This is so funny because rust has one of the worst cheating situations and majority of their players are windows users, and theres lots of games that have anticheat that allows linux and have notably less significant cheating problems like marvel rivals. in reality rust doesn’t take cheating very seriously because if they did they would have more server side software that detects illegitimate behaviour like tons of other games do successfully… even most popular Minecraft servers have better functioning anti cheat that is completely server side than rust has while getting kernel access to your pc. its pathetic and lazy development tbh and this entire post from them reads like such extreme cope…
If your cheat detection runs on the client side only, you don’t have cheat protection.
i wonder if this guy heard about counter strike…
Skill issue.
Never heard of Rust, but it sounds like something Incan afford to ignore.
OS shouldn’t even matter to prevent cheating; do your anticheat validation server side. Anyone who knows anything about security knows the client side can never be trusted.
I think Helldivers 2 uses EAC and it works on Proton just fine.
On Windows the cheating program it’s a simple exe that will get kernel access with a simple uac request.
Everyone, especially 12 years olds, are able to run it. (And maybe get malware/ransomware disguised as a cheating program)
None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that
None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that
aha! so you admit, IT’S POSSIBLE! Well aren’t we lucky we have microshoft who won’t let anyone recompile their colonels! shows you mr silly yunix!
;D
The garbage took itself out.
even most popular Minecraft servers have better functioning anti cheat that is completely server side
Why isn’t this the standard everywhere? These servers prove that server side anticheat works.
It is. All games have this kind of server side verification which denies not allowed actions. The difference is in Minecraft it comes down to “no, you cannot fly, or” no, you cannot build a pig spawner because you don’t have one in you inventory". But in Counter Strike you need to decide if one player’s 14ms headsbot is legit, while some other player’s 20ms kill was not. Or if someone was acting on information they shouldn’t have (radar and wall hacks). That’s orders of magnitudes harder.
Generally speaking, the slower a game, and the less hand eye coordination are necessary, the easier is server side cheat detection. On the other side, there’s chess…
Well, yes, but, let me counter with this:
You can completely remove wall hacks from the equation by doing some FoV calculations in the server, this completely solves that issue, there’s no client side hack that would be able to show you enemies behind the wall because the server isn’t sending them to you.
And to the other point, if the 20ms kill is bad but the 14ms kill is good, there’s space to argue that the cheater is worse than the players so you don’t really need anti-cheat so solve that, Skill based matchmaking takes care of that for you, he would eventually be placed with people who are better than him even with hacks.
Sure, server side anti-cheat can’t capture everything, but neither can client side, but server side anti-cheat can make it so that your client side cheats are pointless, because they can’t make you better than everyone, you have to remain averageish, and if you’re consistently above average skill based matchmaking will bump you up and up until you’re going to lose even with cheats or you will be playing against other people with the same cheats as you.
Please see my other answer. Yes server side fog of war solves a lot, but not everything because it works with your FoV+some extra. On top of that there’s enemies’ sounds and objects that will make wall/radar hacks work.
Yes, skill based matchmaking would take care of the consistent not-inhuman cheater, but unfortunately the number of games getting that right can be count on two hands, I would say. It’s an interesting problem on its own for team based games.
I’ll reply to the server FoV there. Skill based matchmaking is hard to solve, but I think most games who have enough players to worry about anti-cheat to this level should have some level of skill based matchmaking in place, in my head that’s way more important than anti-cheat because even with cheaters the games are fun for everyone, and cheaters end up bubbling up into their own group.
Absolutely.
I’ve said this before about wall hacks. The only reason they are possible is because the positions of all players are being sent to the client and then the client just doesn’t draw them to screen. It would be extremely easy to simply not send the data for players you shouldn’t be able to legitimately see.
And you are not the first person to have this idea.
Most games do that to some degree. The thing is they are working with a threshold, which means they send your client the information of a few “extra meters” - beyond your field of vision. If they didn’t, enemies would sudddnly pop into existence, instead of smoothly running around the corner. Especially in fast paced games there’s nothing more frustrating than losing to this.
But there’s more: non visual clues. If an enemy is outside your vision, but makes a noise, you cannot give that information to the client without revealing the enemies position. It’s simply not possible (again, not without risking giving completely wrong info by the time it reaches the client).
Same goes for non-player objects, which are the result of a player’s action somewhere else. If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
We’d be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
I find a number of problems with the level of authoritativeness that you speak and some of the arguments you’ve made.
The core of your first argument lumped together is that a small amount of extra latency is the same thing as “impossible”. This is obviously not true as even with some relatively fast paced genres, what is acceptable varies wildly. Maybe such an argument could be used for Valorant, but not for Pubg or escape from Tarkov (games that are already known for netcode slow enough that this would not truly/notably harm the experiences of players if they were designed for this from the start).
Same goes for non-player objects, which are the result of a player’s action somewhere else. If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
This example is contrived, and just the type of thing where there are a number of options available.
One could simply not send the bucket, send it with a delay, the bucket could not exist (the majority of games), the buckets origin could be randomized just enough to be at the tested limit of player perception, the game could include a trace shadow by default.
For every example like this, there are options available which aren’t entrusting a black box to access all of your data with a pinky promise.
We’d be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
There is no kill-it-all solution, and this is a clever little re-framing of the argument by you where the new solution has to be perfect, when the status quo can just be mid.
I don’t understand how you lump my arguments into “extra latency”. Server side anti cheat doesn’t add latency (I mean technically it does, but that’s not the concern right now), but latency is very much the reason for the downsides I pointed out. The smaller the margins, the higher the chance one of the two players doesn’t see the other coming solmoothly around the corner, but suddenly materializing in full view.
Your examples illustrate that very well. It’s OK for PUPG or Tarkov (and even there only long distances), but a hard for Valorant.
This example is contrived, and just the type of thing where there are a number of options available.
And now, instead of the irrelevant bucket, make the same argument for a relevant object - like a grenade, or tracers. You cannot just get rid of everything or implement random delays or randomized origins.
There is no kill-it-all solution, and this is a clever little re-framing of the argument by you where the new solution has to be perfect, when the status quo can just be mid.
It’s not reframing. The original argument I replied to claimed these hacks only exist because the server sends everything, and it would be extremely easy to fix this. Neither of which is true.
I don’t understand how you lump my arguments into “extra latency”.
Followed by
but latency is very much the reason for the downsides I pointed out.
Is wild to me.
Seems like you understand perfectly fine.
Your examples illustrate that very well. It’s OK for PUPG or Tarkov (and even there only long distances), but a hard for Valorant.
This is both you agreeing yet disagreeing with my argument and I don’t get the point exactly.
If its feasible reasonably, the point of your argument is diminished.
And now, instead of the irrelevant bucket, make the same argument for a relevant object - like a grenade, or tracers. You cannot just get rid of everything or implement random delays or randomized origins.
You’re fighting a strawman by pretending that my argument was ever to “just get rid of everything or implement random delays or randomized origins”.
My point applied in specific cases where relevant, and the dishonesty in your argument here is by acting like I am talking about not having a game. The bucket example was specifically about a bucket going towards a player from an unseen location with no line of sight.
For a situation like a grenade, the grenades direction becomes visible, somewhat randomized, from when the player should be able to see it. This presents no gameplay problems and solves the edge case of figuring out its trajectory for cheats, especially as a little bit of randomization results in a wildly inaccurate origin point.
As for the bullet, where are people shooting others without line of sight, where the bullets path would also simultaneously be visible? Its not a realistic scenario to bring up at all.
If we’re going to that extent, we might as well also then say that all client side anti cheat is worthless because you can use a secondary machine to read the ram of a primary machine or other such high effort cheating strategies.
It’s not reframing. The original argument I replied to claimed these hacks only exist because the server sends everything, and it would be extremely easy to fix this. Neither of which is true.
Firstly, it absolutely is reframing, because they never claimed anything was a kill-it-all solution. They claimed one thing was a specific solution for a particular problem, which it is.
The only part that you actually have shown good reason to disagree with is the last claim, as with the second you’ve admitted that it in fact would be effective, but that there would be downsides potentially (as if there arent downsides with every option).
If an enemy is outside your vision, but makes a noise, you cannot give that information to the client without revealing the enemies position.
Sure you can, for starters audio is a lot less reliable to pinpoint location than video, so the server can randomize the position somewhat and still be accurate enough. Not to mention that sound bounces off walls, so it’s not exactly wrong to give the point of origin of a sound as a wall nearby the origin or destination, and an even more advanced system could use ray tracing to calculate sound path and give you a fully accurate sound point that doesn’t reveal the source exactly.
If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
But again if you’re not sending the bucket position until it’s in FoV that doesn’t matter at all.
We’d be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
It’s not the end all, but it does take are of whole categories of hacks.
Still both can be calculated back to the source of origin. It may not be enough for a wall hack to reliably point out the enemies exact position, but definitely enough for a radar or proximity hack.
Edit: Your also completely ignoring the mandatory threshold where the server absolutely needs to send you enemy information already in order to avoid enemies popping into existence. The faster the game, the bigger that threshold.
And by all means, sound (in video games) is a pretty linear thing. You can only randomize so much, until players complain that it’s not reliable.
In the games were talking about these kind of additional info or heads-up are an unfair advantage in competitive play.
The solution sounds easy, but I do believe that if it was, we would see it in at least some current games.
True
Because they’ve been forced to implement server-side anti-cheat because they can’t implement it into the game because they don’t control the game and mojang don’t seem interested in adding much in the way of anti-cheat to Minecraft.
These other companies actually control the games they’re running the servers for, so they can go the simple route and put kernel level anti-cheat in the game, and then call it a day. Corporations will always take the easy cheap option, even if it’s not very good.
I tried Rust, but quit quickly due to the extreme levels of racism and open Nazis. Maybe they should address some core issues of the game before blaming Linux for their problems?
Also, how was their playerbase only 0.01% Linux? Was their game terrible on Linux? Why did it have hundreds of time less players than other platforms
They’re on that lie still?
Cool, cool. I’ve got plenty of games to choose from to care about lazy lying assholes who can’t be bothered to come up with a better excuse than that for why they irrationally hate Linux
Is there any way with steam to verify those player numbers because 0.01% seems very low. Market share is about 3% so I would expect numbers more in line with that. Obviously it’s not going to be a one-to-one match up but two orders of magnitude different than from the expected number.
Rust became unplayable on Linux a good few years before the Steam Deck-induced Linux boom. Back then the Linux share was still counted in tenths of a percent, if that.
If you actively prevent your players from using Linux, your Linux player numbers will be very low.
Hardware level cheat detection has always been a losing game. I’m a professional in similar area (not games) but it’s fundamentally impossible to do when you dont control physical hardware, it’s stupid. The only way to detect cheaters is machine learning based behavior analysis, period.
TL;DR: skill issue
The only way to detect cheaters is machine learning based behavior analysis, period
Either the entire game industry is incompetent, or you’re wrong. Machine learning is a powerful tool, but the only way? No chance.
@Jumpropegazing
they are loosing the battle against Cheaters on the windows user side, don’t make them loose the battle on the Linux side aswell 🤣loose
not tight or constricting;
lose
THE WORD YOUR LOOKING FOR. to fail, to be defeated, etc.,
sorry, this is just one I keep seeing more and more and it’s driving me absolutely bonkers
@mojofrododojo
thank you 👍 i appreciate the correction
Let’s do some math here, they said:
More cheaters using Linux than legit users (…) .01% of all players base
Let’s do a quick math. The maximum peak users for Rust was 259,646 concurrent users according to https://steamcharts.com/app/252490 . Let’s assume 60% (more than half) of all the .01% users were cheaters, congratulations, you got rid of all those 16 cheaters… I haven’t played much Rust, but I’m fairly confident that there’s a bit more than 16 cheaters there.
And that’s without getting into the whole client side anti-cheat doesn’t work.
You dont understand linux users have black magic hacks that ruined the game for every player on every server, their power cant be understated… Theyre a whole bunch of dangerous hardened criminals
every single one is a l44t hack3r bro
I feel like some people think Linux is only for hackers and cybersecurity professionals
And genuine hackers and cybersecurity professionals have got way better things to do than cheat in Rust.
The cheaters are all obnoxious 12-year-olds who couldn’t land a single hit without the cheats, that’s why all the compilation videos of cheaters falling foul to fake cheat software are so funny. They’ll spend 10 minutes trying to go through a doorway without it ever occurring to them that something must be wrong.
🤣 beware the Linux users
Explain something to me. It’s a multiplayer game anything that affects all players should be handled on the server side, not the client. So if I make a cheat it can only be installed client side, not server side.
So if my hypothetical cheat looks at object placement and any time I sees a small object approaching at a high velocity it can say “I’m going to assume that’s a bullet based on what the server told me about it.” Then my cheat would say “your character moves from here to here until the bullet passes by, then moves back. I will tell the server you moved to the left 20 inches in the blink of an eye then moved back”
This works because the server just trusts what it’s told in this example.
So there are two options here to resolve this. Either the server sets thresholds and denies any placement changes look like the Flash is playing rust, or the server evaluates suspicious placement changes later when the cpu load it’s under is lower. The first approach stops much of this instantly but is computationally expensive and could not scale well for lots of players. The second would work well enough. You need to catch cheaters but it’s doesn’t have to be within the same exact cpu cycle.
In either case, these work because the server is taught to look for something that shouldn’t be possible. The enforcement happens server side. The client doesn’t fucking matter.
There is zero reason to put anti cheat on the client side when it’s not a P2P instance. Target a few servers, not thousands of players.
The client side anti cheat is a low effort hack that was good enough. Video game anti cheat devs are cheap as fuck because looking at client bits cost nothing compared to expensive machine learning pipelines that need to analyze all player performance. This is not a tech problem but a product/skill one.
You don’t need machine learning for this we’ve had perfectly good server-side anti-cheat for a while now and none of it’s been AI-based until recently. If we know the top speed the game should allow players to move any movement greater than that speed must be a cheat or lag, either way it shouldn’t be allowed.
There’s more to cheating than moving quickly.
Obviously. They gave one of a thousand examples. That doesnt mean their point is weak, it means they didn’t have the will (reasonably) to make their comment 50000 characters long.
If you have a specific example that doesn’t work to a reasonable extent, post that rather than this short, vauge retort.
Your head is in the right place, but your example is very wrong. First, unless it’s a very slow projectile that’s not how bullets work in games, second movement takes place in the server, to do so in the client is nuts. Client sends inputs, sever moves, gives back player location, client adapts. While waiting for a reply the client simulates the movement expected, but sometimes the server doesn’t receive the package and so tells you you haven’t actually moved and you teleport back.
What’s usually not done is calculate vision cone, instead the server gives you everyone’s position and you calculate whether you can see them on your GPU. Which is why if you can get access to the GPU pipeline you can tweak it so it shows you objects through walls. If you move the LoS calculation to the server you completely eliminate wallhacks, however that is very expensive to do (although ray tracing GPUs might provide a good approach in the future)
second movement takes place in the server, to do so in the client is nuts.
For the vast majority of games, it’s in between, because the latency if you waited for the server every frame you moved would be way too much.
It’s something like you have a local model of where everything is, and send updates to the server of where your local model says your character (and whatever else your inputs affect) are. The server receives that data, potentially validates it (server side anti cheat checking that your movement makes sense, similar to the OP post, for example), and then forwards that info to all players. The client side positions of everything are updated based on that info. Usually some interpolation is added to make things move more smoothly.
Yes I meant movement happens server side, which is why this example cheat couldnt work. it would be telling the server what to do, and the server could always say “no, fuck off, thats not something you were coded to be able to do”. Sorry if I didnt convey that clearly.
I also understand the client has to draw things faster than the server can respond “okay, I moved you 12 inches to the left” so it guesses the outcome and if the server later responds with “denied, no teleportation in rust” it will just snap you back to the last position the server approved of.
My point is anticheat client side suggests bad code server side.
Yeah but this approach makes the game stutter and/or sluggish for everyone. Client side computation isn’t just cheaper, it also ensures that you have a smooth gaming experience.
As someone else said, most games do a middle way here. Compute on client side. Verify on server side.
Yes but if you are verifying server side anyway, why do you need anti cheat client side?
Well, first off: Money. The more you verify, the more it costs you to run your game’s servers.
But also because you cannot detect every kind of cheat via server side anti-cheat. How does a server detect if my flick-headshot (which won this crucial round) in counter strike was luck, or if I had help from a program running on my machine? Maybe it didn’t even make me react faster, just nudged the cfosshair another few pixels to ensure the hit.
Of course you can run statistics, and can flag outliers. But it’s no proof. If someone always cheats you won’t catch them, while you will flag someone have a good day (or a friend playing on their machine).
Well, first off: Money. The more you verify, the more it costs you to run your game’s servers.
This sounds like a super clever argument, until you think about the scale.
If the cost to host a game went up by 50% it probably wouldn’t make it into an investor call. Its a small price. It could be 10x as much and still be completely affordable to many games companies.
How does a server detect if my flick-headshot (which won this crucial round) in counter strike was luck, or if I had help from a program running on my machine?
How does the client detect that when running said cheat on another machine? It doesn’t. The current solution isn’t perfect either.
I think the one who’s not thinking about the scale is you. As the server owner you pay (compute) for every additional player. This goes directly against the wish to have as many players as possible playing your game.
This discussion spun of from a company stating specifically they don’t want to invest more into anti cheat solutions. And that’s from a company which absolutely could afford it.
How does the client detect that when running said cheat on another machine? It doesn’t.
You make it sound like I said that, but I didn’t. In fact I’m very much against kernel level anti cheat.
Isn’t the real issue the PCIe bus being undetectable-y intercept-able with devices that sit between the gpu and cpu?
correct that is where majority of cheats are, because as they dig deeper with anticheat backdoors it pushed people to take advantage of shit like injecting the data directly into the pcie bus untraceably, and the ways to catch that have all been unshockingly server side…
