The issue of anti-cheat on Linux (2024)

Or entire lobbies filled with bots with the same name that stand around doing nothing while one of them goes full spinbot, and auto kicks anyone who happens to join their lobby. Those bots I see week after week with the same accounts and no bans in sight.

I also always hear a lot of people complain about cheaters in Valorant, so all of that compromised personal security doesn't actually stop cheaters.

Honestly I feel like you should only use kernel anticheat on a dedicated machine that's kept 100% separate from any of your personal data. That's a lot to ask of people, but you really shouldn't have anything you don't consider public data on the same hardware.

Strongly agreed. Some people want kernel-level anticheat for Linux. I think that's a huge mistake. Ideally, kernel-level anticheat would be done away with altogether. More realistically, I'm just going to avoid any games which use kernel-level anticheat, even if it means missing out.

> - is somehow not a spyware or data protection risk at all...

Don't worry, it's owned by Tencent.

- and, by design, is resistant to auditing, analysis, or user-modification

Honest question: do you segment your activities on your computer on different users?

No? In which case, what practical spyware risk does a kernel level driver add that user mode software can’t do?

User mode software can spy on your clipboard, surreptitiously take screenshots, and take data out of your system. That spooks me enough that, if I don’t trust a software manufacturer, I don’t install it. Kernel mode makes no practical difference in my security posture.

In Valorant's defence:

1) There is a 100k bug-bounty on the anti-cheat: https://hackerone.com/riot?type=team

2) The anti-cheat is the game's entire reason for being. It is the main focus of the development and marketing. People buy Valorant for the anti-cheat; they are willing to accept a kernel driver as a trade off for fairer competition.

Except that this kernel driver is audited and signed by Microsoft, whom you also trust with the rest of your kernel if you use Windows at all.

- … but successfully, more or less, prevents most cheating attempts which would also make the game unplayable regardless.

For anyone saying “just do server side,” no, it’s physically impossible to stop all cheating that way until we have internet faster than human perception.

My naive take is that technical solutions are possible, but critically they can’t be fully automated. The most effective anti-cheat solution possible probably looks something like a full-time in-house team comprised of seasoned ITSEC, data nerds, a couple of ML people, and a few devs. A team like that could probably pick out and boot cheaters with a very low rate of false positives given adequate data to crunch, and they’d only get better over time as they build a roster of patterns and behaviors to match against.

The problem is that this costs more than game companies are willing to spend, even when they’re raking in cash hand over fist. As long as the problem isn’t so bad that it’s making players quit, it’s cheaper to employ more automated, less effective strategies. The end goal isn’t player happiness, it’s higher profit margins.

> Anticheat is only hard because people are looking for a technical solution to a social problem. The actual way to get a good game in most things is to only play with people you trust and, if you think someone is cheating, stop trusting them and stop playing with them.

As much as I reminisce about the days of private servers for Quake/2/3, UT99, CS1.6, etc., saying this is really ignorant of how modern gaming and matchmaking works. Some games would simply not be possible without public matchmaking; I don't care how much of a social butterfly you are, you are not going to get 99 friends to get a PUBG match going. Even getting 11 other people to run a game of Overwatch or CS would be a pain. Other games need public matchmaking to have a fair ranking system. You go onto say ranking is "weaponised" but, ranking is a feature, and a lot of people like that feature.

> However, it does mean that the big publishers wouldn't have control over everything a player does. Getting them to agree to that is probably the real hard problem.

The demand for anticheat, and matchmaking/ranking systems, are entirely player-driven, not publisher-driven. If developers and publishers could get away with only implementing player-managed servers and letting players deal with cheaters, they would! It's a lot less work for them.

As a sibling comment mentioned, even in the days of private servers you ended up with community-developed tools like Punkbuster. I remember needing to install some anti-cheat crap when I signed up for Brood War's private ICCUP ladder.

There are quite a few games that are fun because they throw dozens of players into the same event. I don't have over 100 friends to play with, let alone over 100 friends I trust not to cheat.

For some games the small group approach works, but even a game as simple as Counter Strike requires at least a dozen players to make the most of.

That said, there are perverse incentives in many of the games hit worst by cheaters. Games that invent more and more prestigious rewards and titles for accounts that do well in hopes of them spending more money on microtransactions, or the microtransaction hell-holes like GTA Online that exist as a vessel to take your money more than to be of any fun. Adding upgrades and other desired items behind a gambling mechanic makes the whole ordeal extra shitty, praying on the psychological weaknesses of the unfortunate souls to get a digital gambling addiction so they can be sucked dry by billion dollar companies.

I've personally never run into anticheat issues because I find most of the games that require anticheat for online play just aren't worth the time and effort to play online in.

But still, the old SW Battlefront II wouldn't be fun without the massive online matches, and those require some form of anticheat to stay fun.

I agree with you the issue is scale, but the scale when it worked was when gaming was niche. You can't put that back into the bottle.

The history of plenty of anticheats start with community servers, not matchmaking. Even Team Fortress Classic had enough of a cheating issue that community members developed Punkbuster, which went on to get integrated into Quake 3 Arena. A lot of 3rd party anticheats were developed in that era for community servers. BattlEye for BattleField games. EasyAntiCheat for Counter-Strike. I even remember Starcraft Brood War's 3rd party ICCUP server with 'antihack'.

You still see this today with additional anticheats on community server solutions. GTA V's modded FiveM servers had anticheats before it was added to the official game. CS2 Face-IT and ESEA servers have additional anticheats as people do not think VAC is effective enough.

> The actual way to get a good game in most things is to only play with people you trust and, if you think someone is cheating, stop trusting them and stop playing with them.

One of the games mentioned in this article is Rust. Playing with only people you trust defeats the point because it's a game full of betrayal. At best you'll be able to get a group together once and then destroy your relationships more than Monopoly would.

I cannot agree. Getting a Quake game up in the early 2000s could take hours worth of sitting in IRC pickup channels, if it happened at all. I don't feel publishers are at fault here. I figure the vast majority of players would pick an instant game with potential cheaters over an hour wait for a 50% chance at a game.

I think there's immense value in being able to just press a button and jump into a game, without having to actually know people and build up a community.

However, I wonder if you could have that while still removing features that make cheating seem appealing. For example, as you said, you can have games with randoms without an automatic ranking of all players. (Or maybe you rank players so you can match people of similar skill levels, but you don't tell anyone what their rank is.)

So how am I supposed to play a game of PUBG if I don't have 99 friends who I trust not to cheat who also play it? How is any community going to establish and continuously monitor that their members don't cheat, while also allowing new members to join over time? I don't have a big group of friends who also like playing the same games I play at the same times I want to play, sounds like a total non-starter to me.

Even with SEV, you need hardware passed through to the VM. That means either running two GPUs or hot-swapping the machine your GPU is connected to and hoping neither driver crashes and burns (which is what you can expect from any consumer GPU driver that tries to hotplug). The software will also break the moment someone finds yet another side channel attack to break memory encryption. Intel's attempts at secure hardware hypervisors failed so bad they took the hardware out of consumer chips.

In theory you could probably get it to work on some hardware given some boot configurations with some games, but what game developer is going to develop a bespoke Linux VM? And if not the game developer, what Linux developer is going to spend time developing a platform that caters to the wishes of closed-source, rootkit-driven anticheat developers?

I didn't really get the point being made there. Yes, windows kernel security posture is swiss cheese, but that's not an argument for poking more holes.

Not entirely. Valorant's anti-cheat tries hard to detect DMA cards, which eventually led to one of their largest banwaves. See:

https://playvalorant.com/en-gb/news/dev/vanguard-hits-new-ba...

Of course the cheat developers don't sit idle, so this is far from over.

That's a good idea, sadly I think gamers would reject it due to extra latency.

The ultimate "anti-cheat" is playing on some trusted party's computer. That can be a cloud machine, but I think today a game console would work just as well, turn that closed nature into an actual user-facing benefit. Console manufacturers seem focused on their traditional niche of controller couch gaming and not on appealing to high-FPS keyboard-and-mouse gamers, though.

Cloud gaming is flatly non-workable for any kind of game where latency matters. This also covers most of the market for games where anti-cheats matter a lot.

Generally yes, although some cheats like aim assistance would work fine on online streamed games, since they can scan your screen and adjust your mouse input to aim.

To be fair kernel anticheat can't block this completely either, it can be run on external hardware that uses a capture card to analyze your video feed and alter your mouse inputs to the computer. Generally undetectable unless the game is able to identify unnatural mouse movements.

Lag is the biggest issue... even a local wifi connection vs wired can make a massive difference in terms of what's acceptable lag.

Of course, to TFA's point on network code... a lot of the issues in question could come down to checking for movements that exceed human... moving faster than the speed in game, or even twitch aiming movements faster than a mouse, or a consistent level of X accuracy in shooting over time. On the last part, I'm not sure if there might be some way to mask a user's hit zone, rendering and such so that an aim-bot thinks the foot is center-mass, etc. Or if it could be randomly shifted in a test scenario.

> I don't think anyone reasonable should be ok with

Well, I don't think anyone reasonable should be telling others what they "should" be ok with, myself included (I made an exception this one time).

> Genshin's anticheat was used to install ransomware

You should tell the full story: Ransomware installed Genshin's anticheat because it was whitelisted by antivirus providers, it then used the anti-cheat to load itself deeper into the system. So not really a problem with Genshin's anticheat (indeed, users who had never played the game or even heard about it would be affected), but a problem with how antivirus providers dealt with it.

> ESEA's anticheat was used to install bitcoin miners

You should tell the full story: Someone compromised the supply-chain and snuck a miner into the anticheat binary. It was discovered immediately, and the fact that the miner was in the anticheat and not, say, a game loader, did nothing to hide it.

> People complain a ton about Microsoft recall storing screenshots of your computer locally being a security risk, and yet they're fine with a Chinese owned anticheat program taking screenshots of your computer and uploading them online

This is just a fallacy. Like saying "people voted for candidate A, but then they voted for candidate B!" Obviously, there can be multiple groups of people, and saying that "people" vaguely support X but not Y is usually a misunderstanding of the groupings involved.

The obvious explanation for this is"apparent" contradiction you point out is: Windows Recall is likely to be an on-by-default feature, and people don't really trust Microsoft not to "accidentally" enable it after an update. Also, Recall would likely be installed on all computers, not just gaming PCs. That's a big deal. A lot of people have multiple PCs, because they're cheap and ubiquitous these days. Maybe they're okay with recall and/or anticheat taking snapshots of their gaming PCs, but not the laptop they use to do their taxes, etc. The source of your confusion is likely the misunderstanding that most people, unlike the HN crowd, are practical, not ideological. They don't oppose anticheat on some abstract level, they care about the practical reality it brings to their life.

Another element is that most people, at least in the US, have "spy fatigue". They figure, hey, the US government spies on me, the five eyes spies on me, Russia and China spy on me, what does it matter?

I just gave up and only console game. On the plus side I can buy cheaper computers now.