It has been. It's been server-side for decades. It's common industry knowledge that the client can't have authority. But server-side anti cheat can't stop aimbots or wall hacks. Client side anti cheat isn't about stopping you from issuing "teleport me to here plz server" commands, it's about stopping people from reading and writing the game's memory/address space.
If you wanted to teleport (and the server was poorly implemented enough to let you) you could just intercept your network packets and add a "teleport plz" message. Real cheats in the wild used to work this way. However a wallhack will need to read the game's memory to know where players are.
What modern anti cheat software does is make it difficult for casual cheats to read/write the game's memory, and force more sophisticated cheats down detectable exploit paths. It's impossible to prevent someone from reading the memory on untrusted hardware, but you can make it difficult and detectable so you can minimize the number of cheaters and maximize the number you detect and ban.
Linux is incompatible with client anti-cheat because there is no security boundary that can't be sidestepped with a custom compiled kernel. Windows is Windows, with known APIs and ways to read process memory that can be monitored. Secure boot means only Microsoft's own built kernels can boot and you now have a meaningful security boundary. Monitor what kernel drivers are loaded and you can make it harder for cheaters to find ways in. Sure you can run in a VM, but you can also detect when it happens.
Sure we can just run with no client side anticheat at all (functionally what Linux always is unless you only run approved, signed kernels and distros with secure boot) but wallhacks and aimbots become trivial to implement. These can only really be detected server side with statistical analysis. I hope you don't ban too many innocent people trying to find all the cheaters that way.
> Linux is incompatible with client anti-cheat because there is no security boundary that can't be sidestepped with a custom compiled kernel. Windows is Windows, with known APIs and ways to read process memory that can be monitored. Secure boot means only Microsoft's own built kernels can boot and you now have a meaningful security boundary. Monitor what kernel drivers are loaded and you can make it harder for cheaters to find ways in. Sure you can run in a VM, but you can also detect when it happens.
OK I'll just compile a custom ReactOS build that lets me sidestep that boundary.
Honest question: given all the companies and people working on anti-cheat systems for the last 20+ years of multiplayer video games, don't you think it would all be server-side if it could be, by now?
No, game companies are simply unwilling to pay for the talent and man hours that it takes to police their games for cheaters. Even when they are scanning your memory and filesystem they don't catch people running the latest rented cheat software.
Cheating is a social problem, not a technical issue. Just give the community dedicated server possibility (remember how back in the days games used to ship with dedicated server binaries?) and the community can police for free! Wow!
Yes, I would also prefer that servers were community run as in the hl2 days.
I would still argue that there are technical issues leading to some amount of cheating. In extraction shooters like Hunt Showdown, Escape From Tarkov and a few others, people can run pcie devices that rip player location and other information from the machines memory in order to inject it into an overlay with a 2nd computer, and they do go to these lengths to cheat, giving them a huge advantage. It wouldn't be possible to rip that info from memory for these "ESP cheats" if the server didn't needlessly transmit position information for players that aren't actually visible. IMO this is a technical failure. There are other steps that could be taken as well, which just aren't because they're hard.
Yes, because players want to spend time moderating other players instead of playing the game. Sounds fun!
Community servers literally invented anti-cheat. All current big name anti-cheats started as anti-cheats for community servers. And admins would choose to use them. Game developers would see that and integrate it. Quake 3 Arena even added Punkbuster in a patch.
Modern community servers like FiveM for GTAV, or Face-It and ESEA for CS2 have more anti-cheats, not less.
No, because most companies will make decisions based on time/effort/profitability, and because client-side anticheat is stupid simple and cheap, that's what they go with. Why waste their own server resources, when they can waste the user's?
So it is the company prioritising their bottom line at the expense of their customer's computers. More simply, they move cost from their balance sheet and convert it into risk on the customer's end.
Which is actively customer-abusive behavior and customers should treat it with the contempt it deserves. The fact that customers don't, is what enables such abuse.
This is such a weird take. In an online multiplayer game the cheaters are the risk to the company's bottom line.
If a game is rampant with cheaters, honest paying players stop showing up, and less new players sign up. The relatively small percentage of cheaters cost the company tons of sales and revenue.
It is actively in a company's best interest to do everything they possibly can to prevent cheating, so the idea that intentionally building sub-par anti-cheat is about "prioritising their bottom line" seems totally absurd to me.
Not to mention these abstract "the company" positions completely ignore all the passionate people who actually make video games, and how much most of them care about fair play and providing a good experience to their customers. No one hates cheaters more than game developers.
> because most companies will make decisions based on time/effort/profitability, and because client-side anticheat is stupid simple and cheap, that's what they go with. Why waste their own server resources, when they can waste the user's?
And my comment was a response to that statement. In context of that statement, companies are indeed choosing to prioritise their commercial interests in a way that increases the risk to the computers of their customers.
> Not to mention these abstract "the company" positions completely ignore all the passionate people who actually make video games
Irrelevant. Companies and their employees are two different distinct entities and a statement made about one does not automatically implicate the other. Claiming, for example, that Ubisoft enables a consistent culture of sexual harassment does not mean random employees of that company are automatically labeled as harassers.
Coming to anti-cheat, go ahead and fight them all you want. That's not a problem. Demanding the right to introduce a security backdoor into your customer's machines in order to do that, is the problem.
To the downvoters: client-side anticheat simply cannot stop all the cheaters. Why? Because it's running on hardware that the cheater has full control over.
It has been (and continues to be) an enormous amount of effort, and some cheaters are absolutely going to get through anyway.
Right, you cannot control hardware you do not own and have in your possession. A cheat that uses another computer and a camera to watch the screen and emulate a mouse is an effective aimbot that no client side method will ever detect. The future must be server authoritative net code and behavior-based server-side cheat detection.
> The future must be server authoritative net code and behavior-based server-side cheat detection.
If they actually cared about stopping cheaters (rather than pouring tons of investor money into the appearance of anti-cheat), then yes, the future must be that.
But. I'm a USian and I notice that the TSA is still strip-searching people at airports and -worse- wasting assloads of everyone's time, effort, and tax money. I have zero faith that a sudden attack of common sense will redirect efforts (whether they be in the arena of airport security or eviction of match-damaging video game cheaters) in a more sensible direction within what's left of my lifetime.
Day Z’s authoritative server‑side detection performed so flawlessly, it let me breach the network bubble and force other players to defecate themselves. 10/10, would recommend.
