| ▲ | hastily3114 an hour ago |
| Is there really no way to make anti-cheat on Linux that can't be bypassed? I don't know much about this, but it seems very difficult to make an anti-cheat for a platform where you can make changes in the kernel. |
|
| ▲ | jsheard an hour ago | parent | next [-] |
| A trusted entity (probably Valve) could provide a locked down distro where kernel integrity is enforced through secure boot and TPM attestation, but that would mean giving up some control over your own system. There's no guarantee that anything client-side is impossible to bypass of course, but the goal would be to more or less match what Windows offers, which isn't perfect either. |
| |
| ▲ | ChocolateGod an hour ago | parent | next [-] | | > giving up some control over your own system There could simply be a developer option that disables these integrity checks but subsequently breaks online games that rely on them. Valve could also offer a module that allows signed user-space binaries access to kernel space, which would be an improvement over Windows offers in that anti-cheat wouldn't need to live in the kernel. I think that's a fine trade off. | |
| ▲ | Hikikomori 17 minutes ago | parent | prev [-] | | Could reboot into secure mode for these types of games. |
|
|
| ▲ | soloridindan an hour ago | parent | prev | next [-] |
| I think the moment you accept data from the client as truth you've lost the battle already, everything else is just damage control. Loads of games have realized this and kept checking game rules on the serverside and reveal data on a need-to-know basis. This makes it nearly impossible for cheats to be made because anything you know you should know, and everythin you act is parsed by the backend according to rules already present |
| |
| ▲ | jsheard an hour ago | parent | next [-] | | Some kinds of cheating can be mitigated that way, but it can't really stop cheats which just play the game more optimally than the user is able to, using the same inputs and outputs that a legit player would use. Aim assistance in shooters, perfect parries in fighting games, economy-breaking levels of automation in MMOs, and so on. There's also practical limits to how much data you can filter out in complex 3D games, both due to performance constraints, and because culling information too perfectly can cause things to pop into existence too late under non-zero network latency. The effectiveness of ESP cheats can be reduced, but not eliminated. | | |
| ▲ | nkrisc 22 minutes ago | parent | next [-] | | You could probably detect those kinds of cheats heuristically on the server. There are limits to human ability. It’ll take more time to catch the cheaters, but I’m sure it’s possible. This player is posting 30 auctions per second. Bot. This player is turning at a rate of 500 radians per second to make perfect headshots. Bot. | | | |
| ▲ | soloridindan an hour ago | parent | prev [-] | | I think anything that relies on reflex alone is flawed design. You can design around this, by for example in Dota2 it doesen't matter how fast you click an entity, because the turnrate of your character is limited, so a person clicking reasonably fast and a bot clicking in 0.01ms both arrive there at the same time. Precision also doesn't matter, because a player can click the icon of the enemy instead of trying to match the pixels on screen. MMO scripts that use information already given by the game just seem like the MMO should invest in UX instead of trying to ban people for using the tools the game already gives them. | | |
| ▲ | vkou an hour ago | parent [-] | | Unless DOTA2 is running at a ~3 tick rate (Which it's not), even taking account processing delays and action batching, a bot will always have faster reaction times than an actual player. It will also never misclick. This problem is magnified in a shooter game, which would be unplayable with that kind of batching, but where a cheater with an aimbot is actually impossible for a legitimate player to beat. | | |
| ▲ | soloridindan an hour ago | parent [-] | | After you click, the character will begin to turn, which can take several hundred ms. A delta of couple ms compared to the time it takes to turn is completely negligible and even an inch better positioning of a character, or having a character with items or stats that makes them turn faster (because picks are asymmetric) will make several magnitudes more of an impact. If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter | | |
| ▲ | komali2 35 minutes ago | parent | next [-] | | > If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter This is interesting, because I feel like the fundamental gameplay of an fps is players exposing themselves to each other's field of view, and then trying to click the other's head first. Skill is a measure of map knowledge (so you can try to expose yourself to a possible field of view but not where the enemy is actually looking at that moment) and speed of clicking head. How would you design FPSs to remove this "bad game design?" | |
| ▲ | Hikikomori 3 minutes ago | parent | prev [-] | | >If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter From the servers perspective you always kinda do that for fast movements as the client send rate usually isn't more than 60hz. |
|
|
|
| |
| ▲ | brettermeier an hour ago | parent | prev | next [-] | | However, this only solves the cheat problem to a minimal extent. There is a lot of important data that players should not be directly aware of, but which is important for the game. For example, it is important for calculating sounds to know where enemies are nearby, even though you cannot see them, which makes wall hacks possible, etc. | | |
| ▲ | soloridindan 44 minutes ago | parent [-] | | Sounds are core to shooters and very much within the expected abilities of the players to hear them. If anything, I'd incorporate this kind of indicator in the game itself, allowing for deaf people to "hear" footsteps as well |
| |
| ▲ | vkou an hour ago | parent | prev [-] | | That only solves half of the cheating problem - illegal inputs from clients. The other half is much harder to solve. For a simple example - my client knows that there is an enemy player around a corner. It knows exactly where that player is, because that player is walking, and making noise. A cheats could allow the cheater to see his opponent's player's model through the wall. For a more blatant example, consider cheats in a first-person shooter that just snap your aim to the nearest enemy's head. This involves zero violation of the game's logic, and also makes the game completely unplayable for everyone in a lobby. | | |
| ▲ | soloridindan an hour ago | parent [-] | | You already know where an enemy is if you hear them behind the wall, you don't need a cheat to tell you that there is noise coming from other side of the wall. The server also doesen't need to tell you they are behind it if they're sneaking. A game that allows zero home-in time sounds like a flaw in the game and something solvable on the serverside. You can replace a playermodel with wider "sound coming from around here" if you want to make it even harder for a cheat to pinpoint a sound | | |
| ▲ | ChocolateGod an hour ago | parent | next [-] | | > The server also doesen't need to tell you they are behind it if they're sneaking This requires the server to calculate line of sight checks for every player, which is costly, requires loading the entire geometry into the server and would be horribly prone to latency. Then you're looking at potential performance problems on the client due to only knowing about a player the second its in view and having to stream the assets to the GPU, which if don't happen in time for the frame you'll experience as hitching. > You already know where an enemy is if you hear them behind the wall Yes but this requires using your brain rather than just seeing them straight up through a wall. | |
| ▲ | __alexs 31 minutes ago | parent | prev | next [-] | | I feel like you've only played 1 genre of video game or something. | |
| ▲ | vkou 32 minutes ago | parent | prev [-] | | > You already know where an enemy is if you hear them behind the wall, You know they are somewhere behind the wall, you don't know which exact angle they are behind the wall, because headphones and our ears don't work with that degree of accuracy. The cheater can just swing the corner with his cursor already pre-positioned exactly on his target. Between peeker's advantage (inherent to any online game with latency) and human reaction time, there's not a lot you can do to fight that. |
|
|
|
|
| ▲ | 63stack 41 minutes ago | parent | prev | next [-] |
| There is no way to make anticheat that can't be bypassed, regardless of OS. All of the anticheat games today have cheaters. |
|
| ▲ | RobotToaster 36 minutes ago | parent | prev | next [-] |
| Linux is resistant to rootkits, which is what these things are, and allows you to remove them, yes. The correct solution is to verify everything server side, or actually have humans watch replays and ban cheaters, but both of those would reduce profits, so will obviously never happen. |
| |
| ▲ | lan321 10 minutes ago | parent [-] | | IMO the real solution is back in community servers and votekicking.. It works on old games with no anticheat measures.. Maybe add some blatant detection for people teleporting and doing other absolutely impossible things serverside, but I don't understand why my team has to ruin their 'reputation' teamkilling a cheater so he doesn't ruin the game completely in most current games when the anticheat only catches free, old cheats. Just let people votekick and find someone else in the matchmaking queue who's willing to join halfway through.. Once votekicked enough times you can escalate to the AI (always indians) for automated (manual) review. Also, you don't even have to ban cheaters. Just isolate them to play with each other. Some might find it fun and keep away from the normal players. Edit: The 'issue' with community server manual review and votekick is you can be kicked for being cracked or garbage at the game legitimately, but TBH at this point you're ruining the fun of everyone else, so you should probably get in another server/match.. Also that premades can have majority, but that's easily solved by reducing their vote weight. |
|
|
| ▲ | kachapopopow an hour ago | parent | prev | next [-] |
| Linux explicitely allows you to do things that makes cheating *really* easy. There is also complete lack of secure boot and a way to validate that your kernel hasn't been compromised. I mean seriously, making a cheat for a proton supported game that no anticheat has any hopes of detecting are in 100 lines of a kmod driver and 1 console command: insmod. On windows you at least need to use scuffed tools like KDU to bypass signature verification requirements and every anticheat can detect you with a simple physical memory scan. |
| |
| ▲ | rcxdude an hour ago | parent | next [-] | | Linux supports secure boot just fine, it's just happy (correctly, IMO) to give the keys to the user and not the developer. | | | |
| ▲ | kalaksi an hour ago | parent | prev [-] | | > There is also complete lack of secure boot That's not true, though? |
|
|
| ▲ | Zak an hour ago | parent | prev [-] |
| I think the most stringent types of Windows anti-cheat rely on remote attestation of the operating system. It's theoretically possible to design a Linux-based OS that supports such a capability, but the sort of people who choose Linux are unlikely to accept a third party having the final say over their computer. I, for one am disappointed that anyone has accepted it. Once it's widespread, service providers can demand it, as we're seeing with mobile banking apps and game anticheat. |
| |
| ▲ | Cu3PO42 an hour ago | parent [-] | | I also strongly dislike requiring remote attestation for any kind of software I want to run. But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do. Personally, I run Windows purely for gaming and don't let it near any important data. For the latter, I boot into Linux with separately encrypted disks. | | |
| ▲ | progbits 11 minutes ago | parent [-] | | I'm doing the same but I worry about windows compromise messing with the bootloader so then encrypted linux drive won't save me. Probably too paranoid though? |
|
|
