Slashdot Mirror
Valve's Battle Against Cheaters
wjousts writes "IEEE Spectrum takes a look behind the scenes at Valve's on-going efforts to battle cheaters in online games: 'Cheating is a superserious threat,' says [Steam's lead engineer, John] Cook. 'Cheating is more of a serious threat than piracy.' The company combats this with its own Valve Anti-Cheat System, which a user consents to install in the Steam subscriber agreement. Cook says the software gets around anti-virus programs by handling all the operations that require administrator access to the user's machine. So, how important is preventing cheating? How much privacy are you willing to sacrifice in the interests of a level playing field? 'Valve also looks for changes within the player's computer processor's memory, which might indicate that cheat code is running.'"
Team Fortress is overrun with cheaters and Valve seems completely unable to do anything about it.
Women are like electronics: you don't know how damaged they are until you try to turn them on.
What all these anti-cheating efforts fail to realize is that cheating is an integral part of the game, especially in computer gaming. Given that such a cheat can be performed by anyone, the playing field is *always* level in the aggregate. By removing actions that they consider cheating, they are removing key gameplay elements and ultimately changing the face of the game.
Additionally, it says a lot that they must resort to installing what is essentially a rootkit just to make sure someone isn't taking advantage of superior technology or extra knowledge. If these games are so unplayable with cheating enabled, perhaps the designers shouldn't have put those features in.
Crippling superior players is Communism.
I don't run Windows for privacy, I run it to play games. My real work stays on my Linux/OS X machine.
'Cheating is more of a serious threat than piracy.'
What are they going to start suing their clients now?
I didn't know that saying that something was a "serious" threat didn't carry enough weight anymore. And in regards to cheating in an online game? Yeah. Hellaserious.
Long live the BSD license
> How much privacy are you willing to sacrifice in the interests of a level playing field?
None whatsoever! We are talking about effing games here!
And like someone else already mentioned: This "option" can be used by everybody, hence the playing field _is_ level.
Which part of this infers a threat to privacy? You need to think of this too- The system is running Windows, which is a black box and they could be doing whatever they want and you wouldn't know about it.
... the innocent people who have been banned by VAC because of hardware failures or software bugs. Customer support staff ignore or abuse these people and won't even take the time to check their logs. They do not acknowledge the possibility of a false positive. I realize that they don't have time to investigate every complaint sent to them. But their customers deserve a better degree of service than what amounts to an instant and final termination without any evidence necessary, at the total discretion of Valve. Paying customers should not be at the mercy of those from whom they purchase goods.
It is the 'better a guilty man go free' issue played out on a stage where contracts of adhesion reign supreme. Valve can do whatever they want. I won't buy any products from Valve again. And any recognition for taking on the noble cause of preventing cheating in online games is undeserved. Our contempt is what they ought to be given.
Comment removed based on user account deletion
So the crazy idea is this: don't tell the client systems where the avatars are located. Maybe your system says "I'm here, looking this way", and all you get back is a bunch of data for drawing textured triangles. Triangles might be part of another player's avatar, or a wall, or who knows what; but your system doesn't know of what it is either, so there's nothing for an aimbot to go on to do its thing. It's more data, and more work for the server, but maybe it's not TOO MUCH more data or work for the server, and it'd be cheat-free.
(Unless you write some spiffy image recognition software, but hey, at least we get some advances in AI out of the deal that way...)
Those who fail to understand communication protocols, are doomed to repeat them over port 80.
Cheating is a social problem, not a technical problem. Technical solutions for social problems usually do not work. However, we have fixed this problem already with various other online activities, where people even regularly spend real money to buy something from complete strangers. Reputation systems like eBay and Amazon use seem to work quite well, but then of course you can no longer blame the cheaters for poor sales.
OS Reviews: Free and Open Source Software
Comment removed based on user account deletion
If they're so super-serial about cheating, why oh why oh why do they keep developing games with vulnerabilities designed in?
Whack-a-hack is always a losing prospect. If you trust the client, then you're boned. There are far more people with far more incentive trying to pop your cheat cherry than you've got available to protect your virtue. Your best case scenario is that you make a profit before your game is totally owned.
If you were blocking sigs, you wouldn't have to read this.
Comment removed based on user account deletion
There are two big problems with VAC over PunkBuster
1) All power resides specifically with VAC. There are no tools for the server admin to make things like md5 or cvar checks, no screenshot facility to check players, or even the ability to kick a player. As such, you HAVE to rely on VAC doing all the work, and you as a server admin have nothing to say about it. If you see a cheater that VAC is failing to catch, your outta luck.
2) VAC gives no information as to what it is doing. You never see a player being kicked due to VAC detection, so you have no idea what VAC is actually doing. Is it truly detecting anything, and if so, how would you know? With PunkBuster, it gives you kick messages which if not displayed on the screen, are at least logged in the server and client logs.
No accountability is never a good thing.
A while back, my account was hacked. I've no idea how they got access to it, but it was shortly after i downloaded some indie game that was kinda like tron. Anyway, i contacted valve support, had them reset my password. But when i got back into my account, it was vac banned, meaning i couldnt play anything online. I asked valve to undo this, and they metaphorically flipped me off.
WTF are you smoking?
You are apparently living in cheaterland, where you have no hand-eye coordination and you rely on software to play for you.
None of modern existance is automated. You are just trying to rationalize your cheating. Epic FAIL!
They're using their grammar skills there.
The thread you want is here.
Seriously, i can live with cheaters ruining my game. First of all, i alway look at cheaters with pity and not hate. I feel sad for the sorry bastards as i blast them to pieces without any cheats whatsoever. Cheating in a game is like faking your own orgasm as you pound your meat because nobody wants you.
I think its the wrong approach trying to stop people from cheating. Probably better to put effort and energy into finding cheaters like poker sites do by behavioral and statistical analysis.
Put a warning up on people who look like cheaters and let people know their statistics are inhuman. That way people can just /ignore cheaters and their appearance in games wont be such a bother. If i know an extensive review thinks someone is a cheater its much easier to accept that idiot sniping me with a gun from mid-air three miles away.
HTTP/1.1 400
The only real way to enjoy the game is to join a dedicated server where the admin is online and can kickban the player. As a poster mentioned above, it's pretty easy to confirm a cheat by spectating their pov. Unfortunately votekick rarely works, even with a really bad cheat there are too many that won't bother.
Phillip.
Property for sale in Nice, France
I am an admin in one of the larger gaming communities in my country, and have a history of competitive gaming. I was never a gamer before I saw the teamplay in CS 5on5 matches (example video). I still play the orginal game once a week or so. Just for the record, CS is a team-game where aiming and firing is only part of the skill. Knowing and practicing with your team is essential just like any other sport.
If you didn't already know, Counter-Strike (CS) is still one of the largest on-line games out there, peaking 75k users yesterday. I'm talking about the version 1.6 and not the CSS (CS Source) version. There is still a larger userbase for other Steam-games, but we still regard the original CS to be the game played by the eSports community because of its smooth gameplay and predictable recoil patterns when firing guns. Many "elite"-players have tried moving on to newer games, but get disappointed and still comes back for the good old CS 1.6 where graphics may suck, but you get a predictable gameplay where the player is not that much affected by randomness.
The story of cheating in CS has been a long annoying trip. People have even been cheating at LAN-events where they used aim-key, and they even won price money and got away with it. The story is long, and websites profiting from selling cheats are very active today. Some of the cheats go very deep in kernel and hide itself just like a root-kit. Ring 0-cheats are common.
VAC (Valve Anti Cheat) has been the attempts from Valve to stop the cheats, however VAC has always been ages behind any new cheat and has never taken all cheats available for free at the net. There has been attempts from the community at steampowered to scare users with passive detections and delayed bans so users could not be sure which cheat got them banned, but mainly VAC seem to me being a low priority project at Valve. Valve is still, like any other company, prioritizing new projects and just leaving maybe one programmer doing some cheat-detection-code on his free-time. The situation is a win for cheaters and others. And also a win for Valve, since there are a lot of people trying cheats and thus they sometimes get banned, ending up buying a new copy of the game (the price for a new CS at Steam is currently available at 7,99€ which is annoyingly cheap). Valve still sells a lot of copies (in the years 1999-2008, Valve had sold 4,8 million copies!).
Various anti-cheat communities has gathered during the years, where one try syncing ban-lists and communities constantly have players monitoring other players trying to spot cheats by spectating. As VAC is such a failure, many still go undetected. Especially if one hides their cheats well. The community RADAR is one of these initiatives which accept new communities for sharing such ban-list.
The latest addition; Easy Anti Cheat (EAC) is a project created by a skilled programmer that is based upon deep-level detection accompanied with screenshots. This programmer may seem hard-core, and this is mainly because he used to be a cheat author(!). This is currently the best anti-cheat system available for CS, but it's still only used in Clan Wars/eSports. The public-area for normal players is still depending upon VAC, as the EAC requires a 3rd party client installed which is a tough barrier to overcome.
The future now seem brighter, as we have now left VAC and we are mainly no longer depending on it. I wish Valve software good luck in the future, but it seem to me that if VAC remains a low-priority project it will still annoy thousands of everyday players and leaving a few cheaters laughing, destroying the on-line experience.
Yours
Cheats such as Aimbots, Bunny-Hopping and Speed-hack are fairly obvious and easy to detect. The results of such cheats are visible within the game. Other cheats, such as Wall-hacks and Radar-hacks, are more difficult to discern and can only be detected by observing player actions over time. Such cheats, however, are enabled by the game engine itself. The engine provides the data of what is behind the wall, or what are all the player positions to each client. In normal mode, the game does not present this information to the player. The cheats utilize the available data and presents it to the player providing them an unfair advantage. If the engine did not provide this information to the end-client PC, these cheats would not be able to work. The engine needs to be designed so that this "extra" information is not made available to the end-player.
Comment removed based on user account deletion
Comment removed based on user account deletion
As much as I think On-Live is doomed to failure, one positive point it has going for it is that I think it'll be damn near impossible to cheat. Since the only thing being sent to your computer is pre-rendered video and all the in-game calculations are done on their servers you couldn't do a wall hack or similar. I guess the only part you might be able to cheat on is the input from the controller (maybe a hack to press buttons faster than is humanly possible), but I can't imagine that would give you that much advantage. I guess an aim-bot might still be doable.
When you're in a situation where network effects are important (eg, people playing your game makes people want to play it because they have more people to play with, or people using your office software means that your file formats are more commonly used) free-riders increase the value of your product. This is a well known and understood effect that many companies have taken advantage of. Until you're in such a dominant position that network effects effectively make your product non-optional (like you-know-who) heavy copy protection is counterproductive.
people that cheat are douchebags that completely miss the point of competitive gaming.
they are the equivalent of a troll on a forum.
My clan won't play MW2 because there are no private servers.
"None of modern existance is automated."
Is this a joke? Why do you think we even have the word "Automation"? It's because we automate a LOT of stuff. Right off the bat I can think of the computer control system for your car.
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
Once again I find myself writing about this subject from an insider point of view.
Valves closed methods simply don't work against cheaters. Not only do they use the lie that they delay bans in order to catch more cheaters but there simply are no tools for server admins to control the environment of their servers that they pay good money for. Valve doesn't delay their kicks and bans because it is a strategy. They do it because they don't take cheat research and generating the detection seriously enough. Not being staff there I can't however comment on exactly how many staff are doing detection work but it's obviously not enough. There are public cheats around that have been openly used for months now and they still go undetected. Valve has never had the ability to even deal with the pay to cheat sites let alone what are considered private cheats. No one at valve can say they are on top of it as this is simply not true. PunkBuster by EvenBalance on the other hand, can claim significant success there.
Punkbuster is far better at cheat detection and their suite of tools gives admins control over the extended abilities to tailor who they keep off their server. They're violations come usually within a week and their global guid bans very often include so called private pay cheats, something Valve has never had ability to deal with. Just look at this site that reports EvenBalance hitting these pay cheats. http://BustedPunks.com I see tens of thousands getting whacked. Some pay sites have shut down. Valve has never been able to make this claim. For years I have tracked EvenBalance and Valve. Valve is certainly PB's poor amateur cousin by comparison.
Then to top it all off there is a solid game server admin community behind PB. Not as and advert but because I'm part of this community for many years and so I know it well. I will give you an example; The professionals at http://PunksBusted.com ( known commonly as PsB). This allows game server admins to join a united front to keep cheating PB player guids off all member servers. Cheat on one server and the guid is banned on all member servers. PsB is using a complex system to generate a common Master Ban List (MBL) derived from PB violations, Screen Shots and MD5 checks etc. Thisl ist goes out automatically to all the game servers. Among the league and admin communities PsB is the gold standard for keeping their matches significantly more clean of cheats than any other methods out there. There are amateur run anti-cheat sites around, but PsB was the first and the largest one that has always set the standards these others simply follow. PsB's system is not just a ban list and goes far deeper along with automated correction system, appeal system, admin support, player searches etc., etc. Valve? What has Valve got. Valve has nothing compared to the level of organization the PB using game server community has available to it and yes things like PsB's MBL is very accurate as the admins using it will confirm. I haven't even scratched the surface on how extensive this is or the benefits it offers compared to Valve. There is one thing that every game admin that is familiar with PsB knows. You get a much cleaner game when playing on a PsB streaming server than any server using valve's half assed attempt.
For all the faults that cheat detection can be accused of. PB is far superior and successful by miles compared to Valve. Anyone above the casual player knows PB is miles ahead and a PB servers also using PsB's system jumps a step above that. Oh and PsB will soon be even better. Expect an unmatched jump in abilities from PsB very soon. They are in major rewrite closed beta of their systems at the time of this writing. It is so advanced and secure it will make all the amateur anti-cheat sites efforts obsolete. What has Valve done in all these years being a closed under supported effort? To me and many game server admins, that answer is easy.
TL;DR: I am wrong.
No thank you.
I don't cheat.
But I also don't want programs running arbitrary deep-level scans on my system and phoning home either.
ESPECIALLY since I can't see the data.
Chas - The one, the only.
THANK GOD!!!
In one breath Mr. Cook says: "Cheating is more of a serious threat than piracy.” The problem first showed up on the company’s radar in 2004, after it heard rumors that a cheater had devised a way to see through walls."
But later he says "In total, more than 20 000 cheaters have been blocked since 2002"
I'm impressed Mr. Cook that you claim Valve caught cheaters before you even state you knew about them, or even better before Valve even existed. So what is it 2004 or 2002?
If anyone looks PB has globally banned over 20,000 pay for cheat type cheater in just over a year and really made a dint so there are thousands of less scum still buying cheats. They are finding paying money doesn't protect them and better than public cheats and some cheat sellers have shut down. That has a lot bigger Wow factor than Valve's effort. I don't think Mr. Cook is getting much out of his 16 engineers. Quote: "Once code is suspected, it’s turned into an incident report, which is analyzed by Cook’s team of 16 engineers." Sorry but Phhfffft.
I've been doing anti cheat work since the mid 90's long before EvenBalance and Valve. I'm not impressed with Valve. But then what do I know, I'm just one guy and have only contributed my time and efforts longer than any of them. But I put my money 10:1 on PB not Valve. To me it is clear that they spend far more effort on PR than anti cheat work.
"Cheaters? In mah TF2?!"
(is it more likely then I think?)
First, what happened to the "Trusted Computing Platform" concept, or what Microsoft called "Palladium"? That was a signing system that was supposed to allow an application to be sure that the layers below it were stock. Any funny stuff happening during the boot process or at the lower levels would invalidate the signature. Allowing some game company low-level access to a general purpose machine is just wrong. Games shouldn't even need administrator privileges.
As for the cheating front generally, it should be feasible to build an aimbot which only needs the video as input. Just get the cursor in about the right place, and the aimbot does the fine adjustment. (That's how some real-world weapons work, of course.) Also, a cheat program which runs on a separate computer, observing the data stream from the computer running the game, has potential. Neither of those is detectable.
Back in the day, Steam was fun. I remember coming home to my 56kbps connection happy to see that Steam1 screen greeting me to play. Now it's just a piece of dumbshit which has to be updated every 67th second. Fuck them. I've learned to deeply hate steam because of their constant updating, bringing slower and slower responsiveness.
.text bytes did the trick to get undetectable hacks to go through the "Holly" VAC2. I don't know if it still works like this, but if Steam gets deep into your PC, then that's one more reason to give them the finger. Heel, even hacking Wine to get me some Wallhacks can be done ;) Likewise, hacked drivers can do the same. It's just not entirely possible to prevent cheating -- the problem is that ignorant gamers think that it is easy to fix. Since I'm raging: Fuck Them Too.
Heck, from what I can see, they have to fit the needs of the game developers. If that were a real company with real ethics, then they would force the fuckface developers (yes, they TOO are the root of this evil) to use what they can. Yes, it would be like vendor-lock-in. But at least other users wouldn't be dumped.
I find it amazing that so many idiots use Steam, knowing that it can, all of a sudden, dump an existing platform (remember the Windows98 issue? BOOOHOO).
Now, you pro-steam bastards, mod me down.
On the topic: VAC is crap; I remember when just changing one or two
Have you heard about SoylentNews?
VAC is great as far as deterrence goes, but it's a real bummer when your account gets hijacked and used for cheating. Valve never repeals VAC bans, even if they gave you your account back personally, so you have to buy all your online games again if you want to play.
Valve would get a lot of cheaters when they extend the definition of cheating to include abusing their random drop system that rewards people for time played, causing people to connect to servers and idle.
The problem with VAC / VAC2 is that it is entirely too easy to bypass, and does not use enough in-depth detection.
They do not detect even the simplest forms of cheating in ReadProcessMemory and WriteProcessMemory, allowing you to develop hacks that run outside the process and give all the features one could want without vac detection worries at all.
Worse yet, while they do CRC their own binaries, this is easily bypassed by a simple 2 nop process which allows you to completely disable vac scanning altogether.
They do no hardware based scanning, don't check opengl, and once you go kernel mode you can give it up as far as detection is concerned.
Punkbuster was / is a much more difficult anticheat to bypass and much more effective at cheat detection, but even their efforts are mostly futile.
Essentially, the only thing any anticheat can hope to achieve is the blocking/detection of the publicly available cheats and vac fails to even properly do this.
Biggest problem I've seen is the speed hacks where someone runs around 100 miles per hour. I've also seen a sniper use some kind of spy-cheat where he can see spies. There was no way for me to get past him as a spy because he'd shoot me every time even if I never bumped anything to disrupt my cloak. I haven't seen any cheats lately though.
Maybe in your long history of casual gaming you just didn't know when you did see it. Not only has it been rampant, but all the popular commercial cheat engines support it, so if your really curious you pay (or find a working free injector/proggy) try it on yourself.
Quack, quack.
... is that the guys that admin the server can observe and ban the cheaters.
I have always ended up gravitating to the dedicated servers that are well-managed
by clans or admins and enforce rules and general good behavior, because those are
the servers that are enjoyable to play on.
I have spent long, thoroughly enjoyable nights playing COD4 on such servers.
I never spend more than 15 minutes playing COD:MW2 because I cannot select such a
server. I invariably end up with a bunch of immature knuckleheads, and we frequently
observe cheaters that we can't do anything about.
The fact that you can customize your dedicated server to enhance the game
(realism mods, etc.) is another major perk.
So really -- the best anti-cheat is to play with mature people who have the
power to boot the jerks off the server.
To see this on the same day i read of ubisofts incredibly draconian drm is beautiful to me. stopping cheaters is what a company should be doing, instead of spending all their profits to make sure i don't buy the game on pc.
After MANY years (10+) of playing various FPS'es and being the victim of rampant cheating, I decided to pay for a one month subscription to callofdutyhacks.com for COD4 WAW2.
Essentially I had a schadenfreude-esque experience tormenting others with my rampant aimbotting for about 5 days. It didnt take long for the novelty to wear off and I completely stopped playing the game at the end of the 5 days.
Being the victim of cheating removed any enjoyment of playing FPS style games I had. Victimizing others for a brief period while I was using a cheat framework ended up being just as empty an experience.
I'm going to guess that a DD214 is not among your personal papers, is it?
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
The first time I played CS, my buddy installed a couple cheats for me and showed me how to use them. It really sapped all the fun out of the game for me, haven't cheated since.
So why do people cheat? Sure, in tournaments there may be money involved, but 99.99 percent of cheaters aren't getting any material reward. So a bunch of anonymous strangers think you're leet? Seriously? Any good studies online that have looked into this?
Never let a lack of data get in the way of a good rant.
Anti-cheat efforts mirror DRM efforts in that in an open system that can run arbitrary code you cannot make it work. Its pointless. Theres only two ways you will get a reasonable working anti-cheat system and that is to raise the bar of access to run arbitrary code, i.e. a closed system such as a console. OnLive's video delivery method may offer some hope with regards reducing cheating on the PC, but you still allow some pixel scanning cheats, but such cheats are very limited in what they can achieve. I hope that OnLive realise that one of the major advantages that they have over traditional disc/download games is that they will be relatively cheat free, and they segregate their multiplayer servers from non OnLive players.
I wonder if, like credit cards or other 'real world' items, if players would put up with a system like:
1. buy the game, enter your physically address, phone, name, etc..
2. game company physically mails you a code to that address
3. You can start playing right away, but the game will quit working if the physically mailed code isn't entered within 2 weeks (or longer/shorter depending on how long it takes for the mail to get to your house).
4. If you are caught cheating, your physical address/name/phone is banned, not the game box identifier.
That way, even if you buy another game, you'd have to register it with a physical address. And sure, you could probably use a friends, but eventually you are going to run out.
Blizzard's anti-cheat software for WoW is just as deep-scanning as this, if not more so. What's new here?
I'm not a great fan of eBay but the positive/negative feedback thing they use does help weed out untrustworthy sellers on there.
So why not extend this as a karma system into gaming? If I have had a really enjoyable half-hour Unreal Tournament fragfest on an online server, I certainly wouldn't mind putting a tick against other players names, or a cross against someone who I thought was cheating...
Take it a stage further and have game servers with minimum karma limits before you can get on them...
I don't play WoW, friends of mine do, and they moan about being pestered by annoying players - so, again, introduce a karma system and make certain areas of the game, or game items, unobtainable until you have a certain karma level...
I have never, ever, ever, understood the point of cheating unless there is something to be gained (like money) - whether it's a board game or an online game, the sheer *FUN* of using your wits to use the game rules to your advantage is what it's about, and winning is just the icing on the cake.
Gentoo Linux - another day, another USE flag.
I am just glad our justice system is a little bit more complex then VAC. It is just a cheap solution that terrorizes people out of cheating. How their you put the responsibility of pc security in the hands of a 13 year old who must agree on the VAC terms to play the game, stating the person who is playing the game is responsible for every hack, virus, key logger, or any way a account could be compromised. Its is just sad to see the majority thinks this kind of abuse is ok. Even microsoft has a better policy considering licences key's of there operating system.