Forgot your password?
typodupeerror
Intel Entertainment Games

Fighting Online Game Cheating in Hardware 289

Posted by CmdrTaco
from the your-chips-know-you're-cheating dept.
Monk writes "Multiplayer games these days have one problem. Cheating. Cheating is out of control because of failed attempts by software such as Punkbuster, and VALVe's Anti-cheat (VAC). Now it seems that could change change with Intel's own Anti-cheat Software/Hardware."
This discussion has been archived. No new comments can be posted.

Fighting Online Game Cheating in Hardware

Comments Filter:
  • for a social problem

    anything designed by a man can also be broken by a man

    the only remedy for human antisocial activity is human social activity. no technology will change that fact. and if you think it can augment those who intend good, then you're right but you must also bear in mind that it can also augment those who intend evil

    this applies to security cameras, file trading on the internet, etc. as well as game cheating
    • by Animaether (411575) on Sunday July 01, 2007 @11:28AM (#19707383) Journal
      ..is that the server, at some point, has to trust the data the client is sending. Now there's client-side anti-cheat software that will do things like try and make sure that external applications (not entirely unlike the old TSR cheats of lore) aren't altering the data in RAM before it sends the info back to the server. But that client-side anti-cheat software can-and-will be defeated. Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

      So the only proper anti-cheat lays with the server. But there you hit a problem. You can, for example, prevent some cheats that way. Somebody lobs 2 nades while the server knows he only has 1? Cheating. Somebody moves all over the screen, faster than the player can actually run? Cheating. Wait - or a laggy connection.. or a bug. Tread with caution there. Caution means a margin. A margin means a margin for cheating. Okay, so you don't have your cheat make your player run at 200% - you just make him run at 105%. Still an advantage, and the anti-cheat won't catch it because of the margin. And even when you can detect all the -technical- cheats (more ammo, faster reloads, increased speed, greater jetpack fuel (if there's any), that leaves you with the cheats that cheat the User Input. Aimbots and the like - which can be extremely difficult to detect.

      In the end, you can't 100% prevent cheating. But you can make the landscape unattractive enough to cheat in by at least trying to prevent it and having an actual human being look at suspicious behavior from time to time.

      ( I admin at one of the more popular Soldat servers - we're virtually cheater-free because the cheaters know they'll be busted in no time and their cheating fun ruined by us /kill'ing them (rather than banning - as they'll just be back) and ousting them in public. )
      • by Reziac (43301) *
        You make an important point: "ousting them *in public*."

        Fear of embarrassment after being caught is a powerful anti-cheat motivator in school, and I'm sure it works just as well in a game environment.

        • by Splab (574204)
          Don't know where you are from, but here it would be illegal to ousting people in public for cheating in school, what will happen here is all your exams get voided for the year. Second time it happens you get thrown out.
      • by Catil (1063380) on Sunday July 01, 2007 @01:27PM (#19708481)
        As far as casual public server playing goes, there might be another solution: Statistics.
        40% aiming accuracy? Too good. 5 headshots in a row? Too good. etc.
        It wouldn't even have to have anything to do with cheating, actually. The message a detected player would recieve would be something like this: "Sorry, you are already too good for this server, it's low-skill only. You will be kicked in 5 seconds, so the noobs here will have more fun in a more even and fairer game. Feel free to play on our mid- or high-skill servers over here."
        • by Bombula (670389) on Sunday July 01, 2007 @03:08PM (#19709291)
          And the high-skill servers will be like SNL's All Steroid Olympics. Why not? Same with MLB. Who cares if people cheat - as long as everyone is cheating, it's still a level playing field.
        • by Kjella (173770) on Sunday July 01, 2007 @04:51PM (#19709967) Homepage
          Except the people using aimbots and the like aren't interested in skills - they're interested in the feeling of being invincible, to tear through a map like a mean Rambo look-a-like. Put the cheaters together and they'd have no fun. So what they'd do is find ways to do it anyway, while the good players will get banned by any other name. What are you going to do, start banning people for winning too clearly? Sure, that's incentive... get too good and you get banned on every server except the garbage heap of cheaters, woohoo.
        • by Ash Vince (602485) on Sunday July 01, 2007 @05:25PM (#19710201) Journal
          I play americas army alot on the net. At one point I was out of work and pretty much played full time for 2-3 months. By then end of that period I got more hacking acusations than you can shake a stick at. I even got banned from a few servers. I have never cheated. The truth is that really good players get headshots first time, almost every time.

          In the end I settled on playing on one or two public servers run clans. That way they knew who I was, trusted me not to be cheating and let me carve through people when I was on a good run. That way admin would usually explain to noobs I wasnt a cheat when the acusations started to fly.

          I also changed my name to Nohax for a laugh but that was only after I got the hacking acusations.

          The truth is though that human admins are the best anti hack method. If you got caught cheating on their servers you would probably get a lifetime hardware ban. That means your PC gets banned, not you account name or anything. I don't know how it works but it is effective as I have heard people complaining they downloaded a hack for a laugh and then could never play again until they bought a new PC.

          • You hit the nail on the head. We run our own UT2k4 server. We occasionally get decent players on. We also occasionally get people who magically get 6, 7, 8 kills in a row in on people that they can't see, or as they round corners. If someone seems just too good to be true, they get the banstick. Have we possibly banned people for just being super-good players? Possibly. But there are a couple hundred other servers for them to play on. Have we banned downright cheaters? Yep. My favorite was the kid in igib Hall of Giants - if you know the map, you'll know how amazing it is to get a "HOLY SH*T!" twice in a row. Yeah, that's 16 kills in a row, with a max of 3 seconds between each one. All the more impressive was that he did it from...the bottom of the map...and shot someone directly above him in the air immediately after shooting someone on the ground, and then immediately shot someone behind him and to the side. I was spectating for the second round of kills, and most of the people who died you couldn't see, due to the distance limitations. Many were nearly 180 degrees apart from each other at huge distances, but they were located and killed in the span of a second or so. Not overly hard to justify a ban for things like that.
        • Re: (Score:3, Insightful)

          by brkello (642429)
          This seems like a horrible idea. Maybe it appeals to those who suck at the game...but then what is the point? You already have a filter that does this. Go on different servers and find one the suits your skill level. You don't need statistics to kick you if you have a lucky game. Besides, people would just find out the rules and play around them...making sure they empty their clip in to the wall before they get out of their spawn or purposely miss that next head shot.

          Fine, use statistics to detect che
      • by vertinox (846076)
        Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

        I can't seem to find the article somewhere, but I remember John Carmack said in an interview the only way to truly get rid of online cheating was to simply have the server generate the video feed and stream it to the client and had the client only send pure keyboard mouse controls.

        I might be mistaken that he was alluding to the
        • And that *still* doesn't get rid of aimbots.
          • Re: (Score:3, Interesting)

            by lena_10326 (1100441)

            And that *still* doesn't get rid of aimbots.

            It would get rid of aimbots.

            In order for an aimbot to work it needs access to the internal game state, particularly positions and velocities of objects in the game, which it can gleam by analyzing the data packets between server and client or by accessing in memory game data.

            If all you have is a video stream, the aimbot has access to no game state. The best it could do is try to recognize objects on the screen by pixel patterns (screenscrape), which I doub

      • by ensignyu (417022)
        Most games with a dedicated server (usually FPS) already validate everything -- or more precisely, the only thing you can do is enter keystrokes and mouse movements. I'd actually call it particularly bad design if you don't do something like that -- although maybe at a higher level.

        One problem is with non-dedicated servers like for RTS games, where one of the players hosts the server. You really have to trust that player not to cheap by manipulating the server.

        Alternately some games use a P2P model where ea
      • Re: (Score:3, Insightful)

        by brkello (642429)
        The only problem with that is a lot of the time the admins just aren't very good players. They are unable to tell a good player from someone who is cheating. I know my brother and I have been banned from many CS servers by admins who can't believe we can play like that. The sad thing is, I am really not that good. Just the admins have no idea how bad they are.
      • Re: (Score:3, Interesting)

        Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

        In order to defeat TCPM, you can:

        1. Fool the TCPM chip itself into authenticating something that isn't properly signed. Probably can be made impossible.
        2. Crack the authenticated software, while it's executing -- something like a buffer overflow. Difficult, and is impossible with perfect software. Perfect software is not impossibl
    • by robpoe (578975)
      So, you're going to make the cheat developers jump ahead. Instead of injecting their software into the wall code, they're going to have to inject their software into the anticheat code, to pass keystrokes into it as it shoots the guy down the alley..

      Why waste money with this? Blizzard's Warden is pretty robust from an anticheat stand. Ok, sure, it's spyware too. http://news.bbc.co.uk/1/hi/technology/4385050.stm [bbc.co.uk] - See this or google Blizzard Warden spyware .. of course don't mind the lag that Warden ca
    • All software anti-cheat systems are flawed because they include things other than cheating. I get kicked by Punkbuster for high ping on gaming servers.

      The trouble with anti-cheat systems is that the developers have no ethical standard. They tolerate inconveniencing legitimate players to ensure that the cheaters are stopped as well. The law would see things differently. The law believes in letting some criminals go to ensure that it never punishes an innocent man. Flawed though it may be, it works far more o
    • Re: (Score:3, Insightful)

      by Kjella (173770)
      To go back to classic crime term "Motive, means and opportunity". You can either try to take away their motivation, take away the means or take away the opportunity. Time and time again we've shown that to change human nature is very very difficult. To take away the means is usually to take away the tools, which are usually overbroad and takes away legitimate uses. Taking away the opportunity is usually the most appropriate and effective.

      I have a lock on my door. It's to take away the opportunity. It's a lo
      • Re: (Score:3, Interesting)

        by rtechie (244489)

        Time and time again we've shown that to change human nature is very very difficult.

        Nonsense. You may have noticed that people are no longer urinating in the streets, as was customary 100 years ago. Your average 3-year-old today behaves better than adults did a century ago. There's all that civil rights stuff too. Contrary to what some people seem to think, human behavior is in fact extremely malleable.

        Online cheating is not "human nature". It needs to be considered "socially unacceptable" to cheat and there needs to be tangible punishments associated with doing it. Take the behavior of p

    • I play Sauerbraten (and occasionally ActionCube, now AssaultCube) online. Both feature mastermode. Since there are far more honest players than cheats, you simply join a server and assume mastermode if no-one has already taken it.

      It works really well, except that people aren't sufficiently willing to assume mastermode. All the same, serious gamers do do so, so 'serious' games aren't disrupted for very long.

    • Re: (Score:3, Insightful)

      there is no technological fix for a social problem. anything designed by a man can also be broken by a man.

      I don't know about you, but I for one like having locks on my doors. Are they 100% perfect at keeping determined individuals out? Of course not. But that's not their purpose. These kinds of measures merely need to make an activity "not worth it" to those who have some motivation (the aforementioned societal problem). Economic deterrants do work well, at least on a statistical basis.

      As for chea

    • I don't agree with your "social problem" fix thing. Cheating is both a social problem and a tech problem.

      Given enough bandwidth and computing power on the server end cheating can be stopped or nearly so. This is a rather hypothetical statement, however, because I don't see either of those requirements coming in my lifetime.

      Cheating is enabled mostly because the server must provide too much information to the client so that the client can do it's own calculations thus reducing the workload for the server.
    • by kahei (466208)

      It's true -- not because of technological limitations, but because of the nature of the problem.

      The problem is:

      "People keep subverting or working around the technical infrastruture of this environment."

      The solution can never be:

      "Change the technical infractructure of this environment." ...because they'll keep right on subverting it.

      I'll tell you whut, though -- before they nered the whole system into another 'run round and shoot everything and get bored' game, there was a working solution for Day of Defeat.
    • Re: (Score:3, Insightful)

      The social problem has an obvious solution: accountability.

      If banning of an anonymous ID is the worst any cheater might endure, and they know it, they're going to operate as you would expect someone with impunity to operate.

      The obvious solution has obvious problems. The social solution leaves a worse taste in our mouth than cheating. That's why we're chasing it technically.
    • by mcrbids (148650)
      there is no technological fix

      ... like a safe

      for a social problem

      like theft

      anything designed by a man can also be broken by a manm

      eventually

      the only remedy for human antisocial activity is human social activity. no technology will change that fact. and if you think it can augment those who intend good, then you're right but you must also bear in mind that it can also augment those who intend evil

      So why do you lock your car? Front door? Why do you have a PIN for your bankcard? Why do you have a password?

      You'r
    • by mumblestheclown (569987) on Sunday July 01, 2007 @01:39PM (#19708591)
      For fark's sake people. A statement like "there is no technological fix for a social problem" is just important-sounding nonsense. Really? We seem, after all, to have prevented the problem of people physically reaching out across the internet and strangling people... I have yet to see anybody do this (as much as I'd like to sometimes). Parent poster completely ignores the obvious problem with his arguments: that ALL defense mechanisms are not about absolute defense, but about reducing the rate of successful attacks and/or increasing the barriers to entry (such as technical sophistication, equipment, time, etc) that an attacker must invest in to be successful. Security guards and alarm systems do not prevent all bank robberies - but it is safe to say that there would be more robberies if those things didn't exist. Same here. You may have technological issues as to exactly how much such a hardware defense would decrease the amount of cheating, but it seems fairly obvious that, if implemented, this figure would be greater than zero.
  • by Slim Backwater (550617) on Sunday July 01, 2007 @10:46AM (#19706977)
    How about just adding cheats as elements to the game? Players like radar? Add it. The ability to see through walls? Auto aim, auto trigger? Make them power ups. Don't fight it, integrate it.
    • by boaworm (180781) <boaworm@gmail.com> on Sunday July 01, 2007 @10:49AM (#19707007) Homepage Journal
      Because many of these games aim to be realistic, that's why people play them. Adding an "aimbot" as a powerup is not something that would have happened the 101:rd airborne when they dropped down over normandy, so when you play that scenario, neither do you want it or should have it.
      • by Saville (734690) on Sunday July 01, 2007 @03:23PM (#19709405)
        Attempt 1) get shot down
        Attempt 2) get shot down
        Attempt 3) get stuck in tree and then shot
        Attempt 4) get shot down
        Attempt 5) get stuck in tree and spend 5 minutes press the 'escape' key then get shot on ground
        Attempt 6) get shot down
        Attempt 7) kill some nazis then get shot
        Attempt 8) get shot down
        Attempt 9) get shot down
        Attempt 10) get shot down
        Attempt 11) get shot down
        Attempt 12) be sneakier and kill more nazis then get shot
        Attempt 13) download FAQ and type special 'idkfa' cheat and walk around like Rambo and have more fun playing the video game as escapism where you become a hero. You've just had your fill of realism, now you want entertainment. You want to play the role of the top 1% that didn't die or get wounded instead of just another peon.
    • Re: (Score:3, Insightful)

      by Anonymous Coward
      Yeah, make an FPS game where everyone automatically has immortality, omnipotence, omnipresence & every conceivable weapon.
      Sounds a lot of fun.
    • by Blakey Rat (99501)
      Oh yeah, Diablo II online was SOOO FUN. You have to install an anti-cheat hack to undo the cheat hack that someone installed to undo your last anti-cheat hack. Everyone spent more time hacking the damned game than playing, and nothing in the game was worth anything. Do not want.
      • Mod me offtopic... (Score:5, Interesting)

        by SanityInAnarchy (655584) <ninja@slaphack.com> on Sunday July 01, 2007 @02:18PM (#19708915) Journal
        Is that a reference to the horrible, horrible, Chinese pirated Attack of the Clones (subtitled in english-chinese-english translation)?

        That always cracks me up. Vader's "NOOOOOOOO" becomes "DO NOT WANT!!!"
        • Re: (Score:3, Informative)

          by Blakey Rat (99501)
          I think that was the origin of "Do not want," but it's in regular use on a ton of websites now, especially Fark.com where it's often used in comment threads and sometimes headlines. Also, a lot of "LOL Cat" images have incorporated it. It's just a popular meme at the moment.
    • Wrong term. (Score:3, Informative)

      by khasim (1285)

      How about just adding cheats as elements to the game? Players like radar? Add it.

      The players don't like radar. The cheaters do.

      Following your logic, the game would offer the ability to instantly kill any enemy, at any range, automatically. Regardless of intervening obstacles.

      Yeah, that sounds like a fun game.

      Cheaters want those because cheaters don't want to play by the same limits that everyone else does.
    • Re: (Score:3, Funny)

      by Cylix (55374)
      Because someone would come out with an anti-aim, anti-whatever and turn all of those new features off.

      You just can't win with these damned kids.
    • by sheetsda (230887)
      I think it would be more interesting to create a game that was specifically designed to be hackable ten ways from Sunday. The objective of the game would be to develop the best program to play the game.
      • Re: (Score:3, Insightful)

        by kasperd (592156)

        The objective of the game would be to develop the best program to play the game.

        That kind of games are fun for those of us who know how to code. Most of the gamers out there wouldn't stand a chance in a game that involved coding in order to play it. But there still remains a few questions, do you run the program on your own machine talking to a server? If so, is the program supposed to play by itself, or is each player going to be a person and a program cooperating? Are people with a beafy machine and a fas

  • *sigh* (Score:3, Interesting)

    by Verte (1053342) on Sunday July 01, 2007 @10:47AM (#19706981)
    The Quake fiasco [catb.org] has already taught us plenty about this: don't trust the user.
  • Wall hacking (Score:2, Informative)

    by Anonymous Coward
    It appears to be yet more DRM designed to ensure that peripheral inputs match those received by the game.
    This does not address the issue of cheats that allow the player to have information that he would otherwise not have, such as seeing through walls. Nor can it detect proxies.

    Like all DRM, it sounds like it will cause legitimate users more problems than it will cause to cheats and crackers.
    • I don't think DRM is the solution to multiplayer cheating (I use the term 'multiplayer cheating' to distinguish between legitimate cheating against bots and cheating while playing against other players). Like all the copy restrictions show us, any DRM restriction can and will be cracked sooner or later.

      There is another way to stop multiplayer cheating: Don't give the client information. Why are you able to code a wallhack? Because your computer knows where the enemy behind the walls is. DRM doesn't work, so
  • by Joebert (946227) on Sunday July 01, 2007 @10:50AM (#19707017) Homepage
    Nobody seems to care how good a game is, "the game" is all about finding ways to cheat no matter which game you're playing.
    • Re: (Score:3, Insightful)

      Not really. The real problem is that there's always a small minority that wants to cheat. They drive off the large majority that just want to play a good game.
      • by Joebert (946227)
        If only it were a small minority.
        If you get anyone away from other people, they'll cheat if they know they can get away with it.

        Nobody cares about the game, they just want to win & they'll do anything to do it as long as they know they aren't going to get caught.

        That's just what I see happening.
    • Re: (Score:2, Interesting)

      by qlayer2 (1122663)
      I play multiple online games, with punkbuster support- and the simple fact is that 99% of the people cheating are untrained dupes who download trainers which also contain a number of viruses, and they aren't doing it to get an advantage in the game. They are just doing it to get a rise out of the honest players. The 1% that are smart enough to write their own scripts and use it for an advantage, are usually terrible enough at the game that their "advantage" doesn't matter much anyways. Most respectable s
  • by boaworm (180781) <boaworm@gmail.com> on Sunday July 01, 2007 @10:54AM (#19707067) Homepage Journal
    The whole concept of anti-cheating is based on making a chip comparing input on mouse/keyboard to input into the program.

    So how about:

    1: Software that wraps this chip, and returns "true" all the time ?
    2: Cheats that does not emulate keyboard or mouse input ? (like radars, spike skins, you name it)
    3: Software that generate keyboard/mouse interrupts ?
    4: The fact that someone would not buy a CPU/MB with anticheat stuff in it if you intend to cheat. You'd just have a dummy driver emulating this hardware or something.

    This only seems to be able to solve a very small portion of cheats.
    • ...because most people who think they understand the nature of Trusted Computing are dead wrong.

      In theory you are perfectly correct. There's no sense in trusting data coming from the client. Any hardware or software added to the client's machine to make it disobey its owner can be circumvented.

      In practice, the bad guys have come up with a way to make this circumvention difficult and expensive. Here's the basic outline for trusted computing:

      * A small chip called a TPM is added to your motherboard. This chip
      • Re: (Score:3, Interesting)

        by rtechie (244489)

        So you can't "wrap the chip in software" like you suggested. Your software won't have the necessary private keys to produce authentic-looking reports from the TPM. You could definitely physically break open the chip and try to extract the private key. You might even be successful if you've got a lot of equipment and education. But that would have to be done on a PC-by-PC basis since each PC will have its own TPM and each TPM will have its own private key.

        Two points:

        1) There exist, right now, software emulators for the TPM.

        2) How will "the internet" or individual services like Valve or ISPs determine the authenticity of the private keys?

        This is a very key point. While it is likely there is a fixed format for the keys, I think it's every unlikely that there will be a secure method developed to distribute a list of which keys are valid. Key distribution is the Achilles heel of public key cryptography and it's weaknesses are glaringly apparent here. Look at th

  • So it compare's key/mouse input from the user.. so you get some engineering students and build a par-port output that loops back in as mouse and keyboard-shunt input. A good afternoon or 3 and some beer, and a few engineering students could overcome that problem, and be selling the solution to cheat-software-makers before the intel crap hits stores.
  • Wow! (Score:3, Insightful)

    by smiltee (1099075) on Sunday July 01, 2007 @10:55AM (#19707075)
    Exactly like DRM, I am sure this restrictive method will work flawlessly! I think Intel is making the right choice by using something you can't update against an entire army of hackers!
  • by kaufmanmoore (930593) on Sunday July 01, 2007 @11:02AM (#19707143)
    This handy device fits in a computer's 5.25" inch bay and if it detects cheating a razor sharp knife comes out and relieves the offending player of the little (as is always the case with cheaters) piece of manhood that the loser has left. (Towels to clean up blood not included).
  • Great.. (Score:4, Insightful)

    by Khyber (864651) <techkitsune@gmail.com> on Sunday July 01, 2007 @11:04AM (#19707161) Homepage Journal
    I'm looking forward to the time when I can't play a game online because some POS hardware/software thinks that my MP3 or video encoder is a cheat mechanism.

    Lame, very lame. And you KNOW this will eventually happen. Some harmless software program running at the same time as a game will screw your online play without lube.

    Why can't the game devs shift focus away from DRM & etc. and try building a solid product that doesn't NEED a third party anti-cheat software running? It's called internal testing, FFS. You made the software yet you can't find the holes, meanwhile some smartass 15 year old Russian just reads your code and goes "Oh! Look at what we have here!"
    • Why can't the game devs shift focus away from DRM & etc. and try building a solid product that doesn't NEED a third party anti-cheat software running? It's called internal testing, FFS. You made the software yet you can't find the holes, meanwhile some smartass 15 year old Russian just reads your code and goes "Oh! Look at what we have here!"

      Because there are some types of cheating that it is just not possible to identify or prevent through a well-designed client. If the game is one that computers c

    • Re: (Score:2, Informative)

      by JNighthawk (769575)
      Maybe you've never worked on games before, but you seem very naive about it.

      Sure, you can build an ultra-secure game that will be near-bulletproof, but you know what? That game wouldn't be fun. You'd have to wait for server auth before you could do anything, so this would only work for non-real time games.

      And, finally, on top of what I said, the direct issue brought up (keyboard/mouse movement spoofing) cannot be fixed by games. Period.
  • by dannycim (442761) on Sunday July 01, 2007 @11:05AM (#19707163)
    A friend of mine plays the Final Fantasy XI MMORPG on PlayStation 2. I rigged a little box with a bunch of timers, relays, the heart of a USB keyboard which can repeat timed sequences of game macros without supervision. It works wonders for some "skill-upping".

    Intel's little trick wouldn't detect that as it involves no software at all, no injection of keyboard events. As far as the console is concerned, it's a keyboard, period.

    I could go a whole lot more sophiticated and build a USB box that would emulate both keyboard and mouse events. Marry that with software that can "look" at the screen data and recognize patterns, and you'd have yourself an automated player.

    Go ahead Intel, invent better traps. We'll invent better mice.
    • You sound quite talented and definitely in a minority. In WoW anyway, most botters are just people who downloaded an app like Glider. If they had to go through the hassle of building hardware or ordering pre-made hardware, a lot will just give up.
      • by ZorbaTHut (126196)
        I'm not entirely sure I believe this.

        In WoW, most botters are, indeed, people who just downloaded an app. This is because the app works. If the app didn't work, they might go and do something more complicated, such as forking over $20 or $30 for a cheap hardware gizmo that does something like what the original poster is talking about.

        "People are lazy, and therefore won't go any further effort" is a fallacy when people don't need to go to any further effort. Once that becomes necessary (I mean, if that ever
    • There's keyboards which have this sort of thing already built-in. If people -really- want to 'cheat' that way (is it cheating - or is it just using better hardware? Is a widescreen monitor cheating when compared to a 4:3 monitor because you gain a couple of degrees of vision horizontally? Is using a headset cheating when compared to the person who doesn't have one? etc.) they always can.

      That said... the keyboards/etc. have a bit of a signature... the timing on the moves being the same within a few millis
      • by nschubach (922175)
        What's sad about this is that I recently played a Beta of an MMO called Sword of the New World. The leveling process was so long I actually created macros for my G15 to handle the characters while I went to bed. If the leveling curve on it wasn't so steep, I never would have thought about doing it. Personally, I think if the game would reward people in faster increments they wouldn't resort to "cheating" or macros except to simplify patterned commands. BTW, I actually bought the G15 as a programming too
      • by Miseph (979059)
        This also brings into question the value of such cheats. If a cheat must be weakened so as to avoid notice, the eventually it needs to be weakened to the point where it doesn't even qualify as cheating any longer. Your home-made bot that acts exactly like a normal player in terms of imperfect timing and lack of percievable omniscience isn't a terribly effective way of cheating.
        • by vertinox (846076)
          Your home-made bot that acts exactly like a normal player in terms of imperfect timing and lack of percievable omniscience isn't a terribly effective way of cheating.

          Except for the fact he doesn't have to be there in person to reap the benefits of the bot at a later time. Otherwise known as gold farming...
    • by vertinox (846076)
      Marry that with software that can "look" at the screen data and recognize patterns, and you'd have yourself an automated player.

      Already done. [engadget.com]

      There is no technological fix for this. Eventually, AI will be so good that it will be hard to tell if a player is human or AI. Since the AI will be another computer with a web came and keyboard inputs, there is no detection.

      Unless you requite a Voight-Kampff [wikipedia.org] test before being allowed to play online.
  • This is actually already implemented by Microsoft in their Xbox and Xbox 360 consoles. I like knowing that, while Microsoft can't do much about exploitable bugs in the games (the sword-flying in the first version of Halo 2, for example), they can easily boot people from the network if they know they've modified their hardware in any way to enable cheating. It would be interesting to know what their record is, and whether anybody's figured out how to bypass the system.
  • Can't wait for the new spam now.

    "Download Intel Anti-Cheat update here! http://foo.bar.baz/Intel_Update.exe [bar.baz]"

    Now the spammers have a little bit of hardware to read keyboard input installed already for them?
  • I find it very troubling that this whole new "anti-cheating" technology looks a lot like some beefed up hardware keylogger which not only will be present in every computer out there but also will not come with an off switch. Sure, the reason to push this new trusted computing feature is those damn cheater punks who enjoy them unlawful fragging or that pesky spyware, which only affects ill-managed insecure platforms. Yet, what about the danger that this new feature presents to privacy? I mean, it's a keylogg
  • by Cheesey (70139) on Sunday July 01, 2007 @11:32AM (#19707417)
    Remember folks, although the remote attestation features of TCPA could be used by online services to force you to use a particular "trusted" application/OS stack, locking you in to a configuration like "IE on Vista", that's not why they are there.

    The point of TCPA isn't to enforce DRM or strengthen software monopolies. It's all about things that benefit you, like preventing cheating in online games, and... erm... many other things.

    TCPA is a misunderstood technology. The EFF [eff.org], the FSF [fsf.org] and security experts [cam.ac.uk] are just making a knee-jerk reaction to something that they don't understand. Let me explain:

    1. TCPA doesn't take away your ability to run whatever software you want. If every online service requires you to use (say) Vista, and uses TCPA to enforce this, you can just opt out of the Internet entirely and carry on running Linux or .*BSD or whatever. It's your choice.

    2. TCPA doesn't spy on you, although it might be used to prevent you modifying software that does. But then you can just opt out of using that software. Again, it's your choice.

    So, say yes to TCPA! Like atomic bombs and subdermal RFID chips, the technology isn't inherently evil, and it will certainly never be abused to reduce competition in the software marketplace, preventing free software interoperating with online services.
    • you can just opt out of the Internet entirely and carry on running Linux or .*BSD or whatever.

      You yourself have just shown that the EFF, FSF, and security experts have a genuine beef. Using Mickeysoft or "opting out of the Internet" is not an acceptable choice.
      • by Oswald (235719)
        Well, I went and checked your previous posts and there's no indication that you're any stupider than the rest of us. I'll just chalk this up to Sunday morning lethargy. But really you might want to post a mea culpa or something because your sarcasm detector is seriously hung over.
  • Just one problem? (Score:5, Insightful)

    by Quarters (18322) on Sunday July 01, 2007 @11:34AM (#19707427)

    Multiplayer games these days have one problem. Cheating.

    Really? Just one? What about:

    Bad design

    High prices

    Poor performance

    Steep system requirements

    Bugs

  • Want to fix this in gaming universally and quickly? Employ the usual detection methods then rather than banning (which just prompts signing up again under a different name) simply tag all their account information with an icon designating they are cheaters (I recommend a big scarlet C). Have it follow them around for a set period of time (1st offense 1 month, 2nd 6 months, 3rd 1 year, 4th lifetime). It sounds harsh but I would go so far as to extend the cheater flag to apply to any future account made wi
    • by delt0r (999393)
      Won't they just sign up for a new account with a big C on it?
    • by Ash-Fox (726320)

      Public embarrassment works much better than banning.
      The majority of cheaters I encounter in games are more of griefers which cheat to annoy you. Since these people tend to even wear provocative titles when they can such as "Chinese gold-miner clan", I don't really see how this will publicly embarrass them.

      After all, all I ever hear them say as a reason for doing that is, "It's just a game".

      Nope, I don't think "public embarrassment" will work.
      • by Dogtanian (588974)

        Nope, I don't think "public embarrassment" will work.
        It will if you go round to their house, and tell their Mom that you have something important for them- then when they haul their overweight ass up from the basement and stick their pasty, Cheetoh/Wotsit/whatever-stained face round the door, photograph them and show the world what a loser this person really is.

        I don't think they'd like that at all. :-)
    • Re: (Score:3, Insightful)

      by Charcharodon (611187)
      I'd rather have banning. A key ban is the way to go. Sure let them sign up for a new account, that'll be $50 please. If a person makes enough of an nussance of themselves follow it up with a credit card number ban. Sure most people have more than one card, but the truly cronic bastards would be face pretty quickly with a long time ban if they didn't straighten up.

      Personally I've been leaning back towards LAN parties. Cheaters are much easier to deal with, you just chuck an empty beer bottle at the

  • Except for lag macros that make you appear to be a few yards away from where you really "are" I haven't really experienced much in the way of cheating in WoW. It could be that I am just ignorant I guess, but their combination of Warden (ugh) and a strong client server protocol seems to be pretty effective.
  • by Colin Smith (2679) on Sunday July 01, 2007 @12:25PM (#19707931)
    You can't trust the person, you can't trust the hardware or the software you can't trust anything which comes back from the client machine.

    Da fix? A cross game registry of gamers with identities linked to real addresses and bank details. Something which all the online games can query, though I'd go with hashed values for bank details/address etc rather than real ones. You get caught cheating, you get marked as such. To get rid of the marking you need a new identity.

    Will it stop it? Mmm look at the athletes who take drugs, I doubt it. What getting caught would do though is ruin the gaming life in all the games which use the registry. Gaming environments could be split into two areas. One for trustworthy gamers, one for cheating scum.

     
    • Re: (Score:3, Interesting)

      by Renraku (518261)
      Valve marked me a cheater on Half Life 2/Counter-Strike Source (which is all one account) and refuses to mark me as not-a-cheater. I had not played the game in six months, only to come back to find myself banned. They then said all bans were final, and refused to let me know what servers/times/dates/logs/etc (aka evidence) they had.

      I guess I have to make a whole new account for when HL2 ep. 2 comes out so I can fucking play on secure servers again.
  • This may lead to anti trust lawsuits if games force you to have this as people will not like being locked in to Intel chip sets and high end games will not want to give up nvidia SLI chip sets for this. Also this may give a big boost to AMD in the AMD VS intel lawsuit as it is braking anti trust laws for Intel to not give this a way for free to other chipsets to use if this ends up being needed to play some games.
  • by dlleigh (313922) on Sunday July 01, 2007 @01:35PM (#19708557)
    Software that compares the input from the hardware with what the game sees? No problem: just make sure that the input comes from the hardware itself, and not from a piece of emulator software.

    I built a cheat box for GTA San Andreas soley because I am lazy. The game requires that the player have their character "exercise" in a gym in order to build strength and stamina. I didn't like the idea of abusing my fingers and keyboard by rapidly typing the necessary keyboard combinations, so I buit a box with three big buttons on it that emulates a USB keyboard. It emits the correct key combinations when I press a button. (NB: I didn't use a programmable keyboard because I'm a hardware guy and was playing with USB anyway. I like my form factor better and used actual arcade game buttons for feel and durability.)

    Want to run on the treadmill for the maximum allowed time? Press and hold a button. Want to lift heavy weights quickly and repeatedly? Press a different button. Yes, folks, I was cheating at virtual exercise.

    It actually gets worse. I got tired of holding the button down, so I set an old disk drive on it. Then I could just sit back and watch my character get buff. This was the ultimate in laziness: I was cheating at cheating at virtual exercise.
  • The question is whether this is effectively a keylogger. If the device does something like compute an MD5 of the last N mouse and keyboard events, readable by the game, that's fine. If it keeps the whole event stream and makes it accessible to any application, that's a major security hole.

    Not that it really matters. The future of commercial gaming is consoles and mobile devices, not PCs.

  • by rush22 (772737) on Sunday July 01, 2007 @08:22PM (#19711287)
    I was appalled at the recent PunkBuster update. Evenbalance has essentially installed a rootkit on my computer without my knowledge. The only reason I noticed is because my firewall suddenly lit up with warnings.

    Normally, PunkBuster is a .dll file in your game folder. However, this recent update downloads two .exe files and places one in the game folder, and one in your Windows system folder. PB says these are necessary only for players who want to bypass admin rights for people who play BF1942 or ArmyOps. Apparently so many people are playing these games on their office network and can't log on as administrator on their own computer that Evenbalance has sent out a rootkit with their recent PB update. The programs are mandatory for everyone, though, regardless if you are the administrator. Any player attempting to play on a PB-enabled server without these files, or otherwise blocking these files with a security program, is kicked for "Losing Key Packets" (PB often has trouble with accurate error messages).

    The executables are run upon startup of your computer, and run constantly in the background, regardless of whether you are playing the game. They also intermittently connect to the Internet and send data to Evenbalance's servers. Of course, the player has consented to this (and more) by agreeing to PB's voluminous EULA. In fact, if you read it carefully, players have consented to sending their entire hard drive and hardware information to Evenbalance at any time Evenbalance deems necessary.

    Evenbalance will tell you, as support team member Glenn (or someone imitating him) says on a game forum I found: "We're not trying to hide anything or throw anything by the user without his knowledge. These services are doing nothing when a PB-enabled game is not being played, other than waiting to see a PB-enabled game launched. When a PB-enabled game is not being played, we're not scanning your computer or internet traffic or anything of that nature."

    Though if you have any sort of firewall on your computer you'll know that that is either total ignorance of their own product or a total lie, as PnkbstrB.exe and PnkbstrA.exe do in fact connect to the Internet while the game is not being played. They also use a large amount of system resources for something that is only supposed to be a service waiting for a game to start.

    PunkBuster offers people the option of uninstalling these files, with something called pbsvc.exe which gives you an "UnInstall" option. This doesn't seem to uninstall everything, as the PB files are not only still present but still load on startup despite the uninstaller's "Uninstall Finished!" message.

    All-in-all, if PunkBuster cannot even get its act together to create an uninstaller, nor to inform its support team of what a rootkit they just installed on everyone's computer is actually doing, how can anyone expect PunkBuster to detect cheats and hacks? Private home-made hacks can already slip through PB's dragnet--the only ones they can catch are publicly available hacks Evenbalances finds on the Internet, the way a virus detector works, so I think it's pretty clear that the solution does not lie on the player's computer.

    Instead I'd say it lies in the programming of the game itself. Wallhacks and radar, for instance, wouldn't work if the server did not send the locations of non-visible players. A difficult task perhaps, and for only one kind of cheat, but it is a real solution. And it doesn't involve uploading my hard drive to Evenbalance and granting them access to information which, as EvenBalance's EULA says, "includes, but is not limited to, devices and any files residing on the hard-drive and in the memory of the computer on which PunkBuster software is installed"

The one day you'd sell your soul for something, souls are a glut.

Working...