It's time to stop buying such games and send game studios a signal that we won't tolerate rootkits and/or closed platforms. Anti-cheats should run server-side, or better yet, servers should be community-operated. I would probably bought BF6, but since I exclusively use Arch, EA lost a sale -- too bad for them there are thousands of other games that work flawlessly on Linux.
I want to echo a previous comment of mine on this topic:
With the rise of mainstream-compatible, as in a standard gamer can get them running and use them with a similar frustration level as Win11, Linux first systems like steam deck, steam machine and even steam frame, there is a real, even if currently low, pressure for big publisher to support Linux/SteamOS. I somewhat hope/fear there will be a blessed SteamOS version that supports anticheats enough for publishers like EA, Epic and Riot to accept the risk.
Rumour has it that after the Crowdstrike fiasco future versions of Windows won't allow kernel level modules. I can only hope this is true if it kills off the main reason titles don't work on Linux as a side effect. I'd have bought BF6, some version of EAFC, and more.
Unfortunately the rumors were misinformed. Microsoft's official response states that while they will be moving towards allowing more security functions to be run outside of the kernel, "It remains imperative that kernel access remains an option for use by cybersecurity products to allow continued innovation and the ability to detect and block future cyberthreats" [1].
It's not going to happen. If anything they would just add functionality so things like Crowdstrike don't need to run in ring-0 but they won't remove the access.
(I had to make a HN account to reply to this, but…)
If only Riot, Epic, BE, whoever else knew about this wondrous approach! That way they wouldn’t have to reverse half the Windows kernel to figure out ways to stop & detect hacks.
Valve (mostly) does serverside analytics for CS2 and the success of their approach can be measured by one of FaceIT’s benefits being “we have a working anticheat”.
This. It should actually be easier to catch offenders - you're leaning on hundreds of years of applied statistics, rather than racing versus sneakier exploits.
> [...] or better yet, servers should be community-operated.
I'm conflicted about this one. I've wanted to host a game server at home since 2003, but couldn't get a public, static IP. The landscape hasn't changed much, perhaps even for the worse: a Quake 3 dedicated server could be run from a mid-range laptop while playing the game; Minecraft and Factorio (both great games with fantastic communities), by that measure, have unreasonable hardware requirements.
So, you pay a host.
OTOH there's many ways for a studio to build and operate an ethical live service. Check out Warframe: it's 100% F2P, the main source of revenue is cosmetics, and it's easy for people to gift stuff (whales spill their pockets reinforcing community goodwill, rather than gambling).
It's best when a game offers both, e.g. Brood War. StarCraft II isn't "simply" dying; lack of LAN play actively hinders on-site, professional tournaments. And we can do nothing about it.
There's lots of neat tricks for DHT peer discovery and NAT hole punching these days. Wouldn't be hard to make a local game sever manager that lets you share join information to your friends and have it automatically resolve all the networking needed with no VPN, static IP, or DNS required.
I normally recommend Tailscale, and that's a great starting point, for games that do not support any of the neat tricks natively. The problem: it's more difficult to build a community around that. You're introducing a point of friction, and a lot of newcomers will bounce. It's difficult enough to guide a non-technical friend, and Tailscale is top among the absolute easiest solutions.
How would a server-side anti-cheat work? You wouldn't be able to detect ESP or other information leaks. Best you can do is see how good they are vs. everyone else but how do you know if someone is cheating or just really good? Most cheaters are not blatantly cheating so it is hard to know for sure. Even something like aimbotting is almost always adjustable in cheat software to have varying levels of accuracy.
SSAC is already widely deployed for many games. I'm not a professional backend gamedev (just an enthusiast), so I don't know all the approaches / tricks, but here's off the top of my head:
> [...] see how good they are vs. everyone else [...]
It's called Elo or MMR. You match players with a similar rating. An unfair advantage in one area (e.g. aimbot, map hack) turns into a significant disadvantage in all of the other areas (strategy, team play, mechanics, situational awareness, decision making). In SC2 you can regularly see mid-high masters or low GMs play against map hackers and just destroy them. Match making simply works as intended.
As a cheater - aside from being a different (not more difficult, but different) kind of a challenger, how do you gain material advantage from this? Streaming the game? If you attract a community that cherishes cheaters? Well.
This is of course on top of normal AC.
> [...] how do you know if someone is cheating or just really good?
In versus - it will surface, as noted above. You will plateau, just like any other player. If you're "really good", you will become an outlier and get attention.
In a game like Warframe (PvE, you can farm goods that you can sell for in-game currency), the main limiting factor is your time. A very good loadout will shorten an exterminate mission from 4 to 3 minutes, and you can build a decent loadout within ~2 months of starting to play the game. To further shorten it to 2min, you need good mechanics, or - as noted - to cheat. That's assuming you run solo - but since this is a co-op game, there's often someone on your team who will clear the mission for you in 2min anyway. Choosing to cheat is your own risk.
I'd consider AC a core part of game design.
> Most cheaters are not blatantly cheating so it is hard to know for sure. Even something like aimbotting is almost always adjustable in cheat software to have varying levels of accuracy.
It depends on how high you want to go - you don't know where the radar is, and it only needs to spot you once. The problem space isn't just aimbotting, it's highly multidimensional. An arms race like any other, except your "enemy" (the host) has significantly more information.
You must combine client-side with server-side AC either way. A CS exploit will circulate the same way a regular aimbot will.
> You must combine client-side with server-side AC either way.
I should have clarified - this is exactly what I meant. Client-side anti-cheat cannot be replaced by server-side anti-cheat. You need both.
I work on an FPS game that is heavily targeted by cheaters (Rust). We do both but we are probably limited with what we can do server-sided because it's a PvP sandbox game. There is no matchmaking and no defined winner or loser to simplify ranking players against each other. It's also high stakes because a cheater can ruin a legit player's hours of preparation in moments. Drawing a line in the data to detect cheaters will catch outliers but there's a world of "legit cheaters" out there who use cheats but limit it to not stand out and avoid being banned.
It's a sandbox game. You play on the same server over the course of a wipe (up to one month long) and then the server's map is cleared/changed. Hundreds of players gather resources, build bases, craft weapons, etc. to fight each other and defend themselves from others. Players often team up but you never know who you can really trust unless you're actually friends with them.
Other than aiming there's just game and map awareness, including understanding the current meta. Base design is a whole other area relevant to defending against raiding while you aren't online or away from your base.
We use EAC but also have our own layers of protection. We do some of our own anti-tampering in the client, a player reporting system with staff to investigate, server-side antihack to guard against all kinds of weird state modified clients send, and a lot of data collection+analysis. If you look up Rust or any other popular FPS game up you'll see it's still not enough.
The most effective anticheat tool really is game design. Games can be designed to limit or even eliminate the worst of cheating... but only by significantly changing the games. It'd be simple if everything was like the Civilization games because they're turn based and have well-defined actions. All input can be 100% verified without the need for tolerances and hidden state (fog of war) can be networked only when necessary.
OK so it's like Minecraft, but with a lot more combat. I can see the appeal.
> The most effective anticheat tool really is game design.
Yep, that's always been my idea, and why I brought up Elo.
IMO second most effective is to play with people you already trust. Or like on many public Factorio servers: strangers get limited permissions until proven trustworthy. But none of this works in a game with just a couple hundred players.
It has been time for long time and I support your stance but the big publishers only speak money. I gather they still have enough customers for their mainstream AAA titles.
But I would like to think that Valve it indirectly putting pressure on them. I too am not far from removing Windows and making the full jump to Linux for my gaming needs.
