Forgot your password?
typodupeerror
Games

Gabe Newell Responds: Yes, We're Looking For Cheaters Via DNS 511

Posted by timothy
from the but-maybe-you-were-just-visiting dept.
dotarray writes "Valve has stepped up to answer allegations that the company's anti-cheat system was scanning users' internet history. Rather than a simple, sanitized press release or a refusal to comment on 'rumours and innuendo,' Valve CEO and gaming hero Gabe Newell has personally responded." Newell or not, not everyone will like the answer. The short version is that Yes, Valve is scanning DNS caches, with a two-tiered approach intended to find cheating users by looking for cheat servers in their histories. Says Newell: "Less than a tenth of one percent of clients triggered this second check, accessing the DNS cache. 570 cheaters are being banned due to DNS searches."
This discussion has been archived. No new comments can be posted.

Gabe Newell Responds: Yes, We're Looking For Cheaters Via DNS

Comments Filter:
  • by pavon (30274) on Tuesday February 18, 2014 @11:20AM (#46275587)

    The biggest part of his announcement is that this checking is done client side; your DNS history is not sent to Valve. They also only record MD5 hashes that match the cheat sites they are looking for, not your entire DNS history. Finally, they claim to only check for DNS lookups of servers used by the cheat software itself, not just websites where you might read about and download cheats (although in some cases I imagine these could be the same), and use this as a second check after the client has already detected a cheat installed on you machine. So simply visiting cheat software websites without using them shouldn't get you banned.

  • Re:Still abusive (Score:5, Informative)

    by PhrostyMcByte (589271) <phrosty@gmail.com> on Tuesday February 18, 2014 @11:22AM (#46275619) Homepage
    The app is comparing DNS records with a client-side database of cheat sites, and if it finds a match sending it to Valve's servers for verification & ban-hammer. It's not sending every site you visit, unless the only sites you visit were via DNS records used by cheat developers.
  • by Anonymous Coward on Tuesday February 18, 2014 @11:32AM (#46275687)

    They did not look at DNS histories of your browsing... there are cheats that have their own DRM that phone home to the cheat server to make sure you paid for the cheat (/irony). All Valve was looking for was the phone home to the cheat servers, not your bloody porn searches, or even visiting a cheat website.

  • Re:Still abusive (Score:5, Informative)

    by ebrandsberg (75344) on Tuesday February 18, 2014 @11:33AM (#46275693)

    did you even read his response? They look for indications that the cheat is in play, THEN they check DNS as verification, and send a HASH of the dns name to their servers for comparison. This means they don't even see the actual dns name on their side, they can just check against known hashes of the sites the DRM used for verification. That is why it is two staged. Simple existence of the names in your DNS cache won't trigger the ban hammer.

  • Not really (Score:1, Informative)

    by Anonymous Coward on Tuesday February 18, 2014 @11:34AM (#46275703)

    Not cheat sites. Specific non-web servers that the cheat software "phoned home" for authentication, since cheats are paid software and therefore have their own DRM. Valve was never even made aware of anyone just browsing a cheat site.

    It should also be noted that VAC no longer does this check, as devs of cheat software have figured out how to manipulate their clients' DNS cache.

  • by DarkFencer (260473) on Tuesday February 18, 2014 @11:36AM (#46275729)

    Assuming Gabe is being truthful when he states that this is a secondary check triggered by some other evidence for cheating, then just visiting these sites wouldn't be enough.

    Its suspicious activity (reported by players? detected through other methods? not sure) that triggers the additional check(s).

  • Re:Still abusive (Score:5, Informative)

    by Zembar (803935) on Tuesday February 18, 2014 @11:37AM (#46275739)

    He specifically says that it doesn't care about what web sites you are visiting, it's the adresses to the cheat DRM servers it looks for, to detect if a cheat has dialed home from that computer. It only checked this if the account was already suspected of using the cheat.

    So, in an impressive turn of events, many cheats now include DRM and anti-cheat codes. These phone home to a DRM server that confirms whether or not a cheater has paid to use that particular cheat

    Also, he says that since the cheats invented countermeasures to this in just 13 days, they already stopped doing it. The summary is quite misleading. (Not necessarily a big surprise on slashdot...)

  • by newcastlejon (1483695) on Tuesday February 18, 2014 @11:39AM (#46275759)

    It's not an issue of viewing cheating sites; Steam is looking for DNS lookups performed on DRM servers (not the Steam ones). Many cheats are paid-for so, in a cruel twist of fate some might say, they use DRM to check if the cheater has paid for the priviledge of doing so.

    gaben himself has said that this tactic only lasted a matter of weeks anyway, until the cheatware started futzing around with the player's DNS cache to avoid these checks.

  • by Pricetx (1986510) on Tuesday February 18, 2014 @11:40AM (#46275781)

    One point that I don't think a lot of the commenters aren't getting, is that it isn't the actual "cheat websites" that are getting detected by this system, the system doesn't even check for them.

    As Gabe explained, most cheating software uses DRM, similar to that of games themselves, which "phones home" to the cheat software publishers to ensure that all of the users of the software are actually paying for it. These "DRM servers" will have their own domain names, and it's these domain names which VAC is looking for. This is to avoid flagging people for simply having visited the cheat website.

    It's also worth pointing out that this check is only triggered *AFTER* VAC has already detected that the player is cheating through other means, it can be thought of as a second factor of cheat authentication. This means that players can't get "tricked" into being VAC banned by having malicious javascript on a website causing their PC to perform DNS lookups on these blacklisted domains, as they won't even be checked by VAC unless the player is detected as cheating through other means.

    That being said, there's always the possibility of false positives, and if you combine that with malicious javascript mention above, you could just be incredibly unlucky and accidentally get VAC banned.

  • by Anonymous Coward on Tuesday February 18, 2014 @11:41AM (#46275795)

    Why couldn't they just MD5 the files for the actual game, to verify that they match with the official binaries? Seems a lot less intrusive, and less potential for abuse.

    A lot of anti-cheat systems already do things similar to that, but it only catches one category of cheats. It doesn't help so much for cheats that change the game after it is loaded into memory, ones that change behavior of the video card that make things easier to see without touching the game, and ones that help control inputs without editing the game.

    maybe I like to visit the sites that teach you how so I can understand what that means;

    Then this check won't flag you, because that is not what it is looking for. Various cheat programs these days have their own DRM system because the makers want to make money, yet know what type of crowd they are dealing with. The anti-cheat software is said to be checking for connections to the DRM validation servers for known cheats, not to websites by or about the cheats.

  • RTFA (Score:5, Informative)

    by Grantbridge (1377621) on Tuesday February 18, 2014 @11:44AM (#46275831)
    From the actual article: 1)This is no longer in operation, it was only running for a couple of weeks in the constant cat-and-mouse game with cheat developers 2)It was targeted at the DNS for DRM servers which cheat authors used to SELL cheats to PAYING customers. The system simply reported if the MD5 hash matched the DNS for the known cheat DRM servers, once the cheat had been detected during gameplay already. The DRM servers were not running a website.
  • Re:Still abusive (Score:5, Informative)

    by Anubis IV (1279820) on Tuesday February 18, 2014 @12:04PM (#46276051)

    So you can't be good at video game and curious about technologies at the same time?

    You can be, actually. As Gabe pointed out, the cheats these days have DRM installed to ensure that users of the cheat are actually paying for it. VAC, if it detects indications of the cheat, checks to see if the DRM's phone-home servers are in your DNS record, then sends back hashes of those servers for verification in Valve's system. It was made pretty clear that merely visiting the site for a cheat to check it out, whether intentional or accidental, would not result in getting flagged for the DNS check, let alone getting banned. Even purchasing the cheat would not get you banned, in and of itself.

    Basically, the DNS check only kicks in after you've purchased a cheat and used it in a game, at which point you've crossed the line from mere curiosity into abuse, and even then, they weren't banning people immediately, but rather doing the DNS check for final confirmation of cheating activity. And even then, it's only looking for the phone-home servers, not the web servers, used for those cheats, so people who were merely good players and had looked at the servers for the cheat without ever installing and running it would be perfectly fine.

    So...what's your gripe then?

  • Re:Still abusive (Score:5, Informative)

    by wagnerrp (1305589) on Tuesday February 18, 2014 @12:04PM (#46276053)

    I don't care what it is sending or not sending to Valve. It's still an unnecessary invasion of privacy. In fact, its so easy to circumvent that I have a hard time believing that he is even being honest about why they are looking at the DNS records to begin with. How hard is it to clear my history, browse in Incognito mode, or do all of my cheating on a separate machine or in a VM? Trivial.

    It's not your web browser accessing cheat websites, it's your cheat software itself accessing its servers. Clearing your history or browsing in Incognito mode won't do anything. You cannot use a VM, since the cheat software must be run on the same machine as you are running the game (and VAC).

    And in fact, it may incorrectly flag me as a potential cheater anyway. I have looked up exploit information for games. I did not look in order to cheat at the game, but because I kept running into people who were not being busted for cheating and I wanted to know how they were exploiting the game. I was looking for a better way to tell when someone was cheating, not to actually cheat myself.

    Then it will not flag you as a potential cheater, since you were not running the cheat software to access the DNS entries in question. Further, it would never flag you as a potential anyway. This mechanism is only triggered after some other behavior has already flagged you as a potential cheater. This is a confirmation mechanism.

    While the basic idea of a piece of software accessing and reporting this information, at least in Valve's public explanation of what they were doing, it was entirely in good faith.

  • by Yosho (135835) on Tuesday February 18, 2014 @12:14PM (#46276163) Homepage

    Please go on. Tell us how Mr. Newell's lack of technical skill has anything to do with "Battlecraft."

    By the way, you should at least learn the name of the service you're complaining about before you continue to make yourself look like a complete moron.

    (Hint: It's Battle.net, and it has nothing to do with Valve or Steam)

  • Re:Still abusive (Score:5, Informative)

    by Baloroth (2370816) on Tuesday February 18, 2014 @12:54PM (#46276691)

    That's all fine and well and I don't have any problems with that... provided that system is ONLY activated for multi-player games. If I - or anyone else - wants to cheat in a single-player game (even if the game itself has multi-player, but the cheating happens in a single-player campaign) that's my - or their - own business and nobody SHOULD be able to prevent anyone from doing that, let alone BAN based on that.

    VAC is only activated in multiplayer games that support it, and usually only on VAC-enabled servers (in fact, you can find servers for many of those games that explicitly permit cheats). Some games only support VAC servers (specifically, some of the CODs), but those are exceptions.

  • Re:Still abusive (Score:5, Informative)

    by Baloroth (2370816) on Tuesday February 18, 2014 @01:11PM (#46276901)

    That would be me choosing to enlist my private sensors in a service that is specific to the use of those sensors.

    Except in the case of VAC you did choose to enlist the use of VAC to prevent cheats, specifically, when you connected to a VAC enabled multiplayer server. VAC isn't some generic thing Valve sticks on all Steam games, you know: it's only enabled when you connect to a server that is VAC enabled (which is in every game I've player very clearly marked as such). You don't want VAC poking around on your computer? Don't play on a VAC server.

  • Re:Still abusive (Score:4, Informative)

    by jandrese (485) <kensama@vt.edu> on Tuesday February 18, 2014 @01:23PM (#46277059) Homepage Journal

    Explaining something does not justify it. They should not go rummaging through my computer. Period.

    You do understand what Valve Anti-Cheat is trying to do right? By definition it has to go rummaging through your computer to find third party cheat applications. If you don't like this, then you need to play games that don't have anti-cheating measures in place. They're a little hard to find though, because those games online communities tend to be destroyed by the cheaters.

  • Re:Still abusive (Score:4, Informative)

    by Rakarra (112805) on Tuesday February 18, 2014 @01:37PM (#46277311)

    So are you saying that if I go through your mail and send the contents of anything that looks sketchy to someone, that's bad... but if I translate the contents into a different language before I send them, that's OK?

    Oh, if the FBI had evidence that you'd, say, been sending letters to terrorist cells, then yes, I think it would be totally reasonable for them to go through your mail. If they had no such suspicion, no, that wouldn't be reasonable. That's the analogy that (somewhat works).

    What they SHOULD be doing is downloading their hash list to YOUR computer, comparing THEIR list against your cache, and setting a flag if there's a match.

    As every game company knows, the server should not expose any information to the client that you don't want the user to know, whether the software will tell them or not. Valve likely does not want the list of websites to get out, as not finding your favorite website in the banned list means you can view it with impunity. I wouldn't trust the public key security (all they have to do is mess it up), so why should they bother when they can run the checks server-side instead?

    Of course, if it's done locally, then all it takes is a quick hack to get around the detection system, and they're no further ahead. But now that the system is known, all people have to do is flush their DNS cache prior to playing and THIS system is stymied too.

    That's true, the system will only catch the unwary cheater.

  • Re:Still abusive (Score:3, Informative)

    by vakuona (788200) on Tuesday February 18, 2014 @01:39PM (#46277331)

    You are using their service. You agree to their terms. Don't like it, don't use their service.

    They are only looking out for their honest customers who would otherwise be affected by the cheating that would go on, and who may then decide to leave and not return.

  • Re:Still abusive (Score:5, Informative)

    by DrGamez (1134281) on Tuesday February 18, 2014 @02:05PM (#46277759)

    This is incorrect on a few levels.

    1. This isn't beyond curiosity. Just because I read about Hitler and the Holocaust doesn't mean I have more than a passing morbid curiosity in the history.

    2. You can be really good AND visit these sites all day. Unless VAC trips on you (and being "really good" never gets you caught, they look for specific actual hacks and vectors, not just some K:D ratio), it will never check your DNS.

    3. The DNS entry it's looking for isn't "www.hacks.com", it's looking for the call-home function of the hack itself; because hackers don't pay (imagine that) the hacks themselves need DRM.

    You have to be caught by VAC (using a hack) and then you need to have a current call-home function to a known hacking service/program to get tripped up by this. That's why it "only" caught ~500 users, this isn't some massive dragnet to ban anyone who's googled the words "counter strike hack".

  • Re:Still abusive (Score:4, Informative)

    by batkiwi (137781) on Tuesday February 18, 2014 @05:03PM (#46279681)

    You can still play your games without using VAC.

    You can still play your games ONLINE without using VAC.

    You simply cannot play on VAC enabled servers (run by the community, not by valve) without using VAC.

Never buy from a rich salesman. -- Goldenstern

Working...