Slashdot Mirror
Anti-Cheat Software Causing Big Problems For Windows 10 Previews (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: The Windows 10 Insider Preview Slow Ring -- the beta track that's meant to receive only those builds that are free from any known serious problems -- hasn't received an update for months. While the fast ring is currently testing previews of the April 2019 release, codenamed 19H1, and the even-faster skip-ahead ring is testing previews not of the October 2019 release, 19H2, but of the April 2020 release, 20H1, the Slow Ring is yet to receive a single 19H1 build. This has prompted some concern among insiders that perhaps the ring has been forgotten about, and it has even caused a few complaints from companies that are using the Windows Insider for Business program to validate new Windows releases before their launch. Without Slow Ring builds to test, there's nothing to validate, meaning that they'll have to delay deployment of 19H1 once it ships.
Microsoft's Dona Sarkar, chief of the Windows Insider program, explained yesterday what the problem is, and in many ways it's a throwback to Windows' past, before the days of DEP and ASLR and PatchGuard and all the other measures Microsoft has implemented to harden Windows against malicious software: the build is crashing when some unspecified common anti-cheat software is used. Sarkar's tweet says that the software causes a GSOD, for Green Screen of Death; the traditional and disappointingly familiar Blue Screen of Death, denoting that Windows has suffered a fatal error, is colored green for preview releases so they can be distinguished at a glance from crashes of stable builds. Fast ring builds have the same GSOD issue, and indeed, it has been listed on their known issues list for many months. Sarkar says that the fix must come from the third-party company that developed the anti-cheat software. In an update, Ars Technica's Peter Bright says Microsoft has pushed a build to the Slow Ring, number 18342.8, but the GSOD issue remains. "To avoid crashing machines, the build won't be offered to any system that has the offending anti-cheat software installed," Bright writes. "It's not clear why this approach could not have been used months ago."
Microsoft's Dona Sarkar, chief of the Windows Insider program, explained yesterday what the problem is, and in many ways it's a throwback to Windows' past, before the days of DEP and ASLR and PatchGuard and all the other measures Microsoft has implemented to harden Windows against malicious software: the build is crashing when some unspecified common anti-cheat software is used. Sarkar's tweet says that the software causes a GSOD, for Green Screen of Death; the traditional and disappointingly familiar Blue Screen of Death, denoting that Windows has suffered a fatal error, is colored green for preview releases so they can be distinguished at a glance from crashes of stable builds. Fast ring builds have the same GSOD issue, and indeed, it has been listed on their known issues list for many months. Sarkar says that the fix must come from the third-party company that developed the anti-cheat software. In an update, Ars Technica's Peter Bright says Microsoft has pushed a build to the Slow Ring, number 18342.8, but the GSOD issue remains. "To avoid crashing machines, the build won't be offered to any system that has the offending anti-cheat software installed," Bright writes. "It's not clear why this approach could not have been used months ago."
Because cheating is rampant in online games, and anti-cheats are needed to even have a modicum of fair play online. Unless you're one to believe the only way to play online is consoles only and basically the PC should be discarded as a gaming device.
Sadly cheats are generally programs that either run the target game in debug mode (with the cheat as the debugger) and thus undetectable to the game, or as a separate executable and hijack network traffic. Kernel drivers are required to break these kind of things.
And for what it's worth, the anti cheat software in question is used by Fortnite, among other games. That's kind of why it's a big deal.
And cheating is so rampant online among PC users that an aspect of PC gaming would be destroyed without anti-cheat software letting people play legitimately. Maybe PC users don't care, but it would be pretty sad if the only way to play online was to pay for Playstation Plus or Xbox Live Gold.
1. Don't trust the client
A single simple rule that you should have learned in computer science / software engineering classes.
You assume that the client (btw that actually include the anti-cheat software, which is why you shouldn't need it) is compromised. So you make sure that the server does not send more information than is needed, and the server expect any data from the client to be suspect.
Now I do understand the need for latency, and why the client needs to send dead-reconing information (including coordinates) to the server. But the server can check if those coordinates are physically possible compared to the previous set of coordinates.
Points, loot, hit check, bullet trajectories, line-of-sight, must be done by the server.