Comment on Begun the kernel wars have
tourist@lemmy.world 1 month ago
Does anti-cheat even work?
kernel or no
Client side anti-cheat (the one installed on your PC) will never work, it’s just fundamentally impossible. They can restrict user freedom as much as they want, but the hardware still isn’t under their control.
The only reason they push for those kinds of anti-cheats is because they don’t have to pay for the extra processing of server side anti-cheat, and they also get the benefit of a backdoor into your computer that you may never fully uninstall without buying a new computer.
… Or installing Linux.
flyes away
Linux isn’t necessarilly immune. A game could easilly ask the user to install a DKMS module.
That statement is to easy. It all depends on how much permissions you give the game and in what kind of environment you execute your game. From sandboxing to inmutable root file systems there is a lot possible to exactly prevent this to happen.
eBPF is probably the way with Linux IMO
I mean, it’s like saying Pentagon security can’t work because some skilled hackers can someday find a way to spoof / steal credentials. Security always happens on a sliding scale based on the value of the contents.
I think at the very least, they can take steps that inconvenience hackers sufficiently each update without harming players - they can’t make it impossible to hack on the client side, but they can’t make it feel not worth it for them.
The reason I sort of insist on it is that even with serverside checks for game logic like teleportation and instant kills, game engines still load the data for player positions which allow for wallhacks and aimhacks. Those checks can only happen clientside; you can’t even send mouse positions often enough to look for “snaps”.
At the least, I agree that modern coders have gotten very lazy about having the server verify basic actions. “Okay, player 22 deals 8000 damage to every other player in the server simultaneously? Okay.”
It only works in so far that it makes making cheats harder to create and easier to detect. But it will never fully eliminate or catch all cheats.
Some of it does, some of it doesn’t, the critique is that kernel level stuff is way more than needed against most cheaters but not enough against the most dedicated ones, and it is invasive as hell.
The best anticheat is good netcode and server side checks. You can’t wallhack if your client doesn’t see behind the walls.
Anecdotally, there seem to be fewer valorant cheaters than in counter strike.
Idk if that can be chalked up to “valorant uses kernel and cs doesn’t”, though. Probably not.
dogs0n@sh.itjust.works 1 month ago
Proof is in cheaters existing on day one of battlefield 6 open beta. Client side anti-cheat will never work. It’s good to have some basic preventative measures client-side, but server-side anti cheat is the only way to properly prevent cheaters.
Unfortunately companies keep investing in garbage client side anticheat that just pokes security holes into our machines.
Only Valve to my knowledge is investing money into their server side anti cheat, no other big player is to my knowledge.
sugar_in_your_tea@sh.itjust.works 1 month ago
It needs to be a mix. Have your clientside anti-cheat look for obvious attack vectors, have your seeks serverside anti-cheat look for suspicious play, and let users report others. Then have humans review suspected cheaters and make the final call.
But that’s expensive, and off-the-shelf anti-cheat gives them someone else to blame.
dogs0n@sh.itjust.works 1 month ago
I agree, there’s definitely some checks you can only do on the client and only some that work server-side. Ideally everything that can be checked on either, are checked.
Currently it’s just all wrong, the client-side can’t be relied upon as heavily as it is.
The benefit factor to the rootkits they install on our machines is nil. Just bloats our systems with garbage that is just waiting to be exploited by hackers.
Goodeye8@piefed.social 1 month ago
You're viewing from the perspective of what would be best for the playerbase. These decisions are made based on what's the cheapest possible solution to have the playerbase shut up about cheaters so they wouldn't drive away potential customers.
echodot@feddit.uk 1 month ago
Web developers work this out years ago. If you want to put content behind a paywall don’t do it client side because it will get bypassed.
This was me working out of a tiny office. Yet apparently I was more advanced than AAA game developers.
dogs0n@sh.itjust.works 1 month ago
Hopefully they start to learn from this at some point… they should realise that their current anti-cheat systems are not working as intended at some point right?
Battlefield will lose sales, every game definitely loses players because of cheater infestations. Lots of money lost in my eyes, is it enough to make them see straight?
cannon_annon88@lemmy.today 1 month ago
Valves anti-cheat doesn’t really do anything though, at least not in CS2. It does like to boot me from the game from time to time because I’m playing on Linux though.
dogs0n@sh.itjust.works 1 month ago
True VAC alone is not great, but CS2 (in my opinion) has one of the best systems against abuse, even though legit players like myself can get stuck in low trust factor sometimes.
VAC, trust factor, overwatch (player report reviewing, not sure if this was discontinued) all work together.
Hopefully a big improvement is to come soon with the VAC Live agents that monitor games using AI to predict likely cheaters.
Valve obviously has a big interest in keeping cheaters out, because their skin economy makes them boatloads (literally hehe) of money. I think they are the only company going down this road right now of AI agents, which is unobtrusive to users and should hopefully keep up VACs high accurate ban rate (which is at least a good thing about VAC, when you are banned, in almost all cases, you were indeed cheating (low fase positives)).
I do recognize though that AI agents likely comes with a high cost and may only be implemented in other highly competitive games that make lots of money.
There probably exist other methods, but it’ll take more investment in designing adaptable systems that can work on many games.
cannon_annon88@lemmy.today 1 month ago
I do report a lot of cheaters, but I never know if it even does anything. I pretty much only play casual anyways. The worst is when someone is obviously cheating, and no one votes to kick them, or some special types actually vote against kicking the cheater so they can win …
CptBread@lemmy.world 1 month ago
That’s only proof that it will never be enough to stop all cheating. But if the metric is if it reduces cheating then that proves nothing. Not saying I have proof that it does reduce cheating but I would personally bet on it reducing it somewhat at least.
dogs0n@sh.itjust.works 1 month ago
It definitely reduces cheating, but mostly just by raising the bar of entry (not by that much as evident in day 1 cheats being present). I doubt it’s effectiveness though, since most games you can do some quick research and find $5 cheats that will go undetected (hell even free cheats can work if you do a little more research on doing the injection part manually yourself).
You can also never stop cheating, but the anti-cheat they install on your computer is just an extra attack vector for hackers, etc at this point, since it obviously doesnt work as intended.