https://news.ycombinator.com/item?id=41999314 Steam games will need to disclose kernel-level anti-cheat on store pages
Why load on boot? -> Because we need to, don't worry.
Why is scanning my serial port -> Is a bug, don't worry is not a problem.
What if Riot is hacked? -> If Microsoft gets hacked is even worse, so is not a problem.
I believe the reason stated was "because we know it will not be tampered with after boot". Not saying it's a good or bad reason, but this is dishonest paraphrasing.
If I remember correctly I can just enable/disable the easy anticheat service, sane with the EA thing, I don't need to reboot the machine like with Vanguard.
But thanks for pointing it out.
Can also read process memory of the same user.
You're not wrong, but there is some strong irony there regarding Vanguard. When it first launched its driver would block certain other drivers from loading, because those other drivers had known vulnerabilities that cheats (or anything else) could use to escalate from usermode to kernelmode without touching any of the standard entrypoints that are monitored by anticheats.
Would you be surprised to learn that the main response was for gamers to get angry at Vanguard for breaking their RGB keyboard driver, rather than get angry at the manufacturer of their RGB keyboard for shipping a buggy driver with critical security vulnerabilities? And Microsoft ended up adding a very similar driver blacklist to Windows itself later, because it's a good idea.
Anyway, people realised you could make ANY texture custom. Who's to say those walls wouldn't look better transparent? I created a _ton_ of transparent textures with different colours and what not and packaged them into a .zip with a $ attached. Didn't expect much because all of this was available for free by many other provides but I pulled in about $15k for an afternoon's job.
Valve eventually released the sv_pure server command which would force Valve textures on their servers, fixing the issue. Because this was a custom texture hack, it was rightly undetectable by VAC and therefore no bans were issued.
Anyways the point of this is there's a lot of money in it for the cheat devs. They aren't going to stop. I really hope a new innovative solution comes along that puts an end to it.
The worst case scenario is the TF2 catbot scenario, which anticheat seems to stop.
if it's a pain in the ass to stay ahead of the anti-cheats, then people with the skills to do so will expect (and receive) payment from those wishing to cheat.
[1] "According to a report by Sina Tech in October 2017, Tencent employed over 7,000 members of the Chinese Communist Party (CCP) ... "With over 7,000 CCP members, accounting for approximately 23% of the total workforce, and more than 60% of whom are core technical personnel, the number of CCP members at Tencent is increasing by nearly a thousand every year." [2] "The Tencent Party Member Activity Center has a dedicated CCP member activity area of more than 6,000 square meters. More than 1 million yuan is allocated for CCP activities per year."
As someone who plays games every day, with ~3000 hours in Counter Strike at a decently high level. I've only ever encountered blatant hackers maybe 3 times in the last 10 years. I definitely do not care enough to start allowing random companies Kernel level access to my machine.
[1] https://archive.md/20230323012647/https://tech.sina.cn/2017-... [2] http://dangjian.people.com.cn/n1/2016/0630/c117092-28513326....
The existence of an incentive does not guarantee the existence of a solution.
> HN has a lot of very clever people.
From the way people are talking about this issue (in this and the other thread) I don’t think any solution is going to come from HN commenters. Most of the people here are thinking about the problem from first principles and generating ideas that either:
- haven’t worked in over a decade because cheaters have workarounds
- overestimate the capabilities of AI or statistical methods
- underestimate cheaters or contain false assumptions about how cheaters think/behave
- underestimate how many people are demanding a solution to this and what kinds of strictures they’re willing to accept
- underestimate the backlash in store for any solution that isn’t 100% correct
It’s not like the incumbents are dummies. They’re constantly thinking about this from all angles and are willing to try anything.
There being a market for something is necessary, but not sufficient for commercial success. That something also needs to be possible.
"Source: I am one =)"-type comment
With enough effort, all software can be virtualized, and whether the defender's effort can even theoretically be scaled more easily than the attacker's is an open question.
I feel like this is a flawed basis of assumption and also just a mis-framed situation as a whole. Cheat developers and the people that use them en-masse aren't really the same people. By trying to suspend their narrative on player greed being the enemy, they undermine a point that otherwise has some very practical responses if you don't resort to relative extremism.
For one, if exploiting software to win was the ultimate degenerative goal of every video game, I don't think people would want to pay for online experiences. People still buy and play games because they like the intended experience, and while cheating exists it's a one-sided aberration that isn't an obvious by-product of an endless greed for winning. I don't like cheaters, but any businessman will tell you that one person's abuse of a service is no excuse to degrade another customer's experience.
For two, this isn't casus-belli on privacy even if it was true. All software can be exploited, but that doesn't justify creating infinitely hostile conditions for a user to run your program. This same line of reasoning, blaming the cheaters and never yourself, could be used to justify any number of nonsense mitigations like forcing players to record themselves with a webcam or plug in proprietary anticheat USB hardware. This is all a very flowery way for a developer to absolve themselves of responsibility for an extreme reaction to a minor issue.
For three - it's deflecting the issue onto a conflated group of people that doesn't really exist. The people designing exploits are motivated to do so because they like writing exploits, not because they enjoy cheating. They might sell their software or distribute it to people that do play to cheat, but the cheat designers are rarely motivated by a desire to be at the top of a leaderboard that will boot them off for obvious manipulation. So the entire concept of blaming the players for wanting to win so bad is really just an emotional "we're the poor developers" deflection. They can try to hold the moral high ground all they want, but it ends up feeling like an incensed defense of something that clearly isn't working.
Are you sure you're not deflecting the issue onto a group of people that doesn't really exist either? I.e. The group of people who are just "hacking to hack" - these people do exist but they are exceptionally rare (w.r.t the likelihood of running into a player using that persons cheat) compared to the ones who are in it for some personal gain, financial or otherwise. Also this group is typically not the one having an oversized negative impact on the game (as always there are exceptional cases - but it's not the norm).
The cheat designers are motivated by money, and their customers are motivated by a desire to be at the top of a leader-board (or to grief, or because they feel "everyone else is doing it so I have to", etc). I'm not sure it makes sense to throw out the entire argument just because a level of indirection is there. If the customers stopped caring about winning at any cost, it follows that most of the cheat developers would have no more motivation to maintain the cheats (at least as publicly available to the masses), because the money would dry up and the work would not be worth it anymore.
RMT is also huge in certain games. For example Escape from Tarkov is infested with cheaters not because they want to get on the leaderboards, but because they want to sell items/services to other players for real money (cheating by proxy basically), and again those players spending real money are doing it to gain an advantage in-game.
It's also important to note that that maintaining a public cheat is _very_ different to maintaining a private one. Basically nobody who is just 'hacking to hack' is going to be publicly maintaining a cheat for a major competitive online game just for the heck of it. Privately for sure, that happens all the time where things are traded/sold between just a handful of people. But nobody is out there maintaining free public cheats for Valorant, Apex, Siege, etc. (or at least not one that puts a meaningful effort into evading anti-cheat, which is sort of the point).
Sometimes the two groups overlap (i.e. an individual might "hack to hack" in their spare time, whilst also contracting for a commercial cheat developer), but if the commercial incentive disappears, so does the most of the negative impact on the game even if that individual continues to cheat personally (because 1 is less than tens of thousands - and the people who were previously buying cheats don't have the skills to replicate it themselves).
There is a lot of money to be made in this industry. There are many people that would pay 5-7$ per day for undetected hacks like this.
