many of us will never own one.

LK

Woo hoo! New type of spam!

[OverlordQ]

Can't wait for the new spam now.

"Download Intel Anti-Cheat update here! http://foo.bar.baz/Intel_Update.exe"

Now the spammers have a little bit of hardware to read keyboard input installed already for them?

Re:Woo hoo! New type of spam!

[Mr2001]

Every computer already has a little bit of hardware to read keyboard input installed for trojan writers to use. It's called a keyboard.

here's an idea

How about only sending data to the user, he/she actually needs. This fixes the seeing through the wall problem.

The only thing an online game should be taking from the user is his input (keyboard, mouse), all calculations (except rendering the game) should be done else where, and all the game data the user doesn't require (or see) should be kept away from user's computer.

Then only one attack vector remains. With proper input checking (not on user's computer) one could probably significantly reduce the problem of aimbots and eliminate any speed hacks.

Re:here's an idea

Great idea. As soon as everyone can connect to the game with 20ms latency I'm sure the devs will get right on it.

Re:here's an idea

[Wonko+the+Sane]

How about only sending data to the user, he/she actually needs. This fixes the seeing through the wall problem.

Maybe it would work better to send the client more data than it actually needs, then only informing it which data is valid at the last possible moment. Even if you can see through walls, you don't know which players you are seeing are real and which are fake.

Re:here's an idea

But cheat can combine other information and detect fakes. For example fakes won't probably make any footsteps etc.

Re:here's an idea

[demi]

Hey, this is actually quite interesting. I've heard of winnowing like this for covert channels before but not applied to this situation. It bears some thought.

Sure, anti-cheat is the given reason. But...

[GreatBunzinni]

I find it very troubling that this whole new "anti-cheating" technology looks a lot like some beefed up hardware keylogger which not only will be present in every computer out there but also will not come with an off switch. Sure, the reason to push this new trusted computing feature is those damn cheater punks who enjoy them unlawful fragging or that pesky spyware, which only affects ill-managed insecure platforms. Yet, what about the danger that this new feature presents to privacy? I mean, it's a keylogger paired with a communications component which will be present in virtually all desktop PCs. Does gaming free of the occasional cheater trump privacy nowadays?

This is stupid

Cheating is out of control because of failed attempts by software such as

Wow, I had no idea Punkbuster and other anti-cheating applications caused cheating. It's too bad the top poster didn't post his information regarding this claim... it would have made a far more interesting discussion than some lame Intel hardware.

Wrong term.

[khasim]

How about just adding cheats as elements to the game? Players like radar? Add it.

The players don't like radar. The cheaters do.

Following your logic, the game would offer the ability to instantly kill any enemy, at any range, automatically. Regardless of intervening obstacles.

Yeah, that sounds like a fun game.

Cheaters want those because cheaters don't want to play by the same limits that everyone else does.

Re:gharr

[camken]

since none of you with mod points seem to get the joke, i'll explain it.. and i'll use small words..

i had a witty and thoughtful first post prepared.. but then i (my input verifier) realized that it (the witty and thoughtful post) wasn't (coming from the "proper" source), so i'm (stuck) posting this tripe instead (of what i'd intended)

now, for the explanation..
just what do you think will happen when things can be censored or monitored at the source of the input?
i'm using a rather innocuous example of a first post gone awry, but what happens when **insert nasty shadowy agency here** decides that they want to be able to scan encrypted data?
why.. get the data before it's encrypted, of course.. how do you do that? why, a key logger that 'allows' you to play a certain game, of course!
now, i'm not suggesting that the average gamer routinely inputs data that the government wants, or even that intel has any special interest in doing this.. but on the other hand, what happens when your biggest rival in the game has figured out how to tell your computer that it no longer recieves "intel approved input" and so your character simply stops responding to commands..

the point of all this is that if you're going to try to do things that make it harder to cheat, you'd better make damn sure it can't be misused.. i'm sure we've seen enough of the arguments on here over the last 5 years about how seemingly benign laws and technology get misused by with those with an agenda..
and i for one don't want to see it come to my games too, because my fear is that someone will think of something more nefarious than i can, and voila, he's already got the tools in place on literally THOUSANDS of computers worldwide. oh but wait. nobody ever attacks windows gamer boxes, right?

ok. thanks for letting me vent about that, i'm sorry the joke wasn't clear enough the first time, and that i had to have the discussion with myself instead of you folks.

have a nice day.

The problem with anti-cheat software..

[Animaether]

..is that the server, at some point, has to trust the data the client is sending. Now there's client-side anti-cheat software that will do things like try and make sure that external applications (not entirely unlike the old TSR cheats of lore) aren't altering the data in RAM before it sends the info back to the server. But that client-side anti-cheat software can-and-will be defeated. Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

So the only proper anti-cheat lays with the server. But there you hit a problem. You can, for example, prevent some cheats that way. Somebody lobs 2 nades while the server knows he only has 1? Cheating. Somebody moves all over the screen, faster than the player can actually run? Cheating. Wait - or a laggy connection.. or a bug. Tread with caution there. Caution means a margin. A margin means a margin for cheating. Okay, so you don't have your cheat make your player run at 200% - you just make him run at 105%. Still an advantage, and the anti-cheat won't catch it because of the margin. And even when you can detect all the -technical- cheats (more ammo, faster reloads, increased speed, greater jetpack fuel (if there's any), that leaves you with the cheats that cheat the User Input. Aimbots and the like - which can be extremely difficult to detect.

In the end, you can't 100% prevent cheating. But you can make the landscape unattractive enough to cheat in by at least trying to prevent it and having an actual human being look at suspicious behavior from time to time.

( I admin at one of the more popular Soldat servers - we're virtually cheater-free because the cheaters know they'll be busted in no time and their cheating fun ruined by us /kill'ing them (rather than banning - as they'll just be back) and ousting them in public. )

Re:The problem with anti-cheat software..

[Reziac]

You make an important point: "ousting them *in public*."

Fear of embarrassment after being caught is a powerful anti-cheat motivator in school, and I'm sure it works just as well in a game environment.

Re:The problem with anti-cheat software..

[pairo]

Actually, no. Fear of being caught and getting a low grade made me think twice before cheating in school. I couldn't care less if people knew I sucked at cheating. I admitted to that myself. :-)

Re:The problem with anti-cheat software..

[Splab]

Don't know where you are from, but here it would be illegal to ousting people in public for cheating in school, what will happen here is all your exams get voided for the year. Second time it happens you get thrown out.

Re:The problem with anti-cheat software..

[Catil]

As far as casual public server playing goes, there might be another solution: Statistics.
40% aiming accuracy? Too good. 5 headshots in a row? Too good. etc.
It wouldn't even have to have anything to do with cheating, actually. The message a detected player would recieve would be something like this: "Sorry, you are already too good for this server, it's low-skill only. You will be kicked in 5 seconds, so the noobs here will have more fun in a more even and fairer game. Feel free to play on our mid- or high-skill servers over here."

Re:The problem with anti-cheat software..

[vertinox]

Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

I can't seem to find the article somewhere, but I remember John Carmack said in an interview the only way to truly get rid of online cheating was to simply have the server generate the video feed and stream it to the client and had the client only send pure keyboard mouse controls.

I might be mistaken that he was alluding to the fact that online gaming will someday be like this, but only able to do this due to increased bandwidth and computing power sometime off in the far future.

Re:The problem with anti-cheat software..

[RegularFry]

And that *still* doesn't get rid of aimbots.

Re:The problem with anti-cheat software..

Where the hell are you from that exposing someones academic misconduct fails you out of your classes?? I detect BS?

Re:The problem with anti-cheat software..

[ensignyu]

Most games with a dedicated server (usually FPS) already validate everything -- or more precisely, the only thing you can do is enter keystrokes and mouse movements. I'd actually call it particularly bad design if you don't do something like that -- although maybe at a higher level.

One problem is with non-dedicated servers like for RTS games, where one of the players hosts the server. You really have to trust that player not to cheap by manipulating the server.

Alternately some games use a P2P model where each client knows everything (and is effectively a server), so there's no way to bend the rules because all the other clients are watching and cross-checking the data. On the other hand, it gives *everyone* the opportunity to cheat by simply revealing info they shouldn't know, and there's no way to detect that without some kind of draconian trusted computing watchdog.

Re:The problem with anti-cheat software..

[lena_10326]

And that *still* doesn't get rid of aimbots.

It would get rid of aimbots.

In order for an aimbot to work it needs access to the internal game state, particularly positions and velocities of objects in the game, which it can gleam by analyzing the data packets between server and client or by accessing in memory game data.

If all you have is a video stream, the aimbot has access to no game state. The best it could do is try to recognize objects on the screen by pixel patterns (screenscrape), which I doubt would work if everyone chose skins matching the background. It also wouldn't have access to positions of off-screen objects, which gives the aimbot its real advantage--shooting at people behind you or hidden underwater or in shadows. I think in that case any screenscraping aimbot would be more trouble than its worth as well as very inaccurate (obvious).

Re:The problem with anti-cheat software..

[RuneB]

What's old is new again, eh? That is what MUDs have been doing for years and years (and MUDs are what everyone called "online gaming" for a long time)

Re:The problem with anti-cheat software..

[Saville]

The best solution is to not trust the client at all. Most of the problems you listed are because the client, which one needs to assume is cheating, is telling you where he is. Instead of running and telling the server where you are you should give input saying "I am running now"

This is why you won't find cheating in a good RTS or MMO, the server or peers can run everything in parallel. The only cheating that can happen is "aimbots", but fortunately there isn't much use for them in a MMO or RTS. Maybe the AI could run on a cheater's system, but I have never seen good AI in an RTS. At best you'll be able to write AI smart enough to beat some n00bs, but that'll only climb you to level 2 or 3 on a ladder.

Unfortunately for a FPS you'd need to be on a decent LAN for this to work. Broadband is only good enough for this in a few places, and generally speaking the US and most of Europe is not one of them. :(

Re:The problem with anti-cheat software..

[Bombula]

And the high-skill servers will be like SNL's All Steroid Olympics. Why not? Same with MLB. Who cares if people cheat - as long as everyone is cheating, it's still a level playing field.

Re:The problem with anti-cheat software..

[bjorniac]

But then good players would be lumped together with cheats, which is no fun whatsoever. I play CSS somewhat competitively, but love playing on a few pub servers too. It's no fun at all, though, when someone who obviously hacks comes in. Sure, there are noob servers out there and anyone who's good should leave them alone so people can have fun there, but all your scheme would do is shift the problem to servers for good players.

Re:The problem with anti-cheat software..

[brkello]

The only problem with that is a lot of the time the admins just aren't very good players. They are unable to tell a good player from someone who is cheating. I know my brother and I have been banned from many CS servers by admins who can't believe we can play like that. The sad thing is, I am really not that good. Just the admins have no idea how bad they are.

Re:The problem with anti-cheat software..

[TheRealMindChild]

So the only proper anti-cheat lays with the server. But there you hit a problem. You can, for example, prevent some cheats that way. Somebody lobs 2 nades while the server knows he only has 1? Cheating. Somebody moves all over the screen, faster than the player can actually run? Cheating. Wait - or a laggy connection.. or a bug. Tread with caution there. Caution means a margin. A margin means a margin for cheating

It is simpler than that. If guy can only move X distance in Y time, enforce it. The client shouldn't be deciding the movement of your character... it should only be sending the direction of which you wish to move.

Re:The problem with anti-cheat software..

[Shabadage]

No, that actually WOULDN'T work. 40% aiming accuracy is NOT too high, 5 headshots in a row ISN'T high either. I've been kicked off countless UT servers (Face specifically) because I'd just start snipin' fools from the tower. Then I'd get booted cause I was "cheating". No, it's called I played hours and hours of Face against God-Like bots thank you very much.
 
This would punish cheaters, sure; but it would also punish those who just happen to be good (on that map in my case).

Re:The problem with anti-cheat software..

[PachmanP]

Conversely, servers that better players frequent would be more likely to recognize and bust cheaters. Whereas the n00b servers, people would be more likely to just think the guy was really good, die alot, and give up on the game.

Re:The problem with anti-cheat software..

[Kjella]

Except the people using aimbots and the like aren't interested in skills - they're interested in the feeling of being invincible, to tear through a map like a mean Rambo look-a-like. Put the cheaters together and they'd have no fun. So what they'd do is find ways to do it anyway, while the good players will get banned by any other name. What are you going to do, start banning people for winning too clearly? Sure, that's incentive... get too good and you get banned on every server except the garbage heap of cheaters, woohoo.

Re:The problem with anti-cheat software..

[Ash+Vince]

I play americas army alot on the net. At one point I was out of work and pretty much played full time for 2-3 months. By then end of that period I got more hacking acusations than you can shake a stick at. I even got banned from a few servers. I have never cheated. The truth is that really good players get headshots first time, almost every time.

In the end I settled on playing on one or two public servers run clans. That way they knew who I was, trusted me not to be cheating and let me carve through people when I was on a good run. That way admin would usually explain to noobs I wasnt a cheat when the acusations started to fly.

I also changed my name to Nohax for a laugh but that was only after I got the hacking acusations.

The truth is though that human admins are the best anti hack method. If you got caught cheating on their servers you would probably get a lifetime hardware ban. That means your PC gets banned, not you account name or anything. I don't know how it works but it is effective as I have heard people complaining they downloaded a hack for a laugh and then could never play again until they bought a new PC.

Re:The problem with anti-cheat software..

[KDR_11k]

One problem is with non-dedicated servers like for RTS games, where one of the players hosts the server. You really have to trust that player not to cheap by manipulating the server.

On the other hand you can just pick another server since only the host can ruin it, not a random player who joins.

Also some RTSes use pretty much P2P, i.e. each player's computer simulates the gamestate by itself and only the player's inputs get sent to the other players and since it's deterministic the gamestate won't differ (baring hardware or software errors). It's impossible to cheat anything beyond an information cheat like that since changing your gamestate only makes you desync but doesn't apply your changes to everyone else's gamestate. You could still maphack or automate stuff but in a well designed game you can automate stuff without invoking cheat programs.

Re:The problem with anti-cheat software..

[KDR_11k]

Here I go again restating stuff that was already in the original post because of my habit to hit Reply before reading the post in its entirety...

Re:The problem with anti-cheat software..

[SanityInAnarchy]

Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

In order to defeat TCPM, you can:

1. Fool the TCPM chip itself into authenticating something that isn't properly signed. Probably can be made impossible.
2. Crack the authenticated software, while it's executing -- something like a buffer overflow. Difficult, and is impossible with perfect software. Perfect software is not impossible.
3. Crack the TCPM chip itself (or surrounding hardware), somehow, and steal the key. Might be made physically impossible in the future, physics permitting.
4. Crack the server at the other end, or fool it in some way. Could be made impossible.
5. Steal the key used to sign stuff for the TCPM chip. Requires actual data theft -- this key will NEVER be on your computer in any form.

#1 and #2 require you to have an actual TCPM chip. #4 is unlikely, and would be fixed. Only #3 and #5 really seem likely to produce a version that would work on a computer without a TCPM chip.

Somebody moves all over the screen, faster than the player can actually run? Cheating. Wait - or a laggy connection.. or a bug.

The solution to this is, fix the bug.

Somebody moving all over the screen can be made impossible by having the client send velocity and direction updates, and the server send positional updates back. Or even if you send entirely positional updates, both ways, the simple solution is to have the server send positional updates back, correcting the client. So if somebody is moving at 105% speed, all that will happen is they'll jump back from lag. The faster their connection, the closer it will get to their screen vibrating, rather than them being jerked back a foot or two. And it will only look that way to them, so I can't see it giving them an advantage.

And even when you can detect all the -technical- cheats (more ammo, faster reloads, increased speed, greater jetpack fuel (if there's any)

Not even detect. Defeat, plain and simple.

Consider someone trying to create a godmode. Can't be done. You might be able to convince your own client that you have 100 health, but if the server says -37, that's what everyone else sees, and they also see your body blow up, and their score go up.

that leaves you with the cheats that cheat the User Input. Aimbots and the like

You forgot cheats with the display. Invisible or translucent walls, giant target boxes on people's heads, even things like adjusting the screen brightness.

And you're right, those you have to deal with by having competent admins. But you have to be careful here -- some people really are that good. One way to tell is go to a first-person view of that player, which can help, but not always.

As always, the surest way to tell is to know the people personally, have occasional LAN parties, and maybe form a team.

Re:The problem with anti-cheat software..

or maybe he meant that instead of getting humiliated, you just fail your class if you cheat

Re:The problem with anti-cheat software..

[brkello]

This seems like a horrible idea. Maybe it appeals to those who suck at the game...but then what is the point? You already have a filter that does this. Go on different servers and find one the suits your skill level. You don't need statistics to kick you if you have a lucky game. Besides, people would just find out the rules and play around them...making sure they empty their clip in to the wall before they get out of their spawn or purposely miss that next head shot.

Fine, use statistics to detect cheating...but to detect and kick good players? Man, why the heck are you playing online if you don't want to improve or don't want competition?

Re:The problem with anti-cheat software..

[servognome]

. I think in that case any screenscraping aimbot would be more trouble than its worth as well as very inaccurate (obvious)

Naw, it'd become somebody's PhD thesis :)

Re:The problem with anti-cheat software..

[lordSaurontheGreat]

You've never seen me play, have you?
I'm 1337 man, but even n00bs get in the groove every once in a while. What are you going to do, kick someone when they start to get good? No. There's a natural ordering which tends to balance the universe of the game out over time. It takes patience and admins that understand that time is a key ingredient to creating a stable ecosystem. It's just like biology. Life will find equilibrium, if you just let it.

Re:The problem with anti-cheat software..

And what happens if you *are* really that much better than everyone else? Are you no longer allowed to play because you are so much more skilled than other players? In other games the very best players are rewarded - do you suggest we ban them from playing in the online gaming world?

Re:The problem with anti-cheat software..

[Reziac]

You're different and strange :)

But point being, it had a penalty you perceived as real and significant to *your* world. And that's what the parent poster was talking about.

Re:The problem with anti-cheat software..

[Reziac]

When I was in school (graduated from HS in 1972) I don't think I'd ever even heard of anyone cheating. It just wasn't done. One has to wonder to what degree cheating is encouraged by feelgood systems (and feelgood rewards), which my school most pointedly lacked -- there, you got whatever you got *entirely* on your own merits.

Re:The problem with anti-cheat software..

[Sigma+7]

This is why you won't find cheating in a good RTS or MMO, the server or peers can run everything in parallel. Actually, there are easy ways to cheat in RTS/MMOs:

• Maphacks/wall hacks allw you to see through obstacles. This obstacle is FoW in RTS games, and due to their nature, most RTS clients tend to be syncronized and require having a copy of the game.
• MMOs can be botted. While not "cheating", it is an unfair advantage since it allows you to get powerful players more quickly than what is normally accepted.
• RTSs, as they generally need a copy of the game state on each client, can have critical information about other players displayed (e.g. how much resources they have/spent.)

Maybe the AI could run on a cheater's system, but I have never seen good AI in an RTS. The AIs you see on most RTSs are lobotomized - they are written to be "good enough", whether it's through scripts or through randomness.

As an example, look at Starcraft - while the AI is relativly strong for new players, it is weak compared to the "build orders" that are posted on various websites, which are then memorized by master players. There's no reason why this can't be placed in an AI to make it stronger.

Another example is Galactic Civilizations (which isn't an RTS, but the same concept applies.) In most difficulty levels, the AI is crippled but is still a threat to most players - the only "cheat" is that it knows the location of good planets (which isn't much of an issue, since they were probing the universe before your race invented hyperspace). The threat is caused by the economic optimization - it picks the best tax rates and maximizes production efficiency. As a side note, there were reports of the AI somehow bypassing tech tree requirements - this complaint was eventually resolved, either through a patch or by identifying how they did it (e.g. tech trading with other races.)

The AI discussions were common with the game Total Annihilation, as it was the only game at the time that allowed AI patching. No matter how well you made your AI script, it was limited with implementation bugs - for example, the AI engine had a failsafe in case the script was faulty (or if it got nuked) where it would start building resource production on an economic shortage, but would never turn off the failsafe. Another bug would be the "5 peewee" rush, which could paralize the enemy AI commander and kill it.

It's not a lack of technology that limits RTS AIs - it's the lack of implementation. There hasn't been any serious attempts to make a strong AI.

Re:The problem with anti-cheat software..

[apoc.famine]

You hit the nail on the head. We run our own UT2k4 server. We occasionally get decent players on. We also occasionally get people who magically get 6, 7, 8 kills in a row in on people that they can't see, or as they round corners. If someone seems just too good to be true, they get the banstick. Have we possibly banned people for just being super-good players? Possibly. But there are a couple hundred other servers for them to play on. Have we banned downright cheaters? Yep. My favorite was the kid in igib Hall of Giants - if you know the map, you'll know how amazing it is to get a "HOLY SH*T!" twice in a row. Yeah, that's 16 kills in a row, with a max of 3 seconds between each one. All the more impressive was that he did it from...the bottom of the map...and shot someone directly above him in the air immediately after shooting someone on the ground, and then immediately shot someone behind him and to the side. I was spectating for the second round of kills, and most of the people who died you couldn't see, due to the distance limitations. Many were nearly 180 degrees apart from each other at huge distances, but they were located and killed in the span of a second or so. Not overly hard to justify a ban for things like that.

Re:The problem with anti-cheat software..

[ozphx]

Several CS aimbots require fullbright coloured models and actually do screenscrape.

Re:The problem with anti-cheat software..

[lena_10326]

Several CS aimbots require fullbright coloured models and actually do screenscrape.

And the models would be server-side where you can't paint them a special color for the aimbot to target, which was the point of the previous post regarding John Carmack's statement.

With just a video stream, there's no way the aimbot could calculate the vertical angle to the opponent because it can't assume he's at the same elevation as you. The aimbot also doesn't know whether you're looking up or down so it doesn't know your vertical viewing angle.

For it to work, you'd have to get yourself level with the enemy and look straight 90 degrees to the ground, otherwise you're guaranteed to miss. Missing several times in a row by consistently shooting over or under someone by a few feet will arouse suspicion and you'd be labeled a cheater very quickly. Being forced to get level eliminates a major strategy of aimbot cheaters: camp in a distant high spot that's difficult to get to and provides you cover.

By the way, some games let you view left and right without turning so in that case the horizontal angle toward the opponent would also be unknown.

Aimbots really only work when it has access to game state, which is position and velocity of you and the opponent as well as your viewing angle. Those require a client-side game.

Re:The problem with anti-cheat software..

[fractoid]

This would punish cheaters, sure; but it would also punish those who just happen to be good (on that map in my case). To be honest, I don't care whether they guy that headshots me 5 seconds before I see him, every single time, is cheating or is just really good. Either way it makes the game suck for me, and it presents no challenge for him. Users *should* be grouped by ability level (whether natural or assisted) so that everyone can actually enjoy the game while they're getting good at it. Surely you didn't have as much fun 'owning noobs with your leet sniper skillz' as you would have playing against equally skilled players?

Re:The problem with anti-cheat software..

[ozphx]

Much as everyone loves Carmack a straight video stream to the client is impractical with current connections / server resources. ISPs can't afford a renderfarm for their game servers, and I can't afford a pipe capable of streaming 1920x1200 @ 30fps from them :P

> Being forced to get level eliminates a major strategy of aimbot cheaters: camp in a distant high spot that's difficult to get to and provides you cover.

No, aimbot cheaters use the advantage their aimbot gives them to turn what would usually be a strategic disadvantage into a comical sequence of headshots. An aimbot is at its best when storming into a room, not trying to make finicky long distance shots while exposing yourself to fire.

Aimbotters tend to get lazy and complacant. Taking them by surprise, where you can be on the trigger before them is the way to do it. Of course you have to aim as well...

If they are surprising you then you have no hope :P

Re:The problem with anti-cheat software..

[MutualDisdain]

I believe that the AA software reads the MAC address of the network hardware you are using to interface with the net. It might also read serial numbers from your hard drive or other hardware. This could all probably be circumvented by using a virtual machine to fake these particular hardware ids, but this sort of solution is effective at banning most of the script kiddies running hacks. I have never cheated at any online game but still have been banned in AA before. Sometimes you can be on too good of a streak for the admin of a server and your access must be sacrificed for the greater good I believe that most cheating stems from the adolescent "Superman" wish. I think secretly many people want to overcome the basic rules that define their reality and dominate others. If your world only consists of horizontal movement, you secretly wish you had vertical movement etc. I think this is base human nature, and nothing will change this desire. What gaming needs are adult-only servers that require a valid real world ID to enter. Pseudo-anonymity and adolescence is the catalyst for brazen cheating and game-hacks. For many people, knowing their true real world identity will be tied to any action in a game will make them think twice about cheating. It wouldn't stop cheating in its entirety, but it would helped to stem the epidemic. Closed-box systems like the Xbox also help. The skill level required to modify the reality generated by a closed-box system then becomes so great that it deters the average script kiddie.

Re:The problem with anti-cheat software..

[NVP_Radical_Dreamer]

Ok, time for me to rant/troll for a bit. Why is it that every time people bring up cheating there is always the guy that screams "but but but Ive been playing since Counter Strike pre conception alpha -7 and thats why I pwnzors yuor facezzzzzz."

Re:The problem with anti-cheat software..

I like playing people much better than me so I can learn from them. This particularly applies to little tricks that only skilled players know (sooo, the shield gun also prevents falling damage huh...), but even basic stuff like reaction times get better when it really matters that I'm 5 milliseconds faster so I can actually get a shot off. And on the occasions when that shot hits and I win I'm happier.
But, of course, getting that tense and into the game isn't to everyone's taste. I also do like owning n00bs sometimes too, it's quite relaxing in a way and it's nice to know that I really have got better than I used to be.

Re:The problem with anti-cheat software..

[Rhys]

Yep. I used to run a lowbies PvP group in WoW. We could field 10 folks if everyone was online that night, but it was okay because we'd crush with just 5. We'd hit 8-10 man alliance twink squads who claimed we were all hacking.

No, the reality of it is we've played together for years in various games and we're on a teamspeak server calling out your positions, flag locations, etc. Blizz never banned us but I'm sure we were reported over and over and over again.

Re:The problem with anti-cheat software..

[lena_10326]

No, aimbot cheaters use the advantage their aimbot gives them to turn what would usually be a strategic disadvantage into a comical sequence of headshots.

There are a set of aimbot strategies. Not just one. Camping in a remote spot with an aimbot is one, particularly in line of site of a respawn point. I've seen happen a thousand times. Ones that I can think of are aimbotting:

• from a "crow's nest"
• near a respawn point
• near a flag point, regeneration point, home base point, etc
• from upper level walkways shooting down or vice versa
• by lurking on the fringe and pegging off those fighting
• by blitzing a fight (as you mentioned)
• from the other side of an opaque surface (windows, water, foliage, very dark shadow, corner edge)
• by running the map and pegging off opponents randomly
• from the opposite side of the map when line of sight is possible
• by appearing to play "legitimately" to mask your cheat

Re:The problem with anti-cheat software..

[ultranova]

When I was in school (graduated from HS in 1972) I don't think I'd ever even heard of anyone cheating. It just wasn't done.

When I was in school, our teachers would propably had been moved to tears of happiness if we'd cared enough to bother to cheat ;).

Re:The problem with anti-cheat software..

[enjerth]

Well he should be banned for talking shit. That not sportsman-like conduct.

Re:The problem with anti-cheat software..

[vecctor]

I agree, there hasn't been a strong attempt by the actual game company, but the fans have tried to use existing AI APIs to do some awesome work. Some examples:

The Skirmish AI mod for Dawn of War: http://forums.relicnews.com/showthread.php?t=15300 9

Sorian AI (and a host of others) for Supreme Commander: http://forums.gaspowered.com/viewtopic.php?t=14325

I wish the actual companies would put some effort in.

Re:The problem with anti-cheat software..

[Reziac]

A sad indictment of both the school and the students. :(

Re:The problem with anti-cheat software..

what about cheaters who do have interest in skill? I used to know a kid who was quite a good CS player who had no problem taking up some cheats. Obviously he couldnt cheat at a LAN or tournament but given the chance, he would do it just to make himself that much better.

Re:The problem with anti-cheat software..

I've cheated on BF1942 in 2004 only because around 50% of the people on the public servers were cheating as well. When I hid in some random un-important room and the same guy found me everytime, I got fed up and downloading the hack.

While it didn't make me invincible, it allowed a variable fog limit, and showed all enemies on the map as well as "floating" names on the hud itself.

The game was immensely more entertaining not because I was invinicible, but that it handicapped others in the same entertaining way that golf players do.

Finally, around the Spring of 2004, PunkBuster was added in a patch and it did a pretty good job of stamping out the rampant cheating -- at least the only cheaters were the ones who developed the cheat themselves because once it was released, the PunkBuster devs would write a signature for it.

What's curious is that EA doesn't care about many of the other multiplayer games that have rampant cheating. Command and Conquer Generals has so many hacks and cheats -- there's no point to playing people you don't know. Where is punkbuster for this game? Why BF1942?

Re:The problem with anti-cheat software..

[bostonguy]

This brings back memories of running a Quake server, back when Quake was new. My boss in my hardware lab let us set up a spare box as a dedicated server, and now and then we would alter some of the server settings (like max run speed) without telling the other people that would join at lunch. WE knew to change the max run speed in our exec files, so they would sit there screaming at how we could somehow move around so fast, without knowing that we could even do what we had done!

Then there were the times where my buddy & I would stay late on fridays and play online (back when it was mostly big companies that had fast net connections), and we would replace the player skins with maxbright images, so we could snipe people more easily!

And before you start flaming me for being such an ass, we only did it now and then to get reactions out of people that had been super dicks while playing a fair game! We really were pretty good, and didn't NEED to do stuff like that! :-P

Re:The problem with anti-cheat software..

[Ash+Vince]

Funnily enough I have been kicked a few times for taking the piss too much. Admins have always let me back on providing I appologised.

Re:The problem with anti-cheat software..

[Ash+Vince]

Then you were a bunch of sad little shits. Go get a life.

Seriously, why bother playing online at all? Why not just play against a computer if all you ever want to do is win without facing any decent opposition?

Just play a single player version of the game with all the settings on super easy.

Re:The problem with anti-cheat software..

[demi]

That way they knew who I was, trusted me not to be cheating and let me carve through people when I was on a good run.

Maybe I misunderstood, but that's what I thought you were doing--playing against opponents of much lower skill level than you. If you're playing against competitive players, how could they possibly confuse you for a cheat?

People confuse better players for cheaters because their skill is so out of whack with their opponents' that they can't conceive of someone being that much better, without a cheat. But as far as I'm concerned, that's even worse: playing a game against people much worse than you, so you can feel like a big man, is almost the definition of pathetic. I don't really care if they're banned (incorrectly) as cheaters or (correctly) as bullies.

Re:The problem with anti-cheat software..

[Ash+Vince]

When america is asleep you get who ever is awake unfortunately. Playing first thing in the morning over here in europe America Army is not so popular and I often started before 9am. At that time its 4 in the morning in the US.

I prefer decent players as I still improve when faced with some good opposition and I like a challenge.

Yay for Trusted Computing

[Cheesey]

Remember folks, although the remote attestation features of TCPA could be used by online services to force you to use a particular "trusted" application/OS stack, locking you in to a configuration like "IE on Vista", that's not why they are there.

The point of TCPA isn't to enforce DRM or strengthen software monopolies. It's all about things that benefit you, like preventing cheating in online games, and... erm... many other things.

TCPA is a misunderstood technology. The EFF, the FSF and security experts are just making a knee-jerk reaction to something that they don't understand. Let me explain:

1. TCPA doesn't take away your ability to run whatever software you want. If every online service requires you to use (say) Vista, and uses TCPA to enforce this, you can just opt out of the Internet entirely and carry on running Linux or .*BSD or whatever. It's your choice.

2. TCPA doesn't spy on you, although it might be used to prevent you modifying software that does. But then you can just opt out of using that software. Again, it's your choice.

So, say yes to TCPA! Like atomic bombs and subdermal RFID chips, the technology isn't inherently evil, and it will certainly never be abused to reduce competition in the software marketplace, preventing free software interoperating with online services.

Re:Yay for Trusted Computing

[frogstar_robot]

you can just opt out of the Internet entirely and carry on running Linux or .*BSD or whatever.

You yourself have just shown that the EFF, FSF, and security experts have a genuine beef. Using Mickeysoft or "opting out of the Internet" is not an acceptable choice.

Re:Yay for Trusted Computing

[Oswald]

Well, I went and checked your previous posts and there's no indication that you're any stupider than the rest of us. I'll just chalk this up to Sunday morning lethargy. But really you might want to post a mea culpa or something because your sarcasm detector is seriously hung over.

Just one problem?

[Quarters]

Multiplayer games these days have one problem. Cheating.

Really? Just one? What about:

Bad design

High prices

Poor performance

Steep system requirements

Bugs

Re:Just one problem?

[cshake]

You forgot another one:

EA

I'd also include 'lack of support for old games' but just saying EA covers that pretty well.
(C&C Generals is what, 4 years old? They don't even have a section on their website for it anymore FFS!)

The Scarlet Letter

[grapeape]

Want to fix this in gaming universally and quickly? Employ the usual detection methods then rather than banning (which just prompts signing up again under a different name) simply tag all their account information with an icon designating they are cheaters (I recommend a big scarlet C). Have it follow them around for a set period of time (1st offense 1 month, 2nd 6 months, 3rd 1 year, 4th lifetime). It sounds harsh but I would go so far as to extend the cheater flag to apply to any future account made with matching personal info during the penalty period, sure it might irritate a roommate or family member but that will only assure it doesn't happen again. Public embarrassment works much better than banning.

Re:The Scarlet Letter

There are a LOT of people who get labeled as cheaters when in fact they are not. How would you like it if this happened to you? All of a sudden people are swearing at you and calling you names because you have this big red C next to your name and you have no idea why it appeared.

You shouldn't do something like this unless your detection method is foolproof. And as it is now, most of them suck badly. Hell, punkbuster and VAC have a history of problems where running application X in the background would result in a false positive and people being unable to play. And relying on admins to guess as to whether someone is cheating useless too. Oh, you happened to check behind a crate to see if that one remaining enemy might have been there, and he actually was? You must be wall hacking. boot.

Re:The Scarlet Letter

[delt0r]

Won't they just sign up for a new account with a big C on it?

Re:The Scarlet Letter

[Ash-Fox]

Public embarrassment works much better than banning.

The majority of cheaters I encounter in games are more of griefers which cheat to annoy you. Since these people tend to even wear provocative titles when they can such as "Chinese gold-miner clan", I don't really see how this will publicly embarrass them.

After all, all I ever hear them say as a reason for doing that is, "It's just a game".

Nope, I don't think "public embarrassment" will work.

Re:The Scarlet Letter

[Charcharodon]

I'd rather have banning. A key ban is the way to go. Sure let them sign up for a new account, that'll be $50 please. If a person makes enough of an nussance of themselves follow it up with a credit card number ban. Sure most people have more than one card, but the truly cronic bastards would be face pretty quickly with a long time ban if they didn't straighten up.

Personally I've been leaning back towards LAN parties. Cheaters are much easier to deal with, you just chuck an empty beer bottle at them after the first offense. The second offense involves dragging them out back for a little wall to wall counselling session.

Re:The Scarlet Letter

[niteice]

Or give the server admin tools to play with. Make the player look silly, send them false information, etc. Spawn a campfire if they're camping.

Real-time public humiliation is even better. :D

Re:The Scarlet Letter

[Dogtanian]

Nope, I don't think "public embarrassment" will work. It will if you go round to their house, and tell their Mom that you have something important for them- then when they haul their overweight ass up from the basement and stick their pasty, Cheetoh/Wotsit/whatever-stained face round the door, photograph them and show the world what a loser this person really is.

I don't think they'd like that at all. :-)

Re:The Scarlet Letter

Camping is not cheating. It may be lame to you, but they're not cracking any executable or intercepting packets to make them shoot someone in the head as soon as they come around a corner. Huge difference, I'd say.

Keyboard recorder in hardware

[tvlinux]

Now the BAD guys(gov included) will gave an easy time to install keyboard recorders, it is already there!

Anti-cheat systems are flawed.

[Angelwrath]

All software anti-cheat systems are flawed because they include things other than cheating. I get kicked by Punkbuster for high ping on gaming servers.

The trouble with anti-cheat systems is that the developers have no ethical standard. They tolerate inconveniencing legitimate players to ensure that the cheaters are stopped as well. The law would see things differently. The law believes in letting some criminals go to ensure that it never punishes an innocent man. Flawed though it may be, it works far more often than it fails. Punkbuster is the complete opposite, and what's worse is that Punkbuster is full of bugs. I get kicked from servers several times a day and the only message I get is:

"Punkbuster

[Ok]"

All complaints to the company fall on deaf ears. And because EA chooses PB, I am stuck with a company granted an artifician monopoly by another company, and have no choice but to have a greatly diminished experience. Nothing is worse than screwing a gamer over in the heat of a competitive match, and that's what PB does too often.

Re:Anti-cheat systems are flawed.

[smallfries]

Dirty lagging cheats like you should get kicked from servers... :)

Re:Anti-cheat systems are flawed.

[Sigma+7]

All software anti-cheat systems are flawed because they include things other than cheating. I get kicked by Punkbuster for high ping on gaming servers. That means you were cheating without realizing it.

While it is not an issue for Quake (there was no prediction), it became an issue with QuakeWorld when prediction was invented. This "prediction" allowed game clients to see the game more smoothly, and worry less about ping and random latancy messing up game activity (hence the Thunderbolt and other instant-hit weapons were the most popular weapons for aimbots.)

An excessivly high ping means the predictions cause other players to appear as if they were walking around a corner when they stopped short. The result was that you were able to shoot them "around the corner" in the split second when they stopped. Alternativly, the prediction causes the player to move against the wall, which slows down their velocity.

This from the company...

...who's Core2 MMU can potentially be exploited from userland code.

Give it up Intel, I don't game and I don't want TCPA bullshit on my boxes.

Cheating in games is a huge problem

[baomike]

That I am going to lose about 1/2 secound of sleep over.
I may even forget the problem by the end of the .... what was the problem again?

Maybe not so much

[Lije+Baley]

Most of the "cheating" I've seen is only in the minds of kiddies who don't understand the effects of latency, and the ability experienced players have to compensate for it. Gaming would be 1000% better if these kids would just grow a spine.

World of Warcraft seems pretty clean

[macz]

Except for lag macros that make you appear to be a few yards away from where you really "are" I haven't really experienced much in the way of cheating in WoW. It could be that I am just ignorant I guess, but their combination of Warden (ugh) and a strong client server protocol seems to be pretty effective.

Re:World of Warcraft seems pretty clean

Warden is pretty good, but has been defeated completely through the use of a customised rootkit. (See recent blackhat conference talks.) Despite this, yeah WoW cheating is mostly limited to botting and buying gold from farmers.

There /is/ a Social Fix

[Morosoph]

I play Sauerbraten (and occasionally ActionCube, now AssaultCube) online. Both feature mastermode. Since there are far more honest players than cheats, you simply join a server and assume mastermode if no-one has already taken it.

It works really well, except that people aren't sufficiently willing to assume mastermode. All the same, serious gamers do do so, so 'serious' games aren't disrupted for very long.

Re:There /is/ a Social Fix

[Lance+Cooper]

It does work fairly well, except that its quite difficult to detect anything but the most blatant, full auto rifle type cheats. If someone comes up with something more subtle, it is really hard to pick out whether they're quite good or cheating. I know I err strongly on the side of not kicking people, and I'm fairly certain that it has made me not kick people who were cheating. Of course, I've also been on the other end of it, a few times I've been accused of cheating simply because I'm fairly good.

Yay for Sarcasm

Only 6/10 I'm afraid, add an analogy and profit step for full marks.

That won't help

So should we integrate letting players move faster than allowed by the game, or pingbombing your opponent if he shoots at you (or if you shoot at him)? How about forcing other players to drop from the server, should we allow that too?

Your post demonstrates an ignorance of what cheaters are doing. It's not just looking through walls.

It's a reputation problem.

[Colin+Smith]

You can't trust the person, you can't trust the hardware or the software you can't trust anything which comes back from the client machine.

Da fix? A cross game registry of gamers with identities linked to real addresses and bank details. Something which all the online games can query, though I'd go with hashed values for bank details/address etc rather than real ones. You get caught cheating, you get marked as such. To get rid of the marking you need a new identity.

Will it stop it? Mmm look at the athletes who take drugs, I doubt it. What getting caught would do though is ruin the gaming life in all the games which use the registry. Gaming environments could be split into two areas. One for trustworthy gamers, one for cheating scum.

Re:It's a reputation problem.

[lena_10326]

Will it stop it? Mmm look at the athletes who take drugs, I doubt it.

Performance enhancing drugs are considered cheating for sports. Are mind enhancing drugs considered cheating for PC games?

Better hide that Red Bull can at the next tournament.

Re:It's a reputation problem.

It already exists for console gamers. It's called Xbox Live.

Re:It's a reputation problem.

[Colin+Smith]

It already exists for console gamers. It's called Xbox Live. I don't know. Something tells me that may not be a universally useful site.

Re:It's a reputation problem.

[Renraku]

Valve marked me a cheater on Half Life 2/Counter-Strike Source (which is all one account) and refuses to mark me as not-a-cheater. I had not played the game in six months, only to come back to find myself banned. They then said all bans were final, and refused to let me know what servers/times/dates/logs/etc (aka evidence) they had.

I guess I have to make a whole new account for when HL2 ep. 2 comes out so I can fucking play on secure servers again.

Re:It's a reputation problem.

A cross game registry of gamers with identities linked to real addresses and bank details. Except (a) children and teenagers (why do people forget that these games for children anyway?) might not have bank accounts and
(b) you should not have to give up important personal information to play a stupid game.

Your solution is worse than the problem. Using a bot in a multiplayer game is a childish strategy that makes the game less fun. Someone stealing your personal information that you had to supply to log into a multiplayer game, is absolutely horrifying though, identity theft and fraud is a much, much more serious issue!

This kind of bs should not have been given +5. It's irresponsible to forget that identify theft is the reason why you shouldn't supply your personal information on a drop of a hat, and should never be recommended, except in important situations that warrant it. Playing World of Warcraft or Diablo doesn't count as such.

Re:It's a reputation problem.

[Colin+Smith]

Don't worry in my universe the cheating scum would still be able to play.

Re:It's a reputation problem.

[Renraku]

Its my own personal hell. If I want to play CS I can do so on unsecured servers where 11 of the 12 other people are cheaters.

The kind that spin around in a crowded room and get 12 headshots with their dualies.

Wooosh...

Do you hear that sound often?

This may lead to anti trust lawsuits if games....

[Joe+The+Dragon]

This may lead to anti trust lawsuits if games force you to have this as people will not like being locked in to Intel chip sets and high end games will not want to give up nvidia SLI chip sets for this. Also this may give a big boost to AMD in the AMD VS intel lawsuit as it is braking anti trust laws for Intel to not give this a way for free to other chipsets to use if this ends up being needed to play some games.

When this comes out...

[jonfields]

Certain keyboards will still work for cheating...IF macros are performed by the keyboard itself through some memory in it rather than reading a macro file on a computer. I wonder if the G15 is in that group.

In the context of gaming...

[Eric+Damron]

I don't agree with your "social problem" fix thing. Cheating is both a social problem and a tech problem.

Given enough bandwidth and computing power on the server end cheating can be stopped or nearly so. This is a rather hypothetical statement, however, because I don't see either of those requirements coming in my lifetime.

Cheating is enabled mostly because the server must provide too much information to the client so that the client can do it's own calculations thus reducing the workload for the server. For example, in Counter Strike each client has most of the graphical data. Maps, models, etc. The server then only has to send positional data about the other players to each client. The client can then do the calculations needed to render the world as seen by the player. What this means is that if an opponent is standing behind a wall the client PC "knows" about it even if the player should not. If the player hacks the software he can display the hidden player. Further since the client knows the exact position of opponents the player can hack the software to allow auto aim etc.

If we had enough bandwidth and computing power the server could do ALL of the work and provide the client with prerendered scenes. The client PC would not be given enough information to do an effective cheat. The client PC would be more like a dumb terminal.

Of course this would require bandwidth and computing power on the order of what is depicted in the StarTrek series.

Who knows... Maybe someday...

Wires

Just how are they planning to authenticate the computer as being an intel one with a trusted hardware module? You know, seeing there is no secure authentication system that is not based on trusting the user... What shall stop me from virtualising the whole intel platform on an AMD box? The only way this could theoretically work would be to have a small quantum entangled system with one particle in the computer and another back at Intel. That way they would actually have physical access to a part of your computer, but the technology to implement something like that at anything less than an astronomical budget is at least a century away.

It's not going to happen.

[Dogtanian]

wouldn't the next step to be switching games back to a boot system. Think how great it would be to not have worry about all the OS cycles being used. Booting into a game would allow the game ULTIMATE control over what software is run. If anything it could be used for tournaments. That wouldn't work with anything other than a very fixed set of hardware. Even Amiga games frequently stopped working when newer machines came out with minor hardware updates (e.g. A500 to A500 Plus, not a major difference, but it still caused problems). They bypassed the OS back then simply because the speed advantage it gave easily outweighed the extra hassle and compatibility issues.

But technology has moved on. For one, hardware is far more complex these days. The idea of having to hit modern hardware from scratch sounds nightmarishly complicated.

For another, the PC philosophy is that you can use many different types of sound/video/etc hardware because they're supplied with drivers. If there was no OS, the game writers would have to write their own drivers for *every damn card that they expected it to run on*. And that's assuming that the makers were willing to release the specs to their cards anyway, which very often isn't the case.

In short, you'd have to duplicate the functionality of large parts of Windows XP, the sound and video drivers, DirectX, networking, blah blah blah.... all from scratch. You can see why this isn't going to happen just to stop a few kiddies cheating, especially since it would likely get cracked quite soon anyway.

Re:this shouldn't be necessary

fucking dick smokers, sucking them dicks. You're only jealous because you're never likely to get *yours* sucked :-P

Custom cheat hardware will become popular

[dlleigh]

Software that compares the input from the hardware with what the game sees? No problem: just make sure that the input comes from the hardware itself, and not from a piece of emulator software.

I built a cheat box for GTA San Andreas soley because I am lazy. The game requires that the player have their character "exercise" in a gym in order to build strength and stamina. I didn't like the idea of abusing my fingers and keyboard by rapidly typing the necessary keyboard combinations, so I buit a box with three big buttons on it that emulates a USB keyboard. It emits the correct key combinations when I press a button. (NB: I didn't use a programmable keyboard because I'm a hardware guy and was playing with USB anyway. I like my form factor better and used actual arcade game buttons for feel and durability.)

Want to run on the treadmill for the maximum allowed time? Press and hold a button. Want to lift heavy weights quickly and repeatedly? Press a different button. Yes, folks, I was cheating at virtual exercise.

It actually gets worse. I got tired of holding the button down, so I set an old disk drive on it. Then I could just sit back and watch my character get buff. This was the ultimate in laziness: I was cheating at cheating at virtual exercise.

Re:Custom cheat hardware will become popular

It didn't have to be that complicated. I just sent CJ into the water, and held down the 'shift' key with a paperweight. 10-20 minutes later he had maximum stamina and strength.

However

This handy device fits in a computer's 5.25" inch bay and if it detects cheating a razor sharp knife comes out and relieves the offending player of the little (as is always the case with cheaters) piece of manhood that the loser has left. (Towels to clean up blood not included).

Parent's technique is only effective the first time. The hard core cheaters will be right back, after going for any required stitches.

STOP MODDING UP MEANINGLESS SHIBBOLETHS, PEOPLE.

[mumblestheclown]

For fark's sake people. A statement like "there is no technological fix for a social problem" is just important-sounding nonsense. Really? We seem, after all, to have prevented the problem of people physically reaching out across the internet and strangling people... I have yet to see anybody do this (as much as I'd like to sometimes). Parent poster completely ignores the obvious problem with his arguments: that ALL defense mechanisms are not about absolute defense, but about reducing the rate of successful attacks and/or increasing the barriers to entry (such as technical sophistication, equipment, time, etc) that an attacker must invest in to be successful. Security guards and alarm systems do not prevent all bank robberies - but it is safe to say that there would be more robberies if those things didn't exist. Same here. You may have technological issues as to exactly how much such a hardware defense would decrease the amount of cheating, but it seems fairly obvious that, if implemented, this figure would be greater than zero.

Is it a keylogger?

[Animats]

The question is whether this is effectively a keylogger. If the device does something like compute an MD5 of the last N mouse and keyboard events, readable by the game, that's fine. If it keeps the whole event stream and makes it accessible to any application, that's a major security hole.

Not that it really matters. The future of commercial gaming is consoles and mobile devices, not PCs.

Why this won't work.

There is exactly one way this could work, and it will limit flexibility to a large degree, and it's doesn't sound like it's what they're doing. Also, that one way won't work:

Hardware signs all of the input, which is transferred verbatim (or equivilant) to the server, which checks the signature *and uses that exact input* for game input.

And that won't work. Here's why: http://opnrzr.sourceforge.net/

The Razer Copperhead is readily available and easily modified to incorporate any aimbot you want. Just tell the mouse (either via USB, or if Intel's smart enough to check that, one of the mouse's other inputs) what to send, and have it send it.

There are other mice with modifyable firmware, keyboards with modifyable firmware, and you can get generic USB hardware like the hardware in the Razer Copperhead and make it in to whatever you want. The Copperhead itself can act as many different USB input devices, and does act as both a mouse and keyboard with default firmware.

Accept it as part of the game

[oferic]

From the perspective of playing FPS: It's easier to just consider cheating as part of the game. You're invariably going to encounter someone who's better than you - whether they're cheating or legitimately great at the game. It's just part of the challenge. There are, of course, the people who use cheats to make the game pointless (ie. they become ridiculously efficient at winning) but when this happens it's usually pretty easy to see what they're doing, and kick them out.

Keyboard/mouse input? what is this the early 90's?

[Dilpo]

I must admit I have worked on a few simple cheats in my time for various games that were already hacked to shit by the time I got into it (read: I'm not bragging to be some super h4x0r, I'm just saying I have looked at and played with and edited code others have already written to implement features other people long before me had figured out) and I haven't seen a cheat in YEARS that simulated keyboard/mouse input. Maybe the old ogl hacks of counter-strike 1.x-1.5 because they didn't have access to the games engine itself but past that every hack out there has only used keyboard/mouse to let the user configure the cheat in game. In no way did it ever send keyboard/mouse events to the game to simulate play. Think about that for a second, how ridiculous would it be to say "the mouse moved to the left" "the mouse moved up" over and over again until the player was aiming at the head of other players. So many variations could throw that off and make it inaccurate such as mouse sensitivity and the number of function calls you'll need until the mouse is pointing at cord x,y on the screen your data of where the target players head is very likely out of date by now. Now instead you simply calculate the vector between you're pov and the enemies head in game without having to convert 3d vectors to 2d screen cords. Then make a single function call to change your view to that vector and one more to fire. No keyboard or mouse activity was simulated and the functions that were called are normally called AFTER the game has handled these inputs therefor already bypassing any check the game would make with Intel's anti-cheat. Intel: They didn't press anything Game: nope they did not. This is how cheats have been working for a LONG time now, Intel is about 10 years to late with this method. Instead developers should write their server's to not trust anything from a client and tell it nothing that it doesn't need to know. Even more recent games are guilty of this for example BF2/2142 tells you the location of EVERY PLAYER on the map, their health, their name, and a WHOLE LOT OF OTHER SHIT YOU DON'T NEED TO KNOW. In addition to that BF2 and 2142 trust the player to know if they are commander, what team they are on, what squad they are in, and AS THE COMMANDER TO TIME THE USE OF THEIR OWN ASSETS. A simple *(*BYTE)(0xD3ADC0D3)=1 re-enables the assets with absolutely no check by the server to see if enough time has passed since they were last used. Cheating isn't going to stop anytime soon but you could at least stop making it easy. Punkbuster and VAC both failed from the get-go(cat and mouse games are forever lost). Games need to be designed from the ground up with the possibility of cheating in mind. This isn't a client problem, its a server problem.

Not all bad

[Craig+Ringer]

I mostly play Battlefield 2142. It's a buggy piece of crap, but fun, and cheating is relatively unusual due to:

      - Actively administrated servers & agressive banning of cheaters
      - Well integrated and maintained PunkBuster
      - Decent game maintenance

The game is not well written, but exploitable bugs do get fixed (usually fairly quickly) and cheating isn't so prevalent as to be a serious problem. I've definitely run into it a few times, and most of that was exploiting geometry glitches to get to places that shouldn't (yet) be reachable or to fire from inside solid structures. I've only ever encountered a one or two fairly obvious aimbots, though I'm sure they're around more than I notice.

The thing is, cheating doesn't make you smart. Giving yourself 360 degree vision with translucent walls and an aimbot will probably make you seriously lethal (if disoriented), but few cheats are that effective. An ordinary aimbot user still needs to be aware of you, facing roughly the right way, and to have fired in time. Being smarter and getting the drop on them with a knife (or sniper rifle) does the trick, as does running them over with a tank. The fact is that the majority of cheaters are in fact complete retards, and generally can't stand up to any decent player except in a direct firefight.

That said, BF2142 is designed so that players with improved tactics, better communications, more effective co-operation and a superior grasp of what their enemy is up to can beat twitch-gamer types more often than not. I can see how in, eg, CounterStrike, these people would get seriously annoying.

Re:Not all bad

[Kagura]

Maybe you should consider Armed Assault, if you prefer tactics, communications, and cooperation. It's newer than BF2142, and the graphics and gameplay are polished a complete order of magnitude higher. You won't go back to BF2142 if you truly believe what you put in your previous post. :)

Mod me offtopic...

[SanityInAnarchy]

Is that a reference to the horrible, horrible, Chinese pirated Attack of the Clones (subtitled in english-chinese-english translation)?

That always cracks me up. Vader's "NOOOOOOOO" becomes "DO NOT WANT!!!"

Re:Mod me offtopic...

[Blakey+Rat]

I think that was the origin of "Do not want," but it's in regular use on a ton of websites now, especially Fark.com where it's often used in comment threads and sometimes headlines. Also, a lot of "LOL Cat" images have incorporated it. It's just a popular meme at the moment.

Re:Mod me offtopic...

[deftcoder]

... and /b/

well...

...it won't beat this one for sure:
http://www.battlebricks.com/wiigobot/index.html

Re:WTF????

[Saville]

Well some of us nerds are busy earning money just like you, but we do it by making video games :P

Re:STOP MODDING UP MEANINGLESS SHIBBOLETHS, PEOPLE

[antiMStroll]

Stop talking sense. Reality's shades of grey are confusing and blur the crystal clarity of black/white dualism. Subtle distinctions are not the path to karma.

Re:STOP MODDING UP MEANINGLESS SHIBBOLETHS, PEOPLE

[yada21]

We seem, after all, to have prevented the problem of people physically reaching out across the internet and strangling people...

We've prevented it the same way we've prevented trespass by teleportation and time-travel assisted stock fraud. The method revolves around not building the technology to enable it.

Incredibly poor logic and a crappy analogy.

Re:STOP MODDING UP MEANINGLESS SHIBBOLETHS, PEOPLE

[bigstrat2003]

We seem, after all, to have prevented the problem of people physically reaching out across the internet and strangling people... Yes, let's pat ourselves on the back for "preventing" something that's physically impossible.

hardware dongle

Why don't game makers ship a hardware dongle with their software??? It's easy, ultra hard to defeat, and the cost is minimal.

Re:hardware dongle

No its not. They're defeated on a routine basis.

more importantly, this is a bad, bogis "fix"

[frovingslosh]

While there may be no absolute fix, this is a awful and flawed attempt at a fix and little more than an attempt to cash in by Intel without even understanding the probem.

Intel's "fix" is to monitor the keyboard and mouse and detect if any extra inputs are getting to the game that it's hardware does not detect as actually originating at the keyboard or mouse. The claim is that any such inputs must be coming from cheat codes such as bots.

However, this is bogus and flawed in a couple of different ways. It fails to allow for alternate input from common input device drivers that most would not consider cheating. This would include the popular Logitech G15 gaming keyboard's macro keys, joysticks with multiple function keys, even mice with extra programmable buttons, and the Belkin and Saitek gaming "pads". These last two alternate controlers are used by many handicapped gamers who have lost one limb and it allows them to play games that would otherwise require two hands (although they hardly completely level the field).

At the same time, the "fix" seems to do nothing for other types of cheats that are not input related. Players who change their systems so that they can see through walls, so that their character is harder to see in FPS games or so that other players are extremely easy to spot in such contests are ignored as a problem in this "fix", and that, of course, addresses only some of the ways that cheaters do cheat.

I often drop off on-line games when I see other players exhibiting superhuman skills (a few days ago I and a few other players observed on player who could cross the entire length of the playfield in a single bound when other players all required 4 or more jumps, even with all of the power-ups kicked in) and I would welcome a viable anti-cheat system, even if not perfect. But this system is far from even being good.

I agree with the original response, there will never be a perfect anti-cheat system. I don't see how there could be, when out computing power is growing to the point where it could run on an external box and "watch" the video and provide back it's own keyboard and mouse input in response. But the real issue here is that this is a poorly thought out approach that will impact legitimate users as much as it will slow the cheaters.

you can do all that at once...

[512k]

wager on the outcome of your wii boxing matches with your friends.

You'll

• earn money
• socialize with your friends and family
• stay in shape

Rootkit in disguise

[Walter+Carver]

A few days ago:

http://hardware.slashdot.org/article.pl?sid=07/06/ 28/1124256

Can't people just play?

[alexandre]

I mean come on, you have someone cheating on a server... big deal, change server, find some real friends you can trust to play with, whatever!
Don't start building DRM up the food chain as an excuse for not winning ;-)

Easy work-around.

[MattS423]

Cheat using hardware! All it takes is a tiny little device between the mouse/keyboard and the computer. Just plug the keyboard into one side, and plug the other into your PS/2 port, use software to program it (requires USB too?) and then the chipset is getting the "cheating" input too. it'd cost around $15.

It's not futile; it's extremely dangerous...

[Erpo]

...because most people who think they understand the nature of Trusted Computing are dead wrong.

In theory you are perfectly correct. There's no sense in trusting data coming from the client. Any hardware or software added to the client's machine to make it disobey its owner can be circumvented.

In practice, the bad guys have come up with a way to make this circumvention difficult and expensive. Here's the basic outline for trusted computing:

* A small chip called a TPM is added to your motherboard. This chip may (in later incarnations) be integrated into the CPU or other system components.

* The chip **DOES NOT** restrict the activities that your system can perform. You can still run arbitrary code at arbitrarily high privilege levels.

* What the chip **DOES** do is keep a detailed log of the code that has run or is running with elevated privileges. Just to reiterate: you can run any code you want, but the chip is watching.

* The chip contains its own public/private key pair that it can use to sign reports on your computer's activity. If you choose to run software on your computer that passes these reports on to other computers on the Internet, other computers on the Internet can know with certainty what software is in control of your computer. You could choose to run software on your computer that would modify these reports before passing them on. However, owing to the nature of public key cryptography, other computers on the Internet would be able to detect your forgery.

* You are free to turn off or remove the chip at any time.

Many people criticize "Trusted Computing" technology by saying that it "controls" what software you can run on your computer. This is true, but not in the way most people think. You are still free to run any software you like on your Trusted Computer, but you cannot program your computer to lie convincingly about your choice of software to other computers on the Internet.

In this way, other people on the Internet can hold you responsible for choosing to run software that they don't approve of. Want to install AutoAim v3.5 on your PC? Go ahead. But the next time you try to play a multiplayer game, the game server will refuse to let you connect until it receives a report from your Trusted Platform Module indicating that you aren't enhancing your aim with software. Don't like the idea of installing GovernmentSpySoftware v2.02 on your home PC? Then don't! But be aware that the next time you try to connect to the Internet, a government-mandated piece of software in your ISP's Radius server will require a signed certificate from your TPM that the spy software is running and unaltered before it instructs the routers to handle your traffic.

These are just hypothetical examples, but they show how trusted computing will be used to control your computer without ever making your computer less capable or more restricted. If anything, a "trusted computer" is more capable than a PC of today: it has the extra capability of spying on you and reporting your actions to other people!

So you can't "wrap the chip in software" like you suggested. Your software won't have the necessary private keys to produce authentic-looking reports from the TPM. You could definitely physically break open the chip and try to extract the private key. You might even be successful if you've got a lot of equipment and education. But that would have to be done on a PC-by-PC basis since each PC will have its own TPM and each TPM will have its own private key.

Re:It's not futile; it's extremely dangerous...

[rtechie]

So you can't "wrap the chip in software" like you suggested. Your software won't have the necessary private keys to produce authentic-looking reports from the TPM. You could definitely physically break open the chip and try to extract the private key. You might even be successful if you've got a lot of equipment and education. But that would have to be done on a PC-by-PC basis since each PC will have its own TPM and each TPM will have its own private key. Two points:

1) There exist, right now, software emulators for the TPM.

2) How will "the internet" or individual services like Valve or ISPs determine the authenticity of the private keys?

This is a very key point. While it is likely there is a fixed format for the keys, I think it's every unlikely that there will be a secure method developed to distribute a list of which keys are valid. Key distribution is the Achilles heel of public key cryptography and it's weaknesses are glaringly apparent here. Look at the similar situation with AACS. As long as there are non-revocable keys and there is no secure means to distribute blacklists and whitelists this system will break if only ONE key is compromised.

Many people don't seem to get this. You can't sling private keys around to dozens of companies and thousands of engineers and not expect one of those companies to leak the keys, either though weak implementation or direct leaking. Secrets shared by thousands of people aren't secret.

Re:It's not futile; it's extremely dangerous...

Since we're talking about remote attestation, it is doubtful that getting hold of a single private key would be of much use: the gatekeeper server could simply keep a database of the public keys it has seen to date, in order to prevent the same private key from being used by multiple individuals. For "trusted" computing to become widely broken, someone would have to leak the root keys, and as Verisign and their competitors have demonstrated, it is entirely possible for a single company to maintain the secrecy of important encryption keys.

Re:It's not futile; it's extremely dangerous...

[rtechie]

entirely possible for a single company to maintain the secrecy of important encryption keys That's the key point here. A system like this CAN work with a single authenticating entity, but that's not what was described. What was describes was a system whereby multiple entities would have parent keys. And many companies would be wary of putting their entire revenue stream in the hands of a third party that could easily screw them.

Worthless

I'll admit I was worried when I first read the headline, as I have enjoyed writing cheats for games for many years now. But when I saw it was just input validation I'd have breathed a sigh of relief had I not been laughing.

This will stop, maybe, lazy graphics driver wrapper cheats which, being so removed from the game engine, use SetCursorPos and mouse_event to aim for the player. The minute the hack enters the engine, however, these countermeasures are absolutely worthless. Not only does any self respecting hack set the player's aim angles directly, bypassing any input routines, they also attack the countermeasures themselves. I'll nop out the whole input validator. I'll send the 'I'm clean' heartbeat to any server that asks. DRM quality process and memory security measures would be far more capable of stopping cheats, and we all know how effective they are.

Keyboard and mice solve some problems.

[WarJolt]

There was a bug in everquest II when it first came out. I don't know if it's still there. I stopped playing it. If you had a locked door and no key everyone in the party would get their characters walking in a direction and everyone would get their network to drop for a second. The funny thing was that the everquest servers would allow avatar to "drift" through door even though they were closed and locked. That didn't require ANY keyboard input. The funny thing was when the player didn't come back fast enough sometimes he would fall down a hole.

I think a lot of cheating could be solved with a little foresight from the game designers. When it comes to automated cheating devices it's easier to stump an algorithm than a human.

I don't think everyone would want to buy an intel keyboard to play a game, but if they got this thing to work then 2 conditions would have to be met for this to work.
1. Data from the hardware device would have to be sent to the server over the network.
2. Data from the hardware could not be reproduced in software.

As soon as someone figures out how the algorithm works then the product is worthless.

You don't have to trust the client if you trust the hardware, but as soon as someone figures out how the hardware is doing it then it can be reproduced in software.

It's not a matter of can the hardware can be reverse engineered? It's a matter of if someone is going to do it and how long it's going to take them. Some people consider it a challenge.

Or add lag to probable cheaters

"..and their cheating fun ruined by us /kill'ing them.."

Another approach was prototyped a few years back by a research group in Australia, which involved adding latency to those presumed to be cheating... Enough to make the cheater think the network was playing up (encouraging them to go away) rather than pissing the cheater off (and inviting spiteful repeat attempts at disrupting the game). Not sure how good the scheme worked, though.

Look for IGLU under http://caia.swin.edu.au/genius/tools.html, or the README at http://caia.swin.edu.au/genius/tools/iglu-0.2-READ ME.txt

Recent PB update is a rootkit

[rush22]

I was appalled at the recent PunkBuster update. Evenbalance has essentially installed a rootkit on my computer without my knowledge. The only reason I noticed is because my firewall suddenly lit up with warnings.

Normally, PunkBuster is a .dll file in your game folder. However, this recent update downloads two .exe files and places one in the game folder, and one in your Windows system folder. PB says these are necessary only for players who want to bypass admin rights for people who play BF1942 or ArmyOps. Apparently so many people are playing these games on their office network and can't log on as administrator on their own computer that Evenbalance has sent out a rootkit with their recent PB update. The programs are mandatory for everyone, though, regardless if you are the administrator. Any player attempting to play on a PB-enabled server without these files, or otherwise blocking these files with a security program, is kicked for "Losing Key Packets" (PB often has trouble with accurate error messages).

The executables are run upon startup of your computer, and run constantly in the background, regardless of whether you are playing the game. They also intermittently connect to the Internet and send data to Evenbalance's servers. Of course, the player has consented to this (and more) by agreeing to PB's voluminous EULA. In fact, if you read it carefully, players have consented to sending their entire hard drive and hardware information to Evenbalance at any time Evenbalance deems necessary.

Evenbalance will tell you, as support team member Glenn (or someone imitating him) says on a game forum I found: "We're not trying to hide anything or throw anything by the user without his knowledge. These services are doing nothing when a PB-enabled game is not being played, other than waiting to see a PB-enabled game launched. When a PB-enabled game is not being played, we're not scanning your computer or internet traffic or anything of that nature."

Though if you have any sort of firewall on your computer you'll know that that is either total ignorance of their own product or a total lie, as PnkbstrB.exe and PnkbstrA.exe do in fact connect to the Internet while the game is not being played. They also use a large amount of system resources for something that is only supposed to be a service waiting for a game to start.

PunkBuster offers people the option of uninstalling these files, with something called pbsvc.exe which gives you an "UnInstall" option. This doesn't seem to uninstall everything, as the PB files are not only still present but still load on startup despite the uninstaller's "Uninstall Finished!" message.

All-in-all, if PunkBuster cannot even get its act together to create an uninstaller, nor to inform its support team of what a rootkit they just installed on everyone's computer is actually doing, how can anyone expect PunkBuster to detect cheats and hacks? Private home-made hacks can already slip through PB's dragnet--the only ones they can catch are publicly available hacks Evenbalances finds on the Internet, the way a virus detector works, so I think it's pretty clear that the solution does not lie on the player's computer.

Instead I'd say it lies in the programming of the game itself. Wallhacks and radar, for instance, wouldn't work if the server did not send the locations of non-visible players. A difficult task perhaps, and for only one kind of cheat, but it is a real solution. And it doesn't involve uploading my hard drive to Evenbalance and granting them access to information which, as EvenBalance's EULA says, "includes, but is not limited to, devices and any files residing on the hard-drive and in the memory of the computer on which PunkBuster software is installed"

Re:Recent PB update is a rootkit

[A_Non_Moose]

I was appalled at the recent PunkBuster update.

I was put off a long time ago by PB when Desert Combat was at its height of popularity.

Yeah, that long ago.

What made me see that was only going to get worse was being flagged as a cheater on my
own server for removing the intro movies...you know, those half dozen annoying adverts
EA games spew out before connecting. BS on that.

I see that things have not improved for the users/players.

Lan games or building trust among other players is the best way, IMO/E.

But winning isn't the point ...

[Kittenman]

I know it's a competitive world and all that, but surely winning the game isn't the point. It's playing it.

I remember once seeing someone play a cheat in the original AOE, where there was a tank stomping around, throwing HE shells at stone age technologies. Yep. Lots of fun. Not.

And ages ago, back when REAL video games involved a small amount of money put into a slot on a pier, some of us would actually play worse than we could, so as to make the money go further. (Of course in those days, money was really worth something. Etc Etc)

Re:But winning isn't the point ...

[Library+Spoff]

>>some of us would actually play worse than we could, so as to make the money go further.

err - how did that work? In the games I played you tended to get further/get better value for money the longer you stayed on... by beating end of level baddies etc...

Re:But winning isn't the point ...

[Big_Breaker]

Maybe to entice people to keep playing them in Street Fighter or some other competitive arcade game? Better to let them win one round so that they do not see that it's hopeless.

Real Social Accountability

[tcolberg]

Just make everyone's address public and verified, so if they cheat, we can drive over to their house and beat the crap out of them. There's real social accountability.

Let me define cheating for you...

[tomatensaft]

Let's say, any modification of game's dynamics (and also objects' properties) beyond what is defined by the game's rules is cheating. Of course, in today's games most of stuff is not defined in any formal "Rules"-type of documents, they're just part of the game. Like the walls you keep mentioning -- if the walls in the original game are not transparent, then making them transparent to gain an unfair advantage is cheating and should not be done. Of course, if you make a game, where all the players are ensured to make walls transparent, then it's just a new version of game's rules.

Re:Let me define cheating for you...

[CogDissident]

Back in the day of halflife one, I had a video card that wasn't terribly good. You see, it had a bit of a problem. At long distances, it would render players "over" all other objects. So I effectively had long-distance-only wallhack. It wasn't anything I even did, it was, in fact, just a bug in the hardware rendering. Granted, its unlikely you'd see a bug this blatant nowadays, but it can still happen, and its still a cheat.

Mod putridly banal parent down

Do you people lock your doors at night? Do you try and choose difficult passwords? Do you use car alarms? Or do you just throw your hands up in the air and leave everything unsecured on the basis that any form of security can theoretically be defeated and that crime is a "social problem"?

The more walls that are thrown up, the greater the barrier of entry to cheat will be. Make it tough on the brainless script kiddies and 80% of the problem is solved. No, not permanently -- but so what? When new hacks become widespread, then new solutions will evolve.

Security through obscurity works when the goal is to minimize your profile as an easy target. Punkbuster reduced the frequency of cheaters in popular multiplayer games for years, that's a fact. I'm all for making it harder for serious hackers to cheat and stonewalling the camp followers. There is no good reason to oppose this type of solution.

HackCam

[bi_boy]

I wish something had actually come out of this.

let me welcome you to the clueboat

[circletimessquare]

i'll be your host, mr. meaningless shibboleth:

on teh intarwebs, you are not dealing with an engaging intellectual discussion in the professor's lounge

you are dealing with something more akin to a drunken bar brawl. in other words, you seem hostile to my "meaningless shibboleth" because it should be obvious

yes, obvious if you are in a dry intellectual chat with a bunch of philosophers. but that's not what we have here, is it?

on teh intarnats, the obvious must always be stated, because the obvious is never obvious to a bunch of drunken idiots. that's why it gets voted up AND that's why it's important to state

you need to readjust what you expect of a level of discourse in a bulletin board like slashdot, or you're going to find yourself continually exasperated and disappointed. it is not composed of dry intellectual wit from the elite of their field. it is a raging cacophony of chaos, upon which the obvious must always be stated, in order to frame the discussion

when you realize that, you realize that should actually be thanking me for my meaningless shibboleth. unless you wish to continue hewing to an impossible standard of discourse here in your judgment of what is said on any message board anywhere

Re:let me welcome you to the clueboat

"on teh intarnats, the obvious must always be stated"

You just think that because you assume the readers possess the same level of intelligence as you.

you're wrong

[circletimessquare]

certain aspects of human behavior are indeed malleable. other aspects are completely unchanging, across all time and all cultures. such as cheating

there was just a study showing that we begin lying at age 6 months. so things like slavery, racism, sexism: yes, as you indicate, these things can be changed. there is such a thing as social progress in this world. but these phenomena are of a higher level of social indoctrination. something we learn later in our development. in other words, put a bunch of toddlers together of various races and racism will not occur at all. we are born racially enlightened, we are born seeing people of other skin colors equally. racism comes from idiotic and retarded influences and trains of thought later in life. racism is learned

however, amongst those group of toddlers, amongst any group of toddlers, you will find cheating and lying. these negative qualities are a much more basic building block of essential human character. lying, cheating: people will ALWAYS be doing these things. you can expect such behavior for all time, from all cultures, from all religions, from all races, from all socioeconomic groups: no matter what the level of social progress. it's just part of human nature, it's basic set of unalterable good, bad and ugly qualities

Re:you're wrong

[rtechie]

however, amongst those group of toddlers, amongst any group of toddlers, you will find cheating and lying. these negative qualities are a much more basic building block of essential human character. Yes, people lie and cheat, but we don't normally consider the solution to be electronic "shock collars" that electrocute you every time you lie. Mainly because this wouldn't work.

We use social conditioning. There simply isn't strong social conditioning against online cheating but there IS strong social conditioning against cheating in Vegas, because you stand a good chance of getting thrown out of the casino and/or roughed up by security if you cheat. People don't cheat in Vegas not because they don't want to, but because they fear being banned from the casinos. That's social conditioning. All the online services have to do is make cheaters actually fear being banned.

Phew!

[Taulin]

I always thought I sucked at FPS games because I sucked. Now I know it is because the other players are cheating. Man, I knew something was up!

Completely useless

"The game also needs to participate in the scheme in order for it all to work."

How is that "Fighting Online Game Cheating in Hardware"?

More hardware for another layer of false security? No thank you.

Confie this to Multiplayer only.

[Gel214th]

There seems to be an annoying trend since we have online acheivements that a lot of games come minus any included single player cheats.On the PC it is fine, someone will always make a trainer, but on the consoles it can be extremely frustrating if you purchase a game and cannot complete it. This has happened a few times to me, and yes you might be very right in saying "Well you just don't have the skill"..but I don't care. I want to be able to beat that last boss, or get past that stuck level and move on with the game. Cheat Codes enable players to do that, and face it you don't use them if you don't want to.

Multiplayer should be the only venue where the player isn't given a choice to get unlimited ammo, or to play with no traffic etc. etc. since that is competition. Codes can also disable Achievements when activated, for example, as that too could possibly be termed player vs player 'competition'. Some people just want to play the game, and get onto the next fun area and finish it, not spend days trying to get past a particular point. Some gamers enjoy saying that they had to try for hours and hours to beat a particular point in a game, or they replayed a level 8 times before finally beating it. But a lot of gamers don't. That's why cheats were created and why they are so popular in the first place. It's really not possible to scale gameplay to every skill level, but it is possible to allow the player to choose to play in 'God' mode for a while if they want to.

Re:Confie this to Multiplayer only.

[argent]

Agreed.

Back when Karl and I developed "Tracers" on the Amiga one of our design principles was that, since we weren't trying to keep people pumping quarters, the game should be fun whether you were "good" or not, and you should be able to play more or less indefinitely, with cool stuff continuing to happen, even if you weren't "all that good".

For single player, even if they do insist on playability limits, you should bloody well get the cheat codes printed in the documentation.

Re:STOP MODDING UP MEANINGLESS SHIBBOLETHS, PEOPLE

[Hellpop]

Is that a Lovecraft reference?
"Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn shibboleth"

Technical details from Intel

[jarok]

Intel appears to have posted some clarifications and additional details on the solution: http://blogs.intel.com/research/2007/06/fair_onlin e_gaming_aka_antiche.html

Solution = reliable banning

[BagMan2]

As an MMO game developer, cheating is something that we have to combat on a continuous basis. Some styles of games are easier to protect against cheating than others. Cheats fall into a few problem categories:

- bots
- exploits
- information exposure
- client side authority
- griefing

A bot is a cheat that automates a process we expect the user to do. This intel initiative seems to be aimed squarely at this type of cheat. Typically bots are used to automate tedious tasks that produce income for the character in the virtual world. The big danger is that they can ruin a games economy and the player experience by devaluing the effort the non-cheaters put into the game.

An exploit is a design flaw or a bug that a player finds and intentionally exploits to their advantage. While I personally don't believe in banning players for using exploits, because I consider them my problem, many games have a policy of doing such. The logic behind banning exploits is the reality that it takes developers a significant amount of time (weeks sometimes) to get an exploit-fix completed and through the testing-process before it makes it to the live game. There needs to be some protection for the game in the interim and a stern policy against exploits is all we have. The best compromise would be to ban players using exploits until the exploit can be fixed.

Information exposure is where the client is able to expose information that they normally can't see to gain an advantage. This can be everything from making all walls have invisible textures, to sniffing packet-streams and finding out that a particular NPC just spawned nearby. These cheats are really a form of client-side-authority cheats, as the client-side of the game becomes the authority for what the users is seeing. That is, the client-side is selectively displaying information that is has. While every effort is made to only send the client information that they are supposed to have, there is a limit to what can be done.

A lot of times it comes down to game experience. Sure, we could not send down information about an NPC that spawned right behind you because technically you can't see it, but when the user suddenly turns around in the game and doesn't see the NPC, then the NPC suddenly appears a few hundred milliseconds later (ie, it pops in), it sort of ruins the game experience for the user. Also, it can create too big of a load on the server to validate absolutely everything. It would be unreasonable for the server to a do a full line-of-sight testing against every NPC in the world for every player to determine whether they should really be able to see it.

Next we have client-side-authority hacks. These are hacks where the client-side is the authority for what is happening in the game. Again, we try to minimize the amount of client-side authority there is, but it is more difficult in some games than others. A twitch FPS game is going to need to have a lot more client side authority than an RPG game for example, simply because there isn't time in a twitch game to do a round-trip to the server to validate something the user might be attempting to do. The most common client-side authority area in games is physics, because it needs to happen instantly and the server doesn't have the horsepower to do true physics for everybody in the game anyways.

Client-side-authority hacks fall into two classes, data-hacks and code-hacks. With code-hacks they change client-side code to behave differently. For example, they might just remove the call that checks for collisions against walls, such that they can walk through walls. With data hacks, they do things like change the fire-rate of their weapon, or make themselves run slightly faster.

The worst part about client-side-authority hacks is they prevent game developers from even attempting a large class of games. Client-side-authority hacks are by far the most difficult type of hacks that we have to deal with. As developers there is some client-side authority we

Re:STOP MODDING UP MEANINGLESS SHIBBOLETHS, PEOPLE

A statement like "there is no technological fix for a social problem" is just important-sounding nonsense.

It sounds true to me. Can you provide an argument against it besides name-calling?

We seem, after all, to have prevented the problem of people physically reaching out across the internet and strangling people... I have yet to see anybody do this (as much as I'd like to sometimes).

That's not a social problem -- it's a technical limitation, if anything. A social problem would be "people want to hurt other people over the internet" -- and as much as we've tried, we haven't "solved" this social problem. People still want to hurt people online, and people still harass other people online. Good luck coming up with a technological solution to this, fucktard.

Parent poster completely ignores the obvious problem with his arguments: that ALL defense mechanisms are not about absolute defense, but about reducing the rate of successful attacks and/or increasing the barriers to entry (such as technical sophistication, equipment, time, etc) that an attacker must invest in to be successful.

His exact words were "anything designed by a man can also be broken by a man", which I would say is admitting exactly that which you claim he ignores.

The only solution...

[CrazyKen]

... is us humans. As others have already stated, any type of anti-cheat system implemented via software and/or hardware can be circumvented. While Intel's attempt may make it harder to cheat, it will not be impossible to bypass. It's up to the server admins or the game players to 1) know the game they're playing really well and 2) be able to identify someone, without a doubt, who is cheating. I used to run a Soldier of Fortune 2 server. As the server admin, I felt it was necessary to know the enemy. I watched videos of people who used hacks such as aimbots, wallhacks, shader texture replacements, etc.. After a while, I was able to identify a cheater from, say, a really good player. I did this on my server as well as other clan/public servers. On a server running PunkBuster, you're able to get a screenshot from an in-game client to see if they're running any wallhacks or replacing shader textures. This works very well but isn't 100%. If a hack program is designed well, it could temporarily disable the hacks so that the screenshot shows the person behind the client is *not* cheating. PunkBuster also has unique client IDs assigned to each client. If someone is caught cheating, the person is banned from the server using this unique ID. I knew someone who had a multi-hack (aimbot, wallhack, etc.) that could not be detected by PunkBuster. In addition to that, his hack was able to generate new IDs. If he was banned, he could come right back with a new ID. PunkBuster is only able to detect what they know about. Until a hack is submitted to them, they know nothing about it and are unable to detect it. Nothing can stop cheaters but us humans.

Oh yeah...

[CrazyKen]

... forgot... never get caught cheating at LAN parties. http://www.gamespot.com/users/xd3usx/video_player? id=KiZhkTWv5bsPuDM

ELO rating; TrueSkill

[tepples]

And what happens if you *are* really that much better than everyone else? An ideal matchmaking system would suggest servers with players with similar skill levels. Chess clients that track a player's estimated ELO rating do this. Tetris DS for Nintendo DS does the same thing. Xbox Live games have something called "TrueSkill" that achieves much the same result.

It's a social problem

[edraven]

It needs a social solution. One good reason people don't cheat as often in RL is social mores. Basically that boils down to everyone will stop playing with them. What online games need is a way to identify other players with whom you're personally more likely to enjoy playing. A collaborative filter approach would make sense. If you enjoy playing games with person X, you're likely to enjoy playing with person Y who also enjoys playing with person X. In a system like this, more aggressive players would naturally tend to be matched up with more aggressive players, while those who enjoy a more casual game would be matched together. Cheaters would tend to annoy pretty much all other players, even other cheaters. Players who consistently aggravate their opponents would eventually find the pickin's mighty slim.

ZOMG!

[Impy+the+Impiuos+Imp]

> Now it seems that could change change with Intel's own Anti-cheat Software/Hardware."

T me for a web site where you can dl the workaround.