IMHO, the only reliable solution is community-managed or "dedicated" servers where there are trusted admins that have the power to ban cheaters at their own discretion. I don't think this problem is solvable "at scale" in the general case. Unfortunately the gaming industry has spent the last decade taking power away from gaming communities and replacing it with proscribed matchmaking and map rotation - so the tools for community policing haven't advanced much beyond a "report" tool.
Another solution is the console approach where the platform is secured so people can't cheap. This approach does scale. The PC platform is still playing catch up. Someday multiplayer PC games will be able to prevent cheats from reading / writing its memory or injecting come into the process. They will be able to use remote attestation to prove that they are using the actual game client on not cheater operating system.
I've certainly ran into cheating on both Xbox Live and PSN. My friends who play Mario Kart and Splatoon online on the Nintendo side tell me it's quite bad there too.
The switch got hacked pretty badly so their platform is no longer secure. After doing some searching the xbox series and PS5 still look to be secure. While the PS5 has a jailbreak for early version I doubt it can play online games with such an old firmware.
I'm surprised ran into cheating. Perhaps the game supported cross play with insecure platforms?
That won't work against ML bots that take video input which is increasingly going to be a problem.
I also will never knowingly permit a program to run on my computer that performs remote attestation or otherwise uses my hardware against me. Neither will I accept opaque anti-cheat kernel modules. I don't want anything to do with malicious anti-user software.
>That won't work against ML bots that take video input which is increasingly going to be a problem.
You are getting into the territory of botting or letting other people play on your account than regular cheeting like what is described in this article.
>or otherwise uses my hardware against me
Proving the current state of your system isn't using your hardware against you. It is showing that your system is secure against cheats.
>Neither will I accept opaque anti-cheat kernel modules
If they aren't opaque they will be instantly bypassed
>I don't want anything to do with malicious anti-user software.
Cheats are antiuser software that can kill an entire game. Software that combats this threat is prouser.
> Proving the current state of your system isn't using your hardware against you. It is showing that your system is secure against cheats.
Complete doublespeak. It is using your hardware against you such that you will be denied service if the operating state of your system isn't to the service operator's liking. I want nothing to do with it outside of employer controlled devices being validated by the employer or my own devices being validated in such a manner by me.
> > Neither will I accept opaque anti-cheat kernel modules
> If they aren't opaque they will be instantly bypassed
Makes no difference to me. There aren't going anywhere near my kernel and I strongly recommend that other people take the same stance. The developers of such modules (and more generally just all software developers) are inherently untrustworthy as has been demonstrated on a number of occasions.
> Cheats are antiuser software that can kill an entire game. Software that combats this threat is prouser.
Cheats take advantage of buggy or poorly designed software. Software that combats that is pro-bad-developer. If it commandeers my machine in the process then it is decidedly anti-user. Write better software. Don't share state with clients if it's supposed to be hidden.
>It is using your hardware against you such that you will be denied service if the operating state of your system isn't to the service operator's liking.
It's up to the game's developer whether they allow you to join. Either you have hardware that can prove something the developer thinks is trustworthy or you just can't prove your system is trustworthy. Nothing is working against you. Either the developer trusts your hardware or they don't.
>Cheats take advantage of buggy or poorly designed software.
No, they take advantage of a poor security model. If your security model lets random processes read out the location of all of the players is that the game coded poorly or the operating systems fault for letting a cheat read that information? Being able to trust the code that the client in running instead of just the code that the server is running is powerful. It makes developing a secure system easier since it allows you to trust more.
Which is why secure boot and remote attestation is needed so that the developer can trust that you are not using a non preapproved kernel module not are you using a virtual machine.
Remote attestation doesn't work if i have permission to modify memory. My kernel module wont even show as loaded...
If you can modify sytem memory its trivial to bypass any checks the anticheat has. To the point where you simply modify the anti cheat in memory to say 'sure i've done all those checks'.
I can have secure boot of virtualized hosts, and still modify system memory from either
a kernel exploit or virtualised systems host. Cheaters absolutely would install crappy signed kernel modules to achieve this.
Okay, but it does work against a lot of other cheats such as the one this article is about. You are limited to only things that are physically possible to do.
If you think of the headcount for "private servers", and assume 0 overlap, then private servers tend to have in worst case, 1 staff member per 100 players. Can you imagine any large developer employing a team 1% of the size of their playerbase for community moderation? Wouldn't happen. More likely they have like 10 support people and 3 devs on their anti-cheat team for their million player game, so they need to rely on their technical measures and stick their fingers in their ears as to the existence of false positives and the inevitable loss of that cat and mouse game in long running titles.
I think what the parent meant by dedicated servers is letting the players runs the game servers on their own computers and then letting those players manage the servers they have created, so the game dev wouldn't have to do the moderation there.
That would also solve the issue of the game dev pulling the plug on the multiplayer mode a few years after release...
