Fighting Online Game Cheating in Hardware

Monk writes "Multiplayer games these days have one problem. Cheating. Cheating is out of control because of failed attempts by software such as Punkbuster, and VALVe's Anti-cheat (VAC). Now it seems that could change change with Intel's own Anti-cheat Software/Hardware."

there is no technological fix

[circletimessquare]

for a social problem

anything designed by a man can also be broken by a man

the only remedy for human antisocial activity is human social activity. no technology will change that fact. and if you think it can augment those who intend good, then you're right but you must also bear in mind that it can also augment those who intend evil

this applies to security cameras, file trading on the internet, etc. as well as game cheating

Re:there is no technological fix

[Kjella]

To go back to classic crime term "Motive, means and opportunity". You can either try to take away their motivation, take away the means or take away the opportunity. Time and time again we've shown that to change human nature is very very difficult. To take away the means is usually to take away the tools, which are usually overbroad and takes away legitimate uses. Taking away the opportunity is usually the most appropriate and effective.

I have a lock on my door. It's to take away the opportunity. It's a lot better than trying to outlaw lockpicks and crowbars and everything else that might be used for breaking and entering, and it's a lot easier than to remove, tag or secure all my belongings so there's no point or to make sure burglars are tracked, arrested and punished with such efficiency that it doesn't pay off, even if the door was open.

Any sort of security, locks, alarms, encryption can probably be broken if not directly, then indirectly. Would it be a challenge for a pro team to break in here, install a keylogger and capture my encryption password? Hell no. But it's a pretty good defense against anyone casual, it's mostly about keeping honest people honest. Which is really a nice way of saying most people are crooks, they just haven't gotten the right opportunity yet.

Re:there is no technological fix

[AnonymousDivinity]

there is no technological fix for a social problem. anything designed by a man can also be broken by a man.

I don't know about you, but I for one like having locks on my doors. Are they 100% perfect at keeping determined individuals out? Of course not. But that's not their purpose. These kinds of measures merely need to make an activity "not worth it" to those who have some motivation (the aforementioned societal problem). Economic deterrants do work well, at least on a statistical basis.

As for cheating devices, if one were to construct an anti-cheating system that would require a hundred million dollars worth of high tech, rare equipment to break - do you think some gamer is just going to have that kind of money lying around? I'm not saying Intel's solution is of this nature, but this absurd notion on slashdot that technology cannot help/solve societal problems is total bullshit. A lot of social problems are highly context/environment dependent (mostly as a result of human psychological quirks, and evolutionary behavior), and technology can do a lot to alter the environments where people interact to the point where many harmful behaviors are discouraged or stopped altogether.

Re:there is no technological fix

[The+Clockwork+Troll]

The social problem has an obvious solution: accountability.

If banning of an anonymous ID is the worst any cheater might endure, and they know it, they're going to operate as you would expect someone with impunity to operate.

The obvious solution has obvious problems. The social solution leaves a worse taste in our mouth than cheating. That's why we're chasing it technically.

Re:there is no technological fix

[Dogtanian]

Anything designed by a man can also be broken by a man? I guess that means all strong crypto schemes were invented by females? I was thinking along those lines too; not a good argument. He'd have been better off pointing out that the main problem with inventing "secure" peripherals is the same one that bedevils all "secure" devices- the owner still has to have the encryption/decryption key or technology in their possession.

At its crudest, what's stopping someone from wiring up the keyboard to.... anything they like?

Re:there is no technological fix

[SanityInAnarchy]

Sibling is wrong that you'd have to duplicate XP. You'd have to duplicate Linux, because it'd be a HELL of a lot cheaper than licensing XP, or developing your own drivers.

But here's why that's a bad idea:

1. Modern OSes are fast. You're really not losing a lot of cycles to the OS, compared to what developers willingly throw away in order to make development easier -- many games have significant chunks of the game logic written in a scripting language.
2. It can be nice to multitask with a game. For example, I run my MMOs in a window, next to an IM client, a web browser, and a notepad. This is even nice with an FPS, for example, to have an ssh window open to control the game server with at a LAN party.
3. It'd be entirely too easy to run the whole thing in a hypervisor or emulator. Failing that, you could do tricks like a chroot in Linux... I'm sure Windows has tricks I don't know about, or maybe something custom. Notice how much cheating there is on Xbox Live, and they control the boot CD and the entire console.
4. It would be slow, unless you used the hard drive as a cache -- which kind of starts to defeat the purpose, as you could modify the files in the cache. If you use checksums to prevent that, you still have to boot from the DVD, which will take some time.
5. Any way you use to prevent someone from just burning a hacked version also prevents backup copies. But I guess that's "copy protection."
6. It would be difficult to patch. The patching system, if you had one, is yet another way someone could potentially hack it.
7. It would be difficult to use the hard drive, for caching, patching, or saving. Some people have weird BIOS RAID configurations, some people have real RAID, some people have SATA, some have IDE, some have two hard drives, some have many partitions. The only way this could possibly work is if you had a custom partition for that game, or a fixed directory on an OS partition -- the first requires you to repartition just to install a damn game, and the second requires you to have a specific OS installed.
8. At tournaments, there's no real need for custom hardware. Just clone a disk image around, and don't give any players access to the game before they start playing -- during which time they get no Internet access and no custom disks, except config files they've supplied ahead of time for scrutiny.

Let me tell you one thing it would be good for, though: LAN parties. I've been meaning for awhile to make a DVD of UT2004 (maybe minus a few maps), Quake3, Doom3, etc, probably based on Ubuntu, so that people who bring a crappy, spyware-infested computer to a LAN party at least have a chance of getting into the game with a decent framerate, without us having to format them and install a pirated XP (which we have done).

Currently, we ask that people bring their computers a day early -- even to a small, 10-person LAN party -- so we can check them out, and decide if we want them on the same subnet as our own, and maybe clean them up a little -- not to mention do mass-installs of whatever games we're playing.

But, even here, it's a backup, because it won't work for all games, and the ones it does work for almost certainly have Windows ports, or we can just install Linux partitions everywhere. It's a LAN party, so we can look over someone's shoulder and physically beat them if they cheat, and it's much faster to boot an OS off your hard drive and launch the game, because hard drives really are that much faster.

It's actually not a horrible idea, though. Someone founded a company based on it, but they didn't get very far. They were called "Gentoo Games".

Re:there is no technological fix

[EsbenMoseHansen]

In an online chess game, where the rules are fixed, I would challenge you to trick the server other than by hacking it. There is two things: Game data and interpretation of this data.

There are at least 2 possibities: Changing the rendering of the incoming data in a favorable manner (e.g. highlighting opponents, pickups or what-have-you) and having a custom client that plays or help you play. The classic example is the aimbot, that is a client that helps you aim your shots.

Re:there is no technological fix

[irc.goatse.cx+troll]

latency of two moving people around some obstacle means you either let them both know where eachother is before they should be able to render, or you'll be able to induce lag to allow yourself to teleport around the game which is just as bad.

Then theres issues of "can it be seen through?" for example when I replaced all fences (which in a real engine blurs to solid after some distance). Is it cheating to tweak your drivers with rivatuner to change how it blurs them so you can see through them? What about replacing the texture with an empty texture?
Replacing the enemy models with sold colors?

Even defining cheating with 100% accuracy is impossible, saying you can stop cheating is laughable.

Re:there is no technological fix

[rtechie]

Time and time again we've shown that to change human nature is very very difficult. Nonsense. You may have noticed that people are no longer urinating in the streets, as was customary 100 years ago. Your average 3-year-old today behaves better than adults did a century ago. There's all that civil rights stuff too. Contrary to what some people seem to think, human behavior is in fact extremely malleable.

Online cheating is not "human nature". It needs to be considered "socially unacceptable" to cheat and there needs to be tangible punishments associated with doing it. Take the behavior of purchasing characters, items, gold, etc. for MMORPGs on Ebay. This is cheating, pure and simple. Using aim-bots is also cheating and Valve, Microsoft, and other online game providers should be zero-tolerance on this. They should stick in their bullshit license agreements that if they cheat on the service they have to pay a $50 "reactivation fee" EVERY time you cheat. And not just MMOs. If you cheat they block your CD key and you have to either purchase a new key or a new copy of the game. Sure a few whiners might sue, but I suspect that most cheaters are little brats and unlikely to defend themselves in court.

The reason they're not doing this now is that they fear lost revenue. As gamers we should pressure them to bring the hammer down.

Add the cheats as features to the game

[Slim+Backwater]

How about just adding cheats as elements to the game? Players like radar? Add it. The ability to see through walls? Auto aim, auto trigger? Make them power ups. Don't fight it, integrate it.

Re:Add the cheats as features to the game

[boaworm]

Because many of these games aim to be realistic, that's why people play them. Adding an "aimbot" as a powerup is not something that would have happened the 101:rd airborne when they dropped down over normandy, so when you play that scenario, neither do you want it or should have it.

Re:Add the cheats as features to the game

Yeah, make an FPS game where everyone automatically has immortality, omnipotence, omnipresence & every conceivable weapon.
Sounds a lot of fun.

Re:Add the cheats as features to the game

[Cylix]

Because someone would come out with an anti-aim, anti-whatever and turn all of those new features off.

You just can't win with these damned kids.

Re:Add the cheats as features to the game

[kasperd]

The objective of the game would be to develop the best program to play the game.

That kind of games are fun for those of us who know how to code. Most of the gamers out there wouldn't stand a chance in a game that involved coding in order to play it. But there still remains a few questions, do you run the program on your own machine talking to a server? If so, is the program supposed to play by itself, or is each player going to be a person and a program cooperating? Are people with a beafy machine and a fast Internet connection supposed to have an advantage? You probably cannot design it such that they will not have an advantage. Alternatively, you submit your program, and everything is then run in a controlled environment.

Re:Add the cheats as features to the game

[Saville]

Attempt 1) get shot down
Attempt 2) get shot down
Attempt 3) get stuck in tree and then shot
Attempt 4) get shot down
Attempt 5) get stuck in tree and spend 5 minutes press the 'escape' key then get shot on ground
Attempt 6) get shot down
Attempt 7) kill some nazis then get shot
Attempt 8) get shot down
Attempt 9) get shot down
Attempt 10) get shot down
Attempt 11) get shot down
Attempt 12) be sneakier and kill more nazis then get shot
Attempt 13) download FAQ and type special 'idkfa' cheat and walk around like Rambo and have more fun playing the video game as escapism where you become a hero. You've just had your fill of realism, now you want entertainment. You want to play the role of the top 1% that didn't die or get wounded instead of just another peon.

*sigh*

[Verte]

The Quake fiasco has already taught us plenty about this: don't trust the user.

Re:*sigh*

[localman]

Ah, ESR. I like this quote:

"If Quake had been designed to be open-source from the beginning, the performance hack that makes see-around-corners possible could never have been considered -- and either the design wouldn't have depended on millisecond packet timing at all, or aim-bot recognition would have been built in to the server from the beginning."

Which is really just another way of saying that it wouldn't have been developed at all. Great solution.

I hate cheating too, but I'm afraid it'll always be there. I just assume on public servers that there is some cheating. When I get sick of it I set up a private game with people that I trust.

Cheers.

Wall hacking

It appears to be yet more DRM designed to ensure that peripheral inputs match those received by the game.
This does not address the issue of cheats that allow the player to have information that he would otherwise not have, such as seeing through walls. Nor can it detect proxies.

Like all DRM, it sounds like it will cause legitimate users more problems than it will cause to cheats and crackers.

Not in the game anymore

[Joebert]

Nobody seems to care how good a game is, "the game" is all about finding ways to cheat no matter which game you're playing.

Re:Not in the game anymore

[illegalcortex]

Not really. The real problem is that there's always a small minority that wants to cheat. They drive off the large majority that just want to play a good game.

Re:Not in the game anymore

[qlayer2]

I play multiple online games, with punkbuster support- and the simple fact is that 99% of the people cheating are untrained dupes who download trainers which also contain a number of viruses, and they aren't doing it to get an advantage in the game. They are just doing it to get a rise out of the honest players. The 1% that are smart enough to write their own scripts and use it for an advantage, are usually terrible enough at the game that their "advantage" doesn't matter much anyways. Most respectable servers will boot these people in a short amount of time, and they have zero effect on anyone else. So why would I pay for a terrible hardware solution to a problem that doesn't affect me, or 99% of the population? If you want to force it on big money tournaments go right ahead, but the average game player has no need or desire for this type of product, and won't use it.

It seems rather futile though..

[boaworm]

The whole concept of anti-cheating is based on making a chip comparing input on mouse/keyboard to input into the program.

So how about:

1: Software that wraps this chip, and returns "true" all the time ?
2: Cheats that does not emulate keyboard or mouse input ? (like radars, spike skins, you name it)
3: Software that generate keyboard/mouse interrupts ?
4: The fact that someone would not buy a CPU/MB with anticheat stuff in it if you intend to cheat. You'd just have a dummy driver emulating this hardware or something.

This only seems to be able to solve a very small portion of cheats.

Wow!

[smiltee]

Exactly like DRM, I am sure this restrictive method will work flawlessly! I think Intel is making the right choice by using something you can't update against an entire army of hackers!

Solution: The Istrate

[kaufmanmoore]

This handy device fits in a computer's 5.25" inch bay and if it detects cheating a razor sharp knife comes out and relieves the offending player of the little (as is always the case with cheaters) piece of manhood that the loser has left. (Towels to clean up blood not included).

Great..

[Khyber]

I'm looking forward to the time when I can't play a game online because some POS hardware/software thinks that my MP3 or video encoder is a cheat mechanism.

Lame, very lame. And you KNOW this will eventually happen. Some harmless software program running at the same time as a game will screw your online play without lube.

Why can't the game devs shift focus away from DRM & etc. and try building a solid product that doesn't NEED a third party anti-cheat software running? It's called internal testing, FFS. You made the software yet you can't find the holes, meanwhile some smartass 15 year old Russian just reads your code and goes "Oh! Look at what we have here!"

Re:Great..

[JNighthawk]

Maybe you've never worked on games before, but you seem very naive about it.

Sure, you can build an ultra-secure game that will be near-bulletproof, but you know what? That game wouldn't be fun. You'd have to wait for server auth before you could do anything, so this would only work for non-real time games.

And, finally, on top of what I said, the direct issue brought up (keyboard/mouse movement spoofing) cannot be fixed by games. Period.

Well, I'm not impressed.

[dannycim]

A friend of mine plays the Final Fantasy XI MMORPG on PlayStation 2. I rigged a little box with a bunch of timers, relays, the heart of a USB keyboard which can repeat timed sequences of game macros without supervision. It works wonders for some "skill-upping".

Intel's little trick wouldn't detect that as it involves no software at all, no injection of keyboard events. As far as the console is concerned, it's a keyboard, period.

I could go a whole lot more sophiticated and build a USB box that would emulate both keyboard and mouse events. Marry that with software that can "look" at the screen data and recognize patterns, and you'd have yourself an automated player.

Go ahead Intel, invent better traps. We'll invent better mice.

Wrong term.

[khasim]

How about just adding cheats as elements to the game? Players like radar? Add it.

The players don't like radar. The cheaters do.

Following your logic, the game would offer the ability to instantly kill any enemy, at any range, automatically. Regardless of intervening obstacles.

Yeah, that sounds like a fun game.

Cheaters want those because cheaters don't want to play by the same limits that everyone else does.

The problem with anti-cheat software..

[Animaether]

..is that the server, at some point, has to trust the data the client is sending. Now there's client-side anti-cheat software that will do things like try and make sure that external applications (not entirely unlike the old TSR cheats of lore) aren't altering the data in RAM before it sends the info back to the server. But that client-side anti-cheat software can-and-will be defeated. Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

So the only proper anti-cheat lays with the server. But there you hit a problem. You can, for example, prevent some cheats that way. Somebody lobs 2 nades while the server knows he only has 1? Cheating. Somebody moves all over the screen, faster than the player can actually run? Cheating. Wait - or a laggy connection.. or a bug. Tread with caution there. Caution means a margin. A margin means a margin for cheating. Okay, so you don't have your cheat make your player run at 200% - you just make him run at 105%. Still an advantage, and the anti-cheat won't catch it because of the margin. And even when you can detect all the -technical- cheats (more ammo, faster reloads, increased speed, greater jetpack fuel (if there's any), that leaves you with the cheats that cheat the User Input. Aimbots and the like - which can be extremely difficult to detect.

In the end, you can't 100% prevent cheating. But you can make the landscape unattractive enough to cheat in by at least trying to prevent it and having an actual human being look at suspicious behavior from time to time.

( I admin at one of the more popular Soldat servers - we're virtually cheater-free because the cheaters know they'll be busted in no time and their cheating fun ruined by us /kill'ing them (rather than banning - as they'll just be back) and ousting them in public. )

Re:The problem with anti-cheat software..

[Catil]

As far as casual public server playing goes, there might be another solution: Statistics.
40% aiming accuracy? Too good. 5 headshots in a row? Too good. etc.
It wouldn't even have to have anything to do with cheating, actually. The message a detected player would recieve would be something like this: "Sorry, you are already too good for this server, it's low-skill only. You will be kicked in 5 seconds, so the noobs here will have more fun in a more even and fairer game. Feel free to play on our mid- or high-skill servers over here."

Re:The problem with anti-cheat software..

[lena_10326]

And that *still* doesn't get rid of aimbots.

It would get rid of aimbots.

In order for an aimbot to work it needs access to the internal game state, particularly positions and velocities of objects in the game, which it can gleam by analyzing the data packets between server and client or by accessing in memory game data.

If all you have is a video stream, the aimbot has access to no game state. The best it could do is try to recognize objects on the screen by pixel patterns (screenscrape), which I doubt would work if everyone chose skins matching the background. It also wouldn't have access to positions of off-screen objects, which gives the aimbot its real advantage--shooting at people behind you or hidden underwater or in shadows. I think in that case any screenscraping aimbot would be more trouble than its worth as well as very inaccurate (obvious).

Re:The problem with anti-cheat software..

[Bombula]

And the high-skill servers will be like SNL's All Steroid Olympics. Why not? Same with MLB. Who cares if people cheat - as long as everyone is cheating, it's still a level playing field.

Re:The problem with anti-cheat software..

[bjorniac]

But then good players would be lumped together with cheats, which is no fun whatsoever. I play CSS somewhat competitively, but love playing on a few pub servers too. It's no fun at all, though, when someone who obviously hacks comes in. Sure, there are noob servers out there and anyone who's good should leave them alone so people can have fun there, but all your scheme would do is shift the problem to servers for good players.

Re:The problem with anti-cheat software..

[brkello]

The only problem with that is a lot of the time the admins just aren't very good players. They are unable to tell a good player from someone who is cheating. I know my brother and I have been banned from many CS servers by admins who can't believe we can play like that. The sad thing is, I am really not that good. Just the admins have no idea how bad they are.

Re:The problem with anti-cheat software..

[Shabadage]

No, that actually WOULDN'T work. 40% aiming accuracy is NOT too high, 5 headshots in a row ISN'T high either. I've been kicked off countless UT servers (Face specifically) because I'd just start snipin' fools from the tower. Then I'd get booted cause I was "cheating". No, it's called I played hours and hours of Face against God-Like bots thank you very much.
 
This would punish cheaters, sure; but it would also punish those who just happen to be good (on that map in my case).

Re:The problem with anti-cheat software..

[PachmanP]

Conversely, servers that better players frequent would be more likely to recognize and bust cheaters. Whereas the n00b servers, people would be more likely to just think the guy was really good, die alot, and give up on the game.

Re:The problem with anti-cheat software..

[Kjella]

Except the people using aimbots and the like aren't interested in skills - they're interested in the feeling of being invincible, to tear through a map like a mean Rambo look-a-like. Put the cheaters together and they'd have no fun. So what they'd do is find ways to do it anyway, while the good players will get banned by any other name. What are you going to do, start banning people for winning too clearly? Sure, that's incentive... get too good and you get banned on every server except the garbage heap of cheaters, woohoo.

Re:The problem with anti-cheat software..

[Ash+Vince]

I play americas army alot on the net. At one point I was out of work and pretty much played full time for 2-3 months. By then end of that period I got more hacking acusations than you can shake a stick at. I even got banned from a few servers. I have never cheated. The truth is that really good players get headshots first time, almost every time.

In the end I settled on playing on one or two public servers run clans. That way they knew who I was, trusted me not to be cheating and let me carve through people when I was on a good run. That way admin would usually explain to noobs I wasnt a cheat when the acusations started to fly.

I also changed my name to Nohax for a laugh but that was only after I got the hacking acusations.

The truth is though that human admins are the best anti hack method. If you got caught cheating on their servers you would probably get a lifetime hardware ban. That means your PC gets banned, not you account name or anything. I don't know how it works but it is effective as I have heard people complaining they downloaded a hack for a laugh and then could never play again until they bought a new PC.

Re:The problem with anti-cheat software..

[SanityInAnarchy]

Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

In order to defeat TCPM, you can:

1. Fool the TCPM chip itself into authenticating something that isn't properly signed. Probably can be made impossible.
2. Crack the authenticated software, while it's executing -- something like a buffer overflow. Difficult, and is impossible with perfect software. Perfect software is not impossible.
3. Crack the TCPM chip itself (or surrounding hardware), somehow, and steal the key. Might be made physically impossible in the future, physics permitting.
4. Crack the server at the other end, or fool it in some way. Could be made impossible.
5. Steal the key used to sign stuff for the TCPM chip. Requires actual data theft -- this key will NEVER be on your computer in any form.

#1 and #2 require you to have an actual TCPM chip. #4 is unlikely, and would be fixed. Only #3 and #5 really seem likely to produce a version that would work on a computer without a TCPM chip.

Somebody moves all over the screen, faster than the player can actually run? Cheating. Wait - or a laggy connection.. or a bug.

The solution to this is, fix the bug.

Somebody moving all over the screen can be made impossible by having the client send velocity and direction updates, and the server send positional updates back. Or even if you send entirely positional updates, both ways, the simple solution is to have the server send positional updates back, correcting the client. So if somebody is moving at 105% speed, all that will happen is they'll jump back from lag. The faster their connection, the closer it will get to their screen vibrating, rather than them being jerked back a foot or two. And it will only look that way to them, so I can't see it giving them an advantage.

And even when you can detect all the -technical- cheats (more ammo, faster reloads, increased speed, greater jetpack fuel (if there's any)

Not even detect. Defeat, plain and simple.

Consider someone trying to create a godmode. Can't be done. You might be able to convince your own client that you have 100 health, but if the server says -37, that's what everyone else sees, and they also see your body blow up, and their score go up.

that leaves you with the cheats that cheat the User Input. Aimbots and the like

You forgot cheats with the display. Invisible or translucent walls, giant target boxes on people's heads, even things like adjusting the screen brightness.

And you're right, those you have to deal with by having competent admins. But you have to be careful here -- some people really are that good. One way to tell is go to a first-person view of that player, which can help, but not always.

As always, the surest way to tell is to know the people personally, have occasional LAN parties, and maybe form a team.

Re:The problem with anti-cheat software..

[brkello]

This seems like a horrible idea. Maybe it appeals to those who suck at the game...but then what is the point? You already have a filter that does this. Go on different servers and find one the suits your skill level. You don't need statistics to kick you if you have a lucky game. Besides, people would just find out the rules and play around them...making sure they empty their clip in to the wall before they get out of their spawn or purposely miss that next head shot.

Fine, use statistics to detect cheating...but to detect and kick good players? Man, why the heck are you playing online if you don't want to improve or don't want competition?

Re:The problem with anti-cheat software..

[Sigma+7]

This is why you won't find cheating in a good RTS or MMO, the server or peers can run everything in parallel. Actually, there are easy ways to cheat in RTS/MMOs:

• Maphacks/wall hacks allw you to see through obstacles. This obstacle is FoW in RTS games, and due to their nature, most RTS clients tend to be syncronized and require having a copy of the game.
• MMOs can be botted. While not "cheating", it is an unfair advantage since it allows you to get powerful players more quickly than what is normally accepted.
• RTSs, as they generally need a copy of the game state on each client, can have critical information about other players displayed (e.g. how much resources they have/spent.)

Maybe the AI could run on a cheater's system, but I have never seen good AI in an RTS. The AIs you see on most RTSs are lobotomized - they are written to be "good enough", whether it's through scripts or through randomness.

As an example, look at Starcraft - while the AI is relativly strong for new players, it is weak compared to the "build orders" that are posted on various websites, which are then memorized by master players. There's no reason why this can't be placed in an AI to make it stronger.

Another example is Galactic Civilizations (which isn't an RTS, but the same concept applies.) In most difficulty levels, the AI is crippled but is still a threat to most players - the only "cheat" is that it knows the location of good planets (which isn't much of an issue, since they were probing the universe before your race invented hyperspace). The threat is caused by the economic optimization - it picks the best tax rates and maximizes production efficiency. As a side note, there were reports of the AI somehow bypassing tech tree requirements - this complaint was eventually resolved, either through a patch or by identifying how they did it (e.g. tech trading with other races.)

The AI discussions were common with the game Total Annihilation, as it was the only game at the time that allowed AI patching. No matter how well you made your AI script, it was limited with implementation bugs - for example, the AI engine had a failsafe in case the script was faulty (or if it got nuked) where it would start building resource production on an economic shortage, but would never turn off the failsafe. Another bug would be the "5 peewee" rush, which could paralize the enemy AI commander and kill it.

It's not a lack of technology that limits RTS AIs - it's the lack of implementation. There hasn't been any serious attempts to make a strong AI.

Re:The problem with anti-cheat software..

[apoc.famine]

You hit the nail on the head. We run our own UT2k4 server. We occasionally get decent players on. We also occasionally get people who magically get 6, 7, 8 kills in a row in on people that they can't see, or as they round corners. If someone seems just too good to be true, they get the banstick. Have we possibly banned people for just being super-good players? Possibly. But there are a couple hundred other servers for them to play on. Have we banned downright cheaters? Yep. My favorite was the kid in igib Hall of Giants - if you know the map, you'll know how amazing it is to get a "HOLY SH*T!" twice in a row. Yeah, that's 16 kills in a row, with a max of 3 seconds between each one. All the more impressive was that he did it from...the bottom of the map...and shot someone directly above him in the air immediately after shooting someone on the ground, and then immediately shot someone behind him and to the side. I was spectating for the second round of kills, and most of the people who died you couldn't see, due to the distance limitations. Many were nearly 180 degrees apart from each other at huge distances, but they were located and killed in the span of a second or so. Not overly hard to justify a ban for things like that.

Re:The problem with anti-cheat software..

[lena_10326]

Several CS aimbots require fullbright coloured models and actually do screenscrape.

And the models would be server-side where you can't paint them a special color for the aimbot to target, which was the point of the previous post regarding John Carmack's statement.

With just a video stream, there's no way the aimbot could calculate the vertical angle to the opponent because it can't assume he's at the same elevation as you. The aimbot also doesn't know whether you're looking up or down so it doesn't know your vertical viewing angle.

For it to work, you'd have to get yourself level with the enemy and look straight 90 degrees to the ground, otherwise you're guaranteed to miss. Missing several times in a row by consistently shooting over or under someone by a few feet will arouse suspicion and you'd be labeled a cheater very quickly. Being forced to get level eliminates a major strategy of aimbot cheaters: camp in a distant high spot that's difficult to get to and provides you cover.

By the way, some games let you view left and right without turning so in that case the horizontal angle toward the opponent would also be unknown.

Aimbots really only work when it has access to game state, which is position and velocity of you and the opponent as well as your viewing angle. Those require a client-side game.

Re:The problem with anti-cheat software..

[fractoid]

This would punish cheaters, sure; but it would also punish those who just happen to be good (on that map in my case). To be honest, I don't care whether they guy that headshots me 5 seconds before I see him, every single time, is cheating or is just really good. Either way it makes the game suck for me, and it presents no challenge for him. Users *should* be grouped by ability level (whether natural or assisted) so that everyone can actually enjoy the game while they're getting good at it. Surely you didn't have as much fun 'owning noobs with your leet sniper skillz' as you would have playing against equally skilled players?

Re:The problem with anti-cheat software..

[lena_10326]

No, aimbot cheaters use the advantage their aimbot gives them to turn what would usually be a strategic disadvantage into a comical sequence of headshots.

There are a set of aimbot strategies. Not just one. Camping in a remote spot with an aimbot is one, particularly in line of site of a respawn point. I've seen happen a thousand times. Ones that I can think of are aimbotting:

• from a "crow's nest"
• near a respawn point
• near a flag point, regeneration point, home base point, etc
• from upper level walkways shooting down or vice versa
• by lurking on the fringe and pegging off those fighting
• by blitzing a fight (as you mentioned)
• from the other side of an opaque surface (windows, water, foliage, very dark shadow, corner edge)
• by running the map and pegging off opponents randomly
• from the opposite side of the map when line of sight is possible
• by appearing to play "legitimately" to mask your cheat

Yay for Trusted Computing

[Cheesey]

Remember folks, although the remote attestation features of TCPA could be used by online services to force you to use a particular "trusted" application/OS stack, locking you in to a configuration like "IE on Vista", that's not why they are there.

The point of TCPA isn't to enforce DRM or strengthen software monopolies. It's all about things that benefit you, like preventing cheating in online games, and... erm... many other things.

TCPA is a misunderstood technology. The EFF, the FSF and security experts are just making a knee-jerk reaction to something that they don't understand. Let me explain:

1. TCPA doesn't take away your ability to run whatever software you want. If every online service requires you to use (say) Vista, and uses TCPA to enforce this, you can just opt out of the Internet entirely and carry on running Linux or .*BSD or whatever. It's your choice.

2. TCPA doesn't spy on you, although it might be used to prevent you modifying software that does. But then you can just opt out of using that software. Again, it's your choice.

So, say yes to TCPA! Like atomic bombs and subdermal RFID chips, the technology isn't inherently evil, and it will certainly never be abused to reduce competition in the software marketplace, preventing free software interoperating with online services.

Just one problem?

[Quarters]

Multiplayer games these days have one problem. Cheating.

Really? Just one? What about:

Bad design

High prices

Poor performance

Steep system requirements

Bugs

Re:Just one problem?

[cshake]

You forgot another one:

EA

I'd also include 'lack of support for old games' but just saying EA covers that pretty well.
(C&C Generals is what, 4 years old? They don't even have a section on their website for it anymore FFS!)

Anti-cheat systems are flawed.

[Angelwrath]

All software anti-cheat systems are flawed because they include things other than cheating. I get kicked by Punkbuster for high ping on gaming servers.

The trouble with anti-cheat systems is that the developers have no ethical standard. They tolerate inconveniencing legitimate players to ensure that the cheaters are stopped as well. The law would see things differently. The law believes in letting some criminals go to ensure that it never punishes an innocent man. Flawed though it may be, it works far more often than it fails. Punkbuster is the complete opposite, and what's worse is that Punkbuster is full of bugs. I get kicked from servers several times a day and the only message I get is:

"Punkbuster

[Ok]"

All complaints to the company fall on deaf ears. And because EA chooses PB, I am stuck with a company granted an artifician monopoly by another company, and have no choice but to have a greatly diminished experience. Nothing is worse than screwing a gamer over in the heat of a competitive match, and that's what PB does too often.

It's a reputation problem.

[Colin+Smith]

You can't trust the person, you can't trust the hardware or the software you can't trust anything which comes back from the client machine.

Da fix? A cross game registry of gamers with identities linked to real addresses and bank details. Something which all the online games can query, though I'd go with hashed values for bank details/address etc rather than real ones. You get caught cheating, you get marked as such. To get rid of the marking you need a new identity.

Will it stop it? Mmm look at the athletes who take drugs, I doubt it. What getting caught would do though is ruin the gaming life in all the games which use the registry. Gaming environments could be split into two areas. One for trustworthy gamers, one for cheating scum.

Re:It's a reputation problem.

[Renraku]

Valve marked me a cheater on Half Life 2/Counter-Strike Source (which is all one account) and refuses to mark me as not-a-cheater. I had not played the game in six months, only to come back to find myself banned. They then said all bans were final, and refused to let me know what servers/times/dates/logs/etc (aka evidence) they had.

I guess I have to make a whole new account for when HL2 ep. 2 comes out so I can fucking play on secure servers again.

Re:The Scarlet Letter

[Charcharodon]

I'd rather have banning. A key ban is the way to go. Sure let them sign up for a new account, that'll be $50 please. If a person makes enough of an nussance of themselves follow it up with a credit card number ban. Sure most people have more than one card, but the truly cronic bastards would be face pretty quickly with a long time ban if they didn't straighten up.

Personally I've been leaning back towards LAN parties. Cheaters are much easier to deal with, you just chuck an empty beer bottle at them after the first offense. The second offense involves dragging them out back for a little wall to wall counselling session.

It's not going to happen.

[Dogtanian]

wouldn't the next step to be switching games back to a boot system. Think how great it would be to not have worry about all the OS cycles being used. Booting into a game would allow the game ULTIMATE control over what software is run. If anything it could be used for tournaments. That wouldn't work with anything other than a very fixed set of hardware. Even Amiga games frequently stopped working when newer machines came out with minor hardware updates (e.g. A500 to A500 Plus, not a major difference, but it still caused problems). They bypassed the OS back then simply because the speed advantage it gave easily outweighed the extra hassle and compatibility issues.

But technology has moved on. For one, hardware is far more complex these days. The idea of having to hit modern hardware from scratch sounds nightmarishly complicated.

For another, the PC philosophy is that you can use many different types of sound/video/etc hardware because they're supplied with drivers. If there was no OS, the game writers would have to write their own drivers for *every damn card that they expected it to run on*. And that's assuming that the makers were willing to release the specs to their cards anyway, which very often isn't the case.

In short, you'd have to duplicate the functionality of large parts of Windows XP, the sound and video drivers, DirectX, networking, blah blah blah.... all from scratch. You can see why this isn't going to happen just to stop a few kiddies cheating, especially since it would likely get cracked quite soon anyway.

Custom cheat hardware will become popular

[dlleigh]

Software that compares the input from the hardware with what the game sees? No problem: just make sure that the input comes from the hardware itself, and not from a piece of emulator software.

I built a cheat box for GTA San Andreas soley because I am lazy. The game requires that the player have their character "exercise" in a gym in order to build strength and stamina. I didn't like the idea of abusing my fingers and keyboard by rapidly typing the necessary keyboard combinations, so I buit a box with three big buttons on it that emulates a USB keyboard. It emits the correct key combinations when I press a button. (NB: I didn't use a programmable keyboard because I'm a hardware guy and was playing with USB anyway. I like my form factor better and used actual arcade game buttons for feel and durability.)

Want to run on the treadmill for the maximum allowed time? Press and hold a button. Want to lift heavy weights quickly and repeatedly? Press a different button. Yes, folks, I was cheating at virtual exercise.

It actually gets worse. I got tired of holding the button down, so I set an old disk drive on it. Then I could just sit back and watch my character get buff. This was the ultimate in laziness: I was cheating at cheating at virtual exercise.

STOP MODDING UP MEANINGLESS SHIBBOLETHS, PEOPLE.

[mumblestheclown]

For fark's sake people. A statement like "there is no technological fix for a social problem" is just important-sounding nonsense. Really? We seem, after all, to have prevented the problem of people physically reaching out across the internet and strangling people... I have yet to see anybody do this (as much as I'd like to sometimes). Parent poster completely ignores the obvious problem with his arguments: that ALL defense mechanisms are not about absolute defense, but about reducing the rate of successful attacks and/or increasing the barriers to entry (such as technical sophistication, equipment, time, etc) that an attacker must invest in to be successful. Security guards and alarm systems do not prevent all bank robberies - but it is safe to say that there would be more robberies if those things didn't exist. Same here. You may have technological issues as to exactly how much such a hardware defense would decrease the amount of cheating, but it seems fairly obvious that, if implemented, this figure would be greater than zero.

Mod me offtopic...

[SanityInAnarchy]

Is that a reference to the horrible, horrible, Chinese pirated Attack of the Clones (subtitled in english-chinese-english translation)?

That always cracks me up. Vader's "NOOOOOOOO" becomes "DO NOT WANT!!!"

Re:Mod me offtopic...

[Blakey+Rat]

I think that was the origin of "Do not want," but it's in regular use on a ton of websites now, especially Fark.com where it's often used in comment threads and sometimes headlines. Also, a lot of "LOL Cat" images have incorporated it. It's just a popular meme at the moment.

Re:WTF????

[Saville]

Well some of us nerds are busy earning money just like you, but we do it by making video games :P

Re:STOP MODDING UP MEANINGLESS SHIBBOLETHS, PEOPLE

[yada21]

We seem, after all, to have prevented the problem of people physically reaching out across the internet and strangling people...

We've prevented it the same way we've prevented trespass by teleportation and time-travel assisted stock fraud. The method revolves around not building the technology to enable it.

Incredibly poor logic and a crappy analogy.

It's not futile; it's extremely dangerous...

[Erpo]

...because most people who think they understand the nature of Trusted Computing are dead wrong.

In theory you are perfectly correct. There's no sense in trusting data coming from the client. Any hardware or software added to the client's machine to make it disobey its owner can be circumvented.

In practice, the bad guys have come up with a way to make this circumvention difficult and expensive. Here's the basic outline for trusted computing:

* A small chip called a TPM is added to your motherboard. This chip may (in later incarnations) be integrated into the CPU or other system components.

* The chip **DOES NOT** restrict the activities that your system can perform. You can still run arbitrary code at arbitrarily high privilege levels.

* What the chip **DOES** do is keep a detailed log of the code that has run or is running with elevated privileges. Just to reiterate: you can run any code you want, but the chip is watching.

* The chip contains its own public/private key pair that it can use to sign reports on your computer's activity. If you choose to run software on your computer that passes these reports on to other computers on the Internet, other computers on the Internet can know with certainty what software is in control of your computer. You could choose to run software on your computer that would modify these reports before passing them on. However, owing to the nature of public key cryptography, other computers on the Internet would be able to detect your forgery.

* You are free to turn off or remove the chip at any time.

Many people criticize "Trusted Computing" technology by saying that it "controls" what software you can run on your computer. This is true, but not in the way most people think. You are still free to run any software you like on your Trusted Computer, but you cannot program your computer to lie convincingly about your choice of software to other computers on the Internet.

In this way, other people on the Internet can hold you responsible for choosing to run software that they don't approve of. Want to install AutoAim v3.5 on your PC? Go ahead. But the next time you try to play a multiplayer game, the game server will refuse to let you connect until it receives a report from your Trusted Platform Module indicating that you aren't enhancing your aim with software. Don't like the idea of installing GovernmentSpySoftware v2.02 on your home PC? Then don't! But be aware that the next time you try to connect to the Internet, a government-mandated piece of software in your ISP's Radius server will require a signed certificate from your TPM that the spy software is running and unaltered before it instructs the routers to handle your traffic.

These are just hypothetical examples, but they show how trusted computing will be used to control your computer without ever making your computer less capable or more restricted. If anything, a "trusted computer" is more capable than a PC of today: it has the extra capability of spying on you and reporting your actions to other people!

So you can't "wrap the chip in software" like you suggested. Your software won't have the necessary private keys to produce authentic-looking reports from the TPM. You could definitely physically break open the chip and try to extract the private key. You might even be successful if you've got a lot of equipment and education. But that would have to be done on a PC-by-PC basis since each PC will have its own TPM and each TPM will have its own private key.

Re:It's not futile; it's extremely dangerous...

[rtechie]

So you can't "wrap the chip in software" like you suggested. Your software won't have the necessary private keys to produce authentic-looking reports from the TPM. You could definitely physically break open the chip and try to extract the private key. You might even be successful if you've got a lot of equipment and education. But that would have to be done on a PC-by-PC basis since each PC will have its own TPM and each TPM will have its own private key. Two points:

1) There exist, right now, software emulators for the TPM.

2) How will "the internet" or individual services like Valve or ISPs determine the authenticity of the private keys?

This is a very key point. While it is likely there is a fixed format for the keys, I think it's every unlikely that there will be a secure method developed to distribute a list of which keys are valid. Key distribution is the Achilles heel of public key cryptography and it's weaknesses are glaringly apparent here. Look at the similar situation with AACS. As long as there are non-revocable keys and there is no secure means to distribute blacklists and whitelists this system will break if only ONE key is compromised.

Many people don't seem to get this. You can't sling private keys around to dozens of companies and thousands of engineers and not expect one of those companies to leak the keys, either though weak implementation or direct leaking. Secrets shared by thousands of people aren't secret.

Recent PB update is a rootkit

[rush22]

I was appalled at the recent PunkBuster update. Evenbalance has essentially installed a rootkit on my computer without my knowledge. The only reason I noticed is because my firewall suddenly lit up with warnings.

Normally, PunkBuster is a .dll file in your game folder. However, this recent update downloads two .exe files and places one in the game folder, and one in your Windows system folder. PB says these are necessary only for players who want to bypass admin rights for people who play BF1942 or ArmyOps. Apparently so many people are playing these games on their office network and can't log on as administrator on their own computer that Evenbalance has sent out a rootkit with their recent PB update. The programs are mandatory for everyone, though, regardless if you are the administrator. Any player attempting to play on a PB-enabled server without these files, or otherwise blocking these files with a security program, is kicked for "Losing Key Packets" (PB often has trouble with accurate error messages).

The executables are run upon startup of your computer, and run constantly in the background, regardless of whether you are playing the game. They also intermittently connect to the Internet and send data to Evenbalance's servers. Of course, the player has consented to this (and more) by agreeing to PB's voluminous EULA. In fact, if you read it carefully, players have consented to sending their entire hard drive and hardware information to Evenbalance at any time Evenbalance deems necessary.

Evenbalance will tell you, as support team member Glenn (or someone imitating him) says on a game forum I found: "We're not trying to hide anything or throw anything by the user without his knowledge. These services are doing nothing when a PB-enabled game is not being played, other than waiting to see a PB-enabled game launched. When a PB-enabled game is not being played, we're not scanning your computer or internet traffic or anything of that nature."

Though if you have any sort of firewall on your computer you'll know that that is either total ignorance of their own product or a total lie, as PnkbstrB.exe and PnkbstrA.exe do in fact connect to the Internet while the game is not being played. They also use a large amount of system resources for something that is only supposed to be a service waiting for a game to start.

PunkBuster offers people the option of uninstalling these files, with something called pbsvc.exe which gives you an "UnInstall" option. This doesn't seem to uninstall everything, as the PB files are not only still present but still load on startup despite the uninstaller's "Uninstall Finished!" message.

All-in-all, if PunkBuster cannot even get its act together to create an uninstaller, nor to inform its support team of what a rootkit they just installed on everyone's computer is actually doing, how can anyone expect PunkBuster to detect cheats and hacks? Private home-made hacks can already slip through PB's dragnet--the only ones they can catch are publicly available hacks Evenbalances finds on the Internet, the way a virus detector works, so I think it's pretty clear that the solution does not lie on the player's computer.

Instead I'd say it lies in the programming of the game itself. Wallhacks and radar, for instance, wouldn't work if the server did not send the locations of non-visible players. A difficult task perhaps, and for only one kind of cheat, but it is a real solution. And it doesn't involve uploading my hard drive to Evenbalance and granting them access to information which, as EvenBalance's EULA says, "includes, but is not limited to, devices and any files residing on the hard-drive and in the memory of the computer on which PunkBuster software is installed"