It's funny that game makers make a fuss about anti-cheat not working on Linux but then publish Switch versions of their games. That platform has almost zero security and is commonly emulated with cheats even in multiplayer these days.
This. Even kernel level anti-c-spyware can't stop a cheap vision model hokked to a mouse, see youtube for examples from simple auto input up to full on elctromuscular stimulation.
Is there really no way to make anti-cheat on Linux that can't be bypassed? I don't know much about this, but it seems very difficult to make an anti-cheat for a platform where you can make changes in the kernel.
A trusted entity (probably Valve) could provide a locked down distro where kernel integrity is enforced through secure boot and TPM attestation, but that would mean giving up some control over your own system. There's no guarantee that anything client-side is impossible to bypass of course, but the goal would be to more or less match what Windows offers, which isn't perfect either.
There could simply be a developer option that disables these integrity checks but subsequently breaks online games that rely on them. Valve could also offer a module that allows signed user-space binaries access to kernel space, which would be an improvement over Windows offers in that anti-cheat wouldn't need to live in the kernel.
I think the moment you accept data from the client as truth you've lost the battle already, everything else is just damage control. Loads of games have realized this and kept checking game rules on the serverside and reveal data on a need-to-know basis. This makes it nearly impossible for cheats to be made because anything you know you should know, and everythin you act is parsed by the backend according to rules already present
Some kinds of cheating can be mitigated that way, but it can't really stop cheats which just play the game more optimally than the user is able to, using the same inputs and outputs that a legit player would use. Aim assistance in shooters, perfect parries in fighting games, economy-breaking levels of automation in MMOs, and so on.
There's also practical limits to how much data you can filter out in complex 3D games, both due to performance constraints, and because culling information too perfectly can cause things to pop into existence too late under non-zero network latency. The effectiveness of ESP cheats can be reduced, but not eliminated.
You could probably detect those kinds of cheats heuristically on the server. There are limits to human ability. It’ll take more time to catch the cheaters, but I’m sure it’s possible.
This player is posting 30 auctions per second. Bot.
This player is turning at a rate of 500 radians per second to make perfect headshots. Bot.
this is already running in production for Counter-Strike since 2018 [0][1].
to be honest, it isn’t particularly good - all serious CS2 games operate on a third party provider with a kernel-level anti-cheat. also, the cs2 update banned people for spinning their mouse too fast [2].
I think anything that relies on reflex alone is flawed design. You can design around this, by for example in Dota2 it doesen't matter how fast you click an entity, because the turnrate of your character is limited, so a person clicking reasonably fast and a bot clicking in 0.01ms both arrive there at the same time. Precision also doesn't matter, because a player can click the icon of the enemy instead of trying to match the pixels on screen. MMO scripts that use information already given by the game just seem like the MMO should invest in UX instead of trying to ban people for using the tools the game already gives them.
Unless DOTA2 is running at a ~3 tick rate (Which it's not), even taking account processing delays and action batching, a bot will always have faster reaction times than an actual player. It will also never misclick.
This problem is magnified in a shooter game, which would be unplayable with that kind of batching, but where a cheater with an aimbot is actually impossible for a legitimate player to beat.
After you click, the character will begin to turn, which can take several hundred ms. A delta of couple ms compared to the time it takes to turn is completely negligible and even an inch better positioning of a character, or having a character with items or stats that makes them turn faster (because picks are asymmetric) will make several magnitudes more of an impact.
If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
> If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
This is interesting, because I feel like the fundamental gameplay of an fps is players exposing themselves to each other's field of view, and then trying to click the other's head first. Skill is a measure of map knowledge (so you can try to expose yourself to a possible field of view but not where the enemy is actually looking at that moment) and speed of clicking head.
How would you design FPSs to remove this "bad game design?"
>If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
From the servers perspective you always kinda do that for fast movements as the client send rate usually isn't more than 60hz.
However, this only solves the cheat problem to a minimal extent. There is a lot of important data that players should not be directly aware of, but which is important for the game. For example, it is important for calculating sounds to know where enemies are nearby, even though you cannot see them, which makes wall hacks possible, etc.
Sounds are core to shooters and very much within the expected abilities of the players to hear them. If anything, I'd incorporate this kind of indicator in the game itself, allowing for deaf people to "hear" footsteps as well
That only solves half of the cheating problem - illegal inputs from clients.
The other half is much harder to solve. For a simple example - my client knows that there is an enemy player around a corner. It knows exactly where that player is, because that player is walking, and making noise. A cheats could allow the cheater to see his opponent's player's model through the wall.
For a more blatant example, consider cheats in a first-person shooter that just snap your aim to the nearest enemy's head. This involves zero violation of the game's logic, and also makes the game completely unplayable for everyone in a lobby.
You already know where an enemy is if you hear them behind the wall, you don't need a cheat to tell you that there is noise coming from other side of the wall. The server also doesen't need to tell you they are behind it if they're sneaking. A game that allows zero home-in time sounds like a flaw in the game and something solvable on the serverside.
You can replace a playermodel with wider "sound coming from around here" if you want to make it even harder for a cheat to pinpoint a sound
> The server also doesen't need to tell you they are behind it if they're sneaking
This requires the server to calculate line of sight checks for every player, which is costly, requires loading the entire geometry into the server and would be horribly prone to latency. Then you're looking at potential performance problems on the client due to only knowing about a player the second its in view and having to stream the assets to the GPU, which if don't happen in time for the frame you'll experience as hitching.
> You already know where an enemy is if you hear them behind the wall
Yes but this requires using your brain rather than just seeing them straight up through a wall.
> You already know where an enemy is if you hear them behind the wall,
You know they are somewhere behind the wall, you don't know which exact angle they are behind the wall, because headphones and our ears don't work with that degree of accuracy.
The cheater can just swing the corner with his cursor already pre-positioned exactly on his target. Between peeker's advantage (inherent to any online game with latency) and human reaction time, there's not a lot you can do to fight that.
Linux is resistant to rootkits, which is what these things are, and allows you to remove them, yes.
The correct solution is to verify everything server side, or actually have humans watch replays and ban cheaters, but both of those would reduce profits, so will obviously never happen.
IMO the real solution is back in community servers and votekicking.. It works on old games with no anticheat measures..
Maybe add some blatant detection for people teleporting and doing other absolutely impossible things serverside, but I don't understand why my team has to ruin their 'reputation' teamkilling a cheater so he doesn't ruin the game completely in most current games when the anticheat only catches free, old cheats. Just let people votekick and find someone else in the matchmaking queue who's willing to join halfway through.. Once votekicked enough times you can escalate to the AI (always indians) for automated (manual) review.
Also, you don't even have to ban cheaters. Just isolate them to play with each other. Some might find it fun and keep away from the normal players.
Edit: The 'issue' with community server manual review and votekick is you can be kicked for being cracked or garbage at the game legitimately, but TBH at this point you're ruining the fun of everyone else, so you should probably get in another server/match.. Also that premades can have majority, but that's easily solved by reducing their vote weight.
Linux explicitely allows you to do things that makes cheating *really* easy.
There is also complete lack of secure boot and a way to validate that your kernel hasn't been compromised.
I mean seriously, making a cheat for a proton supported game that no anticheat has any hopes of detecting are in 100 lines of a kmod driver and 1 console command: insmod.
On windows you at least need to use scuffed tools like KDU to bypass signature verification requirements and every anticheat can detect you with a simple physical memory scan.
I think the most stringent types of Windows anti-cheat rely on remote attestation of the operating system. It's theoretically possible to design a Linux-based OS that supports such a capability, but the sort of people who choose Linux are unlikely to accept a third party having the final say over their computer.
I, for one am disappointed that anyone has accepted it. Once it's widespread, service providers can demand it, as we're seeing with mobile banking apps and game anticheat.
I also strongly dislike requiring remote attestation for any kind of software I want to run. But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do.
Personally, I run Windows purely for gaming and don't let it near any important data. For the latter, I boot into Linux with separately encrypted disks.
I'm doing the same but I worry about windows compromise messing with the bootloader so then encrypted linux drive won't save me. Probably too paranoid though?
I used to dual boot, but I that there are so many games on Linux, I just don't buy or play incompatible games. So EA lost a BF6 sale for being assholes.
The only game I miss when I moved to Linux was League of Legends. Everything else pretty much works. I get that it’s not worth it for them to deal with more potential cheating, but it’s a bummer.
The worst thing about League was that Riot added it retroactively after years of effort to patch Wine to work with League's weird quirky code. It was the only game that I always remember having a custom Wine build in Lutris even as far back as the early 2010s.
It also would be completely unnecessary if they fixed their servers.
On my PC I can play basically every game ever made in all of human history, minus maybe 7 that use kernel level anti cheat, and a couple PS5 and PS4 exclusives.
Other than that I have emulation plus a steam library. I'll take that over a locked in console that can only play 2 generations of games any day!
Edit: I'm not sure why the person who replied to me asking about emulators was nuked, emulators are still legal everywhere as far as I know. Anyway tldr go check out emudeck's GitHub repo to see a good list of emulators for basically every platform.
While some anti cheat supports Linux they're mostly useless as you can much more easily bypass them on Linux compared to windows. I guess enabling them for competitive games is one way to increase Linux users.
reply