The trade-off is that you have literal malware on the machine that is controlled by a third party company that most likely doesn't have their security practices up to snuff.
The malware is there regardless, this is about Linux marketshare. You can dislike it (and I do) without gatekeeping your favourite operating system because people want to run software on it that you don't approve of.
The problem with anti-cheat software is that it needs extremely high permissions. It wants to inspect every process, take screenshots etc. It's pretty extreme stuff.
And the stupid thing is that a lot of games install this software regardless of whether you actually play online or not! I've even had some games that insisted I enable Valve Anti Cheat and refuse to launch otherwise, even though I just wanted to play single player (I rarely play online). That check should obviously come into play only at the multiplayer menu.
But this is actually why I still game on Windows. I just have one Windows box which I use for gaming and gaming alone. I don't want this crap on my Linux and FreeBSD computers I do serious work on. So I won't be one of those Linux users in the stats :) Even though I use it daily.
But that is the nature of exploits. They often operate outside of a program modyfing its memory, applying visual aid etc.
Thus permissions like that are kind of required. Now, you can dispute if some random online lobby should perhaps have an option of "i dont care". However large group of gamers does care, especially in more competetive games as league of legends, csgo etc.
The trouble is it will be opaque and now I have to worry about one more opaque dystopic thing when installing games over Steam. I'll consider it Valve's transgression against me if they let me install anti-cheat malware without warning me any less strongly than screaming at me.
Sure it sucks but ultimately it's the user's decision and Proton will allow the porting of other Windows apps. If you can use it to run a AAA game it could easily handle business apps. I can't tell you how many times I've heard someone say they'd switch to Linux but can't because it doesn't run [insert some Windows app here]. It's a net gain for Linux adoption.
To be entirely fair, with BattleEye it's 100% clear to the user it's being installed. They have a pop up for every game that uses it that states it's to be installed if they click 'OK'.
But not all anti-cheat software does this, even those that install drivers, and it's not always clear.
Yeah. Nobody reads terms and conditions, privacy policies... At least a decade ago I remember seeing one that reserved the right to scan my processes, my memory, my file system, take screenshots at any time as well as exfiltrate all of this data to remote servers. Basically a RAT.
This is sadly not true, since buisness apps use a much wider variety of windows APIs while games are mostly using a few (DirectX, OpenGL, Vulcan) APIs for most of what they do. You can see this with custom game launchers like League of Legends uses. The Game runs with basically native performance and without issues but the launcher is barely usable.
Plenty of key business apps use DirectX, OpenGL, Vulcan like CAD applications and games still use other Windows APIs. It's open-source, people can build off Proton to add the rest. These games for generally designed for Win10 now which support for is somewhat lacking in Wine. Concentrating on the latest version of Windows and APIs is a huge step in the right direction.
You're inverting the problem. The problem isn't that those things are used; the problem is they use lots of other things that aren't DirectX, OpenGL or Vulcan.
Don't get me wrong, such applications obviously profit from better 3D support in Wine but Proton won't make an impact on how well microsoft office or adobe cc products run in general.
IT all depends on how, where and when does this malware run. If they can be installed along with the games under a gaming only account on the Linux machine, that is, with zero permissions on system and other users files around, that's fine with me. However if they require to pollute system directories or, much worse, be installed as kernel modules or system level daemons, then it's way different. Security conscious gamers would probably put their gaming machine behind a firewall that screens their entire LAN (other hardware, NAS etc), and forget doing anything but gaming with it.
> If they can be installed along with the games under a gaming only account on the Linux machine, that is, with zero permissions on system and other users files around, that's fine with me.
Completely ineffective. It will be trivial to circumvent those protections. Might as well not bother.
The truth is cheaters are merely excersising their computing freedom. It's my computer, the game is merely running on it. If I want to read the game's memory and adjust aim or automate boring parts, it's my prerogative.
In order to prevent any of this, the game company must take over my machine. They must literally own my computer. Anti-cheating software is virtually indistinguishable from malware and there is no situation where this is acceptable. The game company's "needs" are irrelevant.
I think there is an underlying assumption that you’re entitled to play the game, therefor anti cheat is violating your freedoms.
But if we remove the assumption that you are entitled to play any game how ever you please i think this argument somewhat falls apart. If you don’t like their using anti cheat, then just don’t play those games which use it.
I just don’t think enough people agree with you that it will work in your favour unfortunately.
It's not entitlement to want to play the games I paid money for without my computer getting owned. This is basic respect, not some insane notion. Why are game companies entitled to complete control over our computers?
It depends on if you're talking about single player or multiplayer. Notably EAC and battleye are both only really used on multiplayer based games. Cheating on those games isn't "exercising your rights" because you aren't entitled to ruining others experience. Multiplayer is more than a simple "buy and own everything inside" experience because you are buying the ability to use their servers according to their rules and TOS. I support requiring the ability to run your own server without anticheat and full ownership and ability on those but you don't have the right to abuse multiplayer services just because you bought a license to play it.
And the needs of other players to have a fair game are also irrelevant then?
After all, you're the top rank in CS:GO not because of your skill but because you simply exercise your freedom to have everyone else play against your computer.
Correct, they're completely irrelevant. Of all the affronts to computing freedom, anti-cheating is the worst. The truth is the online gaming model where we play with untrustworthy strangers is completely broken. We should all be playing with friends we can trust instead.
I wouldn’t install anti-cheat malware personally, but I think many of the people who want to play these games care more about not having cheaters in their games than having ring 0 control.
They’re extremely passionate about their skills and want nothing more than a fair playing field. Playing only with friends is not a real solution.
Computing freedom means you have the freedom to give up control, too. It’s your choice.
Completely agreed. Where is this "right not to be cheated in an online game" coming from anyway? Sounds absurd when you put it in proper terms, that is someone else taking control over your computer.
From the same place that real-life competitions tend to have rules about cheating that are enforced.
Why do people think that they get a free pass because they can't see the opponent face to face?
If you want to play with friends, plenty of multiplayer games offer that without anticheat (Arma lets you even uninstall the anti-cheat and play on anti-cheat disabled servers).
Does my local basketball competition requiring all competitors to submit negative doping tests before competing? Do they get to monitor me for 24 hours before the game?
Because that's the level of seriousness of most gaming and the proportionality of using a rootkit to prevent cheating. Sure, the Olympic athletes (or I guess in this analogy, eSports pros competing online) get the full "we're going to make very sure you're not cheating approach" but "my local basketball league" or "unranked ladder" doesn't justify these measures being routine
Why? Do I get to pick the people on the opposing team in the local basketball competition? I didn't specify a local club for a reason. Just because it's some competition organisers rather than a matchmaking algorithm doesn't change my perspective.
> Why do people think that they get a free pass because they can't see the opponent face to face?
We don't think that. We think anti-cheating rules aren't important enough to justify shipping literal malware to people's computers and taking over their machines.
It's not literal malware though, unless you have proof that it does something malicious like encrypt a users directory or exfiltrate sensitive data and that every single anti-cheat does that.
> Where is this "right not to be cheated in an online game" coming from anyway?
No idea. Who cares if some random guy cheats really? It's nothing compared to losing our computing freedom. Actual important stuff that matters. Same fundamental issue as DRM which nearly everyone agrees is bad.
Our computers are ours and game companies just need to deal with it. If people are gonna cheat, then so be it.
The kind of people who care enough to spend money on an online game.
> It's nothing compared to losing our computing freedom.
Then don't play online games with anti-cheat. Freedom doesn't mean your decisions don't have consequences—just you have the freedom to choose between the privacy of not submitting to an anti-doping monitoring regime or participating in certain competitive sports.
> Our computers are ours and game companies just need to deal with it. If people are gonna cheat, then so be it.
Game companies online services are theirs, and your just going to need to deal with it. If firms are going to require anti-cheat, then that's the cost of playing online. You have the freedom to not participate.
Don't wanna have anti cheats installed? Don't play (online) games, noone is forcing you, for me I'm really happy i have the option on Linux in the future.
What would be the point of a competitive game if you could just cheat? Racing games like Trackmania live off verifying people don't cheat because it's a game where people compete for leaderboards. Should they not be allowed to prevent you from cheating yourself to the top of the leaderboard.
But it's not impossible to prevent cheating. CS:GO has a very low occurence rate of cheating as most cheaters are caught extremely early by anti-cheat or later by other anti-cheat efforts with more complex functionality.
They do in fact verify server side that everything is where it should be. But it doesn't stop people because ultimately the inputs of a high level player in Trackmania are nearly indistinguishable from inputs of a bot playing the track.
CS:GO faces the same issue where inputs by high level players are indistinguishable from cheating.
Speedrunning tends to have similar issues, where people perform tricks that are so close to TAS inputs that it can take years to spot an issue. Or in case of Dream, it takes an entire statistics paper to explain why they cheated. In those cases it's even worse because you cannot do server side validation on video data.
Being against anti-cheat is effectively being against competitive gaming or speedrunning.
Not that I disagree but if you accept the EULA that states otherwise, doesn't that mean you don't have the prerogative? It sounds like you want to skip over the EULA, isn't respecting licensing models a huge thing for Linuxheads? Honest question.
> doesn't that mean you don't have the prerogative?
It means I've agreed not to cheat. I have the power to do it, I just agreed not to use it.
I won't let them take my power away though.
> isn't respecting licensing models a huge thing for Linuxheads?
Personally I'm not a fan of intellectual property in general. Licenses included. They all depend on copyright which should be abolished.
The only thing that makes any sense to me is the boundary between my computer and their servers. I should be able to do whatever I want on my computer. They should be able to do whatever they want on their servers. If they can't detect cheating server side, that's just too bad because they aren't gonna be doing it on my machine.
The malware you’re describing would never be used. The designers of this stuff run it at ring zero on Windows with unlimited permissions and zero transparency
I care, but what is the alternative? I play on a computer that I use for little else, but most people out there can't do that. Most competitive games would just not exist on PC without anti-cheat software and highly competitive games need intrusive software. It is really ridiculous that it is necessary but people suck.
Although there are all sorts of attempts at server-side and even player anti-cheat hardware devices, to my knowledge there is no option that can realistically replace client system anti-cheat.
I hope it is a 2 way discussion between each side where they can make suggestions. On windows it turned into install this antivirus level of access program that has barely been tested and no guarantees it wont install malicious software as it auto updates every boot of pc. At a minimum it should require 3rd party(valve could step in) validated signed patches to minimize threat of individual employee selling off right to deploy ransomware to millions of machines.
There is no discussion. In order to prevent cheating, the game companies must stop my computer from doing what I want it to do. They must own my machine. The only difference between their software and malware is their software comes with a terms and conditions license that nobody reads.
Anticheat without malware has been around for ages: simply don't trust the client. Even Minecraft servers manage it.
Instead of playing a constant game of cat-and-mouse trying to prevent forbidden code from running when you can just plug in a USB rubber ducky, put the logic server-side. Ban problematic behaviour, as opposed to methods that might result in problematic behaviour. It takes some ingenuity, but what are gamedevs known for if not ingenuity? (Well, apart from withstanding abusive working environments for long enough that they can be profitably discarded, traumatised, after they can no longer function as effectively as a green new intern… but let's focus on the ingenuity.)
As a Minecraft server operator, I can tell you there are plenty of client-side cheats that are hard to stop server-side. Also many players end up complaining about false positives typically caused by movement errors from internet lag on their end.
Also, all these anti-cheat methods are not supported by Mojang but are third-party plugins. Stock Minecraft Server hardly tries to prevent many of the hacks.
> Stock Minecraft Server hardly tries to prevent many of the hacks.
It would require stuff like server-side chunk culling, which doesn't jibe with the way Minecraft is designed. However, there's nothing stopping a new game from being designed like that.
I named Minecraft because it's fundamentally flawed for server-side anti-cheat (you're limited by a client that requires a lot of theoretically-unnecessary information, and doesn't send enough requests for you to provide this lazily), and people manage to catch enough cheating to keep things fun for everyone else. If you control both the server and the client, you don't really have much of an excuse.
> However, there's nothing stopping a new game from being designed like that.
Modern games do network culling. UE4 supports it out of the box. The _millisecond_ that information is replicated to the client, (which has to be before the client views it on screen to allow for hardware latency), a cheat will have access to it and will be able to act on that information. Even if you have the fastest monitor known to man, and no rendering buffering there's 6ms before you can draw the player on screen, or 1ms to poll your mouse/gamepad, so the cheat wins.
So don't let clients react on information until 8ms after they get it? If it's a game where you can't do that, collect probabilistic evidence on players until you have a lot of evidence that a player is cheating, and add them to the “we'll ban later, but let's mitigate the damage for now” list.
Cheating players are statistically distinguishable from really good non-cheating players most of the time – and when they're not, we're at the level of cheating where it's unlikely your anti-cheat will help, because they'd just fork out the €50 for cheating hardware.
> So don't let clients react on information until 8ms after they get it?
This just delays the problem by 8ms - you still have all the same problems, except you've introduced 8ms latency. The cheats are still perfectly accurate, and are responding to perfect information. If you could only delay the information to the cheat, then you wouldn't need to do any of this because you could reliably just boot out the cheaters.
> ollect probabilistic evidence on players until you have a lot of evidence that a player is cheating, and add them to the “we'll ban later, but let's mitigate the damage for now” list.
That's what anticheat providers already do already, and yet we still have that problem.
> We're at the level of cheating where it's unlikely your anti-cheat will help, because they'd just fork out the €50 for cheating hardware.
Hard disagree here.
1) if you have an algorithm which can statistally distinguish cheating players from non-cheating players enough of the time, I'm guessing you have an algorithm or model that you can point to that does that? Because as far as I'm aware, they _help_, but don't fix.
2) People aren't forking out for dedicated hardware to spoof mice en masee, but they _are_ forking out for kernel level cheats to bypass the userland detection.
Aimbots need no trust from the server. As long as the client knows things the player doesn't, and there isn't a chain of custody from the physical mouse to the server, you can cheat.
Why would a client need to know of such things? If the player can't / shouldn't know of something, then the client shouldn't either.
There are some interesting repercussions of this train of thought though. Take an enemy hiding in brush in an FPS game. The player would have line of sight to their hiding spot, and current games (I think) just leave it to the player's eyeballs' ability to see them through the brush. That's kinda cool in that it raises the skill ceiling and it's obviously immersive.
However, there's a whole host of reasons it's bad. First, there's the aim bots and other cheating it allows for. Second, what if the player has bad eyesight? So there's an accessibility issue there. Third, you get people doing a... lighter form of cheating where they turn their graphics settings down to the lowest setting (sometimes even editing INI files to lower them down below what is possible via the GUI) that would lower foliage quality, making it easier to see the enemy. Probably some other things too.
There are perhaps many interesting ways to fix this. D&D has their own way with random chance, but I can see players of skill-based scoffing at this, and I don't blame them. But I feel the current approach is lazy game design, and perhaps something interesting could be thought up.
because the alternative is server-side rendering of every frame, which would introduce unacceptable latency to input and also likely significantly reduce graphical detail, given the existing huge investments in consumer rendering hardware that have not yet been duplicated serverside
google stadia exists. nobody playing competitively uses it, and that's exactly the demographic that cares the most about anti-cheat
and, it still doesn't prevent computer-assisted input
Speaking as an avid Stadia user, I think this has a lot more to do with Stadia's library being garbage compared to the non-Stadia options. I can't imagine a reason an e-sport pro would want to go from the entire competitive ecosystem as a choice to just what's on Stadia. Even for casually competitive players, there's a massive lack of mainstream competitive titles on Stadia. Maybe the latency input is the problem but it seems like a big assumption with how miniscule the library is.
I'm very much a competitive fps player, i have low latency to the closest stadia server and I'll tell you: It's absolutely unplayable for me due to the input lag. I'm normally in top 1-2% and on stadia I'm closer to top 30% it's a huge difference.
I think you misunderstood my post, and considering the surprising number of downvotes on it, I wonder if others did too?
Can you explain further though? I don't understand your case. It sounds like an aimbot, which is what would be prevented by not sending the client more info than is needed.
The thing about aim bots is that they're quicker than you and they don't make mistakes. A monitor and a rendering engine will introduce up to 3-5 frames of latency (double buffering, refresh rates). Your client likely has the next 1-3 frames of data ready to go so it can do client side prediction/interpolation/smoothing, which means the cheat has access to that data. All of the data that's required to make modern games look and _feel_ good is the data you're talking about throwing away here
I guess it is the case where the info begs to the player, the player reaction time is in tens or hundreds of milliseconds (time to render the image, display it on the screen, player to see, move the mouse to aim and shoot) versus an aimbot that does not need to wait and can react in a few milliseconds. This is cheating if the cheater's aimbot is using an advantage normal players don't have (unless everyone is using aimbots and this is no longer a human-played game but a bot game).
Alternatively, you could provide the geometry without providing the semantic information. I'm not sure how viable that is, but it'd make aim-bots a bit harder.
> First, there's the aim bots and other cheating it allows for.
You can make an aim bot by connecting the output of your monitor to a hardware-emulated mouse. Unless the server can detect this, kernel-level anticheat is building a really tall wall with the door unlocked. (If it worked I wouldn't object so much.)
> Alternatively, you could provide the geometry without providing the semantic information.
Yes - cloud rendering. It's _a_ solution but comes with tradeoffs. Namely, it introduces large amounts of latency, and costs a dumpster truck of money.
> You can make an aim bot by connecting the output of your monitor to a hardware-emulated mouse.
Anticheat is a cat and mouse game, and raising the barrier to entry improves the experience no end. There's a _big_ difference between downloading and running an exectuable, and buying specialist hardware to cheat at a game.
Only a very small part of the rendering needs to be done on the server; notably, the camera could still move, and the client could still make the usual heuristic predictions about where things are, so it wouldn't feel laggy.
> and buying specialist hardware
If you have a streaming rig, you already have nearly all the hardware. Just add a Raspberry Pi Zero or something, and you're good to go. (But yes, the barrier-to-cheat is still higher… at the cost of also increasing the barrier-to-play-at-all.)
> Only a very small part of the rendering needs to be done on the server; notably, the camera could still move, and the client could still make the usual heuristic predictions about where things are, so it wouldn't feel laggy.
This is just nonsense.
The data that the client uses to make those heuristic predictions is the same data the cheats, so once you send that extra data over you've undone the benefit of not sending the client any extra info it needs, _plus_ youve added an intermediate network hop for your remote rendering, _and_ you've now required that your game has essentially a hardware DRM in the remote computer that you're rendering.
> If you have a streaming rig, you already have nearly all the hardware. Just add a Raspberry Pi Zero or something, and you're good to go.
The number of people out there who are spending thousands of dollars on secondary rigs to hook up emulated mice via a raspberry pi to run custom cheats has got to br vanishingly close to 0 for even biggest games in the world. Given that _these_ are the measures youre suggesting to bypass the anticheat, it sounds like they've sufficiently raised the bar to me.
When people writing AI driven hardware mice is a common cheat vector let's talk, but right now the cheat vector is people running cheats installed inside the kernel.
> plus youve added an intermediate network hop for your remote rendering
I never said anything about an intermediate network hop. It's not that expensive to cull a few tris, diff the geometry and then send it – especially if you can compress the information, which you can, because you control the client and server. (In fact, you likely don't even need to go down to the tri level to get the effect; all you need to do is turn locating obscured players into a computer vision problem.)
I don't know where this “intermediate network hop” comes from.
> spending thousands of dollars on secondary rigs
Think €60. An HDMI splitter, a USB HDMI capture card, a Raspberry Pi and a USB cable. Not that expensive.
> but right now the cheat vector is people running cheats installed inside the kernel.
It's functionally equivalent. Your “anticheat” is taking control of other people's computers, stopping a lot of people from being able to play the game entirely, because it was easier for the developers.
Thanks for a wikipedia article on networkiong basics. Believe it or not, I do have some experience in this area, I've worked on networked games on physics and gameplay for almost 10 years. The information you use to extrapolate (position + velocity) is the same information a cheat is going to use. If you have enough information to draw _a_ thing on screen, a cheat has enough information to say "fire at that thing".
> It's not that expensive to cull a few tris, diff the geometry and then send it
Multiplayer games are doing this aggressively already. This is an out of the box feature in UE4 and Unity. The second the client gets this information, the cheat has the information too.
> all you need to do is turn locating obscured players into a computer vision problem.
> I don't know where this “intermediate network hop” comes from.
You either send the positions to the client, along with an association for what it belongs to, or you render the _entire_ scene on a remote "client", which means streaming the video back to the end users device. The video streaming introduces an extra hop on the network as you now need to go from end user to streamed client to server, rather than end user to server. If you don't render the whole thing, at some point the client gets sent the information that it needs, and the cheat has it.
> An HDMI splitter, a USB HDMI capture card, a Raspberry Pi and a USB cable. Not that expensive.
Apolgoies, when you mentioned a "streaming rig", I thought you were talking about having a secondary gaming PC hooked up. Just because it's _theoretically_ possible doesn't mean it's actually happening though.
> It's functionally equivalent.
I fundamentally disagree. One of these (kernel level cheats) are readily being sold on the internet, available to anyone with a debit card/paypal/btc and a computer, and the other requires dedicated hardware, along with the knowledge of how to write these cheats in the first place.
> stopping a lot of people from being able to play the game entirely, because it was easier for the developers.
The numbers of people who are legitimately stopped from being able to play the game entirely are very small, but those people do exist, and it sucks for them. Your blame of `it's easier for "the developers"` however is untrue. It's not because it's easier, it's because (at least right now) it's necessary.
And how server-side detection of aimbot can look like? If the latter is not written by a retard, you're very quickly down to statistical detection. Which is also cat-and-mouse, but the cat is crippled.
