Game Development

4080 readers

5 users here now

Welcome to the game development community! This is a place to talk about and post anything related to the field of game development.

Community Wiki

founded 2 years ago

MODERATORS

[email protected]

Is serverside anti-cheat too difficult? (programming.dev)

submitted 3 days ago by [email protected] to c/[email protected]

13 comments fedilink hide all child comments

Why do so many games rely on client-side anti cheat and stuff like kernel level anti-cheat?

Anti Commercial-AI license

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 3 days ago (1 children)

I'm not sure you can just have Kernel anti-cheat. There are still bypasses for it, just more sophisticated. At the end of the day cheating is inevitable, it's how invasive do you want your anti-cheat to be.

[–] [email protected] 1 points 2 days ago (1 children)

No, and I said (perhaps I didn't make it clear or I may be hallucinating lol), client side anti-cheat by itself is equally as ineffective as server side anti-cheat by itself at stopping cheating, because they both only catch some cheats. They both need to be used together in order to ensure a nearly cheatproof game. (Ignoring Walled Gardens like new, unjailbroken console environments).

Anti-cheats need Kernel access so that a cheater cannot try to disable or bypass the anticheat easily. I mean, nothing with a point of entry is totally secure, but with a good enough deterrent people that want to get in will think it is totally secure or not worth their time. At that point, with so many deterrents, developers of the anti-cheat software should be able to determine how a cheater that gets around their software does it and devise a patch for the vulnerability.

Dealing with cheating is always reactionary. You cannot preemptively ban someone for cheating, you have to actually wait for them to cheat. Kinda like the movie Minority Report (greata movie). But to make it a lot easier for game developers, setting up as many guard rails as possible help them to focus more time working on the actual game instead of dealing with cheaters. Its a necessary evil, and the consumer should decide for themselves if they want to install that on their system or not.

I do think that all anti-cheat software should only actually run when the game that needs it is running. I also think that games should have a label that say, vaguely, how invasive the anti-cheat is. Knowledge is most of the battle against cheaters, so telling them the exact anti-cheat methods could be detrimental, but at the same time consumers have the right to be informed about the kind of software dependencies a game might have.

[–] [email protected] 2 points 2 days ago

I'm still not convinced it's possible to have a cheat proof environment. Kernel anti-cheat is not fool proof, it's just more annoying to deal with than user space anti-cheat. Yes, pairing it with server side stuff will make it even more difficult but if one of the anti-cheats can be successfully bypassed then some amount of cheating is possible and anything running on a user's machine is susceptible to being bypassed because the user controls the environment. Additionally I'm in favor in general of kernel AC being outright banned by OSes. It's honestly far too invasive and it's a race to the bottom the game devs won't win if a cheater is determined enough. You say you're a fan of it only running as needed but it's in your kernel, it's got God access, 1 micro second is too long to allow every game developer on the planet unrestricted access to my computer. Ultimately though client side AC is like DRM, when you expect the software on the user's computer to enforce your rules you will be sorely disappointed. It will raise the bar, it will make some people give up, but it won't prevent it.