this post was submitted on 10 Apr 2025
17 points (90.5% liked)
Game Development
4080 readers
5 users here now
Welcome to the game development community! This is a place to talk about and post anything related to the field of game development.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Server side anti-cheat is vastly superior to client side anti-cheat in many ways. It completely negates most cheats in the first place. There are some problems with server side anti-cheat that prevent it from being a viable solution on its own:
The game needs to be programmed with Server Authentication in mind from the very beginning. Refactoring a game to move authentiation from client to server would take a lot of time. Client side anti-cheat is cheaper and easier to add later on to a game.
Not all cheats are detected. AimBot, XRay Vision, ESP, are the kinds of cheats that Server Authentication cannot reliably detect, because the server cannot possibly determine the difference between a really good player or a cheater in just a single game. Sometimes automated systems get it wrong.
Server Authentication feels bad for players with high ping and packet loss. IMO, this isnt a problem and players should play on low ping servers anyway, but programming the client to predict and do the math the server would do (and the server packets overwrite the client data when it receives the server data) makes the game feel more responsive. The issue is that this can lead to a rubberbanding effect when the result of the server is finally received by the client and they get teleported to a potentially different place or just die immediately because someone with lower ping got to them before the server packets did.
The proper solution is to use Server Authentication, Client Prediction, AND client side anti-cheat. This would eliminate nearly all cheating in the game. Of course, this removes a lot of functionality from the game client and players would see this as some form of invasive DRM.
Play with cheaters, or play without DRM/Kernel level anti-cheat, pick one. Because you unfortunately cannot have both.
I'm not sure you can just have Kernel anti-cheat. There are still bypasses for it, just more sophisticated. At the end of the day cheating is inevitable, it's how invasive do you want your anti-cheat to be.
No, and I said (perhaps I didn't make it clear or I may be hallucinating lol), client side anti-cheat by itself is equally as ineffective as server side anti-cheat by itself at stopping cheating, because they both only catch some cheats. They both need to be used together in order to ensure a nearly cheatproof game. (Ignoring Walled Gardens like new, unjailbroken console environments).
Anti-cheats need Kernel access so that a cheater cannot try to disable or bypass the anticheat easily. I mean, nothing with a point of entry is totally secure, but with a good enough deterrent people that want to get in will think it is totally secure or not worth their time. At that point, with so many deterrents, developers of the anti-cheat software should be able to determine how a cheater that gets around their software does it and devise a patch for the vulnerability.
Dealing with cheating is always reactionary. You cannot preemptively ban someone for cheating, you have to actually wait for them to cheat. Kinda like the movie Minority Report (greata movie). But to make it a lot easier for game developers, setting up as many guard rails as possible help them to focus more time working on the actual game instead of dealing with cheaters. Its a necessary evil, and the consumer should decide for themselves if they want to install that on their system or not.
I do think that all anti-cheat software should only actually run when the game that needs it is running. I also think that games should have a label that say, vaguely, how invasive the anti-cheat is. Knowledge is most of the battle against cheaters, so telling them the exact anti-cheat methods could be detrimental, but at the same time consumers have the right to be informed about the kind of software dependencies a game might have.
I'm still not convinced it's possible to have a cheat proof environment. Kernel anti-cheat is not fool proof, it's just more annoying to deal with than user space anti-cheat. Yes, pairing it with server side stuff will make it even more difficult but if one of the anti-cheats can be successfully bypassed then some amount of cheating is possible and anything running on a user's machine is susceptible to being bypassed because the user controls the environment. Additionally I'm in favor in general of kernel AC being outright banned by OSes. It's honestly far too invasive and it's a race to the bottom the game devs won't win if a cheater is determined enough. You say you're a fan of it only running as needed but it's in your kernel, it's got God access, 1 micro second is too long to allow every game developer on the planet unrestricted access to my computer. Ultimately though client side AC is like DRM, when you expect the software on the user's computer to enforce your rules you will be sorely disappointed. It will raise the bar, it will make some people give up, but it won't prevent it.
The answer is to go back to having user run and moderated servers instead of having giant centralized player pools with nothing but automatic moderation. Not everything has or can be sufficiently solved soley by technology.
This does not really solve the problem. Lets take Battlefield 4 as an example, because while I would like to use Operation Harsh Doorstop as an example since its more true to your idea, it would be morbidly unfair to your idea (negatively).
BF4 allows users to "rent" a server and run as if it were their own. Aside from the server machine being in the posession and ownership of EA, BF4 private server admins can implement their own server rules, kick and ban people, etc. They also have the added benefit of automatically populating in all client server browsers, as they all connect to the same server used for account storage and matchmaking. Plus, EA handles all of the server maintenance. Pretty sweet deal.
BF4 servers currently are effected by:
Most of the servers are like this. The official servers, nobody joins those. Literally nobody. Private servers are like, 3 in 4 players are cheating. There is 1, I kid you not, 1 good server that is ran well that kicks cheaters quickly. And the queue wait time to enter that server when more than 64 noncheater players are playing is atrocious. I am not joking when I say I once waited all day to join that server just for my game to crash once I got in. Nobody wants to have that kind of experience. Especially not after a long day at work and they just want to sit down for an hour or two to have fun in a game they like playing.
Not everything can be automated, but that does not mean that only human moderation is any better.