The only multiplayer game I currently play is Beyond All Reason (a RTS game).
It's a free and open-source game, so creating a cheat client would be especially easy. But I've never encountered cheating.
I think there's a few reasons for this:
1) The playerbase is small and there is no auto-matchmaking, just a traditional list of servers. This results in the same group of people always playing together. People don't want to cheat when they're playing with acquaintances they see frequently.
2) Spectators are allowed in every game. The top-ranked games usually have several spectators.
You might think this would result in even more cheating, but in practice the spectators would prefer to watch a sneak attacks succeed, because it's funny. It's boring to be whispering the enemy secrets to you buddy on a private Discord, it's more fun to watch your buddy die in a surprising and funny way.
Also, the spectators can spot if a player does something that suspiciously well timed or lucky. The spectators see all, so they have the information needed to spot suspicious behavior.
3) Official servers create an official record of what happened in every game. The entire community has access to all the recordings. If someone thinks cheating is happening they can link to the official game recording on Reddit (or whatever) and everyone can see what happened.
4) An active moderator team reviews every report of cheating. There are official moderators that do the banning, but also volunteer moderators which can watch the recordings and create a trusted written account of what happened; this makes the official moderators have an easier job.
Amongst the discussion of rootkits and anti-cheat, I would like to add that part of the reason it is necessary is caused by the game companies that took away the standard method of playing multiplayer -- players running their own servers.
It used to be pretty easy to just ban people from playing, now we're 100% reliant on their ability to do it. So we have anti-cheat which roots our computer, and still doesn't 100% solve the problem.
Even if custom game servers were a preferable experience, which I would argue against, it doesn't really do anything for this problem.
By the time you have to wait for someone to cheat just to ban a single user, the disruption is already done. Your 4v4 45min game is already disrupted and everyone has already wasted their time now that you have to kick someone.
It's kind of like thinking you can forgo anti-bot measures because your website's users can just report the bots: by the time it's your users' problem, you've ruined the experience for everyone except the bots.
> caused by the game companies that took away the standard method of playing multiplayer -- players running their own servers
Let's be real, what % people among those who game are interested in running their own game server? I'm definitely one of them, and one of my earliest tech memories was setting up a CS 1.6 game server for a bunch of classmates (and being unable to play myself because the computer had nowhere near enough capacity for both the server and the actual game running at the same time); but it's a minuscule percentage.
I never ran a server back in the day but I still benefitted from community run servers where decisions about banning were done by volunteer admins. These days with centralized servers it has to be automated.
As most of you know, these anti-cheat systems are functionally equivalent to rootkits. There is zero visibility into how these privileges are used for targeted attacks. Due to geographic location of the large game companies this has a geopolitical angle. Fingerprinting of devices and the networks they are in provides a lot of metadata that is most definitely fed into their intelligence apparatus.
I remember trying to install Valorant for the first time, and its ridiculously invasive anticheat kernel mod (or whatever it's called) gave me my first blue (or was it red??) screen I'd seen on Windows in years.
Immediately uninstalled it and haven't ever played Valorant to this day. Fuck that crap, if your community is so toxic that you need a rootkit to keep cheaters at bay, then maybe it's more of a community problem than a technological one. And yes, if this means that you have to block all of China in order to do so, then that is still a community problem. Put your rootkits on your Chinese servers, separate them out, and let the cheaters fight amongst themselves.
Unpopular opinion, but we would be better off with a single open trusted implementation of anti cheat (aka drm) which can attest whatever requirements are desired by the game is met. The only real problem is that it would likely be limited to approved kernel images and someone would need to own that validation and signing infrastructure, but you could imagine having multiple trusted entities have this role.
Kernel anticheat is not really effective because it can be circumvented on the hardware level, for example using direct memory access with a second computer and screen to show the hidden game state.
Cheating is a meat space problem and there is no technical solution to it. Thats why in tournaments there are referees standing behind the players. Ultimately it comes down to checking if metrics like reaction speed are humanly possible, but a rootkit is not really needed for that.
I'm ordering a new laptop to work on LLM stuff, and while I thought about jumping through the hoops to get Linux running with secure boot...
I had a realization, it's a cold day in hell when someone else is going to tell me what I can run on my computer. All the latest multiplayer games are now requiring secure boot on Win11 as well
I'm actually wary of all these anti-cheats, they're literally hyperinvasive maleware.
I don't need gaming that much.
And if I do I'll stream it with Gamepass or another cloud service.
I'm a pretty prolific gamer, but at the start of the year I finally kicked Windows to the curb.
It's been fine. Surprisingly few games I'm interested in to begin with have anticheat that doesn't work on Linux, and it's comforting to know games aren't allowed to just shove trash into kernel space at will.
If you play older games, Linux ironically works better than windows now for stability. The only game I have seen any issues with (note I don't really play multiplayer much) is the Harry Potter game, but proton eventually fixed that.
Just to be clear, the anti-cheat systems that support Linux run at the user level and don't require secure boot. Those kernel-level and secure boot restrictions only apply to a handful of games, and they all explicitly block Linux users anyway.
For example, I've been playing Arc Raiders a lot recently in Linux, and the user-level EAC works just fine.
Counter point: gaming is fun, and indy games are worth investing in. Voting with your wallet works better if you vote for behavior that's not user hostile, rather than only abstaining.
Lots of games don't need invasive anti-cheat. You can just play those. There are literally too many awesome games on the market to ever be without something great to play.
Many people have one or more Discord groups where someone will say "let's play Valorant tonight" and then everyone just installs it. Linux is fantastic for local gaming on a handheld or in the living room, not so much when your non-Linux friends pick the game.
I honestly don't understand why any game is even checking if secure boot is enabled.
If anything it's for the OS to care about that, not individual programs. Afaik, secure boot doesn't (on it's own) prevent the running of arbitrary software, so how is it actually preventing cheating?
All I really do on my Windows system is play games, and because of that I don't mind whatever draconian crap that's required to keep cheaters in check. It sucks, but not sure of a better solution.
I did that for years and I recommend it as well. Pure linux desktop + console for games is a nice combo and a good separation of functions.
Of course... at this point I am back to having a PC with a beastly GPU and I boot Windows for games and CAD. It is hard to resist high framerate 4k gaming once it becomes a possibility, so now I need to figure out the secure boot problem for the occasional game that requires it.
I still play on my ps2 ... because consoles are linked closely to the games of that generation I would guess that they are tech that are on relative terms least discarded
At this point - you would think that cheaters could be detected on the server side by either training a model to flag abnormal behavior or do some type of statistics on the movement patterns over time - is a client-side anti-cheat really required?
Many forms of cheating revolve around modding the game locally so that certain textures can be seen through walls, so you always know where opponents are. So you aren't breaking any laws of physics, you are just able to make much better tactical decisions.
The obvious solution would be, just don't send data to the player's client about enemies that are behind walls. But this is a surprisingly hard thing to engineer in realtime games without breaking the player experience (see: https://technology.riotgames.com/news/demolishing-wallhacks-..., and then notice that even in the final video wallhacks are still possible, they're just more delayed).
> So you aren't breaking any laws of physics, you are just able to make much better tactical decisions.
With respect I'd like to disagree on this subtly. A lot of games have the client send their cursor position at relatively frequent updates/packages (i.e. sub-second). So the server knows pretty precisely in which direction and to which object a player is looking.
This in turn can be readily used upon when using wall-hacks, as most players, who use wall-hacks tend to almost faithfully follow objects behind walls with their cursor, which good moderators can usually spot within a few seconds, when reviewing such footage (source: I was involved in recognizing Wall-Hacks in Minecraft, where players would replace textures, to easily find and mine diamonds underground).
That's because the 2025 definition of "anti-cheat" leans heavily towards preventing players from enjoying client-side content that's locked behind microtransactions (for example, EA's new Skate game).
This is done, and generally doesn't work as well. Your model will catch people using yesterday's cheats, but the cat-and-mouse nature of cheating means that people will adapt. Funnily enough, cheaters are also training models to play games so that they can evade cheat detection. The kernel-level anticheats are designed to prevent the game from running if they detect you are running any software that interacts with the game. Much simpler for the developer, and circumventing it usually requires running your cheats on a second machine which a) limits what you can do and b) has a higher barrier to entry.
It's funny that game makers make a fuss about anti-cheat not working on Linux but then publish Switch versions of their games. That platform has almost zero security and is commonly emulated with cheats even in multiplayer these days.
If people cheat in the switch, they can blame Nintendo. If people cheat in PC, they can blame the anticheat. Without anticheat, they have to take the blame.
This. Even kernel level anti-c-spyware can't stop a cheap vision model hokked to a mouse, see youtube for examples from simple auto input up to full on elctromuscular stimulation.
Although who knows, they might be outright lying about that just to scare cheaters, but I tend to default to assuming what they're saying is more or less true.
The Switch is a closed proprietary platform, so Nintendo can give some guarantees, and if the user does something at the Switch level, the responsibility of legal action will be on Nintendo, saving up headaches to the publisher.
I actually really liked Crysis for its open maps where you can approach a goal using different tactics. It had a lot of flaws and I hated the alien ship along with everything after as it was way too linear. Though I really want to play it again but alas, no more Windows for me.
Is there really no way to make anti-cheat on Linux that can't be bypassed? I don't know much about this, but it seems very difficult to make an anti-cheat for a platform where you can make changes in the kernel.
I think the moment you accept data from the client as truth you've lost the battle already, everything else is just damage control. Loads of games have realized this and kept checking game rules on the serverside and reveal data on a need-to-know basis. This makes it nearly impossible for cheats to be made because anything you know you should know, and everythin you act is parsed by the backend according to rules already present
Some kinds of cheating can be mitigated that way, but it can't really stop cheats which just play the game more optimally than the user is able to, using the same inputs and outputs that a legit player would use. Aim assistance in shooters, automatic parries in fighting games, economy-breaking levels of automation in MMOs, and so on.
There's also practical limits to how much data you can filter out in complex 3D games, both due to performance constraints, and because culling information too perfectly can cause things to pop into existence too late under real-world network latency. The effectiveness of ESP cheats can be reduced, but not eliminated in practice.
You could probably detect those kinds of cheats heuristically on the server. There are limits to human ability. It’ll take more time to catch the cheaters, but I’m sure it’s possible.
This player is posting 30 auctions per second. Bot.
This player is turning at a rate of 500 radians per second to make perfect headshots. Bot.
this is already running in production for Counter-Strike since 2018 [0][1].
to be honest, it isn’t particularly good - all serious CS2 games operate on a third party provider with a kernel-level anti-cheat. also, the cs2 update banned people for spinning their mouse too fast [2].
Which they do already, because slamming all of the aimbot settings to max is a fast track to getting mass reported and escalated to human review, which will immediately see what's going on. Any cheater with an ounce of desire to preserve their account is going to try and maintain the pretense that they're just very skilled, not impossibly skilled.
I think anything that relies on reflex alone is flawed design. You can design around this, by for example in Dota2 it doesen't matter how fast you click an entity, because the turnrate of your character is limited, so a person clicking reasonably fast and a bot clicking in 0.01ms both arrive there at the same time. Precision also doesn't matter, because a player can click the icon of the enemy instead of trying to match the pixels on screen. MMO scripts that use information already given by the game just seem like the MMO should invest in UX instead of trying to ban people for using the tools the game already gives them.
>for example in Dota2 it doesen't matter how fast you click an entity, because the turnrate of your character is limited, so a person clicking reasonably fast and a bot clicking in 0.01ms both arrive there at the same time. Precision also doesn't matter, because a player can click the icon of the enemy instead of trying to match the pixels on screen.
Even with turnrate, reaction time is very relevant. Reaction time allows you to silence enemies midcast, or to pop a shield, or a BKB, or some other instant measure. Turnrate doesn't mean reaction time doesn't matter, it means the direction you are facing matters.
As for precision, yes it does matter, ask any Phoenix player who gets hexed mid-flight.
People cheat in Dota in these very terms, it's absurd to argue it doesn't matter.
Unless DOTA2 is running at a ~3 tick rate (Which it's not), even taking account processing delays and action batching, a bot will always have faster reaction times than an actual player. It will also never misclick.
This problem is magnified in a shooter game, which would be unplayable with that kind of batching, but where a cheater with an aimbot is actually impossible for a legitimate player to beat.
After you click, the character will begin to turn, which can take several hundred ms. A delta of couple ms compared to the time it takes to turn is completely negligible and even an inch better positioning of a character, or having a character with items or stats that makes them turn faster (because picks are asymmetric) will make several magnitudes more of an impact.
If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
> If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
This is interesting, because I feel like the fundamental gameplay of an fps is players exposing themselves to each other's field of view, and then trying to click the other's head first. Skill is a measure of map knowledge (so you can try to expose yourself to a possible field of view but not where the enemy is actually looking at that moment) and speed of clicking head.
How would you design FPSs to remove this "bad game design?"
> How would you design FPSs to remove this "bad game design?"
I think we just need to accept that bots will always be better at reaction based KPIs & abusing "knowing" too much game state, we should just remove those conditions.
1) Move most of the application logic to the server, the client should be a fairly dumb terminal that knows how to render and accept inputs, and only receives the state that it needs. No more spying issues.
2) Just give everybody auto aim & immediate/auto controlled firing, etc. No more aim bot issues.
3) Improve the quality of gameplay around the types of interactions which bots are bad at. Decision making, strategy, communication, execution, adaptation.
We can only minimize the amount of extra information given to the client, not eliminate it. And at high enough skill levels, even 1-2ms of extra information will always be actionable, even by humans (not just bots).
>If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
From the servers perspective you always kinda do that for fast movements as the client send rate usually isn't more than 60hz.
There is rampant cheating in online chess and poker as well, you know?
You can have an opinion about what constitutes a better game for humans: should it be about making better decisions, arriving at them faster or being fast and precise with your mouse but the reality is bots/assistance can make you unplayable in all of those domains.
However, this only solves the cheat problem to a minimal extent. There is a lot of important data that players should not be directly aware of, but which is important for the game. For example, it is important for calculating sounds to know where enemies are nearby, even though you cannot see them, which makes wall hacks possible, etc.
Sounds are core to shooters and very much within the expected abilities of the players to hear them. If anything, I'd incorporate this kind of indicator in the game itself, allowing for deaf people to "hear" footsteps as well
> I'd incorporate this kind of indicator in the game itself, allowing for deaf people to "hear" footsteps as well
That's just discount wallhacks. Fortnite has it and you're basically forced to use it even if you have no hearing issues, because it provides a massive advantage.
That only solves half of the cheating problem - illegal inputs from clients.
The other half is much harder to solve. For a simple example - my client knows that there is an enemy player around a corner. It knows exactly where that player is, because that player is walking, and making noise. A cheats could allow the cheater to see his opponent's player's model through the wall.
For a more blatant example, consider cheats in a first-person shooter that just snap your aim to the nearest enemy's head. This involves zero violation of the game's logic, and also makes the game completely unplayable for everyone in a lobby.
You already know where an enemy is if you hear them behind the wall, you don't need a cheat to tell you that there is noise coming from other side of the wall. The server also doesen't need to tell you they are behind it if they're sneaking. A game that allows zero home-in time sounds like a flaw in the game and something solvable on the serverside.
You can replace a playermodel with wider "sound coming from around here" if you want to make it even harder for a cheat to pinpoint a sound
> The server also doesen't need to tell you they are behind it if they're sneaking
This requires the server to calculate line of sight checks for every player, which is costly, requires loading the entire geometry into the server and would be horribly prone to latency. Then you're looking at potential performance problems on the client due to only knowing about a player the second its in view and having to stream the assets to the GPU, which if don't happen in time for the frame you'll experience as hitching.
> You already know where an enemy is if you hear them behind the wall
Yes but this requires using your brain rather than just seeing them straight up through a wall.
I don't think those performance concerns are really much of an issue with any sensible implementation. You'd do line of sight checks against simplified geometry first to handle the vast majority of cases, and you'd load character models/textures in advance (game/match startup) rather than only when they first appear on screen.
One non-trivial part seems to me that if you walk around a corner you don't want to wait 50ms (your ping) for the server to send enemy locations you can now see. Ideally every tick the server would be sending all enemies that you could potentially see before the next tick depending on what your movement packets that it hasn't yet received turn out to be. Wouldn't entirely eliminate advantage from cheating (e.g: a cheater walking around a corner could still see enemies up to a tick/~15ms in advance) but would hopefully make this form of cheating significantly less worthwhile.
> You already know where an enemy is if you hear them behind the wall,
You know they are somewhere behind the wall, you don't know which exact angle they are behind the wall, because headphones and our ears don't work with that degree of accuracy.
The cheater can just swing the corner with his cursor already pre-positioned exactly on his target. Between peeker's advantage (inherent to any online game with latency) and human reaction time, there's not a lot you can do to fight that.
A trusted entity (probably Valve) could provide a locked down distro where kernel integrity is enforced through secure boot and TPM attestation, but that would mean giving up some control over your own system. There's no guarantee that anything client-side is impossible to bypass of course, but the goal would be to more or less match what Windows offers, which isn't perfect either.
There could simply be a developer option that disables these integrity checks but subsequently breaks online games that rely on them. Valve could also offer a module that allows signed user-space binaries access to kernel space, which would be an improvement over Windows offers in that anti-cheat wouldn't need to live in the kernel.
You don't even need a developer mode. I was looking into making my own image based distro/system which has its bootchain entirely verified and I intend to make any modifications via system extentions[1], which IIRC also get measured aswell (or was at least planned somewhere). To be fair, this is purely additive or overlaying, so no removing of files, at best changing. This all would be signed using Secure boot and after the fact using dm-verity.
Secure Boot in theory isn't even necessary, only TPM2. Secure boot only ensure that you are actually booting into a binary that you expect to boot in this case, so if your binary is actually different it would result in different PCR values in the TPM indicating something is wrong.
Sadly a lot of end user software (flatpak, ...) isn't packaged & signed in a way which would allow for full "only run software I allow by importing public keys" (read Linux IPE[2]), but what can you do, only your best I suppose...
You don't need a full distro, you can just run the game in a VM sandbox with trusted computing extensions alongside whatever distro you want. That breaks cheats that rely on network/memory inspection, you can still cheat using the raw pixel output to drive faked input, but I don't think the loop is closeable there.
Has anyone produced a proof of concept for such a system, for gaming or otherwise?
Given that a certain amount of windows gamers have been having issues making sure their PCs complied with the config requirements for the latest COD/Battlefield, it would seem an even higher bar for a consumer targeted bit of software that needs to do more to be running securely (or add a different mode to your distro install and reboot to it), alongside the wider variety of distros/configs. Distros advertising themselves for gaming or getting people to migrate from windows are also trying to keep barriers to entry low or to appear simple.
Reliable anticheat is serverside. Clientside anticheat sounds like a fool's errand to me. You need to control the client, so that means the user cannot be in control of their own computer, which is contrary to the idea of Linux.
It works on Windows by essentially rooting the machine. MS holds control of a bunch of stuff because they hold the signing keys. It’s fundamentally incompatible with open source.
Comparing VAC2 (released in 2005) to FACEIT in 2025 is pretty dumb. There are still absolutely cheaters running rampant on FACEIT and FPL.
The real solution is to limit information sent to the client, make it harder for cheaters to have reliable solutions to get access to critical game information. ARC Raiders has Theia anti tamper (very poor performance) but right now the number of cheaters is minimal because the select few who are smart enough to break the anti-tamper are keeping quiet.
See other examples; The Finals, Roblox (Byfron) and Overwatch
Because with Windows, MS can put a list of trusted rootkit anticheats in the kernel and that cannot be changed (without having the source or breaking signatures when hex editing etc).
If Linux did the same, anyone could recompile the kernel with their fake anticheat’s signature. The fake anticheat would then present itself as real to the game. One could go as far as to rewrite the relevant syscall to falsely indicate to the game that the legitimate version is running.
Yes and no. I agree the only thing that can be reliable is server side.
However that means that anything based on reaction times and such is impossible to protect against (under reasonable conditions). At the end of the day you can always have a robot sitting at your desk. But there is steps to that. You can have something that highlights enemies, etc., you can have something that controls keyboard and mouse (maybe inside a VM, so you don't need hardware) and so on. You can reverse engineer packet encryption in a debugger (in most situations) and have something on the network messing with stuff and so on.
So in that regard, yes you can prevent everything you can prevent on the server, but you cannot prevent every sort of cheating on the server.
Everything that has rounds basically can be prevented (other than again a bot playing).
Everything that is complex to automate is better, but might just make cheating more "worthwhile".
The other thing you can do on the server is "dumb cheat" detection. Eg. the odds of someone being consistently as good at a game and such. Statistics like that is widespread and doesn't need any change on the client.
Sure. That also means it doesn't have to be kernel-level rootkits that fundamentally break the security model of my operating system and risk my bank account. Most people will be stopped by userland anticheat, right? It's inconvenient. So ... put it *there.*
And if someone does the kernel bypass thing, well, rely on server-side heuristics (which are imperfect, but also unknowable to the attacker) and you'll discourage enough of that with account bans.
Helpfully eSports players tend to have video captures of their gameplay, and most of these "undetectable" cheats are real obvious if you actually watch the footage. That catches most of the serious stuff at the upper level. It's why video verification has been a thing in the speedrunning scene for such a long time.
Correct. E.g. you can aimbot by routing the video signal to a capture card on a separate computer and run image recognition software to generate mouse movements spoofed at the hardware level. The only way to reliably prevent cheating is with in-person tournaments played on hardware provided by the organizers.
As someone said about the lack of a Switch anti-cheat: it's a numbers game. If cheating is as easy as downloading a .exe for a few $$$, you're going to find cheaters everywhere. If it requires a complex, and/or fairly expensive setup, the number is going to be very low.
That's assuming there's no money in being a cheater.
The best way is to just make private servers, so people can play with their friends and not have to worry about random players. This also solves the issue of people using.... language thats not acceptable in games.
Yeah. It’s an erosion of rights that doesn’t solve the problem. You only need one cheater to make a game feel bad and DMA devices or pixel tracking can’t be stopped with these anti-cheats.
Linux is resistant to rootkits, which is what these things are, and allows you to remove them, yes.
The correct solution is to verify everything server side, or actually have humans watch replays and ban cheaters, but both of those would reduce profits, so will obviously never happen.
CSGO has actual humans watch replays to determine whether people were cheating, it's called overwatch. As can be seen, it doesn't actually stop cheating, at most it ensures that blatant ones are banned after the fact already happened.
CS2 Does not have overwatch anymore. VAC Live is completely AI and its a known fact that valve have a few buttons and sliders to play with to go through ban/boom cycles for cheaters to maximize impact
You'll never see cheats banned in real time - that provides an enormous amount of data to cheat developers to allow them to quickly learn to evade your detection. Bans after the fact in large batches are the only sustainable way to go.
IMO the real solution is back in community servers and votekicking.. It works on old games with no anticheat measures..
Maybe add some blatant detection for people teleporting and doing other absolutely impossible things serverside, but I don't understand why my team has to ruin their 'reputation' teamkilling a cheater so he doesn't ruin the game completely in most current games when the anticheat only catches free, old cheats. Just let people votekick and find someone else in the matchmaking queue who's willing to join halfway through.. Once votekicked enough times you can escalate to the AI (always indians) for automated (manual) review.
Also, you don't even have to ban cheaters. Just isolate them to play with each other. Some might find it fun and keep away from the normal players.
Edit: The 'issue' with community server manual review and votekick is you can be kicked for being cracked or garbage at the game legitimately, but TBH at this point you're ruining the fun of everyone else, so you should probably get in another server/match.. Also that premades can have majority, but that's easily solved by reducing their vote weight.
I mean not really, as someone that had been votekicked from many games. Servers with admins does solve this, but has it's drawbacks. But you also cannot have the matchmaking type of game that are popular today.
Back in MW2 if you were the host you could kick players from your game using a cli tool that adjusted firewall rules.
For lobbied ones votekick is great as long as you remove majority vote from premades. So in a 5v5, a 3 man premade isn't able to kick any of the 2 randoms alone.
I remember the misuse of it but it was better than having your only option be teamkilling, which is now punished in all games via reputation systems.
The only thing I don't see this as a solution for are games like Planetside, with massive lobbies. I know they used to have automated detection and manual review by admins teleporting and flying around, usually invisible to sus players. Once we found a bug and got inside the map able to shoot through the ground and in like 15 minutes an admin came, asked us how we got in there and to get out nicely, before he gets us out forcefully :D
There’s just no way to stop cheating client side despite what devs love to think. But server side anti cheat is much harder and requires more work; it’s much simpler to just install spyware / rootkits on the client and call it a day.
You can’t prevent wall hacks with only server side anti cheat. The client needs that data locally before the enemy is rendered on screen.
As mentioned in another comment, you can’t do this on the server without expensive checks for every single player that is always checking line of sight, because it’s not just your session running on a single server but multiple sessions.
And let’s say you did this, now you have a latency problem because most modern games to make them feel fluid has client side prediction with server reconciliation. This is what makes your modern games feel more responsive, if you put a constant server check there you have lost this.
No matter what people say online, it isn’t just move all of it to the server, there is data the client needs to know and can’t be spoonfed by the server.
I think it’s an organization accountability issue.
Why would a company pay for anti cheat infrastructure when they can outsource it to some company and blame them if there are cheaters or upset users? Windows is the status quo too, so it’s very easy to point to everyone else when justifying your choice to the execs.
It would be great if steam deck+box start costing studios quantifiable amounts of money that can be used to justify fixing this instead of outsourcing and hand waving.
You are looking completely wrong at this. There is no anti-cheat that cannot be bypassed. Period.
You can always run things in a VM, you can always replace your keyboard and mouse with a different device, you can always have your a camera instead of human eyes and have something that recognizes enemies.
Even cheat detection in the real physical world (sports, chess, etc.) is not a completely solved topic.
You can connect computers to other computers so other computers will always be able to control them.
The idea that any (currently realistic) cheat prevention is unbypassable is silly.
> The idea that any (currently realistic) cheat prevention is unbypassable is silly.
The idea that anti-cheats don't make sense because they don't catch 100% of the cheaters is what's silly, who believes that? Not even the people writing these anti-cheats believe catching 100% of them are possible, why are you under the assumption that others think that's possible?
If it removes 80% of the cheaters from the game, the experience goes from "Holy shit lets leave" to "Ok, bothersome, but fine", this is what they're reaching for, not some fantasy utopia that you seem to be under the impression is the target.
I don't think the comment you're responding to is trying to claim that. They're responding to the parent comment asking if there's any way to actually make a Linux anti-cheat method that isn't bypassable and pointing out that this framing isn't really useful because there's no way to make one on any platform that's actually impossible to bypass. Their point isn't about whether it's useful or not to have imperfect anti-cheat but that there's nothing fundamental about Linux that changes the fact that the anti-cheat is going to be imperfect anywhere.
You can run a VM using trusted computing extensions for the game. If the VM encrypts traffic, that stops network level cheats. You can still fake inputs/outputs to the machine if you put the work in, but then you can also use a vision model and faked input with actual consoles, so that hole is never going to get patched.
I think the most stringent types of Windows anti-cheat rely on remote attestation of the operating system. It's theoretically possible to design a Linux-based OS that supports such a capability, but the sort of people who choose Linux are unlikely to accept a third party having the final say over their computer.
I, for one am disappointed that anyone has accepted it. Once it's widespread, service providers can demand it, as we're seeing with mobile banking apps and game anticheat.
I also strongly dislike requiring remote attestation for any kind of software I want to run. But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do.
Personally, I run Windows purely for gaming and don't let it near any important data. For the latter, I boot into Linux with separately encrypted disks.
>But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do.
You can't suggest "run online games as close-knit social groups, with social exclusion punishments for cheaters", which is how most online games used to be run. How old are you?
Game vendors used to be happy letting us host and run our own multiplayer games, until they realised they could get more money out of us -- "battle passes", microtransactions, ability to forcibly turn off multiplayer of older game when newer remake comes out -- and now they've made themselves a mandatory part of your online experience. You have to use their matchmaking and their servers. So now it's down to them to solve the problem of cheaters, enabled by their centralised matchmaking... and their only solution is remote attestation of your machine and yet more data collection?
I'm doing the same but I worry about windows compromise messing with the bootloader so then encrypted linux drive won't save me. Probably too paranoid though?
If you use secure boot and don't let your keys near Windows, you should be fine even if your Windows install is compromised. Unless you don't trust Microsoft themselves, in which case you'd need to re-enroll keys whenever switching operating systems, which is possible, but very tedious.
Server-authoritative games. Basically the client does stuff, gives the list of moves to the server along with a checksum/end result. Then the server runs the same commands on the same starting state and checks if it got the same result.
If a==b, then everything moves on as normal. If not, the client gets a synchronisation error and has to rewind back to the last known good state.
Completely unfeasible for anything real-time pretty much.
Having done modding for some older shooter games built on the server-authoritative model, it's still possible to create a "pingless" experience, but it requires more calculations and compromises on client/server trust to make it work. For shooters specifically, you want the client to provide instant feedback when the gun fires, and ideally when they hit an enemy. You can achieve this by telling the server "I was at position A and shot my gun at position B and hit enemy Bob." The server will validate all of this before informing the client who fired and the client for "Bob" that Bob was killed. The compromise here is that the server must trust that the client isn't sending forged data, or the server must do additional computations to validate it.
An elaborated version of this idea is called "rollback" where you let the local client predict and execute the game state at time t+1 and will "roll back" the state of the game if it received another game state than the one predicted. Extremely popular and state of the art for 2D fighting games (most of the time the prediction is correct and it greatly reduce the perceived lag) , but probably harder a bit harder to do with 3D games.
Linux explicitely allows you to do things that makes cheating *really* easy.
There is also complete lack of secure boot and a way to validate that your kernel hasn't been compromised.
I mean seriously, making a cheat for a proton supported game that no anticheat has any hopes of detecting are in 100 lines of a kmod driver and 1 console command: insmod.
On windows you at least need to use scuffed tools like KDU to bypass signature verification requirements and every anticheat can detect you with a simple physical memory scan.
I used to dual boot, but I that there are so many games on Linux, I just don't buy or play incompatible games. So EA lost a BF6 sale for being assholes.
Same situation here. If it were last year, I may have caved. But at this point I don't want to bother with dual booting and losing my Linux context as I do so.
Instead I'm playing ARC Raiders which works perfectly on Linux and I don't regret a thing.
Cheats aside, are there any competitive games that include Uber-like rating system? Meaning that you'd need to provide feedback whether you'd play with your opponents/teammates again after a game.
Overwatch (1) had something like that. Not sure if Overwatch (2) still has it, or how it functions now.
In higher ELO, people would target good players with "avoid player"^1, effectively soft-banning those people from match making because the pool was small enough. They would still get put in matches eventually but their queues would blow out a lot.
From memory it did not have an explicit "match me with this person" button, but you could thumbs up players in the post-match podium as well as endorse them which may have soft-factored into matching you with them again.
\1 I think it was called this. It was a general "bad attitude" marker, not a "bad team mate" or "bad opponent" marker.
Overwatch (1 and 2) had/have an avoid system, but it only avoids as teammate. Overwatch 1 use to at the very beginning have a system to avoid a player as a whole and they wouldn't be matched in your game at all, but that was remove really early on, as it is easily abusable against good player (I don't want them on the enemy team, they are too good so just get rid of them entirely) and there was a report system anyway for other kinda bad stuff.
Then there is just the endorsement system, which is just a level from 1-5 and you can endorse people you liked playing with. It doesn't really do much in matchmaking but you can't do certain things if you are below a certain level (I forgot what all it was but you can't make (public?) custom games if you are too low and I think text and voice chat could also get disabled if you are too low).
Yes to some extent, I believe “The Finals” asked to rate how each match went in earlier seasons. But that stopped now that the game is more mature and feeling well balanced.
Cod MW2019 would occasionally ask, but once every X game IIRC.
The only game I miss when I moved to Linux was League of Legends. Everything else pretty much works. I get that it’s not worth it for them to deal with more potential cheating, but it’s a bummer.
The worst thing about League was that Riot added it retroactively after years of effort to patch Wine to work with League's weird quirky code. It was the only game that I always remember having a custom Wine build in Lutris even as far back as the early 2010s.
It also would be completely unnecessary if they fixed their servers.
Do you have examples of where something isn't accurate? If something hasn't changed it doesn't need to be updated. As far as I'm aware the things that change are updated quickly, hence the list is relevant.
It's so disappointing that the halo master chief collection still doesn't support split screen. Nothing compared to the joy of playing halo with friends in the same room.
On my PC I can play basically every game ever made in all of human history, minus maybe 7 that use kernel level anti cheat, and a couple PS5 and PS4 exclusives.
Other than that I have emulation plus a steam library. I'll take that over a locked in console that can only play 2 generations of games any day!
Edit: I'm not sure why the person who replied to me asking about emulators was nuked, emulators are still legal everywhere as far as I know. Anyway tldr go check out emudeck's GitHub repo to see a good list of emulators for basically every platform.
While some anti cheat supports Linux they're mostly useless as you can much more easily bypass them on Linux compared to windows. I guess enabling them for competitive games is one way to increase Linux users.
Well, that's just silly. Hook up a Raspberry Pi as your keyboard, mouse input and video output and all the anti-cheat fails. Same (largely) for VMs, same for many emulators.
And if nothing works you can always build a robot pushing mouse, buttons, etc.
Of course you can raise the bar, but if anything has been shown it's that cheating is not something that anyone has been able to prevent yet.
In many situations you can also interfere on the packet level. Of course maybe you need to extract some key, but in many situations that's not exactly hard. And then you can hook something into network.
The cheating isn’t just about input speed or accuracy though. It’s about seeing around corners or having knowledge about other things in the game that you can’t see on the screen.
They already do this. Including peripherals which appear as an actual mouse, but they are there only so that cheat software can take control of the input without modifying the game memory. There are cheats which run on a separate machine and access the game memory via a dedicated DMA card (which itself presents itself as an innocent piece of hardware). Note, this can still be detected either via detecting the DMA card itself, or eventually these shenanigans will be killed off by IOMMU.
Unfortunately, there are also plenty of offerings which do not touch the game memory or process at all, and work purely based on image recognition and these days they actually use AI that is trained on specific games. I have no idea how they plan to detect these. All the cheat needs is the video feed and the ability to provide input via mouse and keyboard, and as you say this is trivial to do in a way that is entirely undetectable.
Are they? Cheats for games like Fortnite, CS (Faceit), Rust, LoL have become very expensive (100 USD per month are not unheard of) or require you to purchase special hardware.
And I have yet to come across an anti cheat driver of the big publishers (EAC, Faceit, Javelin, Vanguard) being exploited and allow access to r/w kernel memory. It is more likely that the driver of some hardware is being exploited for, rather than anti cheat drivers.
Personally, I only remember the ac driver of Capcom ever being exploited. Compare this to the dozen hardware/av drivers which were exploitable, like the Intel LAN utility driver, ASUS IOMap64, MSI NTIOLIB or that one Razer driver. Oh, and CPU-Z and the Avast Hypervisor driver were exploitable too and allowed r/w on kernel memory. These drivers are way more likely to be weaponized than ac drivers.
The thousands of RGB drivers from the various manufacturers that are just copy+paste jobs on RWEverything is actually disgusting and Microsoft letting that just happen is a serious problem. Ah yes you added AES to your IOCTL very secure!
I'd say the only reason that these drivers haven't been exploited is because of the insane bug bounties in place. There are also other big issues in games, see the whole hack with Apex Legends lmao
The only multiplayer game I currently play is Beyond All Reason (a RTS game).
It's a free and open-source game, so creating a cheat client would be especially easy. But I've never encountered cheating.
I think there's a few reasons for this:
1) The playerbase is small and there is no auto-matchmaking, just a traditional list of servers. This results in the same group of people always playing together. People don't want to cheat when they're playing with acquaintances they see frequently.
2) Spectators are allowed in every game. The top-ranked games usually have several spectators.
You might think this would result in even more cheating, but in practice the spectators would prefer to watch a sneak attacks succeed, because it's funny. It's boring to be whispering the enemy secrets to you buddy on a private Discord, it's more fun to watch your buddy die in a surprising and funny way.
Also, the spectators can spot if a player does something that suspiciously well timed or lucky. The spectators see all, so they have the information needed to spot suspicious behavior.
3) Official servers create an official record of what happened in every game. The entire community has access to all the recordings. If someone thinks cheating is happening they can link to the official game recording on Reddit (or whatever) and everyone can see what happened.
4) An active moderator team reviews every report of cheating. There are official moderators that do the banning, but also volunteer moderators which can watch the recordings and create a trusted written account of what happened; this makes the official moderators have an easier job.
Amongst the discussion of rootkits and anti-cheat, I would like to add that part of the reason it is necessary is caused by the game companies that took away the standard method of playing multiplayer -- players running their own servers.
It used to be pretty easy to just ban people from playing, now we're 100% reliant on their ability to do it. So we have anti-cheat which roots our computer, and still doesn't 100% solve the problem.
Even if custom game servers were a preferable experience, which I would argue against, it doesn't really do anything for this problem.
By the time you have to wait for someone to cheat just to ban a single user, the disruption is already done. Your 4v4 45min game is already disrupted and everyone has already wasted their time now that you have to kick someone.
It's kind of like thinking you can forgo anti-bot measures because your website's users can just report the bots: by the time it's your users' problem, you've ruined the experience for everyone except the bots.
> caused by the game companies that took away the standard method of playing multiplayer -- players running their own servers
Let's be real, what % people among those who game are interested in running their own game server? I'm definitely one of them, and one of my earliest tech memories was setting up a CS 1.6 game server for a bunch of classmates (and being unable to play myself because the computer had nowhere near enough capacity for both the server and the actual game running at the same time); but it's a minuscule percentage.
For a casual CS server the ratio could perfectly be 1:50 and that'd be fine. That's how it used to be with, i.e., CS:Source.
Then, there are companies that ran a bunch of them, which lowered the ratio even further.
IMO, it's more effective, cheaper and easier to mod smaller forums (be it web communities or game server communities) than to do for huge ones.
I never ran a server back in the day but I still benefitted from community run servers where decisions about banning were done by volunteer admins. These days with centralized servers it has to be automated.
As most of you know, these anti-cheat systems are functionally equivalent to rootkits. There is zero visibility into how these privileges are used for targeted attacks. Due to geographic location of the large game companies this has a geopolitical angle. Fingerprinting of devices and the networks they are in provides a lot of metadata that is most definitely fed into their intelligence apparatus.
I remember trying to install Valorant for the first time, and its ridiculously invasive anticheat kernel mod (or whatever it's called) gave me my first blue (or was it red??) screen I'd seen on Windows in years.
Immediately uninstalled it and haven't ever played Valorant to this day. Fuck that crap, if your community is so toxic that you need a rootkit to keep cheaters at bay, then maybe it's more of a community problem than a technological one. And yes, if this means that you have to block all of China in order to do so, then that is still a community problem. Put your rootkits on your Chinese servers, separate them out, and let the cheaters fight amongst themselves.
The aim bots can also be functional equivalent to rootkits. In my youth, I definitely did not embed serial key exfiltrators* into aim bots.
*Some parents do not like their kids buying video games, and some kids need valid keys to play CoD with their friends online.
Unpopular opinion, but we would be better off with a single open trusted implementation of anti cheat (aka drm) which can attest whatever requirements are desired by the game is met. The only real problem is that it would likely be limited to approved kernel images and someone would need to own that validation and signing infrastructure, but you could imagine having multiple trusted entities have this role.
Kernel anticheat is not really effective because it can be circumvented on the hardware level, for example using direct memory access with a second computer and screen to show the hidden game state.
Cheating is a meat space problem and there is no technical solution to it. Thats why in tournaments there are referees standing behind the players. Ultimately it comes down to checking if metrics like reaction speed are humanly possible, but a rootkit is not really needed for that.
Imagine wanting tivoization. Horrifying.
I'm ordering a new laptop to work on LLM stuff, and while I thought about jumping through the hoops to get Linux running with secure boot...
I had a realization, it's a cold day in hell when someone else is going to tell me what I can run on my computer. All the latest multiplayer games are now requiring secure boot on Win11 as well
I'm actually wary of all these anti-cheats, they're literally hyperinvasive maleware.
I don't need gaming that much.
And if I do I'll stream it with Gamepass or another cloud service.
I'm a pretty prolific gamer, but at the start of the year I finally kicked Windows to the curb.
It's been fine. Surprisingly few games I'm interested in to begin with have anticheat that doesn't work on Linux, and it's comforting to know games aren't allowed to just shove trash into kernel space at will.
If you play older games, Linux ironically works better than windows now for stability. The only game I have seen any issues with (note I don't really play multiplayer much) is the Harry Potter game, but proton eventually fixed that.
Just to be clear, the anti-cheat systems that support Linux run at the user level and don't require secure boot. Those kernel-level and secure boot restrictions only apply to a handful of games, and they all explicitly block Linux users anyway. For example, I've been playing Arc Raiders a lot recently in Linux, and the user-level EAC works just fine.
The user-level cheats are extremely bad. For example, Elden Ring uses EZ Anti-Cheat and it works on linux and that game is infested with PvP cheaters.
> I don't need gaming that much.
Counter point: gaming is fun, and indy games are worth investing in. Voting with your wallet works better if you vote for behavior that's not user hostile, rather than only abstaining.
Lots of games don't need invasive anti-cheat. You can just play those. There are literally too many awesome games on the market to ever be without something great to play.
Many people have one or more Discord groups where someone will say "let's play Valorant tonight" and then everyone just installs it. Linux is fantastic for local gaming on a handheld or in the living room, not so much when your non-Linux friends pick the game.
I was in a similar situation and ended up buying a PS5. It ended up being exactly what I wanted.
I honestly don't understand why any game is even checking if secure boot is enabled.
If anything it's for the OS to care about that, not individual programs. Afaik, secure boot doesn't (on it's own) prevent the running of arbitrary software, so how is it actually preventing cheating?
It does mean that a signed OS image is running, so demonstrates that the kernel was unaltered at start-up.
It also demonstrates further levels of driver signing robustness.
All I really do on my Windows system is play games, and because of that I don't mind whatever draconian crap that's required to keep cheaters in check. It sucks, but not sure of a better solution.
Just get a ps5. I went through the same adventure.
I did that for years and I recommend it as well. Pure linux desktop + console for games is a nice combo and a good separation of functions.
Of course... at this point I am back to having a PC with a beastly GPU and I boot Windows for games and CAD. It is hard to resist high framerate 4k gaming once it becomes a possibility, so now I need to figure out the secure boot problem for the occasional game that requires it.
A PS5 is an even more locked down system! There are vastly more games, many I already own, that work on Linux.
I'd much rather invest one powerful machine that cand do work and games instead of two that take up extra space and generate more e-waste.
I still play on my ps2 ... because consoles are linked closely to the games of that generation I would guess that they are tech that are on relative terms least discarded
At this point - you would think that cheaters could be detected on the server side by either training a model to flag abnormal behavior or do some type of statistics on the movement patterns over time - is a client-side anti-cheat really required?
Many forms of cheating revolve around modding the game locally so that certain textures can be seen through walls, so you always know where opponents are. So you aren't breaking any laws of physics, you are just able to make much better tactical decisions.
The obvious solution would be, just don't send data to the player's client about enemies that are behind walls. But this is a surprisingly hard thing to engineer in realtime games without breaking the player experience (see: https://technology.riotgames.com/news/demolishing-wallhacks-..., and then notice that even in the final video wallhacks are still possible, they're just more delayed).
> So you aren't breaking any laws of physics, you are just able to make much better tactical decisions.
With respect I'd like to disagree on this subtly. A lot of games have the client send their cursor position at relatively frequent updates/packages (i.e. sub-second). So the server knows pretty precisely in which direction and to which object a player is looking.
This in turn can be readily used upon when using wall-hacks, as most players, who use wall-hacks tend to almost faithfully follow objects behind walls with their cursor, which good moderators can usually spot within a few seconds, when reviewing such footage (source: I was involved in recognizing Wall-Hacks in Minecraft, where players would replace textures, to easily find and mine diamonds underground).
That's because the 2025 definition of "anti-cheat" leans heavily towards preventing players from enjoying client-side content that's locked behind microtransactions (for example, EA's new Skate game).
Fuck me, this makes everything make sense... how did we end up here?
This is done, and generally doesn't work as well. Your model will catch people using yesterday's cheats, but the cat-and-mouse nature of cheating means that people will adapt. Funnily enough, cheaters are also training models to play games so that they can evade cheat detection. The kernel-level anticheats are designed to prevent the game from running if they detect you are running any software that interacts with the game. Much simpler for the developer, and circumventing it usually requires running your cheats on a second machine which a) limits what you can do and b) has a higher barrier to entry.
I don't believe there's a foolproof way to do this.
It's basically the usual cat-and-mouse game of an arms race.
It's funny that game makers make a fuss about anti-cheat not working on Linux but then publish Switch versions of their games. That platform has almost zero security and is commonly emulated with cheats even in multiplayer these days.
If people cheat in the switch, they can blame Nintendo. If people cheat in PC, they can blame the anticheat. Without anticheat, they have to take the blame.
This. Even kernel level anti-c-spyware can't stop a cheap vision model hokked to a mouse, see youtube for examples from simple auto input up to full on elctromuscular stimulation.
Based on the latest report from Dice/EA/BF6, seems indeed like they're detecting hardware-based cheating as well: https://store.steampowered.com/news/app/2807960/view/4972134...
Although who knows, they might be outright lying about that just to scare cheaters, but I tend to default to assuming what they're saying is more or less true.
Looking at the accessibility alternatives they suggest, they were probably detecting XIM users, not the much nastier PC stuff like DMA cards.
[dead]
It's a numbers issue. How often do people encounter cheaters while playing Switch games online?
Often because of cross play.
The Switch has good security as long as you can check the OS version robustly.
Any Switch game using an anti-cheat solution that can't trivially detect that it's being emulated is... not using a very good anti-cheat solution.
The thing is: the Switch has a clear ToS, and if the user breaks it they can get into trouble. OTOH, if you release your game in Linux... that's it
The games have ToS though right?
The Switch is a closed proprietary platform, so Nintendo can give some guarantees, and if the user does something at the Switch level, the responsibility of legal action will be on Nintendo, saving up headaches to the publisher.
Beaches of a Terms of Service agreement have no inherent legal penalties.
Some actions which breach ToS may be illegal, but that has nothing to do with them being outlined in a ToS.
Bad excuse, they could rely on Steam ToS for example.
Creating a steam account is cheap. Needing to buy a new switch is not.
> is commonly emulated with cheats even in multiplayer
There is no Switch emulator that can play online on official servers.
The only way you can cheat online is by hacking a real console, but the percentage of people who do it is quite small.
AIUI you can do it, but you risk the Switch you got the data from being banned.
Client side anti cheats is a lazy excuse why they don't want to spend on server side anti cheats anyway.
How do you stop a client-side wallhack with server side anti-cheat?
Don't send the client information about players they should not be able to see based on their current position.
run your own servers, an admin watches them track people behind walls, player gets banned, move on. Oh, they took away player run servers...
what multiplayer (esports) game that can run on switch ????
fornite???? its not gonna be main playerbase
From the top of my head: Rocket league, Splatoon.
I'm sure there are others, but those are the 2 I play
mario karts
Super Smash Bros.
Madden and NBA2K
But can it run Crysis? No. Not on Linux :-(
I actually really liked Crysis for its open maps where you can approach a goal using different tactics. It had a lot of flaws and I hated the alien ship along with everything after as it was way too linear. Though I really want to play it again but alas, no more Windows for me.
Is there really no way to make anti-cheat on Linux that can't be bypassed? I don't know much about this, but it seems very difficult to make an anti-cheat for a platform where you can make changes in the kernel.
I think the moment you accept data from the client as truth you've lost the battle already, everything else is just damage control. Loads of games have realized this and kept checking game rules on the serverside and reveal data on a need-to-know basis. This makes it nearly impossible for cheats to be made because anything you know you should know, and everythin you act is parsed by the backend according to rules already present
Some kinds of cheating can be mitigated that way, but it can't really stop cheats which just play the game more optimally than the user is able to, using the same inputs and outputs that a legit player would use. Aim assistance in shooters, automatic parries in fighting games, economy-breaking levels of automation in MMOs, and so on.
There's also practical limits to how much data you can filter out in complex 3D games, both due to performance constraints, and because culling information too perfectly can cause things to pop into existence too late under real-world network latency. The effectiveness of ESP cheats can be reduced, but not eliminated in practice.
You could probably detect those kinds of cheats heuristically on the server. There are limits to human ability. It’ll take more time to catch the cheaters, but I’m sure it’s possible.
This player is posting 30 auctions per second. Bot.
This player is turning at a rate of 500 radians per second to make perfect headshots. Bot.
this is already running in production for Counter-Strike since 2018 [0][1].
to be honest, it isn’t particularly good - all serious CS2 games operate on a third party provider with a kernel-level anti-cheat. also, the cs2 update banned people for spinning their mouse too fast [2].
[0]: https://www.reddit.com/r/GlobalOffensive/comments/5u2xly/eli...
[1]: https://www.youtube.com/watch?v=kTiP0zKF9bc
[2]: https://www.youtube.com/watch?v=JwU_ejDNC0s
Aimbots will just add delay and variance then. Guess its a bit fairer but if they're better than shroud level then it's still not great.
Which they do already, because slamming all of the aimbot settings to max is a fast track to getting mass reported and escalated to human review, which will immediately see what's going on. Any cheater with an ounce of desire to preserve their account is going to try and maintain the pretense that they're just very skilled, not impossibly skilled.
I think anything that relies on reflex alone is flawed design. You can design around this, by for example in Dota2 it doesen't matter how fast you click an entity, because the turnrate of your character is limited, so a person clicking reasonably fast and a bot clicking in 0.01ms both arrive there at the same time. Precision also doesn't matter, because a player can click the icon of the enemy instead of trying to match the pixels on screen. MMO scripts that use information already given by the game just seem like the MMO should invest in UX instead of trying to ban people for using the tools the game already gives them.
>for example in Dota2 it doesen't matter how fast you click an entity, because the turnrate of your character is limited, so a person clicking reasonably fast and a bot clicking in 0.01ms both arrive there at the same time. Precision also doesn't matter, because a player can click the icon of the enemy instead of trying to match the pixels on screen.
Even with turnrate, reaction time is very relevant. Reaction time allows you to silence enemies midcast, or to pop a shield, or a BKB, or some other instant measure. Turnrate doesn't mean reaction time doesn't matter, it means the direction you are facing matters.
As for precision, yes it does matter, ask any Phoenix player who gets hexed mid-flight.
People cheat in Dota in these very terms, it's absurd to argue it doesn't matter.
Unless DOTA2 is running at a ~3 tick rate (Which it's not), even taking account processing delays and action batching, a bot will always have faster reaction times than an actual player. It will also never misclick.
This problem is magnified in a shooter game, which would be unplayable with that kind of batching, but where a cheater with an aimbot is actually impossible for a legitimate player to beat.
After you click, the character will begin to turn, which can take several hundred ms. A delta of couple ms compared to the time it takes to turn is completely negligible and even an inch better positioning of a character, or having a character with items or stats that makes them turn faster (because picks are asymmetric) will make several magnitudes more of an impact.
If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
> If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
This is interesting, because I feel like the fundamental gameplay of an fps is players exposing themselves to each other's field of view, and then trying to click the other's head first. Skill is a measure of map knowledge (so you can try to expose yourself to a possible field of view but not where the enemy is actually looking at that moment) and speed of clicking head.
How would you design FPSs to remove this "bad game design?"
> How would you design FPSs to remove this "bad game design?"
I think we just need to accept that bots will always be better at reaction based KPIs & abusing "knowing" too much game state, we should just remove those conditions.
1) Move most of the application logic to the server, the client should be a fairly dumb terminal that knows how to render and accept inputs, and only receives the state that it needs. No more spying issues.
2) Just give everybody auto aim & immediate/auto controlled firing, etc. No more aim bot issues.
3) Improve the quality of gameplay around the types of interactions which bots are bad at. Decision making, strategy, communication, execution, adaptation.
Sure, feel free to make an entirely different type of game that's not as vulnerable to cheating.
But some people just want to play competitive fps shooters. And currently obnoxious anticheat toolkits are the way to provide that, unfortunately.
> No more spying issues.
This isn't possible. And this explains why: https://www.youtube.com/watch?v=WFw4F2AyaP4
We can only minimize the amount of extra information given to the client, not eliminate it. And at high enough skill levels, even 1-2ms of extra information will always be actionable, even by humans (not just bots).
>just give everyone aimbots, no more aimbots issues
>If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
From the servers perspective you always kinda do that for fast movements as the client send rate usually isn't more than 60hz.
There is rampant cheating in online chess and poker as well, you know? You can have an opinion about what constitutes a better game for humans: should it be about making better decisions, arriving at them faster or being fast and precise with your mouse but the reality is bots/assistance can make you unplayable in all of those domains.
However, this only solves the cheat problem to a minimal extent. There is a lot of important data that players should not be directly aware of, but which is important for the game. For example, it is important for calculating sounds to know where enemies are nearby, even though you cannot see them, which makes wall hacks possible, etc.
Sounds are core to shooters and very much within the expected abilities of the players to hear them. If anything, I'd incorporate this kind of indicator in the game itself, allowing for deaf people to "hear" footsteps as well
> I'd incorporate this kind of indicator in the game itself, allowing for deaf people to "hear" footsteps as well
That's just discount wallhacks. Fortnite has it and you're basically forced to use it even if you have no hearing issues, because it provides a massive advantage.
This is not how it works, most games that take cheating seriously already have a gameserver where most of the gameplay logic happen.
Doing everything server side does prevent cheating.
That only solves half of the cheating problem - illegal inputs from clients.
The other half is much harder to solve. For a simple example - my client knows that there is an enemy player around a corner. It knows exactly where that player is, because that player is walking, and making noise. A cheats could allow the cheater to see his opponent's player's model through the wall.
For a more blatant example, consider cheats in a first-person shooter that just snap your aim to the nearest enemy's head. This involves zero violation of the game's logic, and also makes the game completely unplayable for everyone in a lobby.
You already know where an enemy is if you hear them behind the wall, you don't need a cheat to tell you that there is noise coming from other side of the wall. The server also doesen't need to tell you they are behind it if they're sneaking. A game that allows zero home-in time sounds like a flaw in the game and something solvable on the serverside.
You can replace a playermodel with wider "sound coming from around here" if you want to make it even harder for a cheat to pinpoint a sound
> The server also doesen't need to tell you they are behind it if they're sneaking
This requires the server to calculate line of sight checks for every player, which is costly, requires loading the entire geometry into the server and would be horribly prone to latency. Then you're looking at potential performance problems on the client due to only knowing about a player the second its in view and having to stream the assets to the GPU, which if don't happen in time for the frame you'll experience as hitching.
> You already know where an enemy is if you hear them behind the wall
Yes but this requires using your brain rather than just seeing them straight up through a wall.
I don't think those performance concerns are really much of an issue with any sensible implementation. You'd do line of sight checks against simplified geometry first to handle the vast majority of cases, and you'd load character models/textures in advance (game/match startup) rather than only when they first appear on screen.
One non-trivial part seems to me that if you walk around a corner you don't want to wait 50ms (your ping) for the server to send enemy locations you can now see. Ideally every tick the server would be sending all enemies that you could potentially see before the next tick depending on what your movement packets that it hasn't yet received turn out to be. Wouldn't entirely eliminate advantage from cheating (e.g: a cheater walking around a corner could still see enemies up to a tick/~15ms in advance) but would hopefully make this form of cheating significantly less worthwhile.
[delayed]
Cs2 and Valorant does this, but start sending positions around corners before they're visible.
CS2 does not do Vischeck culling anymore. It was ditched with the move to source 2. All players are globally visible to everyone
I feel like you've only played 1 genre of video game or something.
> You already know where an enemy is if you hear them behind the wall,
You know they are somewhere behind the wall, you don't know which exact angle they are behind the wall, because headphones and our ears don't work with that degree of accuracy.
The cheater can just swing the corner with his cursor already pre-positioned exactly on his target. Between peeker's advantage (inherent to any online game with latency) and human reaction time, there's not a lot you can do to fight that.
A trusted entity (probably Valve) could provide a locked down distro where kernel integrity is enforced through secure boot and TPM attestation, but that would mean giving up some control over your own system. There's no guarantee that anything client-side is impossible to bypass of course, but the goal would be to more or less match what Windows offers, which isn't perfect either.
> giving up some control over your own system
There could simply be a developer option that disables these integrity checks but subsequently breaks online games that rely on them. Valve could also offer a module that allows signed user-space binaries access to kernel space, which would be an improvement over Windows offers in that anti-cheat wouldn't need to live in the kernel.
I think that's a fine trade off.
You don't even need a developer mode. I was looking into making my own image based distro/system which has its bootchain entirely verified and I intend to make any modifications via system extentions[1], which IIRC also get measured aswell (or was at least planned somewhere). To be fair, this is purely additive or overlaying, so no removing of files, at best changing. This all would be signed using Secure boot and after the fact using dm-verity.
Secure Boot in theory isn't even necessary, only TPM2. Secure boot only ensure that you are actually booting into a binary that you expect to boot in this case, so if your binary is actually different it would result in different PCR values in the TPM indicating something is wrong.
Sadly a lot of end user software (flatpak, ...) isn't packaged & signed in a way which would allow for full "only run software I allow by importing public keys" (read Linux IPE[2]), but what can you do, only your best I suppose...
[1]: https://www.freedesktop.org/software/systemd/man/systemd-sys...
[2]: https://docs.kernel.org/admin-guide/LSM/ipe.html
You don't need a full distro, you can just run the game in a VM sandbox with trusted computing extensions alongside whatever distro you want. That breaks cheats that rely on network/memory inspection, you can still cheat using the raw pixel output to drive faked input, but I don't think the loop is closeable there.
Has anyone produced a proof of concept for such a system, for gaming or otherwise?
Given that a certain amount of windows gamers have been having issues making sure their PCs complied with the config requirements for the latest COD/Battlefield, it would seem an even higher bar for a consumer targeted bit of software that needs to do more to be running securely (or add a different mode to your distro install and reboot to it), alongside the wider variety of distros/configs. Distros advertising themselves for gaming or getting people to migrate from windows are also trying to keep barriers to entry low or to appear simple.
Could reboot into secure mode for these types of games.
Reliable anticheat is serverside. Clientside anticheat sounds like a fool's errand to me. You need to control the client, so that means the user cannot be in control of their own computer, which is contrary to the idea of Linux.
It works on Windows by essentially rooting the machine. MS holds control of a bunch of stuff because they hold the signing keys. It’s fundamentally incompatible with open source.
And it still doesn't prevent cheating.
No, but it seems to vastly reduce it. Compare VAC2 to FACEIT on CS2 for example.
Comparing VAC2 (released in 2005) to FACEIT in 2025 is pretty dumb. There are still absolutely cheaters running rampant on FACEIT and FPL.
The real solution is to limit information sent to the client, make it harder for cheaters to have reliable solutions to get access to critical game information. ARC Raiders has Theia anti tamper (very poor performance) but right now the number of cheaters is minimal because the select few who are smart enough to break the anti-tamper are keeping quiet. See other examples; The Finals, Roblox (Byfron) and Overwatch
https://codedefender.io/sigbreaker/
> It’s fundamentally incompatible with open source
Yeah, I mean why would they open source their anti-cheats, would defeat the purpose, wouldn't it?
Not sure why you bring up OSS here, it isn't relevant in the least, plenty of non-OSS runs on Linux even though Linux and more is OSS.
Because with Windows, MS can put a list of trusted rootkit anticheats in the kernel and that cannot be changed (without having the source or breaking signatures when hex editing etc).
If Linux did the same, anyone could recompile the kernel with their fake anticheat’s signature. The fake anticheat would then present itself as real to the game. One could go as far as to rewrite the relevant syscall to falsely indicate to the game that the legitimate version is running.
Yes and no. I agree the only thing that can be reliable is server side.
However that means that anything based on reaction times and such is impossible to protect against (under reasonable conditions). At the end of the day you can always have a robot sitting at your desk. But there is steps to that. You can have something that highlights enemies, etc., you can have something that controls keyboard and mouse (maybe inside a VM, so you don't need hardware) and so on. You can reverse engineer packet encryption in a debugger (in most situations) and have something on the network messing with stuff and so on.
So in that regard, yes you can prevent everything you can prevent on the server, but you cannot prevent every sort of cheating on the server.
Everything that has rounds basically can be prevented (other than again a bot playing).
Everything that is complex to automate is better, but might just make cheating more "worthwhile".
The other thing you can do on the server is "dumb cheat" detection. Eg. the odds of someone being consistently as good at a game and such. Statistics like that is widespread and doesn't need any change on the client.
There is no way to make anticheat that can't be bypassed, regardless of OS. All of the anticheat games today have cheaters.
It doesn’t have to be 100%. The point is to make it inconvenient. The majority of people will not do it if it is inconvenient.
Thats the point to many things in life that you just make it more difficult and most people won’t be bothered to attempt to circumvent whatever it is.
There will still be circumventers but it is will be less than if you just said fuck it.
Sure. That also means it doesn't have to be kernel-level rootkits that fundamentally break the security model of my operating system and risk my bank account. Most people will be stopped by userland anticheat, right? It's inconvenient. So ... put it *there.*
And if someone does the kernel bypass thing, well, rely on server-side heuristics (which are imperfect, but also unknowable to the attacker) and you'll discourage enough of that with account bans.
Helpfully eSports players tend to have video captures of their gameplay, and most of these "undetectable" cheats are real obvious if you actually watch the footage. That catches most of the serious stuff at the upper level. It's why video verification has been a thing in the speedrunning scene for such a long time.
The problem with userland stuff is that it’s trivial to download and doubleclick an EXE (that acts as a fake anticheat or whatever).
Anyone can do that, but not anyone can simply “patch the kernel” and such.
Correct. E.g. you can aimbot by routing the video signal to a capture card on a separate computer and run image recognition software to generate mouse movements spoofed at the hardware level. The only way to reliably prevent cheating is with in-person tournaments played on hardware provided by the organizers.
As someone said about the lack of a Switch anti-cheat: it's a numbers game. If cheating is as easy as downloading a .exe for a few $$$, you're going to find cheaters everywhere. If it requires a complex, and/or fairly expensive setup, the number is going to be very low.
That's assuming there's no money in being a cheater.
The best way is to just make private servers, so people can play with their friends and not have to worry about random players. This also solves the issue of people using.... language thats not acceptable in games.
Yeah. It’s an erosion of rights that doesn’t solve the problem. You only need one cheater to make a game feel bad and DMA devices or pixel tracking can’t be stopped with these anti-cheats.
Linux is resistant to rootkits, which is what these things are, and allows you to remove them, yes.
The correct solution is to verify everything server side, or actually have humans watch replays and ban cheaters, but both of those would reduce profits, so will obviously never happen.
CSGO has actual humans watch replays to determine whether people were cheating, it's called overwatch. As can be seen, it doesn't actually stop cheating, at most it ensures that blatant ones are banned after the fact already happened.
CS2 Does not have overwatch anymore. VAC Live is completely AI and its a known fact that valve have a few buttons and sliders to play with to go through ban/boom cycles for cheaters to maximize impact
You'll never see cheats banned in real time - that provides an enormous amount of data to cheat developers to allow them to quickly learn to evade your detection. Bans after the fact in large batches are the only sustainable way to go.
You see cheaters banned in real time in Valorant, and the match is canceled, at least you used to.
IMO the real solution is back in community servers and votekicking.. It works on old games with no anticheat measures..
Maybe add some blatant detection for people teleporting and doing other absolutely impossible things serverside, but I don't understand why my team has to ruin their 'reputation' teamkilling a cheater so he doesn't ruin the game completely in most current games when the anticheat only catches free, old cheats. Just let people votekick and find someone else in the matchmaking queue who's willing to join halfway through.. Once votekicked enough times you can escalate to the AI (always indians) for automated (manual) review.
Also, you don't even have to ban cheaters. Just isolate them to play with each other. Some might find it fun and keep away from the normal players.
Edit: The 'issue' with community server manual review and votekick is you can be kicked for being cracked or garbage at the game legitimately, but TBH at this point you're ruining the fun of everyone else, so you should probably get in another server/match.. Also that premades can have majority, but that's easily solved by reducing their vote weight.
I mean not really, as someone that had been votekicked from many games. Servers with admins does solve this, but has it's drawbacks. But you also cannot have the matchmaking type of game that are popular today.
Back in MW2 if you were the host you could kick players from your game using a cli tool that adjusted firewall rules.
For lobbied ones votekick is great as long as you remove majority vote from premades. So in a 5v5, a 3 man premade isn't able to kick any of the 2 randoms alone.
I remember the misuse of it but it was better than having your only option be teamkilling, which is now punished in all games via reputation systems.
The only thing I don't see this as a solution for are games like Planetside, with massive lobbies. I know they used to have automated detection and manual review by admins teleporting and flying around, usually invisible to sus players. Once we found a bug and got inside the map able to shoot through the ground and in like 15 minutes an admin came, asked us how we got in there and to get out nicely, before he gets us out forcefully :D
There’s just no way to stop cheating client side despite what devs love to think. But server side anti cheat is much harder and requires more work; it’s much simpler to just install spyware / rootkits on the client and call it a day.
You can’t prevent wall hacks with only server side anti cheat. The client needs that data locally before the enemy is rendered on screen.
As mentioned in another comment, you can’t do this on the server without expensive checks for every single player that is always checking line of sight, because it’s not just your session running on a single server but multiple sessions.
And let’s say you did this, now you have a latency problem because most modern games to make them feel fluid has client side prediction with server reconciliation. This is what makes your modern games feel more responsive, if you put a constant server check there you have lost this.
No matter what people say online, it isn’t just move all of it to the server, there is data the client needs to know and can’t be spoonfed by the server.
I think it’s an organization accountability issue.
Why would a company pay for anti cheat infrastructure when they can outsource it to some company and blame them if there are cheaters or upset users? Windows is the status quo too, so it’s very easy to point to everyone else when justifying your choice to the execs.
It would be great if steam deck+box start costing studios quantifiable amounts of money that can be used to justify fixing this instead of outsourcing and hand waving.
You are looking completely wrong at this. There is no anti-cheat that cannot be bypassed. Period.
You can always run things in a VM, you can always replace your keyboard and mouse with a different device, you can always have your a camera instead of human eyes and have something that recognizes enemies.
Even cheat detection in the real physical world (sports, chess, etc.) is not a completely solved topic.
You can connect computers to other computers so other computers will always be able to control them.
The idea that any (currently realistic) cheat prevention is unbypassable is silly.
> The idea that any (currently realistic) cheat prevention is unbypassable is silly.
The idea that anti-cheats don't make sense because they don't catch 100% of the cheaters is what's silly, who believes that? Not even the people writing these anti-cheats believe catching 100% of them are possible, why are you under the assumption that others think that's possible?
If it removes 80% of the cheaters from the game, the experience goes from "Holy shit lets leave" to "Ok, bothersome, but fine", this is what they're reaching for, not some fantasy utopia that you seem to be under the impression is the target.
> the experience goes from "Holy shit lets leave" to "Ok, bothersome, but fine",
This is making those rootkit anitcheat mechanism work. If people will leave, cheaters will play only with cheaters - problem solved.
I don't think the comment you're responding to is trying to claim that. They're responding to the parent comment asking if there's any way to actually make a Linux anti-cheat method that isn't bypassable and pointing out that this framing isn't really useful because there's no way to make one on any platform that's actually impossible to bypass. Their point isn't about whether it's useful or not to have imperfect anti-cheat but that there's nothing fundamental about Linux that changes the fact that the anti-cheat is going to be imperfect anywhere.
You can run a VM using trusted computing extensions for the game. If the VM encrypts traffic, that stops network level cheats. You can still fake inputs/outputs to the machine if you put the work in, but then you can also use a vision model and faked input with actual consoles, so that hole is never going to get patched.
I think the most stringent types of Windows anti-cheat rely on remote attestation of the operating system. It's theoretically possible to design a Linux-based OS that supports such a capability, but the sort of people who choose Linux are unlikely to accept a third party having the final say over their computer.
I, for one am disappointed that anyone has accepted it. Once it's widespread, service providers can demand it, as we're seeing with mobile banking apps and game anticheat.
I also strongly dislike requiring remote attestation for any kind of software I want to run. But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do.
Personally, I run Windows purely for gaming and don't let it near any important data. For the latter, I boot into Linux with separately encrypted disks.
>But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do.
You can't suggest "run online games as close-knit social groups, with social exclusion punishments for cheaters", which is how most online games used to be run. How old are you?
Game vendors used to be happy letting us host and run our own multiplayer games, until they realised they could get more money out of us -- "battle passes", microtransactions, ability to forcibly turn off multiplayer of older game when newer remake comes out -- and now they've made themselves a mandatory part of your online experience. You have to use their matchmaking and their servers. So now it's down to them to solve the problem of cheaters, enabled by their centralised matchmaking... and their only solution is remote attestation of your machine and yet more data collection?
I'm doing the same but I worry about windows compromise messing with the bootloader so then encrypted linux drive won't save me. Probably too paranoid though?
If you use secure boot and don't let your keys near Windows, you should be fine even if your Windows install is compromised. Unless you don't trust Microsoft themselves, in which case you'd need to re-enroll keys whenever switching operating systems, which is possible, but very tedious.
Server-authoritative games. Basically the client does stuff, gives the list of moves to the server along with a checksum/end result. Then the server runs the same commands on the same starting state and checks if it got the same result.
If a==b, then everything moves on as normal. If not, the client gets a synchronisation error and has to rewind back to the last known good state.
Completely unfeasible for anything real-time pretty much.
Having done modding for some older shooter games built on the server-authoritative model, it's still possible to create a "pingless" experience, but it requires more calculations and compromises on client/server trust to make it work. For shooters specifically, you want the client to provide instant feedback when the gun fires, and ideally when they hit an enemy. You can achieve this by telling the server "I was at position A and shot my gun at position B and hit enemy Bob." The server will validate all of this before informing the client who fired and the client for "Bob" that Bob was killed. The compromise here is that the server must trust that the client isn't sending forged data, or the server must do additional computations to validate it.
An elaborated version of this idea is called "rollback" where you let the local client predict and execute the game state at time t+1 and will "roll back" the state of the game if it received another game state than the one predicted. Extremely popular and state of the art for 2D fighting games (most of the time the prediction is correct and it greatly reduce the perceived lag) , but probably harder a bit harder to do with 3D games.
I mean kernel level anti-cheat doesn't really work on Windows either, its just security theater.
Linux explicitely allows you to do things that makes cheating *really* easy.
There is also complete lack of secure boot and a way to validate that your kernel hasn't been compromised.
I mean seriously, making a cheat for a proton supported game that no anticheat has any hopes of detecting are in 100 lines of a kmod driver and 1 console command: insmod.
On windows you at least need to use scuffed tools like KDU to bypass signature verification requirements and every anticheat can detect you with a simple physical memory scan.
Linux supports secure boot just fine, it's just happy (correctly, IMO) to give the keys to the user and not the developer.
Unfortunately right now SteamOS does not support secure boot or measured boot.
yah my bad: vendor defined secure boot*
> There is also complete lack of secure boot
That's not true, though?
well lack of secure boot is bad wording, lack of vendor defined secure boot.
I used to dual boot, but I that there are so many games on Linux, I just don't buy or play incompatible games. So EA lost a BF6 sale for being assholes.
Same situation here. If it were last year, I may have caved. But at this point I don't want to bother with dual booting and losing my Linux context as I do so.
Instead I'm playing ARC Raiders which works perfectly on Linux and I don't regret a thing.
Cheats aside, are there any competitive games that include Uber-like rating system? Meaning that you'd need to provide feedback whether you'd play with your opponents/teammates again after a game.
Overwatch (1) had something like that. Not sure if Overwatch (2) still has it, or how it functions now.
In higher ELO, people would target good players with "avoid player"^1, effectively soft-banning those people from match making because the pool was small enough. They would still get put in matches eventually but their queues would blow out a lot.
From memory it did not have an explicit "match me with this person" button, but you could thumbs up players in the post-match podium as well as endorse them which may have soft-factored into matching you with them again.
\1 I think it was called this. It was a general "bad attitude" marker, not a "bad team mate" or "bad opponent" marker.
Overwatch (1 and 2) had/have an avoid system, but it only avoids as teammate. Overwatch 1 use to at the very beginning have a system to avoid a player as a whole and they wouldn't be matched in your game at all, but that was remove really early on, as it is easily abusable against good player (I don't want them on the enemy team, they are too good so just get rid of them entirely) and there was a report system anyway for other kinda bad stuff.
Then there is just the endorsement system, which is just a level from 1-5 and you can endorse people you liked playing with. It doesn't really do much in matchmaking but you can't do certain things if you are below a certain level (I forgot what all it was but you can't make (public?) custom games if you are too low and I think text and voice chat could also get disabled if you are too low).
Dota 2 comes to mind, they have the commend system. If I remember correctly they added something like this to CS: GO too.
Pretty sure the commendation system in CS is just for looks, as it can be easily gamed.
Yes to some extent, I believe “The Finals” asked to rate how each match went in earlier seasons. But that stopped now that the game is more mature and feeling well balanced.
Cod MW2019 would occasionally ask, but once every X game IIRC.
The idea of someone rating me, or rating someone else makes me anxious.
I'm not sure it would be better than just reporting people with undesired behavior.
> The idea of someone rating me, or rating someone else makes me anxious.
But not enough to avoid, as you’re here.
I think it’s more anonymized like “did you enjoy the game with this team (1-5)”
Smite used to do that, but long time since I played it.
The only game I miss when I moved to Linux was League of Legends. Everything else pretty much works. I get that it’s not worth it for them to deal with more potential cheating, but it’s a bummer.
The worst thing about League was that Riot added it retroactively after years of effort to patch Wine to work with League's weird quirky code. It was the only game that I always remember having a custom Wine build in Lutris even as far back as the early 2010s.
It also would be completely unnecessary if they fixed their servers.
[dead]
Hm, most of these seem updated 3-4 years ago, is this list relevant any more?
Do you have examples of where something isn't accurate? If something hasn't changed it doesn't need to be updated. As far as I'm aware the things that change are updated quickly, hence the list is relevant.
No, I just assumed things would change a lot.
It's so disappointing that the halo master chief collection still doesn't support split screen. Nothing compared to the joy of playing halo with friends in the same room.
Thank you, I prefer my Linux without rootkits.
It'd be nice to have the publisher of the games...
Between Windows being so unbearably bloated and no way to make anti-cheat really work on Linux, it looks like the consoles win!
Or you could miss out on like... 5 games. Competitive games on a controller would be a much larger trade off than dual booting to me.
On Xbox at least Keyboard / Mouse support is decent. I played Fortnite and Minecraft this way for a while.
Personal preference, but I'd far rather have a separate device dedicated to gaming than my kernel hacked by anti cheat.
https://www.purexbox.com/guides/all-xbox-games-with-mouse-an...
On my PC I can play basically every game ever made in all of human history, minus maybe 7 that use kernel level anti cheat, and a couple PS5 and PS4 exclusives.
Other than that I have emulation plus a steam library. I'll take that over a locked in console that can only play 2 generations of games any day!
Edit: I'm not sure why the person who replied to me asking about emulators was nuked, emulators are still legal everywhere as far as I know. Anyway tldr go check out emudeck's GitHub repo to see a good list of emulators for basically every platform.
No modding and higher prices of games on consoles though.
While some anti cheat supports Linux they're mostly useless as you can much more easily bypass them on Linux compared to windows. I guess enabling them for competitive games is one way to increase Linux users.
Well, that's just silly. Hook up a Raspberry Pi as your keyboard, mouse input and video output and all the anti-cheat fails. Same (largely) for VMs, same for many emulators.
And if nothing works you can always build a robot pushing mouse, buttons, etc.
Of course you can raise the bar, but if anything has been shown it's that cheating is not something that anyone has been able to prevent yet.
In many situations you can also interfere on the packet level. Of course maybe you need to extract some key, but in many situations that's not exactly hard. And then you can hook something into network.
The cheating isn’t just about input speed or accuracy though. It’s about seeing around corners or having knowledge about other things in the game that you can’t see on the screen.
They already do this. Including peripherals which appear as an actual mouse, but they are there only so that cheat software can take control of the input without modifying the game memory. There are cheats which run on a separate machine and access the game memory via a dedicated DMA card (which itself presents itself as an innocent piece of hardware). Note, this can still be detected either via detecting the DMA card itself, or eventually these shenanigans will be killed off by IOMMU.
Unfortunately, there are also plenty of offerings which do not touch the game memory or process at all, and work purely based on image recognition and these days they actually use AI that is trained on specific games. I have no idea how they plan to detect these. All the cheat needs is the video feed and the ability to provide input via mouse and keyboard, and as you say this is trivial to do in a way that is entirely undetectable.
kernel anti-cheat are notoriously inefficient and are weaponized by hackers.
Are they? Cheats for games like Fortnite, CS (Faceit), Rust, LoL have become very expensive (100 USD per month are not unheard of) or require you to purchase special hardware.
And I have yet to come across an anti cheat driver of the big publishers (EAC, Faceit, Javelin, Vanguard) being exploited and allow access to r/w kernel memory. It is more likely that the driver of some hardware is being exploited for, rather than anti cheat drivers.
Personally, I only remember the ac driver of Capcom ever being exploited. Compare this to the dozen hardware/av drivers which were exploitable, like the Intel LAN utility driver, ASUS IOMap64, MSI NTIOLIB or that one Razer driver. Oh, and CPU-Z and the Avast Hypervisor driver were exploitable too and allowed r/w on kernel memory. These drivers are way more likely to be weaponized than ac drivers.
The thousands of RGB drivers from the various manufacturers that are just copy+paste jobs on RWEverything is actually disgusting and Microsoft letting that just happen is a serious problem. Ah yes you added AES to your IOCTL very secure! I'd say the only reason that these drivers haven't been exploited is because of the insane bug bounties in place. There are also other big issues in games, see the whole hack with Apex Legends lmao
In still doesn't prevent a wide array of cheating.
It is more a anti-(non-steamOS)-linux than anything else.
[dead]