That&#x27;s scary. I have an old Steam account with tons of games and already got banned once due to a bug in anti-cheat software and for a while my whole account was marked with a cheater tag.The bug was so widespread that developers eventually removed bans but I&#x27;m sure something similar could happen where problem goes undetected and it would be really hard to try to convince developers to lift a ban.

It&#x27;s kind of amusing to me how some PC gamers act superior to console gamers because PC gamers run their games on a flexible, customizable, general-purpose machine that the user controls rather than an appliance... and then immediately hand over control to half a dozen companies at a level that reduces &quot;their&quot; PC to a vendor-owned appliance anyway.If you are a PC gamer and run anti-cheat software like this, you should probably think of your gaming PC as a much more powerful and much jankier console, and avoid running or storing anything on it other than your games.

Happens about as often as games ship UI middleware that uses html and has xss, leading to an rce when the game leaves itself running as admin after an update. So basically all the time.

It&#x27;s crazy that people allow this stuff to effectively run as root. One of these companies is going to have a vulnerability that lets other players run code on your machine in kernel mode.

&gt; I&#x27;m sorry, why do we trust these guys again?Anyone who&#x27;s attachment to gaming is low enough to let things like this effect their purchase decisions are already out. To the devs&#x2F;pubs, those customers don&#x27;t even exist in the category of potential customers. So they just worry about not pissing off the existing customerbase by changing the status quo too much or too fast.

Because game companies force you to in order to play.

&gt;a classic failure of trust boundary definition - they effectively created a system where client attestation was acceptedCan you elaborate? I&#x27;m unsure what a trust boundary definition means in this context and how it relates to attestation.

Fortunately they have a solution for trusting untrusted clients already! They just need to run an anti-cheat for their anti-cheat.

This BattleEye exploit demonstrates a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted without proper authentication or verification.

Very nice walk-through on the reverse engineering process.Also, they linked this post that made my jaw drop: <a href="https:&#x2F;&#x2F;www.unknowncheats.me&#x2F;forum&#x2F;anti-cheat-bypass&#x2F;667333-bannleeye-banning-arbitrary-players-using.html" rel="nofollow">https:&#x2F;&#x2F;www.unknowncheats.me&#x2F;forum&#x2F;anti-cheat-bypass&#x2F;667333-...</a>Apparantly BattleEye anti-cheat had an exploit where hackers could permanently ban any player they wanted. BattleEye allowed anybody to log in as a &quot;game server&quot; so hackers simply booted up a fake server, told BattleEye that &quot;player X has logged in and is doing a bunch of suspicious stuff&quot; and then player X&#x27;s account was no more...I&#x27;m sorry, why do we trust these guys again?

ESEA shipped their client and anti-cheat with a free bitcoin miner back in the day: <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;ESEA_League#Bitcoin_mining_incident" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;ESEA_League#Bitcoin_mining_inc...</a>

&gt; Data is being limited though, like not sending opponent location data unless the client can see themSo far as AAA games go this is pretty rare in practice. I guess there could be some problems to solve, e.g. you&#x27;d need to be conservative because a player could appear around a corner between server ticks, or the fact that RTS games usually operate by running a shared simulation[1].[1]: <a href="https:&#x2F;&#x2F;www.gamedeveloper.com&#x2F;programming&#x2F;1500-archers-on-a-28-8-network-programming-in-age-of-empires-and-beyond" rel="nofollow">https:&#x2F;&#x2F;www.gamedeveloper.com&#x2F;programming&#x2F;1500-archers-on-a-...</a>

That&#x27;s exactly what&#x27;s being done, but you do not want everything server side over a network delay that is almost always more than the time between frames. Only server side physics would mean a lot of visual jank. It&#x27;s now usually a model where the client and server make the calculation and the server &quot;rolls back&quot; the client of they do not match.Data is being limited though, like not sending opponent location data unless the client can see them

Making sure that movement is validated on the server really is a reasonable requirement.There are two main issues:1) You typically want to let player&#x27;s machines have a little knowledge the player doesn&#x27;t, because if they peak around a wall, they should see an enemy, without having to wait for a round-trip before getting the information of the enemy they can see. Games often give out too much of this kind of information, but that&#x27;s because it is computationally hard to figure out if a player can &quot;almost&quot; see an enemy.2) Aimbots are basically impossible to check for on the server -- you can play a cat+mouse game (and games do) of seeing if players are consistently too accurate (or more likely, consistently too mechanical), but it&#x27;s very hard, and player-side anti-cheat is part of trying to control this.

It&#x27;s been a while and it never was my exact area so forgive the high level and any innacuracies! (hopefully someone smarter can chip in further!)It begins to fall down when you think in terms of interpolation and movement, if the server had to confirm your every movement it&#x27;d end up very jittery and feel awful as you ping back and forth between where your client state thinks you are and the server state thinks you are.Even the client is kind of guessing (visually) where it is a lot of the time, at least until the next physics or update tick comes in and all this means that the server is going to be doing a hell of a lot of guess work about the state of the clients.This article helps with reasoning around what a game is doing per-frame: <a href="https:&#x2F;&#x2F;gameprogrammingpatterns.com&#x2F;game-loop.html" rel="nofollow">https:&#x2F;&#x2F;gameprogrammingpatterns.com&#x2F;game-loop.html</a>Certainly though, I think in this day and age, for slower games you could probably do a better job of this on the server though -- and I&#x27;m sure people are working on it.

Validating input and physics is easy and is effective against some of the crazy cheats people ran on eg PUBG. But it’s much harder to “limit information”. For example in CS if someone is 95% hiding behind a smoke screen with just one foot sticking out, do you tell other players about this player or not? If you don’t, then you are depriving them of information they should have been able to see, if you do, then it still gives a cheater an edge because even if you do spot the foot you will probably have a hard time actually shooting at the player because his body is still hidden.And even if you can 100% accurately decide when to hide or show information or if you are outright just streaming the game to the players there are still cheats that you cannot detect this way because they only enhance player capabilities within what is possible for an honest human player. For instance a simple cheat can detect if another player’s head is under your crosshair and fire automatically (with a randomized delay to game anticheat systems.) Realistically cheats these days are more complicated and do way more to emulate human input. It’s not easy to conclusively tell if a player is cheating thus way or not just looking at his inputs in one game. Maybe he is just fast, maybe he has lower latency, maybe he is just pre firing at spots he knows an enemy is likely to come from. You can’t know for sure unless you know what’s actually going on on his PC and his peripherals. And if you start banning people using just statistics you will likely end up with many false positives.At the end of the day there is no silver bullet to cheating. Even if you fully control a player’s PC there are still ways to cheat in hardware [1]. You need to find the balance between annoying too many players with your anticheat and your game getting overrun by cheaters.[1] <a href="https:&#x2F;&#x2F;www.counter-strike.net&#x2F;newsentry&#x2F;6500469346429600836" rel="nofollow">https:&#x2F;&#x2F;www.counter-strike.net&#x2F;newsentry&#x2F;6500469346429600836</a>

too much effort, since you also want to play sounds from hidden sources

Doesn&#x27;t work because of the delay.

Games hardly eat up more than a megabit of bandwidth in practice, unless you start streaming. Even streaming games from the cloud to your computer will usually take less than 20-30mbps.Latency is the real killer, though. A 10ms round trip + a few ms of simulation time at 144Hz will have physics objects &quot;correct&quot; their position after 4-5 frames have already been rendered. Bump that up to 30ms (still a perfectly common amount of latency) and you&#x27;re reverting objects after 10 frames of animation.

The true killer is latency; the dominance of WiFi, and now the rise of home 5G internet.People who play Counter-Strike with their wifi router 3 floors below them in the basement under a pile of laundry will go on a crusade to complain as loudly and relentlessly as possible for Valve to &quot;fix the fucking hit reg&quot;.People have -zero- technical knowledge and get incredibly angry that they died to someone they didn&#x27;t even see.

You don&#x27;t want clients suffering a bad experience because they don&#x27;t have gigabit internet

Forgive my ignorance, but why don’t game developers put more effort into limiting the amount of data accessible to the client (restricting it only to what’s reasonably necessary)? For example, couldn’t more movement physics be validated or handled server side? Cheats might still be able to read some data from the game process, but ideally, they’d be limited to issuing inputs like any other player, based only on the same visible output everyone sees. Is it cost? Does this model just not align with how the client&#x2F;server split looks in games?

Meanwhile Vanguard can&#x27;t even stop crashing every game when you have a slightly non bog standard gaming system, e.g. with more than one adaptive sync monitor, Hyper-V or WSL installed ...

No, very few of them actually use kernel level anti cheat. Really the only game that use them is Riot&#x27;s games and Counter Strike private league FACEIT (as far as I remember).

Most online Games require kernel Level anti Cheat.

my friends got me in to valorent for a time, but I found the idea of a kernel level anticheat far too invasive

F2P creates this problem. If you&#x27;re eating $20-60 per account every time your anti-cheat is burned it isn&#x27;t much fun anymore. But if you can roll new accounts for free, there&#x27;s nothing to lose.

I don’t have any inside info, but I’d comfortably bet $20 that it’s phone number verification.

This was super interesting.Unsurprisingly, I see he didn&#x27;t have much to say about faceit and esea.I think CSGO anti-cheats are a league above the rest (I&#x27;m not sure why, maybe because the scene is more competitive?)

Basically AC providers put more effort for the AC&#x27;s resiliency than protecting the CDN. Does this count as Kerchoff&#x27;s principle?

Funny how the most advanced anti cheat just gives version info and executables in one nicely human friendly package. No need for gimmicks when you the work speaks for itselffwiw I couldn&#x27;t find the endpoint in question for vanguard, but I did find for all the riot games

MS is trying to limit kernel exposure: <a href="https:&#x2F;&#x2F;www.theverge.com&#x2F;news&#x2F;692637&#x2F;microsoft-windows-kernel-antivirus-changes" rel="nofollow">https:&#x2F;&#x2F;www.theverge.com&#x2F;news&#x2F;692637&#x2F;microsoft-windows-kerne...</a>I doubt they&#x27;ll end kernel-level AC, though. At best, they&#x27;ll get more stable kernel-level anti cheat because better APIs are available. Anti-cheat software would run as a hypervisor if it could, and even then it wouldn&#x27;t have enough access to catch all cheaters.

Isn&#x27;t the age or kernel level anti-cheat tech coming to an end, thanks to Crowdstrike mishap a year ago?

Slightly off topic, but I really like the design. I&#x27;ll probably steal fonts.

Inspector is telling me it&#x27;s &quot;ZedTextFtl&quot;, with &quot;Jetbrains Mono&quot; used for the monospace blocks.Edit - More info on it here:1) <a href="https:&#x2F;&#x2F;www.typotheque.com&#x2F;fonts&#x2F;zed-text" rel="nofollow">https:&#x2F;&#x2F;www.typotheque.com&#x2F;fonts&#x2F;zed-text</a>
2) <a href="https:&#x2F;&#x2F;www.typotheque.com&#x2F;blog&#x2F;zed-a-sans-for-the-needs-of-21century" rel="nofollow">https:&#x2F;&#x2F;www.typotheque.com&#x2F;blog&#x2F;zed-a-sans-for-the-needs-of-...</a>

off topic: What&#x27;s the font this website uses for the code? The font ligatures seem nice, but I also would have to get used to reading code like that.

Or just download and check the hash against older versions.

Valve&#x27;s approach was to avoid the cat and mouse game knowing it doesn&#x27;t lead anywhere. You can always cheat using DMA or reading the monitor with another computer that simulates a hardware mouse to get aimbot abilities.
They wanted a machine learning to detect, flag and ban suspicious behaviour.
This didn&#x27;t work out and I&#x27;m not sure they are still trying but there&#x27;s a few conferences talking about it.

EAC supports Linux nowadays, but developers have to manually check the box to enable it.

To be fair in the specific case of CS2, the normal modes without FACEIT are really barely playable. Most games are just a massive loss or win, depending on who has the suspiciously good player with 100 hours in their team.

There&#x27;s a number of good reasons not to make everyone run a kernel level anti-cheat. Linux (and therefore SteamOS) compatibility is a big one.I think the status quo where anyone on any platform can access the vanilla game -- where cheaters may not even be a huge problem depending on one&#x27;s skill rating -- and the most competitively-minded players have the choice to play on FACEIT, works pretty fine.I do wonder what the 90% of built-in game content you&#x27;re referring to actually is.

Ehh, pretty sad there&#x27;s almost no information on FACEIT anti-cheat. One of the most impactful out there. Wonder if it&#x27;s just the invasiveness that separates it.Valve can&#x27;t replicate even part of it, while CS2 game modes are flooded with cheaters. Most people who chase competitiveness (which CS used to be all about – now it&#x27;s also skins) just install FACEIT directly and ignore 90% of built-in game content.Maybe Valve just doesn&#x27;t want to make the game more difficult to install and sacrifice several % of their user base.

It seems some versions of proton have anti-cheat compatibility patches, for instance for WuWA (still don&#x27;t really understand why they need some anti-cheats, I have some ideas, but all are not wroth an anti-cheat).

Anticheat Update Tracking