Valve's Battle Against Cheaters

wjousts writes "IEEE Spectrum takes a look behind the scenes at Valve's on-going efforts to battle cheaters in online games: 'Cheating is a superserious threat,' says [Steam's lead engineer, John] Cook. 'Cheating is more of a serious threat than piracy.' The company combats this with its own Valve Anti-Cheat System, which a user consents to install in the Steam subscriber agreement. Cook says the software gets around anti-virus programs by handling all the operations that require administrator access to the user's machine. So, how important is preventing cheating? How much privacy are you willing to sacrifice in the interests of a level playing field? 'Valve also looks for changes within the player's computer processor's memory, which might indicate that cheat code is running.'"

VAC is a joke

[Majik+Sheff]

Team Fortress is overrun with cheaters and Valve seems completely unable to do anything about it.

Re:VAC is a joke

[Lordrashmi]

Atleast in TF2 if you are on a good server people are easily banned by unique ID.

My clan has been playing Modern Warfare 2 recently and if you find a cheater the only thing you can do is back out of the match.

Re:VAC is a joke

[Hadlock]

I've been playing TF2 almost every week since shortly after release; I've never run across someone using an autoaim or wallhack. What server are you seeing this problem on?

Re:VAC is a joke

[tmkn]

I think cheating is only a problem when there is actual competition going on. Public servers in any FPS-game are so random anyway, that only a blatant aimbotter can affect the game negatively. Luckily, these guys are easy to spot and ban by the server admins.

VAC does its job brilliantly. It's a system designed to ban players that can be confirmed to be running a cheating software. It's designed to give no false positives, and so far the Valve's record is clear on that.

I play Team Fortress 2 competitively, and we have our own leagues from which we can ban players according to their Steam IDs. Every league has its own Anti-Cheat admins, who examine the recorded replays of official matches. There is only one player caught cheating in TF2 that has played on the highest level. He also attended LANs where you can't play with your own computer without a noticeable change in his skill level. So you can't really say that he profited that much.

It's just so hard to cheat and stay on top of the competition and not get caught that most people just won't bother. I wouldn't say cheating is a major problem, at least in the TF2 scene.

Re:VAC is a joke

[Verunks]

Atleast in TF2 if you are on a good server people are easily banned by unique ID.

My clan has been playing Modern Warfare 2 recently and if you find a cheater the only thing you can do is back out of the match.

indeed, playing mw2 is a PITA, you can only hope that the cheater is in your squad, and VAC is doing nothing at all, maybe they'll get banned a month later but your game is already ruined, punkbuster may not be perfect but at least it kicks right away

Re:VAC is a joke

[Ziekheid]

A Modern Warfare 2 clan? Clans and matchmaking?
So what do you have to do to actually have a war? Add every member of the opposing clan to your friends list and play? Worthless game when it comes to having a competitive community. insert(no_dedicated_servers_whine);
On Topic: The fact that valve thinks anti-cheat is more important than anti-piracy means a lot to me. Compared to the absurd DRM protection Assasins Creed 2 (and other future titles from Ubisoft) has for example which requires you to have an active internet connection to play a single player game valve is a company that actually gets it.
I must admit though that PunkBuster has a lot more tools available for the admins AND the server users (like pb_power and pb_kick by users) and the ability for plugins to be added for streaming bans globally and implementing your own anti-cheat variables (CVAR checks).
There is little to no information available on how Valve's anti-cheat operates and I for one have no idea if it actually GETS cheaters for I never see any public messages of users being kicked (this might differ per game though).

Re:VAC is a joke

[ferrocene]

I, as well, have been playing TF2 almost weekly since its release. I have seen cheaters a few times. It's pretty obvious, esp. when a sniper has 300 headshots in a row and is on top of the board.

Hell, one of the cheaters was even spamming the URL to a website where you can BUY the cheat, so he was demo'ing his warez, if you will.

The best part was when everyone dropped to spectator and spec'ed him while he was playing. It was fascinating to watch the aimbot at work. After 30 seconds of watching his screen from the scope perspective, anyone's doubts were quickly erased.

Re:VAC is a joke

[Nathrael]

Punkbuster isn't all that better (I personally hate it, as it's horribly intrusive) and still by no means a substitute for a good server admin.

Re:VAC is a joke

[HeronBlademaster]

VACs answer to banning people is purely based on stats, there is no checking of memory resident cheats at all.

I don't know whether VAC checks for memory-resident cheats, but I'm quite certain it doesn't base anything on stats, at least not in Counter-strike: Source. I know guys that regularly have k:d ratios of 30:0 or better.

Basing any sort of anti-cheat on stats would be a terrible idea. For example, basing bans on stats alone could get you banned merely for playing on a server with bots that don't shoot back (for training).

Or for a more realistic example: my k:d ratio is usually a crappy 3:4 or so, but every once in a while I'll randomly go a round or two at 20:1, and when that happens I usually quit while I'm ahead. Should VAC conclude that this abnormal spike in my score is the result of some hack?

No, I think it's quite clear that VAC does not operate based on stats.

Threat to privacy?

[mxh83]

Which part of this infers a threat to privacy? You need to think of this too- The system is running Windows, which is a black box and they could be doing whatever they want and you wouldn't know about it.

Re:Threat to privacy?

[Hadlock]

VAC secured TF2 for Linux is platinum rated on Wine, depending on how buggy the most recent update of TF2 was (it varies widely from week to week)
 
  http://appdb.winehq.org/objectManager.php?sClass=version&iId=9901
 
But for the most part it's very playable. Looks like today it's "just" silver. Heck I've gotten it to run briefly on my netbook using Ubuntu 9.10 netbook remix with the unsupported GMA 950 and an atom processor(!). Most of the bugs listed are bugs in the windows version too (like multicore support)

Re:Privacy?

[totally+bogus+dude]

I don't know that doing anything client-side will work, for the same reason that DRM doesn't work. I guess it might deter the casual cheater, but then there's also the possibility that raising the bar will entice people to break the anti-cheating code just for the challenge.

The long-term solution I think is to design the game in such a way that the server can verify clients are playing by the rules. If wallhacks are a problem, the server could send fake data to the client telling it there's an enemy hidden behind a wall (when it's really not). Legitimate players won't be aware of this, but it would alter the behaviour of cheaters and thus they could be found out. Aimbots could perhaps be detected by supplying an invisible model that a legitimate player wouldn't be shooting at. Essentially, give the client bogus data that won't affect the experience of legit players, but will out cheaters.

Maybe it's easier to keep changing the client-side checks fast enough that it's not worth the time to work around, but I don't know if that kind of strategy is working in practice. Who will pay for the constant development?

Re:Privacy?

[Xest]

Then you made a poor platform choice.

The PC in general is an open platform because you can easily and trivially run whatever code on it you want and peak and poke the memory as you see fit, even if the OS itself is closed.

If you want a gaming platform where cheating is not an issue, you need a closed platform, like a console, where it is much easier for the developers to detect and prevent cheating, if there is even any in the first place. Despite being 5 years old this year, whilst it has suffered some game logic cheats which are easily patched, the Xbox 360 has yet to be prone to a single aimbot or radar cheat for example.

PC's are great for general usage and single player/cooperative gaming, but not for competitive gaming where cheating is largely an unsolveable problem without closing the platform, which goes against what PCs are great at. Even assuming in a few years you move everything server side and just pass images to the client there's still the possibility that people will write pattern recognition apps, to recognise enemies and send control messages to aim at them like any other aimbot.

Re:Privacy?

[Shadow+of+Eternity]

Despite what the league players would have you think Valve's games are not generally played with (or designed for) less than 16-24 people, and 32 is not remotely uncommon. What your suggesting effectively doubles the load on the server AND each affected player.

Plus most cheaters would not readily be detectable this way. Aimbots tend to be activated by the player right before firing after the player manually gets pretty close to the target on their own, and wallhacks are generally used as an advantage in information rather than open combat.

Re:The casualties of the battle are ...

[phoenix321]

"Hardware failures and software bugs."

What hardware "failure" looks like a wire grid and wallhack on screenshots? And why should I as a server admin care if you unknowingly or willfully used this bug?

What software "bugs" will have a detection signature like the latest aimbot? Which software bug will produce a registry entry and ..\system32-fallout like a wallhack?

We know how likely an md5 hash collision is with hack X and legitimate program Y. Not very. With an increasing number of wallhacks and legitimate programs, we will see hash collisions sooner or later, but I'm not really convinced unless you have dozens of very very rare but innocent programs on your system that no one else has AND anyone else having them is also banned.

Think of the online arena like a dance club: you paid for entry and yet the bouncers can throw you out at the first hint of trouble. And all other guests are cheering and complimenting them for doing so. A few dimwits, idjits and griefers can just cause so much fallout in such a short time that even drastic and unwarranted measures are usually applauded by the audience.

Face it: bouncers and anti-cheat admins don't have the resources to assess every single case pondering over preponderance of evidence. It would twentyfold the cost of operating a dance club or game server and most customers are not willing not pay for a Constitution-class jury system.

If the choice is having "1 collateral damage for 50 cheaters banned" or "0 collateral damage for 25 cheaters banned" - or a huge increase in paralegal costs for the server admin, I will opt for the collateral damage. War is not fair anyway.