_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
URI Visit Hacker News on the Web
COMMENT PAGE FOR:
URI How kernel anti-cheats work
samgranieri wrote 2 hours 10 min ago:
I think I'll just stick to simple games on iOS/iPadOS or just use my
Nintendo Switch. These anti-cheat systems are far too invasive for my
liking. I also worry about those things being hacked! The last time i
built a gaming pc was 20 years ago, and i was playing Doom, FEAR, and
Half Life Two.. Then i did some simple gaming on macOS
davispeck wrote 2 hours 36 min ago:
Kernel anti-cheats are a fascinating example of security trade-offs.
They solve a real problem (cheats running at higher privilege levels),
but at the same time they introduce a massive trusted component into
the OS. You're basically asking users to install something that behaves
very much like a rootkit, just with a defensive purpose.
samgranieri wrote 2 hours 8 min ago:
remember when Sony put a rootkit an an audio cd to prevent people
from ripping the cd?
alstonite wrote 4 hours 20 min ago:
Itâs crazy to me how hard people work to effectively ruin a game for
themselvesâ¦
Imagine putting in this much effort to play Minecraft survival but on
creative mode. It just doesnât sound fun
gzread wrote 3 hours 56 min ago:
They're getting some actual reward from having a big win/loss ratio.
I don't know if that's monetary or just the feeling of being the best
but I'd expect the latter group to realise this is all nonsense
before spending money on hardware.
mikkupikku wrote 4 hours 58 min ago:
It's a whole lot of effort to go through just so corporations can get
gamers playing with strangers instead of friends, while taking the
whole thing way too seriously. You need anticheat when you want
competitive rankings and esports leagues, but is any of that actually
any better than just playing casual games with people you know and
trust to play fair?
trostaft wrote 4 hours 42 min ago:
Yes it can be? This is a very strange statement to me. Many genuinely
like testing themselves against other people, improving over time,
and seeing how they stack up. Competition is a pretty basic human
thing, e.g. sports, chess, card games, and therefore video games. And
competing with the world is a far grander challenge than those you
explicitly know.
Not everyone enjoys that, and thatâs fine, but acting like itâs
somehow unnatural or pointless feels way off.
mikkupikku wrote 4 hours 26 min ago:
I know gamers are drawn to it, that's why the game corps like it so
much. But is this actually good? So very often with these hyper
competitive games played between strangers competing for global
ranking, the whole thing turns very toxic, with gamers often
seeming to not even enjoy the moment to moment process, often
raging at their incompetent team mates or raging at their opponents
for supposedly cheating, or whathaveyou. All the while, not
developing relationships as they could be if they were playing
something with friends. Elevated cortisol levels, when they could
be chilling out. Obviously it's profitable, but is it good?
sleight42 wrote 3 hours 29 min ago:
This is why I keep asking myself if I should continue playing
Marathon or just exclusively play ARC Raiders. The latter can be
far more relaxing yet still challenging. The former encourages
that hyper-competitiveness that often stresses me out.
trostaft wrote 3 hours 29 min ago:
Respectfully, I think you're missing my point.
> So very often with these hyper competitive games played between
strangers competing for global ranking, the whole thing turns
very toxic, with gamers often seeming to not even enjoy the
moment to moment process, often raging at their incompetent team
mates or raging at their opponents for supposedly cheating, or
whathaveyou.
This is very true! I'll further grant that many competitive video
games have pain points that fester this. Competition, facing
failure, and recognizing that what they perceived to be a fair
challenge wasn't so (e.g. cheating) does sometimes out the worst
in people.
However, my point is that competition, and enjoying it, is
something that's been fundamentally human for all our recorded
history. The sensation of straining against the edge of your
capabilities, to overcome a wall, and then succeeding even just
barely is supreme. Competitive video games are just a subset of
activities that appeal to this. And I think just as much as they
are infuriating, they are also good!
Moreover, competitive video games can also be fairly social.
Playing a chiller game with friends is one way to socialize, that
I have nothing against. But there's also special bonds that are
forged through shared struggle, even minor. For example, the
fighting game community has a very strong local scene. If you can
play fighting games, in most major cities in NA you can attend
your local and make friends. With team competitive games, invite
your homies.
Once again, I definitely do not dispute that competitive video
games can be toxic. Especially in today's online culture. Taking
fighting games as an example again, the online, anonymous,
communities can be quite toxic. Ah, now that I've written this
far, I'm realizing that maybe I've missed your point? Are you
saying that it's specifically the strangers, that you never get
to know and therefore trust, that makes this worse off?
not_a9 wrote 5 hours 1 min ago:
Uh, isnât the IDT one of these things that PatchGuard explicitly
checks? Mind you, anticheats keep PatchGuard corralled these days
because they want their own KiPageFault hooks assuming HVCI is not in
place.
The article doesnât go too in depth on the actually interesting
things modern anticheats do.
In addition:
- you canât really expect .text section of game/any modules except
maybe your own to be 100% matching one on disk, because overlays will
hook stuff like render crap (fun fact for you: Steam will also
aggressively hook various WinAPI stuff presumably for VAC, at least on
CS2)
sylware wrote 8 hours 5 min ago:
Kernel anti-cheats are weaponized by hackers. It is all over HN.
Play games which are beyond that: dota2, cs2 for instance.
On linux, there is a new syscall which allows a process to mmap into
itself the pages of another process (I guess ~same effective UID and
GID). That is more than enough to give hell to cheats...
But any of that can work only with a permanent and hard working
"security" team. If some game devs do not want to do that, they should
keep their game offline.
sholladay wrote 8 hours 42 min ago:
A lot of the techniques that both sides use would be much harder on
macOS. Of course, Hackintoshes have always existed and where thereâs
a will, thereâs a way. But it makes me wonder how this would evolve
if Apple eventually gets its act together and makes a real push into
gaming.
AlyssaRowan wrote 9 hours 13 min ago:
It is, of course, only a matter of time - just like kernel-level copy
protection and Sony's XCP - before something like Vanguard in
particular is exploited and abused by malware.
Himata is correct, too. After DMA-based stuff, it'll be CPU debugging
mode exploits like DCI-OOB, some of which can be made detectable in
kernel mode; or, stealthier hypervisors.
glelellnngn wrote 4 hours 55 min ago:
This has already happened.
RobotToaster wrote 9 hours 41 min ago:
Remember when sony got a huge pushback for putting rootkits on CDs?
Now industry propaganda has gamers installing them voluntarily.
Razengan wrote 10 hours 10 min ago:
Hear me out:
How about this: Instead of third-party companies installing their
custom code to fuck with my operating system,
How about just having the OS offer an API that a game can request to
reboot the OS into "console mode": A single-user, single-application
mode that just runs that game only.
Similar to how consoles work.
That mode could be reserved for competitive ranked multiplayer only.
denalii wrote 10 hours 43 min ago:
The amount of people in this thread who very clearly don't play
competitive video games, let alone at a remotely high level, is
astounding. The comment "it's your god given right to cheat in
multiplayer games" might legitimately be one of the most insane takes
I've ever read.
Kernel anticheat does work. It takes 5 seconds to look at Valve's
record of both VAC (client based, signature analysis) and VACNet
(machine learning) to know the cheating problem with those technologies
is far more prevalent than platforms that use kernel level anticheat
(e.g. FACEIT, vanguard). Of course, KLAC is not infallible - this is
known. Yes, cheats do (and will continue to) exist. However, it greatly
raises the bar to entry. Kernel cheats that are undetected by FACEIT or
vanguard are expensive, and often recurring subscriptions (some even
going down to intervals as low as per day or week). Cheat developers
will 99% of the time not release these publicly because it would be
picked up and detected instantly where they could be making serious
money selling privately.
As mentioned in the article, with DMA devices you're looking at a
minimum of a couple hundred dollars just for hardware, not including
the cheat itself.
These are video games. No one is forcing you to play them. If you are
morally opposed to KLAC, simply don't play the game. If you don't want
KLAC, prepare to have your experience consistently and repeatedly
ruined.
himata4113 wrote 11 hours 14 min ago:
I'll simplify for everyone: They don't. Although I do appreciate the
author delving into this beyond surface level analysis.
Modern cheats use hypervisors or just compromise hyper-v and because
hyper-v protects itself so it automatically protects your cheat.
Another option that is becoming super popular is bios patching, most
motherboards will never support boot guard and direct bios flashing
will always be an option since the chipset fuse only protects against
flashing from the chipset.
DMA is probably the most popular by far with fusers. However, the cost
of good ones has been increasing due to vanguard fighting the common
methods which is bleeding into other anticheats (some EAC versions and
ricochet).
These are not assumptions, every time anticheats go up a level so do
the cheats. In the end the weakest link will be exploited and it
doesn't matter how sophisticated your anticheat is.
What does make cheat developers afraid is AI, primarily in overwatch.
It's quite literally impossible to cheat anymore (in a way that
disturbs normal players for more than a few games) and they only have a
usermode anticheat! They heavily rely on spoofing detection and
gameplay analysis including community reports. Instead of detecting
cheats, they detect cheaters themselves and then clamp down on them by
capturing as much information about their system as possible (all from
usermode!!!).
Of course you could argue that you could just take advantage that they
have to go through usermode to capture all this information and just
sit in the kernel, but hardware attestation is making this increasily
more difficult.
The future is usermode anticheats and gameplay analysis, drop kernel
mode anticheats.
No secure boot doesn't work if you patch SMM in bios, you run before
TPM attestation happens.
LtWorf wrote 4 hours 6 min ago:
Taking a probabilistic approach to ban people⦠so if enough people
start cheating it's fine?
Aurornis wrote 5 hours 13 min ago:
> Another option that is becoming super popular is bios patching
I wouldnât call BIOS patching âsuper popularâ. That sounds like
an admission that anti-cheat is working because running cheats now
requires a lot of effort. Now that cheats are becoming more involved
to run, itâs becoming less common to cheat.
When cheats were as simple as downloading a program and you were off
to cheating, the barrier to entry was a lot lower. It didnât
require reboots or jumping through hoops. Anyone could do it and
didnât even have to invest much time into it.
Now that cheats are no longer an easy thing to do, a lot of would-be
cheaters are getting turned off of the idea before they get far
enough to cheat in a real game.
> Of course you could argue that you could just take advantage that
they have to go through usermode to capture all this information and
just sit in the kernel, but hardware attestation is making this
increasily more difficult.
Didnât the first half of your post just argue that these measures
can be defeated and therefore you canât rely on them?
himata4113 wrote 3 hours 47 min ago:
Cheating is so addictive that it doesn't matter if it's more
difficult to cheat. I have peronsally interacted with people that
just want to spin-bot.
Anticheats, especially kernel-mode ones does not make the problem
smaller. All they do is make it more rewarding for capable people.
NikolaNovak wrote 2 hours 10 min ago:
Can you tell me more? I'm curious about motivations.
* I use easy cheats for single player games - for example,
infinite jumps in cyberpunk 2077 are just huge amounts of fun :)
* I have zero desire for cheating in multilayer games. Not some
high morality righteous horse, just, what's the point? I have fun
even when I lose, and having something else play for you takes
away from visceral fun that I get.
* I could understand, even if not agree, people who cheat for
profit. That's the basis of all crime everywhere.
* I do not understand people who cheat in multilayer games
not-for-profit. It feel you need to have both a) some sort of
anti social / non social tendency, and b) dopamine rushes along
pathways I don't.
I'd be genuinely curious to hear about your acquaintances who
cheat in multilayer for no profit and why they do it :-)
himata4113 wrote 1 hour 50 min ago:
Some use it to make money, boosting etc.
Some are just addicted, they really love the game, but playing
without cheats doesn't make them feel anything so they pick the
easiest solution: continue to cheat... forever.
Some are just delusional, they do not want to deal with the
reality that they're not good at the game without cheats.
Some are just trolling and want to spinbot piss people off,
make people angry. It's what makes them happy.
Some don't have a choice, they started their competitive career
with cheats.
Some justify it that "I made the cheat, I deserve to use it"
If you want more I got a whole book of reasons. I am in a
unique situation since I happen to be friends from back when I
was cheating a lot my self, in that time I established
relationships with a lot of developers and personally for me it
was curiosity that got me not only into cheating, but the whole
process and development. I ended up just making roblox games
though.
Aurornis wrote 3 hours 42 min ago:
Having gamed on and off over the years, I donât think the
average cheater is actually a highly motivated super genius who
derives reward from patching their BIOS or installing PCIe DMA
cards to an entire second computer built for the purpose of
cheating.
The average cheater is (or was) basically a troll. They delighted
in the act of ruining other peopleâs games, not installing the
cheat. The harder you make it for them to get to that point, the
less enjoyment they get.
The people you describe who are in it for the thrill of breaking
through are not the ones playing 6 hours every night because the
game itself is not the thrill. Itâs the exploration of the
hardware and software. They might get cheats set up, but once
itâs working they get bored with the game and move on to
another technical challenge.
hamdingers wrote 55 min ago:
> The average cheater is (or was) basically a troll.
This observation is at least a decade out of date.
The average cheater/cheat developer in 2026 is doing it to make
money. Either boosting accounts, training accounts to sell,
gathering collectibles to sell, or selling access to the cheats
themselves.
himata4113 wrote 2 hours 52 min ago:
I wish this was the case, but cheating addiction is real and
there's people with PCs from 2016 spending $100+ on cheats a
month. If they're spending that money they're also dedicated
enough to jump through some hoops.
xboxnolifes wrote 1 hour 41 min ago:
You two aren't disagreeing, your just describing different
groups of people.
vbezhenar wrote 6 hours 25 min ago:
I'm playing WoW and I've heard lots of compains about Blizzard
banning innocent players. Just recently there was a wave of complains
that they banned players who spent a lot of time farming one dungeon
(like 10+ hours per day).
I, myself, got two accounts banned and I was innocent. I managed to
make it through support and got them unbanned but I'm fairly certain
that many players didn't, because they seem to employ AI in their
support.
So I'm a bit skeptical about that kind of behavioural bans. You risk
banning a lot of dedicated players who happened to play differently
from the majority and that tend to bring bad reputation. For example
I no longer purchase yearly subscription, because I'm afraid of
sudden ban and losing lots of unspent subscription time.
himata4113 wrote 3 hours 46 min ago:
I agree that it's a problem, having a strong support system for
remediating false bans is very important.
Levitz wrote 4 hours 22 min ago:
I think you are right on every point, but I think it's worth noting
that WoW is kind of a different beast.
You don't play a "match", you don't play "against" other players
most of the time, in this context "botting" and "cheating" overlap
because having your character do stuff 24/7 unattended is an
evident advantage over the rest of the population, but it's not
like you are hindering anyone's progress directly the vast majority
of the time doing so.
How often does actual cheating happen in WoW, anywhere it matters?
M+? Raiding? PvP?
vbezhenar wrote 2 hours 47 min ago:
Most of cheating is botting. When bots farm dungeons or other
activities, earn gold and then that gold is being sold at black
markets for dollars to other players.
That's indirectly hindering other players progression, because it
causes deflation (so you can't earn as much gold selling your
ores); because it causes inflation (more circulating gold, yes,
these are contradictory); because it denies other player farm (if
bot gathered ore, other player have to search for another vein)
and so on; also illegal gold selling increases expectations
(other players bought super good gear, why don't you do that) and
causes burn-out (because farming gold fairly is much more hard,
than just buying it).
But mainly it just makes players angry, because they can see
these bots moving in a predetermined route and stealing resources
from their noses. I'm not really sure if bots are that bad in the
grand scheme of things, but living players certainly don't like
to compete with automatons.
There were also cheaters who used instant cast interruptions at
arenas, but it seems that competitive PvP is not that popular
nowadays so I'm not sure how it's wide spread.
Thaxll wrote 8 hours 27 min ago:
Kernel AC is currently the best way to protect against cheats by far,
the game with the strongest protection is Valorant and it works very
well. OW2 is lightyears behind Valorant.
Not sure what your point is. Most of your post is inaccurate, DMA
cheats represent the minority of cheats because they're very
expensive and you need a second computer.
himata4113 wrote 7 hours 52 min ago:
elitepvpers - it's public. DMA cheats have grown and are the
primary way people cheat in games these days it makes around
5m/month [retail] just from one of the providers that I know in the
scene this includes selling the hardware, the bypass and the cheats
(not under the same umbrella for obvious reasons).
The scene has shifted immensely in the last few years, everyone and
their grandmother has DMA now, I mean you can buy these off amazon
now. Korean's are a bit stuck since most of them use gaming cafes
so they've been slow adopters, but cafe shops have the benefit of
using an old version of hyper-v which allows you to just use the
method described above. Hyper-V cheats are the most popular for
valorant.
I would argue that valorant and overwatch are pretty much on the
same level based on what it feels to play. I've seen just as many
visible cheaters in valorant as in overwatch. Although I will admit
that I am pretty outdated myself since around mid 2025. Valorant
allows you to ** around so that might be related, overwatch bans
rage hackers way faster than valorant does as well.
So no, my post is pretty accurate.
Thaxll wrote 7 hours 10 min ago:
OW2 is very different from CS and Valorant, OW does not suffer
from cheat the same way because it's not a pure aim based game
game with hitscan as the main thing. The vast majority of classes
don't benefits from cheat like other fps do.
I did main support and tank at master level in OW and beside esp
there is 0 benefit of cheating.
himata4113 wrote 6 hours 37 min ago:
Asked a guy I know since 2021 said that ability helpers are the
most important features for an overwatch cheat and that ESP is
basically unusable in gm since you get almost immediately
called out for it, they are quite just sus you out and report.
Trust score of high rated players eventually gets you banned
(assumption).
lachiflippi wrote 9 hours 35 min ago:
Don't forget that ActiBlizz are also pretty much the only ones
regularly taking legal action against pay2cheat developers, see
Bossland/EngineOwning.
himata4113 wrote 6 hours 33 min ago:
I saw engine owning lawsuit verdict as the biggest loss for the
companies. They proved that you can continue running a cheat
provider service out in the open.
They won way more than they lost, people who left got given a free
pass for ratting the remaining people out.
orbital-decay wrote 10 hours 30 min ago:
>It's quite literally impossible to cheat anymore (in a way that
disturbs normal players for more than a few games)
AKA the way that is easiest to detect, and the easiest way to claim
that the game doesn't have cheaters. Behavioral analysis doesn't work
with closet cheaters, and they corrupt the community and damage the
game in much subtler ways. There's nothing worse than to know that
the player you've competed with all this time had a slight advantage
from the start.
szmarczak wrote 9 hours 29 min ago:
In CS2, the game renders your enemies even though you can't see
them (within some close range). The draw calls are theoretically
interceptable (either on the software/firmware or other hardware
level). Detecting this is essentially impossible because the game
trusts that the GPU will render correctly.
chii wrote 9 hours 16 min ago:
if you cheated with wallhacks, post-game analysis can detect it.
And it is possible to silently put you into a cheating game match
maker, so that you only ever match with other cheaters. This, to
me, is prob. the better outcome than outright banning (which
means the cheater just comes back with a new account). Silently
moving them to a cheater queue is a good way to slow them down,
as well as isolate them.
szmarczak wrote 8 hours 5 min ago:
> post-game analysis can detect it.
Not with 100% accuracy. This means some legitimate players
would be qualified as potentially cheating.
You don't have to play with wallhacks constantly on, you can
toggle. And it doesn't detect cases where you're camping with
an AWP and have 150ms response time instead of 200ms. Sometimes
people are just having a good day.
> cheating game match maker
This is already a thing. In CS2, you have a Trust Factor. The
lower your trust factor is, the bigger the chance you will be
queued with/against cheaters.
himata4113 wrote 10 hours 28 min ago:
Overwatch has made the decision that closest cheaters are not a
problem and have actually protected a cheater in contenders,
although they were forced to leave the competitive scene. None of
it ever became public.
maccard wrote 10 hours 12 min ago:
How do you know if none of it went public?
PUSH_AX wrote 9 hours 21 min ago:
âTrust me broâ
himata4113 wrote 10 hours 7 min ago:
Word of mouth, but if you looked at their twitter and proof
presented it was undeniable. If you want to go digging check a
french contenders player that there are videos of with an
instance of where the aimbot bugged out and started aiming
directly at the center of a player with perfect reaction time
and movements.
JasonADrury wrote 10 hours 7 min ago:
Every other competitive game regularly has public cases of
cheaters being caught in pro games, overwatch doesn't.
Xunjin wrote 8 hours 22 min ago:
Wait... Your proof that something has happened is that there
is no proof?
JasonADrury wrote 2 hours 44 min ago:
Do you really think that's not sufficient for the purposes
of this conversation?
maccard wrote 2 hours 29 min ago:
Absolutely not. Making wildly speculative claims and
saying that the lack of proof of it not happening is
conspiracy theory territory
JasonADrury wrote 1 hour 7 min ago:
Why do you think this claim is "wildly" speculative as
opposed to merely speculative?
We have two possible options here, it's pretty obvious
which is the more likely one.
It is pretty ridiculous to suggest that nobody has ever
been caught cheating in overwatch pro games.
Xunjin wrote 20 min ago:
Again, you are missing the point, just because
something is "likely" to happen doesn't mean it did
happen.
What you are basically asking is that we should
provide a "negative proof", imagine me going through
all the pro matches to prove my point that it did not
happen (going in this extreme) when you can just show
me a proof that it did happen.
uhx wrote 10 hours 41 min ago:
Everything you described increases the cost of attack (creating a
cheat), and as a result, not everyone can afford it, which means
anti-cheats work. They don't have to be a panacea. Gameplay analysis
will only help against blatant cheaters, but will miss players with
simple ESP.
It's almost the same as saying "you don't need a password on your
phone" or something like that.
hananova wrote 8 hours 34 min ago:
> but will miss players with simple ESP.
False, people that have information they shouldn't have will act in
detectable ways, even if they try their hardest not to.
himata4113 wrote 10 hours 30 min ago:
Economics work out, harder to make means that it's more profitable
to do so. DMA crackdown has actually lead into innovation which has
drove the prices down for "normal" DMA hardware what used to be
thousands is now $120, excessive spoofing detection has driven down
the cost of bios level spoofing and as a result the creation of
bios level DMA backdoors - no additional hardware required.
ESP is a lot more obvious to a machine than one might think, the
subtle behavior differences are obvious to a human and even more so
for a model. Of course none of that can be proven, but it can
increase the scrutiny of such players from player reports.
maccard wrote 10 hours 12 min ago:
The number of people willing to spend $120 and hook up a hardware
device compared to downloading and running an executable is
significantly less. Thatâs kind of the point of it!
kay_o wrote 8 hours 14 min ago:
You are already spending more than $120/month on the
executable. The hardware device cheap inclus
himata4113 wrote 10 hours 5 min ago:
You can achieve the same with usermode anticheats, once you
have bare minimum obfuscations the level of entry is roughly
the same as kernel mode anticheats in terms of price. Cheats
cost more than $100 a month (rest are scams or don't put any
effort into being undetected).
maccard wrote 8 hours 57 min ago:
A DMA cheat requires a hardware change (and a second device).
That is a much higher barrier than a download plus reboot.
> you can achieve the same with user mode anticheats
A user mode anti cheat is immediately defeated by a kernel
mode cheat, and cheaters have already moved past this in
practice.
A user mode anti cheat (on windows) with admin privileges has
pretty much full system access anyway, so presumably if you
have a problem with kernel AC you also have a problem with
user mode.
Lastly, cheating is an arms race. While in theory, the
cheaters will always win, the only thing that actually
matters is what the cheaters are doing in practice. Kernel
mode is default even for free cheats you download, so the
defaults have to cover that.
himata4113 wrote 8 hours 44 min ago:
this is a common misconception, just because you're in
kernel-mode doesn't mean you are immediately undetected and
things are not as easy people initinally think.
First, point of ingress: registry, file caches, dns,
vulnerable driver logs.
Memory probe detection: workingsets, page guards, non
trivial obfuscation, atoms, fibers.
Detection: usermode exposes a lot of kernel internals: raw
access to window and process handles, 'undocumented'
syscalls, win32, user32, kiucd, apcs.
Loss of functionality: no hooks, limited point of ingress,
hardened obfuscation, encrypted pages, tamper protection.
I could go on, but generally "lol go kernelmode" is
sometimes way more difficult than just hiding yourself
among the legitimate functionality of 3rd party
applications.
This is everything used by anticheats today, from usermode.
The kernel module is more often than not used for integrity
checks, vm detection and walking physical memory.
phendrenad2 wrote 4 hours 44 min ago:
It's too bad we have to play this semantics game of "most
vs all" every. Single. Time. On. This Damn Site.
So let me summarize the above thread:
Yes, there will always be workarounds for ANY level of
anti-cheat.
Yes, kernel-mode anti-cheat detects a higher number of
cheats in practice, and that superiority seems durable
going forward.
There, I think we can all agree on those. No need to
reiterate what has already been posted.
himata4113 wrote 3 hours 43 min ago:
I think it misses the fact that kernel anticheats
generally do not reduce overall cheating compared to a
good user-mode anticheat + good obfuscation and binary
protection + strong report system and behavior
analysis. If you add a kernel-mode anticheat to that
I'd estimate that it helps only around 5% more while
being way more invasive and causing widespread issues
(as the original blog describes).
source: observation of games implying stronger
anti-cheat measures over time and customer count
staying exactly the same or growing. league of legends
is a prime example, although it did create a crater for
awhile. this all comes from people who actively sell
cheats.
maccard wrote 2 hours 30 min ago:
Iâm sorry but whatâs your source for this? This
is a fairly wild claim.
himata4113 wrote 1 hour 22 min ago:
huh, couldn't reply for awhile.
anyway: I already edited with the source.
AnimalMuppet wrote 2 hours 14 min ago:
Sorry, what's wild about it? It's a pretty
standard observation that defense in depth beats
"here's a silver bullet to solve X". Is there
something about gaming (or preventing cheating in
gaming) that makes that not true?
lionkor wrote 11 hours 24 min ago:
There is hardware that you can simply plug into your PC, which can read
and write arbitrary kernel memory. I have a feeling that kernel level
anticheat isn't stopping someone who really wants to cheat.
See
URI [1]: https://github.com/ufrisk/pcileech
stavros wrote 11 hours 10 min ago:
This was mentioned in the article.
torginus wrote 11 hours 35 min ago:
All of this is beyond horrific.
Mucking about in the kernel basically bypasses the entire security and
stability model of the OS. And this is not theoretical, people have
been rooted through buggy anticheats software, where the game sent
malicious calls to the kernel, and hijacked to anti cheat to gain root
access.
Even in a more benign case, people often get 'gremlins', weird failures
and BSOD due to some kernel apis being intercepted and overridden
incorrectly.
The solution here is to establish root of trust from boot, and use the
OSes sandboxing features (like Job Objects on NT and other stuff).
Providing a secure execution environment is the OS developers' job.
Every sane approach to security relies on keeping the bad guys out, not
mitigating the damage they can do once they're in.
LtWorf wrote 3 hours 56 min ago:
You want to eliminate the freedom of running the software you desire
for everyone to hopefully mitigate cheating?
surajrmal wrote 6 hours 37 min ago:
Unfortunately (or fortunately depending on what side of the fence you
live), boot chain security is not taken as seriously in the PC
ecosystem as it is on phones. As as a result, even if you relying on
os features, you cannot trust them. This is doubly the case in
situations where the user owns the kernel (eg Linux) or hypervisor.
Attestation would work, but the number of users that you could
probably successfully attest are on on a trustworthy setup is fairly
small, so it's not really a realistic option. And that is why they
must reach for other options. Keep in mind that even if it's not
foolproof, if it reduces the number of cheaters by a statistically
significant amount, it's worthwhile.
I really thought this might change over time given strong desire for
useful attestation by major actors like banks and media companies,
but apparently they cannot exert the same level of influence on the
PC industry as they have on the mobile industry.
gzread wrote 4 hours 0 min ago:
I think it's fortunate that I own at least one of the computing
devices I paid for.
eptcyka wrote 3 hours 55 min ago:
Yea, but it'd be real nice if we could trust the software we run
on our own devices, no?
Secure boot with software attestation could also be used for
good.
gzread wrote 2 hours 49 min ago:
Only if I get to set the keys or no keys - under all
circumstances.
There should be a physical button inside the case labeled "set
up secure boot"
gruez wrote 6 hours 46 min ago:
>Mucking about in the kernel basically bypasses the entire security
and stability model of the OS. And this is not theoretical, people
have been rooted through buggy anticheats software, where the game
sent malicious calls to the kernel, and hijacked to anti cheat to
gain root access.
If you got RCE in the game itself, it's effectively game over for any
data you have on the computer.
URI [1]: https://xkcd.com/1200/
flenserboy wrote 6 hours 48 min ago:
yes. this is why there's one box for work, & another for play.
zbentley wrote 8 hours 17 min ago:
> Every sane approach to security relies on keeping the bad guys out,
not mitigating the damage they can do once they're in.
Thatâs not true at all in the field of cybersecurity in general,
and I have doubts that itâs true in the subset of the field that
has to do with anticheat.
rl3 wrote 9 hours 43 min ago:
>All of this is beyond horrific.
Hot take: It's also totally unnecessary. The entire arms race is
stupid.
Proper anti-cheat needs to be 0% invasive to be effective;
server-side analysis plus client-side with no special privileges.
The problem is laziness, lack of creativity and greed. Most
publishers want to push games out the door as fast as possible, so
they treat anti-cheat as a low-budget afterthought. That usually
means reaching for generic solutions that are relatively easy to
implement because they try to be as turn-key as possible.
This reductionist "Oh no! We have to lock down their access to video
output and raw input! Therefore, no VMs or Linux for anyone!" is
idiotic. Especially when it flies in the face of Valve's prevailing
trend towards Linux as a proper gaming platform.
There's so many local-only, privacy-preserving anti-cheat approaches
that can be done with both software and dirt cheap hardware
peripherals. Of course, if anyone ever figures that out, publishers
will probably twist it towards invasive harvesting of data.
I'd love to be playing Marathon right now, but Bungie just wholesale
doesn't support Linux nor VMs. Cool. That's $40 they won't get from
me, multiply by about 5-10x for my friends. Add in the negative
reviews that are preventing the game's Steam rating from reaching
Overwhelmingly Positive and the damage to sales is significant.
torginus wrote 6 hours 34 min ago:
I don't understand why do you think that having the option to have
secure boot and a good, trustworthy sandbox for processes implies
you cant run Linux on a VM or Linux beside Windows etc.
People always freak out when I mention secure boot, and the
funniest response usually are the ones who threaten to abandon
Windows for macOS (which has had secure boot for more than a decade
by default)
I'm not super technically knowledgeable about secure boot, but as
far as I understand, you need to have a kernel signed by a trusted
CA, which sucks if you want to compile your own, but is a hurdle
generally managed by your distro, if you're willing to use their
kernel.
But if all else fails you can always disable secure boot.
15155 wrote 4 hours 13 min ago:
Secure Boot cuts both ways. The techniques anti-cheat software
are allowed to use on Windows machines aren't even remotely
allowed on macOS machines.
exyi wrote 10 hours 56 min ago:
Every sane approach to security relies on checking you are doing
permitted actions on the server, not locking down the client.
XorNot wrote 10 hours 27 min ago:
Which isn't practical for multiplayer action games, so we end up
here.
LaGrange wrote 8 hours 5 min ago:
Doesnât matter. Thereâs no world where a multiplayer action
game is worth it, and anyway this is a classic example of trying
to solve a social problem with technology.
The reason cheating is a problem at all is that instead of
playing with friends, you use online matchmaking to play with
equally alienated online strangers. This causes issues well in
excess of cheating, including paranoia over cheating.
maccard wrote 2 hours 5 min ago:
> Thereâs no world where a multiplayer action game is worth
it
To you. Iâm perfectly happy to run a kernel level anticheay -
Iâm already running their code on my machine, and it can
delete my files, upload them as encrypted game traffic, steal
my crypto keys, screenshot my bank details and private photos
all without running at a kernel level.
> trying to solve a social problem with technology
I disagree. Iâm normally on the side of not doing that but
increasing the player pool and giving players access to more
people at the their own skill level is a good thing
spockz wrote 8 hours 26 min ago:
To do real time analysis and interception probably not. But for
after the fact analysis, if a player is moving on knowledge he
couldnât have had because it shouldnât have been rendered yet
or something, then you can assume cheating.
maccard wrote 2 hours 8 min ago:
Iâm not a particularly skilled overwatch player, but I know
the cooldowns of probably half the characters to muscle memory.
I can hit an ability pretty much perfectly on cooldown 90+% of
the time.
The vast, vast majority of skilled FPS players will predict
their shots and shoot where they think the enemy player will be
relative to the known hit detection of the game. In high level
play for something like r6 siege, Iâd say itâs 99% shooting
before you can possibly know where they are by âfeelingâ
torginus wrote 10 hours 0 min ago:
This. Also the client knows more than its allowed to show the
user, like the positions of enemy players. You can make aimbots
and wallhacks without needing to tamper with the game state.
gzread wrote 3 hours 59 min ago:
And you can see the player is tracking players through walls
way more than by chance.
stavros wrote 11 hours 11 min ago:
Are you saying that the solution here is to sell computers so locked
down that no user can install anything other than verified software?
sigseg1v wrote 6 hours 19 min ago:
I'm still not seeing how that would solve it. These are all
multiplayer games. You could intercept the network traffic before
it reaches the machine and then use a separate device to give you
audio or visual cues. In StarCraft, reading the network traffic
with a pi and hearing "spawning 5 mutalisk" is gonna completely
change the game.
stavros wrote 6 hours 17 min ago:
You can't do anything with a locked-down computer. It can encrypt
all its traffic and you can't see anything.
charcircuit wrote 9 hours 53 min ago:
The idea is that it would require a verified hypervisor, and
verified operating system for the game, but you could still at the
same time be running an unverified operating system with unverified
software. The trusted and untrusted software has to be properly
sandboxed from one another. The computer does not need to be locked
down so you can't run other hypervisors, it just would require that
the anticheat can't prove that it's running on a trusted one when
it isn't.
The security of PCs is still poor. Even if you had every available
security feature right now it's not enough for the game to be safe.
We still need to wait for PCs to catch up with the state of the
art, then we have to wait 5+ years for devices to make it into the
wild to have a big enough market share to make targeting them to be
commercially viable.
stavros wrote 6 hours 15 min ago:
But if you can get in before the OS, you can change what it does.
You'd need attestation in the hardware itself so the server can
know that what's running isn't signed by Microsoft's key, for
example.
charcircuit wrote 5 hours 57 min ago:
Attestation is how the user mode anticheat would prove that it
is running on a secure system / unmodified game.
alkonaut wrote 10 hours 16 min ago:
Thatâs what I want as a gamer. I want a PC that works as a
console. Whether I want that for other use cases or this
machine doesnât matter. Iâm happy to sandbox _everything
else_, boot into a specific OS to game etc.
The thing about gaming is that itâs not acceptable to leave 5%
performance on the table whereas for other uses it usually is.
gzread wrote 3 hours 59 min ago:
Get a console then.
alkonaut wrote 3 hours 25 min ago:
Or we just boot into some console-esque gaming OS or mode to
game. Iâm not sure why this would be so controversial. The
alternative is the one we see here.
gzread wrote 26 min ago:
But that requires you not owning your computer, which I hope
is controversial.
pooloo wrote 6 hours 19 min ago:
Just know that it will still get cracked and cheats will exist. I
suspect this is Microsoft's next "console" as they have been
developing "anti-cheat" for quite some time.
zbentley wrote 8 hours 18 min ago:
> itâs not acceptable to leave 5% performance on the table
whereas for other uses it usually is.
I think thatâs an incredibly rare stance not held by the vast
majority of gamers, including competitive ones.
alkonaut wrote 5 hours 18 min ago:
I donât think a sandbox like a VM would work even if it could
be done with only 5% perf hit? Wouldnt any game run in a VM be
possible to introspect from the hypervisor in a way that is
hard to see from inside the VM? And thatâs why these
anticheats disallow virtualization?
That would mean those who are concerned about the integrity
would want to sandbox everything else instead.
And even if people are ok with giving up a small bit of perf
when gaming, Iâm sure theyâre even more happy to give up
perf when doing online banking.
Fizz43 wrote 10 hours 1 min ago:
Mid range hardware can run majority of games at high fps. You can
easily leave performance on the table.
alkonaut wrote 5 hours 26 min ago:
No. No it can not. Unless you mean a 5070/80 is mid range.
maccard wrote 10 hours 11 min ago:
Question for you - why donât you buy a console? (I agree with
you by the way, itâs why I have a ps5)
alkonaut wrote 5 hours 27 min ago:
I never played using a controller and I never will. And I do
want a high end PC for other use cases.,
maccard wrote 2 hours 32 min ago:
_most_ games now do KBM on console and matchmake separately
for it. It's still not perfect, but it's gotten much better.
> And I do want a high end PC for other use cases.,
Right, you don't want two devices (that's fair). How can you
_possibly_ trust the locked down device won't interfere with
the other open software it's installed side by side with?
LtWorf wrote 3 hours 40 min ago:
Those use cases don't work with completely locked down OS.
Also you can plug a mouse in a console⦠that's a weird
excuse.
alkonaut wrote 3 hours 27 min ago:
I donât need to game in the same OS that I do other
things. But having two sets of hardware seems like a waste.
LtWorf wrote 2 hours 37 min ago:
Having a useless locked down machine isn't a waste?
alkonaut wrote 2 hours 0 min ago:
Not if I can just leave that sandbox when I want to
(boot another OS/mode/leave a sandbox etc) no?
pta2002 wrote 10 hours 33 min ago:
Thatâs not really incompatible with this? Thatâs just how
secure boot works. You can re-enlist keys for a different root of
trust, or disable it and accept the trade-off there.
torginus wrote 10 hours 56 min ago:
No. I'm saying we should all drink the blood of babies to stay
eternally youthful. You didn't read between the lines deeply
enough.
rhim wrote 12 hours 6 min ago:
Kernel level anti cheat is really the maximum effort of locking down a
client from doing something suspicious. But today we still see cheaters
in those games running these system. Which proofs that a game server
just cannot trust a random client out there. I know it's about costs,
what to compute on client and what to compute in server side. But as
long as a game trusts computation and 'inputs' of clients we will see
those cheating issues.
afpx wrote 9 hours 48 min ago:
Plus, if I was a motivated cheater, I'd just use a camera, a separate
computer, and automate the input devices.
maccard wrote 10 hours 0 min ago:
Itâs not about costs, itâs about tradeoffs. In an online shooter
game (for example) there is latency, and both clients are going to
have slightly different viewpoints of the world when they take an
action.
No amount of netcode can solve the fact that if I see you on my
screen and you didnât see me, itâs going to feel unfair.
compsciphd wrote 12 hours 13 min ago:
i've said it before, but is anti-cheat mechanisms needed on consoles?
If not, (presumambly due to their locked down nature), what's the
problem with having a locked down mode (trusted secure boot path that
doesn't allow other programs to run, ala "the xbox mode" that microsoft
has started to implement), that is similar to a console.
This seems much more doable today than in the past as machines boot in
moments. Switching from secure "xbox mode" to free form PC mode, would
be barely a bump.
Now, I see one major difference, heterogenous vs homogenous hardware
(and the associated drivers that come with that). In the xbox world,
one is dealing with a very specific hardware platform and a single set
of drivers. In the PC world (even in a trusted secure boot path), one
is dealing with lots of different hardware and drivers that can all
have their exploits. If users are more easily able to modify their PCs
and set of drivers one, I'd imagine serious cheaters would gravitate to
combinations they know they can exploit to break the secure/trusted
boot boundary.
I wonder if there are other problems.
ThatPlayer wrote 11 hours 43 min ago:
Not sure if they are considered anti-cheats, but there are some
measures to detect usage of input devices like XIM that allow
keyboard and mouse inputs which allow for superior aim over
controllers.
Well it's definitely not game developer written kernel anti-cheat on
consoles.
quailfarmer wrote 13 hours 20 min ago:
The real âcompetitiveâ game is not players playing against other
players, but hackers playing against anti-cheat.
âBilliards is not as good a game as Physicsâ
( [1] )
URI [1]: https://mag.uchicago.edu/billiards
152334H wrote 13 hours 29 min ago:
It's AI-assisted content, but has good reference links.
dxuh wrote 13 hours 36 min ago:
I feel like this whole problem is just made up. Back in the day, when I
played lots of Counter Strike, we had community servers. If a cheater
joined, some admin was already online and kicked them right away. I'm
sure we hit some people that were not actually cheaters, but they would
just go to another server. And since there was no rank, no league, no
rewards (like skins, drops, etc.), there was no external reward for
cheating. It annoys me that cheating in competitive video games seems
like a bigger problem than it has been in the past for no good reason.
denalii wrote 11 hours 0 min ago:
Manually managing one cheater in a 20 person server is obviously very
different than managing games between multiple millions of concurrent
players
coppsilgold wrote 14 hours 31 min ago:
There is a solution to cheating, but it's not clear how hard it would
be to implement.
Cheaters are by definition anomalies, they operate with information
regular players do not have. And when they use aimbots they have skills
other players don't have.
If you log every single action a player takes server-side and apply
machine learning methods it should be possible to identify these
anomalies. Anomaly detection is a subfield of machine learning.
It will ultimately prove to be the solution, because only the most
clever of cheaters will be able to blend in while still looking like
great players. And only the most competently made aimbots will be able
to appear like great player skills. In either of those cases the
cheating isn't a problem because the victims themselves will never be
sure.
There is also another method that the server can employ: Players can be
actively probed with game world entities designed for them to react to
only if they have cheats. Every such event would add probability weight
onto the cheaters. Ultimately, the game world isn't delivered to the
client in full so if done well the cheats will not be able to filter.
For example: as a potential cheater enters entity broadcast range of a
fake entity camping in an invisible corner that only appears to them,
their reaction to it is evaluated (mouse movements, strategy shift,
etc). Then when it disappears another evaluation can take place (cheats
would likely offer mitigations for this part). Over time, cheaters will
stand out from the noise, most will likely out themselves very quickly.
javier2 wrote 9 hours 29 min ago:
In CS2, a huge portion of cheaters can be identified just by the
single stat 'time-to-damage'. Cheaters will often be 100ms faster to
react than even the fastest pros. Not all cheaters use their
advantage in this way, but simply always make perfect choices because
they have more information than their opponents.
orbital-decay wrote 9 hours 58 min ago:
Honeypots are used pretty often, sure. They're not enough, though
useful.
Behavioral analysis is way harder in practice than it sounds, because
most closet cheaters do not give enough signal to stand out, and the
clusters are moving pretty fast. The way people play the game always
changes. It's not the problem of metric selection as it might appear
to an engineer, you need to watch the community dynamics. Currently
only humans are able to do that.
Flow wrote 8 hours 19 min ago:
If you play with friends and your cheats cooperate, I don't think
honeypots would be fool-proof any longer. Unless you all get the
same fake data.
cheeze wrote 10 hours 44 min ago:
I disagree with the premise that it doesn't matter as long as users
can't tell. Say you're running a Counterstrike tournament with a 10k
purse... Integrity matters there. And a smart cheater is running
'stealth' in that situation. Think a basic radar or a verrrrrry light
aimbot, etc.
The problem is that traditional cheats (aimbot, wallhack, etc.) give
users such a huge edge that they are multiple standard deviations
from the norm on key metrics. I agree with you on that and there are
anticheats that look for that exact thing.
I've also seen anticheats where flagged users have a session
reviewed. EG you review a session with "cheats enabled" and try to
determine whether you think the user is cheating. This works decently
well in a game like CS where you can be reasonably confident over a
larger sample size whether a user is playing corners correctly, etc.
The issue with probing for game world entities is that at some point,
you have to resolve it in the client. EG "this is a fake player,
store it in memory next to the other player entities but don't render
this one on screen." This exact thing has happened in multiple games,
and has worked as a temporary solution. End of the day, it ends up
being a cat and mouse game. Cheat developers detect this and use the
same resolution logic as the game client does. Memory addresses
change, etc. and the users are blocked from using it for a few hours
or a few days, but the developer patches and boom, off to the races.
These days game hacks are a huge business. Cheats often are offered
as a subscription and can rank from anywhere from 10-hundreds of
dollars a month. It's big money and some of the larger hack
manufacturers are full blown companies which can have tens of
thousands of customers. It's a huge business.
I think you're realistically left with two options. Require in-person
LAN matches with hardware provided by the tournament which is
tamper-resistant. Or run on a system so locked down that cheats don't
exist.
Both have their own problems... In-person eliminates most of that
risk but it's always possible to exploit. Running on a system which
is super locked down (say, the most recent playstation) probably
works, until someone has a 0day tucked away that they hoard
specifically for their advantage. An unlikely scenario but with the
money involved in some esports... Anything is possible.
URI [1]: https://www.documentcloud.org/documents/24698335-la22cv00051...
coppsilgold wrote 3 hours 40 min ago:
> End of the day, it ends up being a cat and mouse game. Cheat
developers detect this and use the same resolution logic as the
game client does.
This is not well done. Only the server should be able to tell what
the honeypot is. The point is to spawn an entity for one or more
clients which will be 100% real for them but would not matter
because without cheats it has no impact on them whatsoever. When
the world evolves such that an impact becomes more likely then you
de-spawn it.
This will only be possible if the server makes an effort to send
incomplete entity information (I believe this is common), this way
the cheats cannot filter out the honeypots. The cheats will need to
become very sophisticated to try and anticipate the logic the
server may use in its honeypots, but the honeypot method is able to
theoretically approach parity with real behavior while the cheat
mitigations cannot do that with their discrimination methods (false
positives will degrade cheater performance and may even leak signal
as well).
For example you can use a player entity that the client hasn't seen
yet (or one that exited entity broadcast/logic range for some time)
as a fake player that's camping an invisible corner, then as the
player approaches it you de-spawn it. A regular player will never
even know it was there.
Another vector to push is netcode optimizations for anti-cheating
measures. To send as little information as possible to the client,
decouple the audio system from the entity information - this will
allow the honeypot methods to provide alternative interpretations
for the audio such as a firefights between ghosts only cheaters
will react to. This will of course be very complex to implement.
The greatest complexity in the honeypot methods will no doubt be
how to ensure no impact on regular players.
dminik wrote 10 hours 52 min ago:
This is said very often, but doesn't seem to be working out in
practice.
Valve has spent a lot of time and money on machine learning models
which analyze demo files (all inputs). Yet Counter-Strike is still
infested with cheaters. I guess we can speculate that it's just a
faulty implementation, but clearly the problem isn't just "throw a ML
model at the problem".
pibaker wrote 12 hours 29 min ago:
> Cheaters are by definition anomalies
So are very good players, very bad players, players with weird
hardware issues, players who just got one in a million luckyâ¦
When you have enough randomly distributed variables, by the law of
big numbers some of them will be anomalous by pure chance. You can't
just look at any statistical anomaly and declare it must mean
something without investigating further.
In science, looking at a huge number of variables and trying to find
one or two statistically significant variables so you can publish a
paper is called p hacking. This is why there are so many dubious and
often even contradictory "health condition linked to X" articles.
alkonaut wrote 10 hours 12 min ago:
For competitive gaming this becomes a problem.
But a good way of solving this in community managed multiplayer
games is this: if a player is extremely good to the point where
itâs destroying the fun of every other player: just kick them
out.
Unfair if they werenât cheating? Sure. But they can go play
against better players elsewhere. Dominating 63 other players and
ruining their day isnât a right. You donât need to prove beyond
reasonable doubt theyâre cheating if you treat this as community
moderation.
luke5441 wrote 9 hours 6 min ago:
Then you are kicking full-time streamers like Stodeh, tanking
your chances your game has any kind of success.
alkonaut wrote 5 hours 28 min ago:
âYour gameâ? Itâs a publisher making a game. If Iâm
kicking someone off my server Iâm not asking EA/Ubisoft etc.
Iâm talking about normal old fashioned server administration
now, I.e people hosting/renting their game infra and doing the
administration: making rules, enforcing the rules by kicking
and banning, charging fees either for vip status meaning no
queuing etc, or even to play at all.
chii wrote 9 hours 8 min ago:
> Dominating 63 other players and ruining their day isnât a
right.
it is, if you're not cheating and is in fact just that good.
That's called competitive sports, which participants voluntarily
engage in.
alkonaut wrote 5 hours 32 min ago:
Why do you feel someone has a right to play anywhere?
If a community manages a server, itâs basically private
property. And community managed servers are always superior to
official publisher-managed servers. Anticheat - or just crowd
management - is done hands on in the server rather than
automated, async, centralized.
Buying the game might mean you have a ârightâ to play it,
but not on my server you donât.
kelseyfrog wrote 5 hours 44 min ago:
It's like if Nikola Jokic showed up to your local court every
day and consistent beat you day after day. You'd eventually
give up because it's not fun anymore.
People who engage in competitive sports all agree to it. Most
people want to play for fun. They have a natural right to do
so.
coppsilgold wrote 12 hours 25 min ago:
> So are very good players, very bad players, players with weird
hardware issues, players who just got one in a million luckyâ¦
They will all cluster in very different latent spaces.
You don't automatically ban anomalies, you classify them. Once you
have the data and a set of known cheaters you ask the model who
else looks like the known cheaters.
Online games are in a position to collect a lot of data and to also
actively probe players for more specific data such as their
reactions to stimuli only cheaters should see.
civvv wrote 11 hours 35 min ago:
Valve has already tried this with VACNET if I am not mistaken.
Judging by how big the cheating problem still is, they were not
very successful.
bob1029 wrote 13 hours 47 min ago:
I've been advocating for a statistical honeypot model for a while
now. This is a much more robust anti cheat measure than even
streaming/LAN gaming provides. If someone figures out a way to obtain
access to information they shouldn't have on a regular basis, they
will be eventually be found with these techniques. It doesn't matter
the exact mechanism of cheating. This even catches the "undetectable"
screen scraping mouse robot AI wizard stuff. Any amount of signal
integrated over enough time can provide damning evidence.
> With that goal in mind, we released a patch as soon as we
understood the method these cheats were using. This patch created a
honeypot: a section of data inside the game client that would never
be read during normal gameplay, but that could be read by these
exploits. Each of the accounts banned today read from this "secret"
area in the client, giving us extremely high confidence that every
ban was well-deserved.
URI [1]: https://www.dota2.com/newsentry/3677788723152833273
EPWN3D wrote 15 hours 10 min ago:
> Modern kernel anti-cheat systems are, without exaggeration, among the
most sophisticated pieces of software running on consumer Windows
machines. They operate at the highest privilege level available to
software, they intercept kernel callbacks that were designed for
legitimate security products, they scan memory structures that most
programmers never touch in their entire careers, and they do all of
this transparently while a game is running.
Okay, chill. I'm willing to believe that anti-cheat software is
"sophisticated", but intercepting system calls doesn't make it so.
There is plenty of software that operates at elevated privilege and
runs transparently while other software is running, while intentionally
being unsophisticated. It's called a kernel subsystem.
unclad5968 wrote 9 hours 23 min ago:
But they scan memory structures most programmers never touch in their
entire careers!
throw10920 wrote 16 hours 50 min ago:
I would love to see a modern competitive game with optional anticheat
that, when enabled, allows you to queue for a separate matchmaking pool
that is exclusive to other anticheat users. For players in the
no-anticheat pool, there could be "community moderation" that
anti-anticheat players advocate for.
It'd be really interesting to see what would happen - for instance,
what fraction of players would pick each pool during the first few
weeks after launch, and then how many of them would switch after? What
about players who joined a few months or a year after launch?
Unfortunately, pretty much the only company that could make this work
is Valve, because they're the only one who actually cares for players
and is big enough that they could gather meaningful data. And I don't
think that even Valve will see enough value in this to dedicate the
substantial resources it'd take to try to implement.
hirvi74 wrote 2 hours 14 min ago:
I support this idea. Personally, I do not really care about cheating
in video games. If some is cheating in a video game, I can just turn
it off, go outside, and take deep breath of fresh air and touch some
grass.
I rather play with cheaters here and there than install some kernel
level malware on machine just to make sure EA, Activision, et al can
keep raking in money hand over fist.
Or better yet, I can just play on console where there is no cheating
that I have ever seen.
denalii wrote 10 hours 34 min ago:
It exists, it's called FACEIT (for CS, specifically). Anyone who
seriously cares about the game at a high level is pretty much
exclusively playing there.
Community moderation simply doesn't work at scale for anticheat - in
level of effort required, root cause detection, and
accuracy/reliability.
ambitious_rest wrote 12 hours 31 min ago:
thats basically playsafe id
lemontreefive wrote 12 hours 39 min ago:
You mean PlaySafe ID?
Cyph0n wrote 16 hours 49 min ago:
> I would love to see a modern competitive game with optional
anticheat that, when enabled, allows you to queue for a separate
matchmaking pool that is exclusive to other anticheat users. For
players in the no-anticheat pool, there could be "community
moderation" that anti-anticheat players advocate for.
This is roughly what Valve does for CS2. But, as far as I understand,
it's not very effective and unfortunately still results in higher
cheating rates than e.g. Valorant.
hamdingers wrote 46 min ago:
> This is roughly what Valve does for CS2.
Do you have a source for this?
Maybe this has changed since CS:GO, but in that game you could get
VAC banned just for booting the game with cheats running, even if
you only demonstrated them in a local game against bots.
throw10920 wrote 16 hours 47 min ago:
Huh. When you say that "it's not very effective" do you mean the
segmentation between the pools, or the actual anticheat isn't very
good? (I'm assuming the latter - I've heard that VAC is pretty bad
as far as anticheat goes)
z0mghii wrote 16 hours 44 min ago:
Community alternative (faceit) requires kernel level access. The
actual anticheat matchmaking is essentially unplayable
throw10920 wrote 16 hours 34 min ago:
Wait, so the "community alternative" is also kernel-level
anticheat? I think that's different from what I'm proposing -
I'm suggesting a comparison between an anticheat and no
anticheat (with community policing of lobbies and handing out
of penalties).
hur wrote 11 hours 26 min ago:
VAC (the valve anticheat) is not kernel-level. The community
alternative is. The official matchmaking is pretty full of
cheaters.
z0mghii wrote 15 hours 39 min ago:
Why would a player knowingly choose to play on matchmaking
that is advertising no anti-cheat?
But anyway counterstrike did have community policing of
lobbies called overwatch - [1] It was terrible as it required
the community to conclude beyond reasonable doubt the suspect
was cheating, and cheats today are sophisticated enough to
make that conclusion very difficult to make
URI [1]: https://counterstrike.fandom.com/wiki/Overwatch
ndriscoll wrote 7 hours 44 min ago:
Because their (or their friend's) computer can't run the
anticheat, but they're interested in playing with friends?
My sister and mom wanted me to play Valorant with them a
free years back, but apparently it needs kernel anticheat,
so I just can't run it. I'm not going to buy a new computer
for a game.
And the way community policing worked in the past is that
the "police" (refs) could just kick or ban you. They don't
need a trial system if the community doesn't want that.
john01dav wrote 11 hours 34 min ago:
> Why would a player knowingly choose to play on
matchmaking that is advertising no anti-cheat?
My understanding of the proposal is that it advertises no
invasive anticheat (meaning mostly rootkit/kernel
anticheat). So, the value proposition is anyone who doesn't
want a rootkit on their computer. This could be due to
anything from security concerns to desiring (more)
meaningful ownership of one's devices.
throw10920 wrote 15 hours 32 min ago:
> Why would a player knowingly choose to play on
matchmaking that is advertising no anti-cheat?
I guess I didn't exactly make that clear...
A few of the arguments advanced by the "anti-anticheat"
crowd that inevitably pops up in these threads are
"anticheat is ineffective so there's no point to using it"
and "anticheat is immoral because players aren't given a
choice to use it or not and most of them would choose to
not use it".
I don't believe that either of these are true (and given
the choice I would almost never pick the no-anticheat
queue), but there's not a lot of good high-quality data to
back that up. Hence, the proposal for a dual-queue system
to try to gather that data.
Putting in the community review of the no-anticheat pool is
just to head off the inevitable goalpost-moving of "well of
course no system would be worse than a crappy system
(anticheat), you need to compare the best available
alternative (community moderation)".
charcircuit wrote 15 hours 41 min ago:
VAC is essentially no anticheat with how easily it is
bypassed.
Cyph0n wrote 16 hours 44 min ago:
Oh sorry - I misread your suggestion! I thought you were talking
about separate matchmaking logic for known cheaters, but you're
asking about opt-in matchmaking for those willing to use invasive
anticheat.
The example still kind of applies. In the CS world, serious
players use Faceit for matchmaking, which requires you to install
a kernel-level anticheat. This is basically what you're
suggesting, but operated by a 3rd party.
throw10920 wrote 15 hours 29 min ago:
Hmm, I guess that since VAC is not a kernel-level anticheat,
the comparison between it and Faceit for CS is pretty close to
my idea. Thanks for pointing that out.
phplovesong wrote 11 hours 55 min ago:
VAC is actually an AI based anticheat. I guess IF (a big if)
it ever gets good enough it will be better than any kernel
level AC, because it analyzes the gameplay, not the inputs,
meaning a DMA cheat would also be caught.
But so far that still seems to be miles away.
sfn42 wrote 9 hours 19 min ago:
I don't think that's what VAC is. I think VAC just looks
for known cheat patterns in memory and such, and if it
finds indisputable proof of cheating it marks a player for
banning in the next wave. Maybe there is some ML involved
in finding these patterns but I think it's very strictly
controlled by humans to prevent fase positives. That's why
VAC bans are irreversible, false positives are supposed to
be impossible.
not_a9 wrote 5 hours 5 min ago:
Valve has some AI detection stuff for CS2, but itâs
remarkably ineffective. VAC itself delivers small DLLs
that get manual mapped by Steam service, do some analysis
and send that to Valve (at least to the best of my
knowledge, there may be more logic implemented in
Valveâs games or in Steam/Steam service).
shaokind wrote 10 hours 4 min ago:
"VAC" is a catch-all term for all of Valve's anti-cheating
mechanisms.
The primary one is a standard user-mode software module,
that does traditional scanning.
The AI mechanism you're referring to is these days referred
to as "VAC Live" (previously, VACNet). The primary game it
is deployed on is Counter-Strike 2. From what we
understand, it is a very game-dependent stack, so it is not
universally deploy-able.
jrockway wrote 16 hours 54 min ago:
I still don't understand why people don't cheat in FPSes by looking at
the video stream and having a USB mouse that emits the right mouse
movements. (The simplest thing is to just click when someone's head is
under your crosshair, in games with hitscan weapons.)
bob1029 wrote 11 hours 55 min ago:
The problem with these bots is that they are indiscriminate which
makes them vulnerable to active detection methods. They can also
introduce an amount of latency that begins to defeat the purpose for
sufficiently skilled players. 100ms is an eternity when you are
playing with shotguns in close quarters.
raincole wrote 16 hours 46 min ago:
They do. Cheats that read rendered pixels are nothing new.
matheusmoreira wrote 17 hours 44 min ago:
Never forget the risks of trusting game companies with this sort of
access to your machine. [1] Company decides to "catch pirates" as
though it was police. Ships a browser stealer to consumers and
exfiltrates data via unencrypted channels. [2] [3] Covertly screenshots
your screen and sends the image to their servers. [4] [5] [6] [7] Yes,
a literal privilege escalation as a service "anticheat" driver.
Trusting these companies is insane.
Every video game you install is untrusted proprietary software that
assumes you are a potential cheater and criminal. They are pretty much
guaranteed to act adversarially to you. Video games should be sandboxed
and virtualized to the fullest possible extent so that they can access
nothing on the real system and ideally not even be able to touch each
other. We really don't need kernel level anticheat complaining about
virtualization.
URI [1]: https://www.vice.com/en/article/fs-labs-flight-simulator-passw...
URI [2]: https://old.reddit.com/r/Asmongold/comments/1cibw9r/valorant_n...
URI [3]: https://www.unknowncheats.me/forum/anti-cheat-bypass/634974-va...
URI [4]: https://www.theregister.com/2016/09/23/capcom_street_fighter_v...
URI [5]: https://twitter.com/TheWack0lian/status/779397840762245124
URI [6]: https://fuzzysecurity.com/tutorials/28.html
URI [7]: https://github.com/FuzzySecurity/Capcom-Rootkit
quotemstr wrote 16 hours 22 min ago:
And if we embraced instead of feared remote attestation and secure
enclaves, the days of game companies having this level of access
would come to an end.
matheusmoreira wrote 16 hours 9 min ago:
That's arguably even worse. Remote attestation means you get banned
from everything if you "tamper" with "your" computer.
Remote attestation is the ultimate surrender. It's not really your
machine anymore. You don't have the keys to the machine. Even if
you did, nobody would trust attestations made by those keys anyway.
They would only trust Google's keys, Apple's keys. You? You need
not apply.
Thaxll wrote 17 hours 5 min ago:
Game compagny have to have those kernel anti cheat because MS never
implemented proper isolation in the first place, if Windows was
secured like an apple phone or a console there wouldn't be a need for
it.
Anti cheat don't run on modern console, game dev knoes that the
latest firmware on a console is secure enough so that the console
can't be tempered.
Cloudef wrote 9 hours 37 min ago:
Trusted computing isn't about security. Its about vendors not
trusting you.
huthuthukhuo wrote 14 hours 31 min ago:
one of those secure consoles you talk about, Xbox, is running
Windows as OS
matheusmoreira wrote 16 hours 31 min ago:
Consoles and phones are "secure" because you don't own them. They
aren't yours. They belong to the corporations. They're just
generously allowing you to use the devices. And only in the ways
they prescribe.
This is the exact sort of nonsense situation I want to prevent. We
should own the computers, and the corporations should be forced to
simply suck it up and deal with it. Cheating? It doesn't matter.
Literal non-issue compared to the loss of our power and freedom.
It's just sad watching people sacrifice it all for video games. We
were the owners of the machine but we gave it all up to play games.
This is just hilarious, in a sad way.
huthuthukhuo wrote 14 hours 30 min ago:
who are you to judge what gamers should care about?
matheusmoreira wrote 14 hours 16 min ago:
A fellow gamer.
invokestatic wrote 17 hours 32 min ago:
The privacy points in general are valid, but what irritates me is
using this rationale against kernel mode anti cheats specifically.
You do not need kernel access to make spyware that takes screenshots.
You do not need a privileged service to read the userâs browser
history.
You can do all of this, completely unprivileged on Windows. People
always seem to conflate kernel access with privacy which is
completely false. It would in fact be much harder to do any of these
things from kernel mode.
Grimblewald wrote 17 hours 23 min ago:
Kernel access is related to privacy though, and its the most well
documented abuse of such things. Kernel level access can help
obfuscate the fact that it'a happening. However, it is also useful
for significantly worse, and given track records, must be assumed
to be true. The problem is kernel level AC hasnt even solved the
problem, so the entire thing is risky, uneccesary and unfit for
purpose making an entierly unneccesary risk to force onto
unsuspecting users. The average user does not understand the risks
and is not made aware of them either.
There are far better ways to detect cheating, such as calculating
statistics on performance and behaviour and simply binning players
with those of similar competency. This way, if cheating gives
god-like behaviour, you play with other godlike folks. No banning
required. Detecting the thing cheating allows is much easier than
detecting ways in which people gain that thing, it creates a single
point of detection that is hard to avoid and can be done entierly
server side, with multiple teirs how mucb server side calculation a
given player consumes. Milling around in bronze levels? Why check?
If you aren't performing so well that yoh can leave low ranks,
perhaps we need cheats as a handicap, unless co sistently
performing well out of distribution, at which point you catch
smurfing as well.
point is focusing on detecting the thing people care about rather
than one of the myriad of ways people may gain that unfair edge, is
going to be easier and more robust while asking for less ergregious
things of users.
salamanteri wrote 10 hours 25 min ago:
Counter Strike is a pretty good example that the statistical
analysis alone doesn't work at all...at least not now. Valve has
been collecting data since at least 2017 for their VAC Live
system and it still doesn't work well enough to prevent or
decrease the amount of cheating. The model only gives a cooldown
of 20 hours if it flags your gameplay as irregular, and that
cooldown resets over time.
It usually takes months, if not years for cheaters to get banned,
but it takes a couple of dollars for a cheater to get a new
account and start cheating again. Every time Valve fine tunes
their models, they end up accidentally banning more innocent
players in the process, so nobody has trust in that system
anyways. There's too many datapoints to handle in competitive
games, and there is no way to set a threshold that doesn't end up
hurting innocent people in the process.
nemothekid wrote 16 hours 47 min ago:
>This way, if cheating gives god-like behaviour, you play with
other godlike folks.
Anti-cheat is not used to "protect" bronze level games. FACEIT
uses a kernel level anti cheat, and FACEIT is primarily used by
the top 1% of CS2 players.
A lot of the "just do something else" crowd neglects to realize
that anticheat is designed to protect the integrity of the game
at the highest levels of play. If the methods you described were
adequate, the best players wouldn't willingly install FACEIT -
they would just stick with VAC which is user-level.
nawgz wrote 16 hours 49 min ago:
> kernel level AC hasnt even solved the problem
> There are far better ways to detect cheating, such as
calculating statistics on performance
Ask any CS player how VACâs statistical approach compares to
Valorantâs Vanguard and you will stop asserting such
foolishness
The problem with what you are saying is that cheaters are
extremely determined and skilled, and so the cheating itself
falls on a spectrum, as do the success of various anticheat
approaches. There is absolutely no doubt that cheating still
occurs with kernel level anticheats, so youâre right it
didnât âsolveâ the problem in the strictest sense. But as a
skilled player in both games, only one of them is meaningfully
playable while trusting your opponents arenât cheating - itâs
well over an order of magnitude in difference of frequency.
matheusmoreira wrote 17 hours 25 min ago:
There is no need for irritation. I condemn all sorts of
anticheating software. As far as I'm concerned, if the player wants
to cheat he's just exercising his god given rights as the owner of
the machine. The computer is ours, we can damn well edit any of its
memory if we really want to. Attempts to stop it from happening are
unacceptable affronts to our freedom as users.
Simply put, the game companies want to own our machines and tell us
what we can or can't do. That's offensive. The machine is ours and
we make the rules.
I single out kernel level anticheats because they are trying to
defeat the very mitigations we're putting in place to deal with the
exact problems you mentioned. Can't isolate games inside a fancy
VFIO setup if you have kernel anticheat taking issue with your
hypervisor.
babypuncher wrote 16 hours 8 min ago:
This is the most asinine take I've seen on the subject in a
while.
You may think it's your "god-given right" to cheat in multiplayer
games, but the overwhelming majority of rational people simply
aren't going to play a game where every lobby is ruined by
cheaters.
matheusmoreira wrote 15 hours 58 min ago:
I don't like cheaters either. I just respect their power over
their machine and wouldn't see that power usurped by
corporations just to put a stop it.
The computers are supposed to be ours. What we say, goes.
Cheating may not be moral but attempts to rob us of the power
that enables cheating are even less so.
LiamPowell wrote 16 hours 51 min ago:
> As far as I'm concerned, if the player wants to cheat he's just
exercising his god given rights as the owner of the machine.
By this same logic: As far as I'm concerned, if the game
developer only wants to allow players running anticheat to use
their servers then they're just exercising their god given rights
as the owner of the server.
matheusmoreira wrote 16 hours 39 min ago:
This is just yet another example of the remote attestation
nonsense where your computer is only "trusted" if it's
corporate owned. If you own your machine, you "tampered" with
it and as a result you get banned from everything. You get
ostracized from digital society.
My position is this is unfair discrimination that should be
punished with the same rigor as literal racism. Video games are
the least of our worries here. We have vital services like
banks doing this. Should be illegal.
ryeguy wrote 16 hours 53 min ago:
This take sucks. The anticheat software in this context is for
competitive games. No one cares about people cheating in
isolation in single player games. The anticheat is to stop 1 guy
from ruining it for the 9 others he's playing with online.
You can argue about the methods used for anticheat, but your
comment here is trying to defend the right to cheat in online
games with other people. Just no.
int_19h wrote 12 hours 59 min ago:
PvE shouldn't need it either, and yet games routinely ship with
anti-cheat applied to everything (including single player).
I rather suspect that the reason for this is the current gaming
economy of unlockable cosmetics that you can either grind for,
or pay for. If people can cheat in single player or PvE, they
can unlock the cosmetics without paying. And so...
matheusmoreira wrote 16 hours 36 min ago:
> The anticheat is to stop 1 guy from ruining it for the 9
others he's playing with online.
Don't play with untrusted randoms. Play with people you know
and trust. That's the true solution.
whs wrote 14 hours 59 min ago:
I wish that is an option. Nowadays many non competitives
games that you play with friends you trust still use EAC (yet
accept non-kernel mode operation on Linux). I suppose other
than VAC you can't buy a usermode anticheat middleware now.
babypuncher wrote 16 hours 5 min ago:
I'm starting to think you've never actually played an online
game before
jack_pp wrote 16 hours 12 min ago:
That is not the solution if you want to play competitively of
whenever you feel like it.
Kernel level AC is a compromise for sure and it's the gamers
job to assess if the game is worth the privacy risk but I'd
say it's much more their right to take that risk than the
cheaters right to ruin 9 other people's time for their own
selfish amusement
matheusmoreira wrote 15 hours 50 min ago:
Cheating may not be moral but it's better to put up with it
than to cede control of our computers to the corporations
that want to own it.
If it kills online gaming, then so be it. I accept that
sacrifice. The alternative leads to the destruction of
everything the word hacker ever stood for.
jack_pp wrote 15 hours 28 min ago:
I'm sorry but you are fighting a crusade you can not win
by definition. If I am free to use my computer for
anything I want then I am also free to lock it down to
enjoy my favorite game. If I care about my freedom I will
have a dedicated machine for this game that I accept I
will not have control over.
You are hijacking this thread about VOLUNTARY ceasing of
freedom as if the small community even willing to install
these is a slippery slope to something worse. You have a
point when it comes to banking apps on rooted phones and
I'm with you on that but this is not the thread for it
matheusmoreira wrote 14 hours 8 min ago:
Valve drives significant development of compatibility
layers for Linux for the sake of gaming. Their customer
base is anything but small. There is potential for this
kernel stuff to spill into the entire Linux ecosystem.
It was bad enough having to deal with nvidia. I really
don't want other companies screwing up the kernel.
jack_pp wrote 13 hours 5 min ago:
again fighting against windmills, valve isn't even
mentioned in the article. Valve's anti-cheat for CS2
is user-mode.
Do you have evidence valve is working to infect the
linux kernel for everyone?
matheusmoreira wrote 9 hours 29 min ago:
From what I've read they actually tried to push
back against it. I'm just saying this stuff is
coming to our systems and should be resisted.
int_19h wrote 12 hours 55 min ago:
Realistically I don't see how Valve can avoid this.
They want all those games on Steam Deck and the new
console. Game devs want KAC. Therefore Valve can
either provide them with some way to implement KAC
- which effectively requires a "signed kernel /
drivers only", same as on Windows - or tell them to
go away. Why would they do the latter?
Mind you, it doesn't mean that the Linux kernel
will be "infected for everyone". It means that
we'll see the desktop Linux ecosystem forking into
the "secure" Linux which you don't actually have
full control of but which you need to run any app
that demands a "secure" environment (it'll start
with KAC but inevitably progress to other kinds of
DRM such as video streaming etc). Or you can run
Linux that you actually control, but then you're
missing on all those things. Similar to the current
situation with mainline Android and its
user-empowering forks.
matheusmoreira wrote 9 hours 1 min ago:
> we'll see the desktop Linux ecosystem forking
into the "secure" Linux
> Or you can run Linux that you actually control,
but then you're missing on all those things
We cannot allow this stuff to be normalized. We
can't just sit by and allow ourselves to be
discriminated against for the crime of owning our
own devices. We should be able to have control
and have all of those nice things.
Everything is gonna demand "secure" Linux. Banks
want it because fraud. Copyright monopolists want
it because copyright infringement. Messaging
services want it because bots. Government wants
it because encryption. At some point they might
start demanding attestation to connect to the
fucking internet.
If this stuff becomes normal it's over. They win.
I can't be the only person who cares about this.
int_19h wrote 9 min ago:
It has already become normal on mobile, which
is where most users are.
You're not wrong - this is a very bad outcome!
- but I'm afraid the battle has already been
lost.
jack_pp wrote 12 hours 37 min ago:
Streaming services already have a solution for
environments where they can't run DRM - crap
quality stream. My solution to their solution?
torrents.
People can dual boot, what's wrong with a special
gaming linux distribution?
istillcantcode wrote 17 hours 50 min ago:
I could have sworn online gambling people fixed this years ago with
just wifi. I thought I remembered reading a comment on here about the
online gambling for kids no cheating people not talking to the online
gambling for adults no cheating people.
Morromist wrote 16 hours 58 min ago:
That would be interesting if they did.
looking at cards is a way easier problem than rendering a 3d world
with other players bouncing around. I imagine you could just send the
card player basially a screenshot of what you want them to see and
give them no other data to work with and that would mostly solve
cheating.
But gambling can be way more complicated than just looking at cards
so maybe there's a lot more to it.
nichch wrote 17 hours 3 min ago:
The "just wifi" is about getting your true geolocation so regulated
gaming platforms can operate legally. Ironically, I bet whatever API
they use can be intercepted by a kernel level process.
They also have VM checks. I "accidentally" logged into MGM from a
virtual machine. They put my account on hold and requested I write a
"liability statement" stating I would delete all "location altering
software" and not use it again. (Really!)
eddythompson80 wrote 18 hours 42 min ago:
While Iâm not really a gamer, I do think the conundrum of online
games cheating is an interesting technical problem because I honestly
canât think of a âgoodâ solution. The general simplistic answer
from those who never had to design such a game or a system of âdo
everything on the serverâ is laughably bad.
hrmtst93837 wrote 14 hours 5 min ago:
Most people ignore that "do everything on the server" kills any game
that needs fast interactions or decent local prediction, latency goes
through the roof and you might as well play chess by email. There
isn't a clean answer.
Kernel anti-cheat isn't an elegant solution either. It's another
landmine, security holes, false positives, broken dev tools, and
custody battles with Windows updates while pushing more logic
server-side still means weeks of netcode tuning and a cascade of race
conditions every time player ping spikes, so the idea that this folds
to "better code disipline" is fantasy.
rangestransform wrote 13 hours 13 min ago:
Not all the processing needs to be done online, it can be done
completely async offline on game logs
tonyhart7 wrote 13 hours 30 min ago:
sorry but kernel anti cheat is actually good
I play fps competitively and valorant is by far the most least
cheater fps game on the market
bigstrat2003 wrote 13 hours 15 min ago:
It may be effective, but it's an unacceptable security risk imo.
No amount of effectiveness can justify installing a literal
rootkit to play the game.
tonyhart7 wrote 13 hours 12 min ago:
its called anti cheat for a reason (not anti spyware)
nothing perfect in software world and this is the best tool for
its job
PowerElectronix wrote 13 hours 24 min ago:
Except for the risk of the game being compromised and everything
in your computer along with it.
tonyhart7 wrote 13 hours 9 min ago:
its like saying game piracy is bad because you can get hack in
your pc
if your pc is so important then maybe don't install these
particular software
its all about trade off
PowerElectronix wrote 9 hours 16 min ago:
I don't install games that require kernel level anticheat. I
wish those games would stop using them because without that
I'd play a few of them.
Kernel level anticheat isn't a silver bullet, either. It just
simplifies the work of the anticheat programmers. I
personally think that the silver bullet is behavioral
anticheat and information throttling (don't send the player
information about other players that he can't see/hear)
tonyhart7 wrote 3 hours 27 min ago:
Yeah but this is our current best tool yet
if you can design a better one without drawback then you
could try to release a better one
charcircuit wrote 15 hours 43 min ago:
Mac OS with remote attestation has proven strong enough for anticheat
on Mac OS without needing kernel anticheat.
raincole wrote 17 hours 4 min ago:
The solution is purely cultural. We should collectively think people
who cheat online are losers.
(Not being sarcastic.)
beeflet wrote 13 hours 22 min ago:
This is a noble lie, because it's really the non-cheaters who are
losers. If the cheaters lost then there would be no problem.
seanhunter wrote 13 hours 58 min ago:
Remember you're living in a world where people idolize Elon Musk, a
person who employed someone to play path of exile and diabolo to
boost his account (ie a cheater). Also a lot of people don't care
(or claim not to care) whether people see them as losers as long as
they wreck other folks day.
URI [1]: https://www.forbes.com/sites/paultassi/2025/01/20/elon-mus...
bigstrat2003 wrote 13 hours 13 min ago:
I don't know a single person who doesn't think that the PoE thing
was super cringe. To the extent that people idolize Elon, it's
because they think his accomplishments outweigh him making a
massive fool of himself in that instance.
seanhunter wrote 13 hours 12 min ago:
That's true. OK I was being unfair.
piotrkaminski wrote 16 hours 15 min ago:
By and large we do. Unfortunately, the losers don't care unless
you identify them personally. For them, the thrill of cheating and
griefing others easily overcomes some generalized cultural
zeitgeist.
jack_pp wrote 15 hours 58 min ago:
Or bad players might get owned by better ones, conclude the other
guy was cheating and the only way to compete is for them to cheat
as well.
Sort of like nuclear weapons
seanhunter wrote 13 hours 56 min ago:
This has happened in online chess, with some people admitting
to using engines (ie cheating) to "confirm their suspicion that
the other guy is cheating".
Morromist wrote 17 hours 6 min ago:
The only solution that seems to work well that I've seen is having
very active and good server admins who watch the gameplay and
permaban cheaters. Requires a lot of man hours and good UI and info
for them to look at, as well as (ideally) the ability to see replays.
That solution only works on servers hosted by players - I've never
seen huge game companies that run their own servers (like GTA) have
dedicated server admins. I guess they think they can just code
cheaters out of their games, but they never can.
keyringlight wrote 10 hours 15 min ago:
It's interesting how often accuracy problems fall back to requiring
humans in the loop, and in the case of big consumer systems that
means employing people in low wage parts of the world. For playing
a match of a video game I don't think there's that much money
involved balanced against the amount of playtime to pay for enough
monitoring or to ensure a timely response to reports. Gamers always
wheel out community run servers and admins because it's pushing the
cost onto someone else (I don't think I've ever seen someone
volunteer themselves for it), and they'd mostly refuse pay to play
if that meant employing a staff that scaled as their online games
are popular.
bee_rider wrote 17 hours 38 min ago:
Preventing cheating is hopeless.
Anyway, this isnât the Olympics, a professional sport, or Chess.
Itâs more like pickup league. Preserving competitive purity should
be a non-goal. Rather, aim for fun matches. Matchmaking usually tries
to find similar skill level opponents anyway, so let cheaters cheat
their way out of the wider population and theyâll stop being a
problem.
Or, let players watch their killcams and tag their deaths. Camper,
aimbot, etc etc. Then (for players that have a good sample size of
matches) cluster players to use the same tactics together.
Treating games like serious business has sucked all the fun out of
it.
maccard wrote 9 hours 42 min ago:
> let cheaters cheat their way out of the wider population
In a 5v5 shooter this ruins 9 peopleâs game along the way, times
however many games this takes. Enough people do this and the game
is ruined
> or let players watch their killams and tag their deaths
Players are notoriously bad at this stuff. Valve tried it with
âoverwatchâ and it didnât work at all.
Forgetting about anti cheat for a minute though, may hamming for
different behaviours is a super interesting topic in itself. Itâs
very topical right now [0] and a fairly divisive topic. Most games
with a ranked mode already do this - thereâs a hidden MMR for
unranked modes that is match made on, and players self select into
âseriousâ or ânon seriousâ queues. It works remarkably well
- if you ever read people saying that Quick Play is unplayable it
proves that the separate queues are doing a good job of keeping the
two groups separate!
[0]
URI [1]: https://www.pcgamer.com/games/third-person-shooter/arc-rai...
bee_rider wrote 4 hours 29 min ago:
Did Valve really do that for Overwatch? It is on their store, so
maybe, but Iâd expect Blizzard to implement that sort of
thing.
I agree that killcam tagging is not great for, like, actual
âyou are breaking the rulesâ type enforcement (because, yeah,
players will generate a ton of false-positives). But if players
had a list of traits and match-making tried to minimize some
distance in the trait space (admitting it couldâve be perfect),
it might result in more fun matches.
maccard wrote 2 hours 34 min ago:
> Did Valve really do that for Overwatch? It is on their store,
so maybe, but Iâd expect Blizzard to implement that sort of
thing.
Valve did it for CS, and it was called overwatch, sorry. [0]
[0]
URI [1]: https://counterstrike.fandom.com/wiki/Overwatch#Verdic...
YetAnotherNick wrote 16 hours 20 min ago:
> Anyway, this isnât the Olympics, a professional sport, or
Chess.
Yes, its prize pool is order of magnitude higher than either of
Olympics sports or Chess.
bee_rider wrote 16 hours 10 min ago:
Iâm sure thereâs a game out there that has a prize pool for
matchmaking mode, because any silly thing has happened somewhere,
but Iâd expect that sort of thing to mostly be handled in
proper tournaments.
tapoxi wrote 15 hours 31 min ago:
It's not so much tournaments but viewership. People watch
others play on Twitch, that gets you money directly as well as
sponsorships. This incentives people to cheat so they're good
on stream.
Jensson wrote 13 hours 50 min ago:
It is a lot harder to cheat on a live stream though.
chrisfosterelli wrote 16 hours 54 min ago:
Well it is a professional sport -- there's tournaments worth tens
of millions of dollars. But honestly it is probably easier to catch
cheaters in that environment. The real issue is that cheaters suck
the fun out of the game, and matchmaking doesn't fix this because
cheaters just cheat the matchmaking (smurf accounts, etc) until
they're stomping regular players again. I don't think throwing our
hands up and letting the cheaters go on is a real solution.
drdaeman wrote 12 hours 18 min ago:
> The real issue is that cheaters suck the fun out of the game
Unpopular opinion: cheaters donât, griefers do.
âCheaterâ is a pejorative for someone who sidesteps the rules
and uses technology instead of, uh, pardon a potentially word
choice, innate skills. They donât inherently want to see others
suffer as they stomp - itâs a matchmaking bug theyâre put
where they donât belong. They just want to do things they
cannot do on their own, but what are technically possible. A more
positive term for that is a âhackerâ.
Griefers are a different breed, they donât just enjoy own
success but get entertained by othersâ suffering. Not a
cheating issue TBH (cheats merely enable more opportunities),
more like âdonât match us anymore, we donât share the same
ideas of funâ thing. âBlack hatâ is close enough term I
guess.
YMMV, but if someone performs adequately for my skill levels
(that is, they also donât play well) then they donât deprive
me of any fun irrespective of how theyâre playing.
Fizz43 wrote 9 hours 57 min ago:
Yeah thats a really unpopular opinion. Cheaters dont want to
play the game. There is no matchmaking for them that makes
sense.
They have inhuman skills usually paired with terrible game IQ
and generally awful toxicity. They get boosted up to play with
intelligent players purely because they can hold a button to
outplay. It gets to the point where you have a player on your
team who has no idea how to play but is mechanically good and
it breaks the entire competitiveness of the game.
Marazan wrote 10 hours 33 min ago:
> They donât inherently want to see others suffer as they
stomp
Cheaters want to dominate other players, feel like they deserve
to dominate other players and are perfectly happy for other
players to suffer as long as they feel good.
drdaeman wrote 10 hours 16 min ago:
Thatâs provably not universally true, although I have no
idea about the exact demographics.
Best Iâve ever seen was some online discussions about
motives, but I never compiled any statistics out of random
anecdotes (that must be biased and probably not
representative).
Marazan wrote 9 hours 28 min ago:
If they weren't motivated by a toxic sense of self regard
and a desire to humiliate others they wouldn't cheat. This
is axiomatic.
jasomill wrote 4 hours 2 min ago:
That's a gross exaggeration. Some people just want to
play the game, but lack motor skills commensurate with
their other abilities.
Are players who take advantage of developer-supplied aim
assist and other assistive technologies "motivated by a
toxic sense of self regard and a desire to humiliate
others"?
Marazan wrote 1 hour 47 min ago:
Are people who play the game as the developers intended
using the tools the developer supplied cheaters? Wow,
deep philosophical questions there.
Gonna have to ponder if people who aren't cheating are
cheaters.
bee_rider wrote 16 hours 17 min ago:
Smurf accounts are a real problem, but they are a real problem
whether the person stomping beginners is using cheats or is just
experienced. The target should be preventing smurfing in the
first place.
chrisfosterelli wrote 15 hours 58 min ago:
That's a good point.
eddythompson80 wrote 17 hours 25 min ago:
Unfortunately that has been proven to not work.
Matching based on skill works only as long as you have an abundance
of players you can do that based on. When you have to account for
geography, time of day, momentary availability, and skill level,
you realize that you have fractured certain players far too much
that itâs not fun for them anymore. Keep in mint that
âcheatersâ are also looking for matches that would maximize
their cheats. Maybe itâs 8PM Pacific Time with tons of players
there, but itâs 3 AM somewhere else with much limited number of
players. Spoof your ping and location to be there and have fun
sniping every player in the map. Sign up for new accounts on every
play, who cares. Your fun as a cheater is to watch others lose
their shit. Youâre not building a character with history and
reputation. You are heat sniping others while they are not
realizing it. It may sound limited in scope and not worth the
effort for you, but itâs millions of people out there tht ruin
the game for everyone.
Almost every game I know of lets players âwatch their kill
camâ, and cheaters have adapted. The snipped people have a bias
to vote the sniper was cheating, and the snipers have a bias to
vote otherwise. Lean one way or the other, and itâs another post
on /r/gaming of how your game sucks.
theLiminator wrote 17 hours 39 min ago:
The only good long term solution is ML on replays + moderately up to
date client side (non kernel) AC (just good enough to deter
cheaters).
karmakaze wrote 17 hours 54 min ago:
Do what Netflix did and run servers at ISPs (or at their providers or
Cloudflare points).
It's kind of weird that we still don't have distributed computing
infrastructure. Maybe that will be another thing where agents can run
near the data their crunching on generic compute nodes.
maccard wrote 9 hours 31 min ago:
If me and my roommate are both playing against each other on a
server less than 10ms away, in the normal scenario at 60fps there
is still ~60ms between me clicking and it appearing on your screen
- and another 60ms before I get confirmation. Now add real world
conditions like âuser is running YouTube in the backgroundâ or
âwife opens instagramâ and that latency becomes unpredictable.
You still are left with the same problems. Now multiply it by 10
people who are not the same distance from the ISP and the problems
multiply.
raincole wrote 17 hours 3 min ago:
To quote the parent comment:
> The general simplistic answer from those who never had to design
such a game or a system of âdo everything on the serverâ is
laughably bad.
eddythompson80 wrote 17 hours 38 min ago:
Sorry to day this, but I donât think you understand how any of
this works. Whenever someoneâs proposed âedge computingâ as a
way to solve trust problems, I know they are just stringing
together fancy sounding words they donât understand.
What âNetflix didâ was having dead-simple static file serving
appliance for ISPs to host with their Netflix auth on top. In their
early days, Netflix had one of the simplest âauthâ stories
because they didnât care.
karmakaze wrote 17 hours 25 min ago:
There's different levels of cheating. We can avoid the worst
cases by not putting the game state/Netcode in the users computer
which basically makes it like an X Server.
It would add some latency but could be opt-in for those that care
enough for all players in a match to take the hit.
DrinkyBird wrote 9 hours 11 min ago:
Go play the original Quake (not QuakeWorld) online and you will
soon realise why games realised that concept was flawed as soon
as it was implemented.
It works fine for LAN but as soon as the connection is further
than inside your house, itâs utterly horrible.
Thaxll wrote 17 hours 17 min ago:
All the games that use kernel anti cheat have the simulation
running on the server.
You can't make a competitive fps game with a dumb terminal, it
can't work because the latency is too high so that's why you
have to run local predictive simulation.
You don't want to wait the server to ack your inputs.
ThatPlayer wrote 9 hours 27 min ago:
> All the games that use kernel anti cheat have the
simulation running on the server.
There's an exception with fighting games. Fighting games
generally don't have server simulations (or servers at all),
but every single client does their own full simulation. And
2XKO and Dragon Ball FighterZ have kernel anti cheat.
Well I'm just nitpicking and it's different because it's one
of the few competitive genres where the clients do full game
state simulations. Another being RTS games.
Retr0id wrote 17 hours 43 min ago:
What does that have to do with solving the problem?
hakkoru wrote 17 hours 59 min ago:
I think from a purely technical viewpoint, cheaters will always have
the advantage since they control the machine the game and anti-cheat
is running on. Anti-cheat just has to keep the barrier high enough so
regular players don't think the game is infested with cheaters.
cortesoft wrote 16 hours 46 min ago:
I have never worked on AAA games, but I have developed software for
35 years and play many competitive online games regularly.
I have always wondered why more companies don't do trust based anti
cheat management. Many cheats are obvious from anyone in the game,
you see people jumping around like crazy, or a character will be
able to shoot through walls, or something else that impossible for
a non-cheater to do.
Each opponent in the game is getting the information from the
cheating player's game that has it doing something impossible. I
know it isn't as simple as having the game report another player
automatically, because cheaters could report legitimate players...
but what if each game reported cheaters, and then you wait for a
pattern... if the same player is reported in every game, including
against brand new players, then we would know the were a cheater.
Unless cheaters got to be a large percentage of the player
population, they shouldn't be able to rig it.
dxuh wrote 13 hours 39 min ago:
Counter-Strike has been doing this for years. It's called
"Overwatch" (even before Blizzards Overwatch came out). And
believe it or not it failed to reliably catch actual cheaters AND
got non-cheaters in trouble (both repeatedly). A very good player
is indistinguishable from a cheater with a good cheat. Sometimes
people just get super lucky for a few rounds and you might get
judged based on that.
shaokind wrote 9 hours 54 min ago:
Overwatch is now non-public - when CS2 replaced CS:GO, it
wasn't available, and when it was reintroduced, it was only for
"trusted partners" [0].
[0]:
URI [1]: https://steamdb.info/patchnotes/14178987/
magicalhippo wrote 13 hours 4 min ago:
> A very good player is indistinguishable from a cheater with a
good cheat.
I played COD4 a lot, though not competitively. I used to say
that I had a bad day if I didn't get called a cheater once.
I didn't cheat, never have, but some people are just not aware
of where the ceiling is.
The cheaters that annoyed us back then were laughably obvious.
They'd just hold the button with a machine gun and get
headshots after headshots, or something blatant like that.
chucksmash wrote 5 hours 39 min ago:
> some people are just not aware of where the ceiling is
True of everything. Getting good just lets you see the skill
gaps. I've sunk a serious chunk of time into both pool and
chess. In both I'd be willing to take a bet that I can beat
the median player with my eyes closed (in pool, closing them
after walking the table but before getting down on the shot).
And in both of those activities, there are still like 10-20
levels of "person at skill level A should always win against
person at skill level B" between me and someone who is
ACTUALLY good at pool or chess. Being charitable, in the
grand scheme of things I might be an intermediate player.
orbital-decay wrote 14 hours 41 min ago:
Less skilled players can't distinguish better players from
cheaters, and reports are usually abused and used in bad faith.
Even a good-faith report really just means "I don't want to see
this player for whatever reason". It's used as a signal of
something in most systems but never followed outright in good
games because players get a ton of useless reports.
Players in some games with custom servers run webs of trust (or
rather distrust, shared banlists). They are typically abused to
some degree and good players are banned across multiple servers
by admins acting in bad faith or just straight up not caring.
This rarely ends well.
I used to run popular servers for PvP sandbox games and big
communities, and we used votebans/reports to evict good players
from casual servers to anarchy ones, where they could compete,
but a mod always had to approve the eviction using a pretty
non-trivial process. This system was useless for catching
cheaters, we got them in other ways. That's for PvP sandboxes -
in e-sports grade games reports are useless for anything.
max-m wrote 14 hours 54 min ago:
A couple of years ago the bot situation in casual Team Fortress 2
was so bad that it wasn't uncommon to land in a game where the
majority of at least one of the teams was a group of cooperating
bots. In those matches you have the possibility to start a
kick-vote on your team mates, and those bots would immediately
vote ânoâ if you tried to vote on any of them and because
they were the majority of the team these votes always failed. And
if these batch were in your enemy team all you could do was to
ask the remaining, hopefully real, players on the enemy team to
try to kick them.
It was especially annoying when you tried to play certain game
modes these bots weren't programmed to handle, they had no idea
of the objective and the match would stall indefinitely, forcing
you to queue for a different match.
And if I remember correctly these bots were pretty much
headshotting everything they got in sight. Something the server
can easily detect.
But VAC for example acts intentionally slow, so cheaters don't
get immediate feedback.
Out of curiosity I did a quick internet search and a couple of
months ago a new wave of bots has emerged. Those bots also join
as majority group but never fully join the game, they simply take
up slots in a team, preventing others from joining. Makes you
wonder why the server isn't timing them out.
eddythompson80 wrote 17 hours 43 min ago:
I agree, but thatâs precisely the interesting âtechnicalâ
problem. Like bitcoins âproof of workâ in 2011 (it took me few
years to comprehend) was an eye opening moment for me. While I do
believe that it firmly failed to achieve its lofty goals, the idea
of âproof of workâ was a really captivating and interring
technical idea. Can a video game client have a similar zero-trust
proof of their authenticity? I personally canât think of one. I
canât think of a way to have remote random agents (authenticates
or not) to proof they are not cheating in a âgameâ, and like
you, I suspect itâs not really possible. But what does that mean?
I grew up with star trek and star wars wondering what a âIâll
transfer 20 units to youâ meant. Bitcoin was an eye opener in the
idea of âmaybe this is possibleâ to me. But it shortly became
true to me that itâs not the case. There is no way still for
random agents to prove they are not malicious. Itâs easier in a
network within the confines of Bitcoin network. But maybe Iâm not
smart enough to come up with a more generalized concept. After all,
I was one of the people who read the initial bitcoin white paper on
HN and didnât understand it back then and dismissed it.
charcircuit wrote 15 hours 20 min ago:
You could have replays where all player inputs are signed by the
individual players. This replay file could be used as proof to
report a cheater. Analysis tools can be developed later to
identify what packets are only possible from cheaters. For
example you could prove that a player was sending packets that
they were flying around.
akersten wrote 17 hours 55 min ago:
> Anti-cheat just has to keep the barrier high enough so regular
players don't think the game is infested with cheaters.
And even that's the (relatively) straightforward part. The hard
part is doing this without injuring the kernel enough that the only
sensible solution for the security conscious is a separate PC for
gaming.
cylemons wrote 6 hours 31 min ago:
I wonder if dual booting can be used as a middle ground, like
have one OS for gaming and other OS for work.
Problem is that only works if the two OSes are different (Windows
vs Linux) or else they can just stomp each other
abofh wrote 18 hours 2 min ago:
I think it's somewhere between halting and turing - given infinite
resources it's likely solvable, but lacking that it's just narrowing
bounds
metalcrow wrote 18 hours 45 min ago:
>TPM-based measured boot, combined with UEFI Secure Boot, can generate
a cryptographically signed attestation ... This is not a complete
solution (a sufficiently sophisticated attacker can potentially
manipulate attestation)
I was not aware that attackers could potentially manipulate
attestation! How could that be done? That would seemingly defeat the
point of remote attestation.
matheusmoreira wrote 17 hours 35 min ago:
See this for example: [1] Defeating remote attestation will be a key
capability in the future. We should be able to fully own our
computers without others being able to discriminate against us for
it.
URI [1]: https://tee.fail/
torginus wrote 11 hours 1 min ago:
Sure, but the exploit presented doesn't really look practical for
the everyman. And I'm not sure if it can be patched in HW/SW, and
in any case this is just the first step to a fully fake secure
boot.
metalcrow wrote 14 hours 38 min ago:
Thank you for that link, that's super interesting! It looks like
it's actually an architectural vulnerability in modern fTPMs, and
considered out of scope by both Intel and AMD. So that's a reliable
way to break attestation on even the most modern systems!
gruez wrote 18 hours 37 min ago:
The comms between the motherboard and the TPM chip isn't secured, so
an attacker can just do a MITM attack and substitute in the correct
values.
halayli wrote 17 hours 46 min ago:
That doesn't sound accurate. The T in TPM stands for trust, the
whole standard is about verifying and establishing trust between
entities. The standard is designed with the assumption that anyone
can bring in their scope and probe the ports. This is one of
several reasons why the standard defines endorsement keys(EK).
srjek wrote 16 hours 25 min ago:
It is correct, the measurement command to the TPM is not
encrypted. So with MITM you can record the boot measurements,
then reset and replay to any step of the boot process. Secrets
locked to particular stages of boot are then exposed.
There is guidance on "Active" attacks [1], which is to set up
your TPM secrets so they additionally require a signature from a
secret stored securely on the CPU. But that only addresses secret
storage, and does nothing about the compromised measurements. I
also don't know what would be capable of providing the CPU secret
for x86 processors besides... an embedded/firmware TPM.
URI [1]: https://trustedcomputinggroup.org/wp-content/uploads/TCG...
invokestatic wrote 17 hours 39 min ago:
Actually, it is completely true. The TPM threat model has
historically focused on software-based threats and physical
attacks against the TPM chip itself - crucially NOT the
communications between the chip and the CPU. In the over 20 year
history of discrete TPMs, they are largely completely vulnerable
to interposer (MITM) attacks and only within the last few years
is it being addressed by vendors. Endorsement keys donât matter
because the TPM still has to trust the PCR commands sent to it by
the CPU. An interposer can replace tampered PCR values with
trusted values and the TPM would have no idea.
metalcrow wrote 18 hours 24 min ago:
That's fair, although aren't most TPMs nowadays fTPMs? No
interceptable communication that way.
nextaccountic wrote 16 hours 0 min ago:
what about faulTPM?
URI [1]: https://arxiv.org/abs/2304.14717
edoceo wrote 17 hours 53 min ago:
Can a TPM be faked in a QEMU VM?
kay_o wrote 17 hours 47 min ago:
We don't allow games to run in virtual machines and require
TPM. Check TPM EK signing up to an approved manufacturer.
It is not "fake", a software TPM is real TPM but not
accepted/approved by anticheat due to inability to prove its
provenance
(Disclosure: I am not on the team that works on Vanguard, I do
not make these decisions, I personally would like to play on my
framework laptop)
invokestatic wrote 17 hours 49 min ago:
Technically yes, but it would produce an untrusted remote
attestation signature (quote). This is roughly equivalent to
using TLS with a self-signed certificate â itâs not trusted
by anyone else. TPMs have a signing key thatâs endorsed by
the TPM vendorâs CA.
carefree-bob wrote 17 hours 50 min ago:
Yes!
URI [1]: https://github.com/stefanberger/swtpm
Retr0id wrote 18 hours 11 min ago:
Until they require fTPMs, an attacker can just choose to use a
regular TPM.
A more sophisticated attacker could plausibly extract key
material from the TPM itself via sidechannels, and sign their own
attestations.
Charon77 wrote 17 hours 38 min ago:
I remember there's a PCI device that's meant to be snooping and
manipulating RAM directly by using DMA. Pretty much one
computer runs the game and one computer runs the cheat. I think
kernel anti cheats are just raising the bar while pretty much
being too intrusive
int_19h wrote 13 hours 3 min ago:
TFA explicitly describes those devices, and how anti-cheat
developers are trying to handle this.
But the main point there is that this setup is prohibitively
expensive for most cheaters.
Retr0id wrote 19 hours 23 min ago:
This got me wondering how easy it'd be to automate discovery of BYOVD
vulns with LLMs (both offensively and defensively)
not_a9 wrote 4 hours 0 min ago:
Probably not too hard with the LLM side itself assuming latest models
and good tooling.
The harder thing probably is getting a dataset for âall x64/ARM64
Windows drivers that arenât already considered vulnerableâ.
Also it depends whatâs considered a vulnerability here.
DIR <- back to front page