Valve's Battle Against Cheaters

wjousts writes "IEEE Spectrum takes a look behind the scenes at Valve's on-going efforts to battle cheaters in online games: 'Cheating is a superserious threat,' says [Steam's lead engineer, John] Cook. 'Cheating is more of a serious threat than piracy.' The company combats this with its own Valve Anti-Cheat System, which a user consents to install in the Steam subscriber agreement. Cook says the software gets around anti-virus programs by handling all the operations that require administrator access to the user's machine. So, how important is preventing cheating? How much privacy are you willing to sacrifice in the interests of a level playing field? 'Valve also looks for changes within the player's computer processor's memory, which might indicate that cheat code is running.'"

VAC is a joke

[Majik+Sheff]

Team Fortress is overrun with cheaters and Valve seems completely unable to do anything about it.

Re:VAC is a joke

[Lordrashmi]

Atleast in TF2 if you are on a good server people are easily banned by unique ID.

My clan has been playing Modern Warfare 2 recently and if you find a cheater the only thing you can do is back out of the match.

Re:VAC is a joke

[Hadlock]

I've been playing TF2 almost every week since shortly after release; I've never run across someone using an autoaim or wallhack. What server are you seeing this problem on?

Re:VAC is a joke

[tmkn]

I think cheating is only a problem when there is actual competition going on. Public servers in any FPS-game are so random anyway, that only a blatant aimbotter can affect the game negatively. Luckily, these guys are easy to spot and ban by the server admins.

VAC does its job brilliantly. It's a system designed to ban players that can be confirmed to be running a cheating software. It's designed to give no false positives, and so far the Valve's record is clear on that.

I play Team Fortress 2 competitively, and we have our own leagues from which we can ban players according to their Steam IDs. Every league has its own Anti-Cheat admins, who examine the recorded replays of official matches. There is only one player caught cheating in TF2 that has played on the highest level. He also attended LANs where you can't play with your own computer without a noticeable change in his skill level. So you can't really say that he profited that much.

It's just so hard to cheat and stay on top of the competition and not get caught that most people just won't bother. I wouldn't say cheating is a major problem, at least in the TF2 scene.

Re:VAC is a joke

[Verunks]

Atleast in TF2 if you are on a good server people are easily banned by unique ID.

My clan has been playing Modern Warfare 2 recently and if you find a cheater the only thing you can do is back out of the match.

indeed, playing mw2 is a PITA, you can only hope that the cheater is in your squad, and VAC is doing nothing at all, maybe they'll get banned a month later but your game is already ruined, punkbuster may not be perfect but at least it kicks right away

Re:VAC is a joke

[Ziekheid]

A Modern Warfare 2 clan? Clans and matchmaking?
So what do you have to do to actually have a war? Add every member of the opposing clan to your friends list and play? Worthless game when it comes to having a competitive community. insert(no_dedicated_servers_whine);
On Topic: The fact that valve thinks anti-cheat is more important than anti-piracy means a lot to me. Compared to the absurd DRM protection Assasins Creed 2 (and other future titles from Ubisoft) has for example which requires you to have an active internet connection to play a single player game valve is a company that actually gets it.
I must admit though that PunkBuster has a lot more tools available for the admins AND the server users (like pb_power and pb_kick by users) and the ability for plugins to be added for streaming bans globally and implementing your own anti-cheat variables (CVAR checks).
There is little to no information available on how Valve's anti-cheat operates and I for one have no idea if it actually GETS cheaters for I never see any public messages of users being kicked (this might differ per game though).

Re:VAC is a joke

[ferrocene]

I, as well, have been playing TF2 almost weekly since its release. I have seen cheaters a few times. It's pretty obvious, esp. when a sniper has 300 headshots in a row and is on top of the board.

Hell, one of the cheaters was even spamming the URL to a website where you can BUY the cheat, so he was demo'ing his warez, if you will.

The best part was when everyone dropped to spectator and spec'ed him while he was playing. It was fascinating to watch the aimbot at work. After 30 seconds of watching his screen from the scope perspective, anyone's doubts were quickly erased.

Re:VAC is a joke

[0232793]

Its easy to fool admins into banning someone else - just put a speical invisible character like unicode 0002 at the end of someone else's name. I've done it lots of times. Sometimes you win sometimes you loose. For some games / cheats there are ways to randomly change your name often making it hard to track who the cheater is.

Re:VAC is a joke

[Nathrael]

Punkbuster isn't all that better (I personally hate it, as it's horribly intrusive) and still by no means a substitute for a good server admin.

Re:VAC is a joke

[HeronBlademaster]

VACs answer to banning people is purely based on stats, there is no checking of memory resident cheats at all.

I don't know whether VAC checks for memory-resident cheats, but I'm quite certain it doesn't base anything on stats, at least not in Counter-strike: Source. I know guys that regularly have k:d ratios of 30:0 or better.

Basing any sort of anti-cheat on stats would be a terrible idea. For example, basing bans on stats alone could get you banned merely for playing on a server with bots that don't shoot back (for training).

Or for a more realistic example: my k:d ratio is usually a crappy 3:4 or so, but every once in a while I'll randomly go a round or two at 20:1, and when that happens I usually quit while I'm ahead. Should VAC conclude that this abnormal spike in my score is the result of some hack?

No, I think it's quite clear that VAC does not operate based on stats.

Re:VAC is a joke

[Opportunist]

We play AA2 CSAR at are the top clan on battle tracker but still certain clans look for any excuse to ban us from their server.

Not still. Because of that. And it's not even envy or inferiority complex.

It all comes down to "imagine it's war and nobody shows up". Or rather, imagine it's multiplayer and nobody wants to play on the server because the other side is simply a few leagues above your skill. Nobody stays for long on such a server. I am facing a similar problem, even though our team is far from the top honchos on some tracker. But any time we join a server in force, someone will complain and soon an admin will offer us the choice of splitting up between the teams or face the boot.

It makes sense from the admin's position. His goal is to run a server that gets players. Now, if you're facing a team that's been playing with each other for a while, even if they're not good, they still have an edge over you and the other X players on your side who simply do not act as a team. They just happen to have the same shirt color, that's all. Even if your team sucks, you will have an edge. Now, if your team also consists of top level players, it's literally carnage, not a battle.

And, be honest, would you stay were you on the other team, getting your ass handed over and over? Neither would I.

So you have 16 people on one side and a fluctuation of a few hundred people on the other with an average tenure of 30 seconds. After a while, there won't be anyone left to join and everyone will have gone to other servers. Will you stay? Doubt it, what's less fun than battling thin air?

So the admin faces the choice of either kicking you off or having to deal with a soon-to-be empty server.

Our solution was to split the crew evenly amongst the sides. That way we could still all hand some noob their rears while at the same time getting a nice challenge out of it, too.

Threat to privacy?

[mxh83]

Which part of this infers a threat to privacy? You need to think of this too- The system is running Windows, which is a black box and they could be doing whatever they want and you wouldn't know about it.

Re:Threat to privacy?

[Hadlock]

VAC secured TF2 for Linux is platinum rated on Wine, depending on how buggy the most recent update of TF2 was (it varies widely from week to week)
 
  http://appdb.winehq.org/objectManager.php?sClass=version&iId=9901
 
But for the most part it's very playable. Looks like today it's "just" silver. Heck I've gotten it to run briefly on my netbook using Ubuntu 9.10 netbook remix with the unsupported GMA 950 and an atom processor(!). Most of the bugs listed are bugs in the windows version too (like multicore support)

Trust Nothing

[Relic+of+the+Future]

So, here's my crazy (OR IS IT?) idea to fix this problem. The reason things like aimbots work at all is because the server tells the client "this player's avatar is in such-and-such position"; for the good reason of, once your computer knows where someone is, it can draw them on the screen... but it's that same data that the aimbot uses to know precisely where to point.

So the crazy idea is this: don't tell the client systems where the avatars are located. Maybe your system says "I'm here, looking this way", and all you get back is a bunch of data for drawing textured triangles. Triangles might be part of another player's avatar, or a wall, or who knows what; but your system doesn't know of what it is either, so there's nothing for an aimbot to go on to do its thing. It's more data, and more work for the server, but maybe it's not TOO MUCH more data or work for the server, and it'd be cheat-free.

(Unless you write some spiffy image recognition software, but hey, at least we get some advances in AI out of the deal that way...)

Re:Privacy?

[totally+bogus+dude]

I don't know that doing anything client-side will work, for the same reason that DRM doesn't work. I guess it might deter the casual cheater, but then there's also the possibility that raising the bar will entice people to break the anti-cheating code just for the challenge.

The long-term solution I think is to design the game in such a way that the server can verify clients are playing by the rules. If wallhacks are a problem, the server could send fake data to the client telling it there's an enemy hidden behind a wall (when it's really not). Legitimate players won't be aware of this, but it would alter the behaviour of cheaters and thus they could be found out. Aimbots could perhaps be detected by supplying an invisible model that a legitimate player wouldn't be shooting at. Essentially, give the client bogus data that won't affect the experience of legit players, but will out cheaters.

Maybe it's easier to keep changing the client-side checks fast enough that it's not worth the time to work around, but I don't know if that kind of strategy is working in practice. Who will pay for the constant development?

Re:Reputation systems to the rescue

[PatrickThomson]

There are a class of problems that can most easily be solved by fundamental changes in human behaviour. This will never happen, unfortunately.

http://www.penny-arcade.com/comic/2004/03/19/

Re:Privacy?

[Xest]

Then you made a poor platform choice.

The PC in general is an open platform because you can easily and trivially run whatever code on it you want and peak and poke the memory as you see fit, even if the OS itself is closed.

If you want a gaming platform where cheating is not an issue, you need a closed platform, like a console, where it is much easier for the developers to detect and prevent cheating, if there is even any in the first place. Despite being 5 years old this year, whilst it has suffered some game logic cheats which are easily patched, the Xbox 360 has yet to be prone to a single aimbot or radar cheat for example.

PC's are great for general usage and single player/cooperative gaming, but not for competitive gaming where cheating is largely an unsolveable problem without closing the platform, which goes against what PCs are great at. Even assuming in a few years you move everything server side and just pass images to the client there's still the possibility that people will write pattern recognition apps, to recognise enemies and send control messages to aim at them like any other aimbot.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Ayn Rand had a lot to say about this

Y'know...I've seen some real STUPID responses before...YOU WIN!!
Cheating is NOT an integral part of the game. The playing field is always level? ROFLMAO go play against a 12 year old that has an Aim bot....tell me how level that is. You just wanted to use the word aggregate in a sentence didn't you? You didn't care the entire sentence was horse crap.
Superior technology...what a load of crap that is...setting it so the aim is always deadly and that it cycles through every weapon you own and fires them all within a nanosecond? How do you combat that? MORE CHEATING.
Your ignorant.
Take your "aggregate" and shove it kid.

Superior players don't MIND the rules.....its the rules that they have to make because of idiots like you...that we mind.

Re:Privacy?

[Shadow+of+Eternity]

Despite what the league players would have you think Valve's games are not generally played with (or designed for) less than 16-24 people, and 32 is not remotely uncommon. What your suggesting effectively doubles the load on the server AND each affected player.

Plus most cheaters would not readily be detectable this way. Aimbots tend to be activated by the player right before firing after the player manually gets pretty close to the target on their own, and wallhacks are generally used as an advantage in information rather than open combat.

Re:Privacy?

[phoenix321]

Amen brother.

I still hope they will squash cheaters because in my personal view they are scum comparable to child molesters. I would not want to have the "open platform" PC abandoned for games because of them.

It would be a shame to see more platform balkanization or a joypad-only environment for all the games. The moment a closed platform is exclusively established, running fees will come running, I know that. And I actually like to have one notebook for everything, gaming, working and internet. It's extremely convenient not to forget very portable.

Re:Really?

This is Valve we're talking about here, who has the least-intrusive DRM scheme on the market short of not having any at all. Any of their games can be played in Offline Mode on Steam (and since it's a digital download, no disc required), and you can install your games as many times as you want. They're also not the kind to "inflate the price of entertainment". They packaged Half-Life 2: Episode 2, Portal, and Team Fortress 2 (all brand new games at the time) with the original Half-Life 2 and Episode 1 and sold the whole thing for $50, and Steam also has fantastic sales fairly often. Finally, they've promised that should Valve ever go under, they'd shut off the DRM restrictions on all their games so the lack of Steam service wouldn't affect them (and Valve's privately traded, so no need to worry about shareholders or whatever putting a wrench in those plans).

Basically, Valve is the most reliable PC game developer out there.

Re:The casualties of the battle are ...

[phoenix321]

"Hardware failures and software bugs."

What hardware "failure" looks like a wire grid and wallhack on screenshots? And why should I as a server admin care if you unknowingly or willfully used this bug?

What software "bugs" will have a detection signature like the latest aimbot? Which software bug will produce a registry entry and ..\system32-fallout like a wallhack?

We know how likely an md5 hash collision is with hack X and legitimate program Y. Not very. With an increasing number of wallhacks and legitimate programs, we will see hash collisions sooner or later, but I'm not really convinced unless you have dozens of very very rare but innocent programs on your system that no one else has AND anyone else having them is also banned.

Think of the online arena like a dance club: you paid for entry and yet the bouncers can throw you out at the first hint of trouble. And all other guests are cheering and complimenting them for doing so. A few dimwits, idjits and griefers can just cause so much fallout in such a short time that even drastic and unwarranted measures are usually applauded by the audience.

Face it: bouncers and anti-cheat admins don't have the resources to assess every single case pondering over preponderance of evidence. It would twentyfold the cost of operating a dance club or game server and most customers are not willing not pay for a Constitution-class jury system.

If the choice is having "1 collateral damage for 50 cheaters banned" or "0 collateral damage for 25 cheaters banned" - or a huge increase in paralegal costs for the server admin, I will opt for the collateral damage. War is not fair anyway.

Cheating is enabled by the engine

[Wormfoud]

Cheats such as Aimbots, Bunny-Hopping and Speed-hack are fairly obvious and easy to detect. The results of such cheats are visible within the game. Other cheats, such as Wall-hacks and Radar-hacks, are more difficult to discern and can only be detected by observing player actions over time. Such cheats, however, are enabled by the game engine itself. The engine provides the data of what is behind the wall, or what are all the player positions to each client. In normal mode, the game does not present this information to the player. The cheats utilize the available data and presents it to the player providing them an unfair advantage. If the engine did not provide this information to the end-client PC, these cheats would not be able to work. The engine needs to be designed so that this "extra" information is not made available to the end-player.

Re:Reputation systems to the rescue

[gknoy]

Of course if you are really *that good* you may get pissed when a lot of crybabies tag you as a cheater haha.

This is a very real problem.

When I used to play CounterStrike, I played nearly all the time on a server that was run as a demonstration of Qualcomm's CDMA wireless technology. (I plug them because it was hands-down the best server I ever played on.) I was probably only an average player, but was a bit below average on that server. There were about a dozen players (who were regulars) whose skill felt orders of magnitude better than mine. They would go several rounds without dying, and often rack up impressive kill:death ratios. I would often spectate them (after death or even for a whole round) so that I could learn what they did better than me, what mistakes they avoided, etc. They weren't cheaters. (or if they were, their cheats made lots of mistakes, and weren't reliably accurate ;))

Fairly frequently, some new (to the server) players would get beaten repeatedly, so soundly that they would accuse the person of cheating. I assert that it's human nature for people to want to believe that an opponent is a cheater, rather than simply that they are better than we are. There was even one evening where I was accused of cheating ... which was amusing because normally my scores were mediocre, but I had just had three rounds of never-before and never-since seen luck. (The CS_Rio gods were with me, I guess.) *I* know I wasn't cheating. :)

As a player, I want to play on a server with people who are just a bit better than me, that I can learn from and that challenge me to improve. I would not enjoy playing on a server with a cheater, and nor would I enjoy playing on servers where players are just So Much Better than me that I am no threat to them.

I went over to the dark side...

After MANY years (10+) of playing various FPS'es and being the victim of rampant cheating, I decided to pay for a one month subscription to callofdutyhacks.com for COD4 WAW2.

Essentially I had a schadenfreude-esque experience tormenting others with my rampant aimbotting for about 5 days. It didnt take long for the novelty to wear off and I completely stopped playing the game at the end of the 5 days.

Being the victim of cheating removed any enjoyment of playing FPS style games I had. Victimizing others for a brief period while I was using a cheat framework ended up being just as empty an experience.

Re:Ayn Rand had a lot to say about this

[Khyber]

You must be too young to remember the original Quake 3, then.

Learn how to adjust your FPS in the console to make yourself move faster than other players!