• CleoTheWizard@lemmy.world
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    8 months ago

    Rootkits are dumb because the gaming industry is not trying with their anti-cheat software. It is so easy to cheat in these games even with a rootkit that it’s unbelievable.

    Since the industry is moving this direction, I would like it far more if the OS just had a mode that essentially separated your normal OS from one used to play Esports titles. Put a wall between those operating modes, get rid of the desktop, and only boot the game and maybe a control panel.

    The OS can then dump whatever it wants to the game without the game having control of my entire PC and file system. This seems like an obvious solution since it’s kind of the best of consoles without the worst of consoles.

    • justJanne@startrek.website
      link
      fedilink
      arrow-up
      4
      ·
      8 months ago

      That’s still not gonna help at all. There are already hardware cheats using an nvidia jetson nuc, an hdmi splitter, and a usb interceptor plugged between mouse, keyboard and computer.

      Using just image recognition and slight adjustments to your mouse movement you can already get an impossible to detect aimbot.

      Now the real question is: why are cheats bad? If a cheater is flying in godmode, sure, that ruins the game. But if the game forces cheaters to play the same way top human players are playing… If you can’t tell the difference, does it matter?

      By just running all simulation server side and banning superhuman reactions you can easily ban all superhuman cheats. Matchmaking will just sort players by skill and you’ll have a peaceful game again.

      If you’re playing chess, you don’t know if your opponent uses a chess computer or not. And it doesn’t matter. The game is still fun.

      • CleoTheWizard@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        8 months ago

        if bots played like humans, I think it’d be a different conversation but they don’t. And we don’t have a good way to restrain them into only playing like humans. Sorting people by skill is already what is being done but that also isn’t working. And most heuristics have their limits and can catch normal players.

        But all of it is kind of irrelevant, most players aren’t using sophisticated cheats. They’re just injected cheats which are hard to detect within the program, hence the rootkits. Now if we could restrain them to playing like normal people, I’d still hate them because I don’t play PvP to play against bots. If people did that, then in-person chess would have no appeal.

        • justJanne@startrek.website
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          Of course we can restrain them into playing like humans. That’s the entire point.

          But doing that costs a few cents more for the server operators, which is why most PvP games aren’t doing that.

          Minecraft PvP servers are running entirely server side anticheat, and there’s still a competitive PvP community in that game.

          Now if we could restrain them to playing like normal people, I’d still hate them because I don’t play PvP to play against bots.

          Again, if you can’t tell the difference, why does it matter if it’s a bot or a person?

          • CleoTheWizard@lemmy.world
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            8 months ago

            If you mean that bots can be restrained within the same rules as normal players, sure. If you mean that cheats will be forced to mimic human players, no.

            For instance, how would you catch someone who can see through walls in a game? You can check if their crosshair follows someone through a wall maybe. But most of it is about game sense. So someone who is walking is undetectable by heuristics and by server side anti-cheat.

            This is also the same for radar hacks. Or if you play a MoBa, screen alert hacks. All they do is boost player performance without being detectable. Most server side anti-cheat can only pick up on certain things, I don’t know Minecraft’s solution but I doubt it catches disguised cheating via code injection.

            The reason I care about people cheating is that there’s an actual competition and it’s a social thing. If I wanted to play bots, I’d play bots. But I don’t and I don’t know of any game with serious competitors who would accept cheating so long as it “looks legitimate.” Because then why play? Why put in hours of practice to get better at something that I could click a button and be better at?

            Cheating will continue to kill games and at this point I have basically retired from PvP since it’s gotten so bad.

            • justJanne@startrek.website
              link
              fedilink
              arrow-up
              3
              ·
              edit-2
              8 months ago

              This is also the same for radar hacks. Or if you play a MoBa, screen alert hacks. All they do is boost player performance without being detectable. Most server side anti-cheat can only pick up on certain things, I don’t know Minecraft’s solution but I doubt it catches disguised cheating via code injection.

              The real question is: why does the client even know about players who aren’t visible to them?

              The solution with Minecraft PvP is simple: if you can’t see a player, the server won’t even tell you the player exists.

              If you use a wallhack you can see players walk behind a wall and then just disappear as if they had logged out, and suddenly reappear from behind the wall on the other side as if they had logged in.

              What Minecraft anticheat systems do is relatively simple:

              1. They only send information to clients if the players should have that information as well
              2. after every movement, action, etc they calculate whether the movement you did would have been possible by a real human given the information you should have had at that point, and if not, you’re banned
              3. all actions and movements are compared over minutes of gameplay and, if your actions are too different from all other players, sent to review by a human (and potentially banned)

              You don’t need to install anticheat on the player’s computers. The players can run all the mods and cheats they want, but cheaters can only see the same information as all other players, can only move the same way as all other players, and can’t shoot faster or more precise than any other player.

              So while some people may still be cheating, at that point you can’t tell the difference anymore.

              For comparison, this is btw how all other software outside of gaming is written. In all other parts of computer science you’d get fired if you did what game developers do.

              Imagine if reddit would send all DMs to all users and only make the DMs invisible on the client. That’d be an immediate lawsuit. Instead, the server validates who should be able to see what and only sends that information.

              Or imagine if banks allowed anyone to make any transaction they wanted, only the banking app verifying that you’ve actually got that much money. Utterly ridiculous. Of course the servers validate whether you should actually be allowed to do that.

              As result, writing third party apps for most websites is allowed, the EU even requires banks to support third party apps, but modded clients for videogames are considered a security risk. What the fuck.

              • CleoTheWizard@lemmy.world
                link
                fedilink
                arrow-up
                3
                ·
                8 months ago

                Ah I see your point and I’d be interested in what that implementation looks like. I think it would highly depend on the game so the type of thing you’re talking about is more applicable to Esports titles.

                The culling of players beyond eyesight or through walls is absolutely something that can be done to minimize cheats. If I remember right, CS has been doing this for a long time. However it has limits. Ping becomes very important as the culling will screw up interpolation.

                Then you start talking about cheaters moving and aiming like real players, that can get hard because you have to set acceptable limits on these things. I don’t think it solves the problem though.

                Even if someone using cheats is kept within the bounds of maximum human performance, well, they can still outperform most humans can’t they? And that doesn’t solve much of my issue. Like say we set cheating limits in actual sports at the best players capabilities, how do we even know what those are? And if someone normal dopes and can perform at that high level, it’s wrong. And it’s wrong at any skill level to do so. Because it undermines the sport or game.

                Now I think this can easily be better in most games. Most games don’t even ban people who are sliding around the map at inhuman speeds and getting 50 headshots a minute. CS doesn’t even do that and I have no idea why. The bar is in the floor for stopping cheaters honestly.

      • ☆Luma☆@lemmy.ca
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        8 months ago

        By the point of ‘superhuman’ gameplay, it’s less about physical reactions and more about mental foresight or gamesense. Ducking, sliding, bhopping and any tech involved to navigate… planning how your opponent will move around your positioning in relation to their own objectives… Individual players have quirks by this point that can be discovered and exploited, and you are both playing a game to discover & exploit; Deceive & switch-up.

        When someone is exclusively reacting to you perfectly rather than incorporating the above, you know. It’s wildly demotivating because now we’re not playing this high-skill game, we’re playing a game of endurance since they always know player locations and will almost always get the first shot… The only two winning moves is you leave or the hacker leaves. It’s a waste of everyone’s time just for some narcissist to feel good (I can say that, I used to do it so I get the power thrill).

        It sucks and anyone who’s pushed their competitive gameplay to the edge will recognize a hacker when they see one. So yes, players can tell the difference (including chess players!!), it’s the anti-cheat that can’t. Kind-of like how that one MS guy discovered a backdoor due to a 500ms delay, but a virus protector sees everything hunky-dory.

        Source: used to religiously/no-life play competitively

        Also, no, matchmaker will not separate these people appropriately. The cheaters will smurf just to dunk on lower-skill players. You can buy game-keys on russian websites for dirt cheap, so it’s very worth it if you have the $$$ to burn. Path of least resistance to feeling power.

        • justJanne@startrek.website
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          If you’re always reacting perfectly, that too can be discovered and used to ban people.

          Also, regarding cheap game keys, those would be useful for one or two matches before they’d be banned.

          For reference, all Minecraft PvP anticheat is 100% serverside, and yet a competitive PvP community exists.

          • ☆Luma☆@lemmy.ca
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            I think you’re missing the point of why they’re buying cheap game keys. In fact, it sounds like you think a ‘ban’ is something bad to these players or will stop them. If it did, I’d probably be enjoying Rust still.

            Not even VAC bans are perfect, although it typically stops the poor unfortunate kids who truly don’t know better at least.

            Minecraft anticheat won’t be perfect either. It is a necessary and functional safe guard as is usually the case with anticheat (minus rootkits, fuck those useless tools), but people will always slip through. Note what other people in this thread are saying.

            • justJanne@startrek.website
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              8 months ago

              Note what other people in this thread are saying.

              Sorry, but being a developer I can tell when players are just repeating half-truths they read online.

              There’s no reason why strategies that work in any other kind of computer science shouldn’t work in gaming.

              In fact, it sounds like you think a ‘ban’ is something bad to these players or will stop them. If it did, I’d probably be enjoying Rust still.

              The difference between an attack costing $0.00 and $$0.01 is enough to reduce attack volume by orders of magnitude.

              Even just costing the attacker 30 seconds is enough to have a massive effect, which is why captchas exist.

              Game keys tend to be in the $1 - $5 range, which makes bans an extremely useful tool.

              • ☆Luma☆@lemmy.ca
                link
                fedilink
                arrow-up
                2
                ·
                8 months ago

                I apologize as I seem to have made myself unclear. I’m not disagreeing or saying these security measures aren’t useful, I was just stating the fact that people can and do get through these systems and players in this case can detect them even when security measures can’t.

                To your point, as that $$0.01 makes a difference, VAC bans also make a difference by preventing kiddies from jumping back in with their purchased cheat program. That’s great. However, there are ‘whales’ that don’t care for the cost, and even though they’re a small number they have an influential contribution to the negative experience these people can bring.

                I’m not a security researcher or a developer so I don’t know what security measures are ever in place or what the hackers do to get through. I mostly play lots of games and once-upon-a-time would dig up free (likely infected) cheat programs that got through anti-cheat and contributed to the cycle that’s ongoing today.