Fighting Online Game Cheating in Hardware

Monk writes "Multiplayer games these days have one problem. Cheating. Cheating is out of control because of failed attempts by software such as Punkbuster, and VALVe's Anti-cheat (VAC). Now it seems that could change change with Intel's own Anti-cheat Software/Hardware."

there is no technological fix

[circletimessquare]

for a social problem

anything designed by a man can also be broken by a man

the only remedy for human antisocial activity is human social activity. no technology will change that fact. and if you think it can augment those who intend good, then you're right but you must also bear in mind that it can also augment those who intend evil

this applies to security cameras, file trading on the internet, etc. as well as game cheating

The problem with anti-cheat software..

[Animaether]

..is that the server, at some point, has to trust the data the client is sending. Now there's client-side anti-cheat software that will do things like try and make sure that external applications (not entirely unlike the old TSR cheats of lore) aren't altering the data in RAM before it sends the info back to the server. But that client-side anti-cheat software can-and-will be defeated. Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

So the only proper anti-cheat lays with the server. But there you hit a problem. You can, for example, prevent some cheats that way. Somebody lobs 2 nades while the server knows he only has 1? Cheating. Somebody moves all over the screen, faster than the player can actually run? Cheating. Wait - or a laggy connection.. or a bug. Tread with caution there. Caution means a margin. A margin means a margin for cheating. Okay, so you don't have your cheat make your player run at 200% - you just make him run at 105%. Still an advantage, and the anti-cheat won't catch it because of the margin. And even when you can detect all the -technical- cheats (more ammo, faster reloads, increased speed, greater jetpack fuel (if there's any), that leaves you with the cheats that cheat the User Input. Aimbots and the like - which can be extremely difficult to detect.

In the end, you can't 100% prevent cheating. But you can make the landscape unattractive enough to cheat in by at least trying to prevent it and having an actual human being look at suspicious behavior from time to time.

( I admin at one of the more popular Soldat servers - we're virtually cheater-free because the cheaters know they'll be busted in no time and their cheating fun ruined by us /kill'ing them (rather than banning - as they'll just be back) and ousting them in public. )

Re:

[Reziac]

You make an important point: "ousting them *in public*."

Fear of embarrassment after being caught is a powerful anti-cheat motivator in school, and I'm sure it works just as well in a game environment.

Re:

[Splab]

Don't know where you are from, but here it would be illegal to ousting people in public for cheating in school, what will happen here is all your exams get voided for the year. Second time it happens you get thrown out.

Re:The problem with anti-cheat software..

[Catil]

As far as casual public server playing goes, there might be another solution: Statistics.
40% aiming accuracy? Too good. 5 headshots in a row? Too good. etc.
It wouldn't even have to have anything to do with cheating, actually. The message a detected player would recieve would be something like this: "Sorry, you are already too good for this server, it's low-skill only. You will be kicked in 5 seconds, so the noobs here will have more fun in a more even and fairer game. Feel free to play on our mid- or high-skill servers over here."

Re:The problem with anti-cheat software..

[Bombula]

And the high-skill servers will be like SNL's All Steroid Olympics. Why not? Same with MLB. Who cares if people cheat - as long as everyone is cheating, it's still a level playing field.

Re:The problem with anti-cheat software..

[Kjella]

Except the people using aimbots and the like aren't interested in skills - they're interested in the feeling of being invincible, to tear through a map like a mean Rambo look-a-like. Put the cheaters together and they'd have no fun. So what they'd do is find ways to do it anyway, while the good players will get banned by any other name. What are you going to do, start banning people for winning too clearly? Sure, that's incentive... get too good and you get banned on every server except the garbage heap of cheaters, woohoo.

Re:The problem with anti-cheat software..

[Ash Vince]

I play americas army alot on the net. At one point I was out of work and pretty much played full time for 2-3 months. By then end of that period I got more hacking acusations than you can shake a stick at. I even got banned from a few servers. I have never cheated. The truth is that really good players get headshots first time, almost every time.

In the end I settled on playing on one or two public servers run clans. That way they knew who I was, trusted me not to be cheating and let me carve through people when I was on a good run. That way admin would usually explain to noobs I wasnt a cheat when the acusations started to fly.

I also changed my name to Nohax for a laugh but that was only after I got the hacking acusations.

The truth is though that human admins are the best anti hack method. If you got caught cheating on their servers you would probably get a lifetime hardware ban. That means your PC gets banned, not you account name or anything. I don't know how it works but it is effective as I have heard people complaining they downloaded a hack for a laugh and then could never play again until they bought a new PC.

Re:The problem with anti-cheat software..

[apoc.famine]

You hit the nail on the head. We run our own UT2k4 server. We occasionally get decent players on. We also occasionally get people who magically get 6, 7, 8 kills in a row in on people that they can't see, or as they round corners. If someone seems just too good to be true, they get the banstick. Have we possibly banned people for just being super-good players? Possibly. But there are a couple hundred other servers for them to play on. Have we banned downright cheaters? Yep. My favorite was the kid in igib Hall of Giants - if you know the map, you'll know how amazing it is to get a "HOLY SH*T!" twice in a row. Yeah, that's 16 kills in a row, with a max of 3 seconds between each one. All the more impressive was that he did it from...the bottom of the map...and shot someone directly above him in the air immediately after shooting someone on the ground, and then immediately shot someone behind him and to the side. I was spectating for the second round of kills, and most of the people who died you couldn't see, due to the distance limitations. Many were nearly 180 degrees apart from each other at huge distances, but they were located and killed in the span of a second or so. Not overly hard to justify a ban for things like that.

Re:

[brkello]

This seems like a horrible idea. Maybe it appeals to those who suck at the game...but then what is the point? You already have a filter that does this. Go on different servers and find one the suits your skill level. You don't need statistics to kick you if you have a lucky game. Besides, people would just find out the rules and play around them...making sure they empty their clip in to the wall before they get out of their spawn or purposely miss that next head shot.

Fine, use statistics to detect che

Re:The problem with anti-cheat software..

[PachmanP]

Conversely, servers that better players frequent would be more likely to recognize and bust cheaters. Whereas the n00b servers, people would be more likely to just think the guy was really good, die alot, and give up on the game.

Re:The problem with anti-cheat software..

[fractoid]

This would punish cheaters, sure; but it would also punish those who just happen to be good (on that map in my case).

To be honest, I don't care whether they guy that headshots me 5 seconds before I see him, every single time, is cheating or is just really good. Either way it makes the game suck for me, and it presents no challenge for him. Users *should* be grouped by ability level (whether natural or assisted) so that everyone can actually enjoy the game while they're getting good at it. Surely you didn't have as much fun 'owning noobs with your leet sniper skillz' as you would have playing against equally skilled players?

Re:

[vertinox]

Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

I can't seem to find the article somewhere, but I remember John Carmack said in an interview the only way to truly get rid of online cheating was to simply have the server generate the video feed and stream it to the client and had the client only send pure keyboard mouse controls.

I might be mistaken that he was alluding to the

Re:

[RegularFry]

And that *still* doesn't get rid of aimbots.

Re:

[lena_10326]

And that *still* doesn't get rid of aimbots.

It would get rid of aimbots.

In order for an aimbot to work it needs access to the internal game state, particularly positions and velocities of objects in the game, which it can gleam by analyzing the data packets between server and client or by accessing in memory game data.

If all you have is a video stream, the aimbot has access to no game state. The best it could do is try to recognize objects on the screen by pixel patterns (screenscrape), which I doub

Re:

[ensignyu]

Most games with a dedicated server (usually FPS) already validate everything -- or more precisely, the only thing you can do is enter keystrokes and mouse movements. I'd actually call it particularly bad design if you don't do something like that -- although maybe at a higher level.

One problem is with non-dedicated servers like for RTS games, where one of the players hosts the server. You really have to trust that player not to cheap by manipulating the server.

Alternately some games use a P2P model where ea

Re:

[brkello]

The only problem with that is a lot of the time the admins just aren't very good players. They are unable to tell a good player from someone who is cheating. I know my brother and I have been banned from many CS servers by admins who can't believe we can play like that. The sad thing is, I am really not that good. Just the admins have no idea how bad they are.

Re:

[SanityInAnarchy]

Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

In order to defeat TCPM, you can:

1. Fool the TCPM chip itself into authenticating something that isn't properly signed. Probably can be made impossible.
2. Crack the authenticated software, while it's executing -- something like a buffer overflow. Difficult, and is impossible with perfect software. Perfect software is not impossibl

Re:The problem with anti-cheat software..

[Sigma 7]

This is why you won't find cheating in a good RTS or MMO, the server or peers can run everything in parallel.

Actually, there are easy ways to cheat in RTS/MMOs:

• Maphacks/wall hacks allw you to see through obstacles. This obstacle is FoW in RTS games, and due to their nature, most RTS clients tend to be syncronized and require having a copy of the game.
• MMOs can be botted. While not "cheating", it is an unfair advantage since it allows you to get powerful players more quickly than what is normally accepted.
• RTSs, as they generally need a copy of the game state on each client, can have critical information about other players displayed (e.g. how much resources they have/spent.)

Maybe the AI could run on a cheater's system, but I have never seen good AI in an RTS.

The AIs you see on most RTSs are lobotomized - they are written to be "good enough", whether it's through scripts or through randomness.

As an example, look at Starcraft - while the AI is relativly strong for new players, it is weak compared to the "build orders" that are posted on various websites, which are then memorized by master players. There's no reason why this can't be placed in an AI to make it stronger.

Another example is Galactic Civilizations (which isn't an RTS, but the same concept applies.) In most difficulty levels, the AI is crippled but is still a threat to most players - the only "cheat" is that it knows the location of good planets (which isn't much of an issue, since they were probing the universe before your race invented hyperspace). The threat is caused by the economic optimization - it picks the best tax rates and maximizes production efficiency. As a side note, there were reports of the AI somehow bypassing tech tree requirements - this complaint was eventually resolved, either through a patch or by identifying how they did it (e.g. tech trading with other races.)

The AI discussions were common with the game Total Annihilation, as it was the only game at the time that allowed AI patching. No matter how well you made your AI script, it was limited with implementation bugs - for example, the AI engine had a failsafe in case the script was faulty (or if it got nuked) where it would start building resource production on an economic shortage, but would never turn off the failsafe. Another bug would be the "5 peewee" rush, which could paralize the enemy AI commander and kill it.

It's not a lack of technology that limits RTS AIs - it's the lack of implementation. There hasn't been any serious attempts to make a strong AI.

Re:

[robpoe]

So, you're going to make the cheat developers jump ahead. Instead of injecting their software into the wall code, they're going to have to inject their software into the anticheat code, to pass keystrokes into it as it shoots the guy down the alley..

Why waste money with this? Blizzard's Warden is pretty robust from an anticheat stand. Ok, sure, it's spyware too. http://news.bbc.co.uk/1/hi/technology/4385050.stm [bbc.co.uk] - See this or google Blizzard Warden spyware .. of course don't mind the lag that Warden ca

Anti-cheat systems are flawed.

[Angelwrath]

All software anti-cheat systems are flawed because they include things other than cheating. I get kicked by Punkbuster for high ping on gaming servers.

The trouble with anti-cheat systems is that the developers have no ethical standard. They tolerate inconveniencing legitimate players to ensure that the cheaters are stopped as well. The law would see things differently. The law believes in letting some criminals go to ensure that it never punishes an innocent man. Flawed though it may be, it works far more o

Re:

[smallfries]

Dirty lagging cheats like you should get kicked from servers... :)

Re:

[Kjella]

To go back to classic crime term "Motive, means and opportunity". You can either try to take away their motivation, take away the means or take away the opportunity. Time and time again we've shown that to change human nature is very very difficult. To take away the means is usually to take away the tools, which are usually overbroad and takes away legitimate uses. Taking away the opportunity is usually the most appropriate and effective.

I have a lock on my door. It's to take away the opportunity. It's a lo

Re:

[rtechie]

Time and time again we've shown that to change human nature is very very difficult.

Nonsense. You may have noticed that people are no longer urinating in the streets, as was customary 100 years ago. Your average 3-year-old today behaves better than adults did a century ago. There's all that civil rights stuff too. Contrary to what some people seem to think, human behavior is in fact extremely malleable.

Online cheating is not "human nature". It needs to be considered "socially unacceptable" to cheat and there needs to be tangible punishments associated with doing it. Take the behavior of p

There /is/ a Social Fix

[Morosoph]

I play Sauerbraten (and occasionally ActionCube, now AssaultCube) online. Both feature mastermode. Since there are far more honest players than cheats, you simply join a server and assume mastermode if no-one has already taken it.

It works really well, except that people aren't sufficiently willing to assume mastermode. All the same, serious gamers do do so, so 'serious' games aren't disrupted for very long.

Re:

[AnonymousDivinity]

there is no technological fix for a social problem. anything designed by a man can also be broken by a man.

I don't know about you, but I for one like having locks on my doors. Are they 100% perfect at keeping determined individuals out? Of course not. But that's not their purpose. These kinds of measures merely need to make an activity "not worth it" to those who have some motivation (the aforementioned societal problem). Economic deterrants do work well, at least on a statistical basis.

As for chea

In the context of gaming...

[Eric Damron]

I don't agree with your "social problem" fix thing. Cheating is both a social problem and a tech problem.

Given enough bandwidth and computing power on the server end cheating can be stopped or nearly so. This is a rather hypothetical statement, however, because I don't see either of those requirements coming in my lifetime.

Cheating is enabled mostly because the server must provide too much information to the client so that the client can do it's own calculations thus reducing the workload for the server.

Re:

[kahei]

It's true -- not because of technological limitations, but because of the nature of the problem.

The problem is:

"People keep subverting or working around the technical infrastruture of this environment."

The solution can never be:

"Change the technical infractructure of this environment." ...because they'll keep right on subverting it.

I'll tell you whut, though -- before they nered the whole system into another 'run round and shoot everything and get bored' game, there was a working solution for Day of Defeat.

Re:

[The Clockwork Troll]

The social problem has an obvious solution: accountability.

If banning of an anonymous ID is the worst any cheater might endure, and they know it, they're going to operate as you would expect someone with impunity to operate.

The obvious solution has obvious problems. The social solution leaves a worse taste in our mouth than cheating. That's why we're chasing it technically.

Re:

[mcrbids]

there is no technological fix

... like a safe

for a social problem

like theft

anything designed by a man can also be broken by a manm

eventually

the only remedy for human antisocial activity is human social activity. no technology will change that fact. and if you think it can augment those who intend good, then you're right but you must also bear in mind that it can also augment those who intend evil

So why do you lock your car? Front door? Why do you have a PIN for your bankcard? Why do you have a password?

You'r

STOP MODDING UP MEANINGLESS SHIBBOLETHS, PEOPLE.

[mumblestheclown]

For fark's sake people. A statement like "there is no technological fix for a social problem" is just important-sounding nonsense. Really? We seem, after all, to have prevented the problem of people physically reaching out across the internet and strangling people... I have yet to see anybody do this (as much as I'd like to sometimes). Parent poster completely ignores the obvious problem with his arguments: that ALL defense mechanisms are not about absolute defense, but about reducing the rate of successful attacks and/or increasing the barriers to entry (such as technical sophistication, equipment, time, etc) that an attacker must invest in to be successful. Security guards and alarm systems do not prevent all bank robberies - but it is safe to say that there would be more robberies if those things didn't exist. Same here. You may have technological issues as to exactly how much such a hardware defense would decrease the amount of cheating, but it seems fairly obvious that, if implemented, this figure would be greater than zero.

Re:

[IamTheRealMike]

It's also not really true. VAC and PunkBuster were indeed beaten, largely because the companies behind them weren't willing to put the required effort in (VAC went for long periods with no updates at all). Companies that put more effort in and know what they're doing, like Blizzard, have successfully fended off things like WoW!Sharp with anti-cheating software.

Re:

[mikael]

how would you cheat in a game of NetHack, played through telnet on a remote server such as nethack.alt.org, without access to that server?

A nethack playing bot?

Or maybe a simple 'telnet/ssh' session that could do useful things like predict the direction of where a wand ray is going to ricochet.

Re:

[Dogtanian]

Anything designed by a man can also be broken by a man? I guess that means all strong crypto schemes were invented by females?

I was thinking along those lines too; not a good argument. He'd have been better off pointing out that the main problem with inventing "secure" peripherals is the same one that bedevils all "secure" devices- the owner still has to have the encryption/decryption key or technology in their possession.

At its crudest, what's stopping someone from wiring up the keyboard to.... anything they like?

Re:

[UbuntuDupe]

Creative interpretation of game data can be cheating. I remember a while ago (and I'm by no means an expert game hacker) I learned from a site how to change properties of objects in Halo. I used that to make the walls transparent so I could see people coming around a corner and behind walls. It made flag camping pretty easy, and I held off a veteran CTF team for about 10 minutes.

Now, you're right that the server could control more, so it decides what you can and can't see, for example. But this is hardl

Re:

[NeverVotedBush]

But as you load the server with more than just telling everyone where everyone else is and such, you now make the server have to be more powerful and maybe even exotic to be able to be simultaneously monitoring every player's environment, making decisions, checking for cheating, etc.

Re:there is no technological fix

[EsbenMoseHansen]

In an online chess game, where the rules are fixed, I would challenge you to trick the server other than by hacking it. There is two things: Game data and interpretation of this data.

There are at least 2 possibities: Changing the rendering of the incoming data in a favorable manner (e.g. highlighting opponents, pickups or what-have-you) and having a custom client that plays or help you play. The classic example is the aimbot, that is a client that helps you aim your shots.

Re:there is no technological fix

[irc.goatse.cx troll]

latency of two moving people around some obstacle means you either let them both know where eachother is before they should be able to render, or you'll be able to induce lag to allow yourself to teleport around the game which is just as bad.

Then theres issues of "can it be seen through?" for example when I replaced all fences (which in a real engine blurs to solid after some distance). Is it cheating to tweak your drivers with rivatuner to change how it blurs them so you can see through them? What about replacing the texture with an empty texture?
Replacing the enemy models with sold colors?

Even defining cheating with 100% accuracy is impossible, saying you can stop cheating is laughable.

Re:

[MrMr]

I think you will find that North Korea for instance has succeeded in combining hardware/software in precisely such a way.
Don't underestimate human ingenuity in either direction...

It's not going to happen.

[Dogtanian]

wouldn't the next step to be switching games back to a boot system. Think how great it would be to not have worry about all the OS cycles being used. Booting into a game would allow the game ULTIMATE control over what software is run. If anything it could be used for tournaments.

That wouldn't work with anything other than a very fixed set of hardware. Even Amiga games frequently stopped working when newer machines came out with minor hardware updates (e.g. A500 to A500 Plus, not a major difference, but it still caused problems). They bypassed the OS back then simply because the speed advantage it gave easily outweighed the extra hassle and compatibility issues.

But technology has moved on. For one, hardware is far more complex these days. The idea of having to hit modern hardware

Re:

[SanityInAnarchy]

Sibling is wrong that you'd have to duplicate XP. You'd have to duplicate Linux, because it'd be a HELL of a lot cheaper than licensing XP, or developing your own drivers.

But here's why that's a bad idea:

1. Modern OSes are fast. You're really not losing a lot of cycles to the OS, compared to what developers willingly throw away in order to make development easier -- many games have significant chunks of the game logic written in a scripting language.
2. It can be nice to multitask with a game. For example, I r

Add the cheats as features to the game

[Slim Backwater]

How about just adding cheats as elements to the game? Players like radar? Add it. The ability to see through walls? Auto aim, auto trigger? Make them power ups. Don't fight it, integrate it.

Re:Add the cheats as features to the game

[boaworm]

Because many of these games aim to be realistic, that's why people play them. Adding an "aimbot" as a powerup is not something that would have happened the 101:rd airborne when they dropped down over normandy, so when you play that scenario, neither do you want it or should have it.

Re:Add the cheats as features to the game

[Saville]

Attempt 1) get shot down
Attempt 2) get shot down
Attempt 3) get stuck in tree and then shot
Attempt 4) get shot down
Attempt 5) get stuck in tree and spend 5 minutes press the 'escape' key then get shot on ground
Attempt 6) get shot down
Attempt 7) kill some nazis then get shot
Attempt 8) get shot down
Attempt 9) get shot down
Attempt 10) get shot down
Attempt 11) get shot down
Attempt 12) be sneakier and kill more nazis then get shot
Attempt 13) download FAQ and type special 'idkfa' cheat and walk around like Rambo and have more fun playing the video game as escapism where you become a hero. You've just had your fill of realism, now you want entertainment. You want to play the role of the top 1% that didn't die or get wounded instead of just another peon.

Re:

[Anonymous Coward]

Yeah, make an FPS game where everyone automatically has immortality, omnipotence, omnipresence & every conceivable weapon.
Sounds a lot of fun.

Re:

[Blakey Rat]

Oh yeah, Diablo II online was SOOO FUN. You have to install an anti-cheat hack to undo the cheat hack that someone installed to undo your last anti-cheat hack. Everyone spent more time hacking the damned game than playing, and nothing in the game was worth anything. Do not want.

Mod me offtopic...

[SanityInAnarchy]

Is that a reference to the horrible, horrible, Chinese pirated Attack of the Clones (subtitled in english-chinese-english translation)?

That always cracks me up. Vader's "NOOOOOOOO" becomes "DO NOT WANT!!!"

Re:

[Blakey Rat]

I think that was the origin of "Do not want," but it's in regular use on a ton of websites now, especially Fark.com where it's often used in comment threads and sometimes headlines. Also, a lot of "LOL Cat" images have incorporated it. It's just a popular meme at the moment.

Wrong term.

[khasim]

How about just adding cheats as elements to the game? Players like radar? Add it.

The players don't like radar. The cheaters do.

Following your logic, the game would offer the ability to instantly kill any enemy, at any range, automatically. Regardless of intervening obstacles.

Yeah, that sounds like a fun game.

Cheaters want those because cheaters don't want to play by the same limits that everyone else does.

Re:

[Cylix]

Because someone would come out with an anti-aim, anti-whatever and turn all of those new features off.

You just can't win with these damned kids.

Re:

[sheetsda]

I think it would be more interesting to create a game that was specifically designed to be hackable ten ways from Sunday. The objective of the game would be to develop the best program to play the game.

Re:

[kasperd]

The objective of the game would be to develop the best program to play the game.

That kind of games are fun for those of us who know how to code. Most of the gamers out there wouldn't stand a chance in a game that involved coding in order to play it. But there still remains a few questions, do you run the program on your own machine talking to a server? If so, is the program supposed to play by itself, or is each player going to be a person and a program cooperating? Are people with a beafy machine and a fas

*sigh*

[Verte]

The Quake fiasco [catb.org] has already taught us plenty about this: don't trust the user.

Wall hacking

[Anonymous Coward]

It appears to be yet more DRM designed to ensure that peripheral inputs match those received by the game.
This does not address the issue of cheats that allow the player to have information that he would otherwise not have, such as seeing through walls. Nor can it detect proxies.

Like all DRM, it sounds like it will cause legitimate users more problems than it will cause to cheats and crackers.

Re:

[saibot834]

I don't think DRM is the solution to multiplayer cheating (I use the term 'multiplayer cheating' to distinguish between legitimate cheating against bots and cheating while playing against other players). Like all the copy restrictions show us, any DRM restriction can and will be cracked sooner or later.

There is another way to stop multiplayer cheating: Don't give the client information. Why are you able to code a wallhack? Because your computer knows where the enemy behind the walls is. DRM doesn't work, so

Not in the game anymore

[Joebert]

Nobody seems to care how good a game is, "the game" is all about finding ways to cheat no matter which game you're playing.

Re:

[illegalcortex]

Not really. The real problem is that there's always a small minority that wants to cheat. They drive off the large majority that just want to play a good game.

Re:

[Joebert]

If only it were a small minority.
If you get anyone away from other people, they'll cheat if they know they can get away with it.

Nobody cares about the game, they just want to win & they'll do anything to do it as long as they know they aren't going to get caught.

That's just what I see happening.

Re:

[qlayer2]

I play multiple online games, with punkbuster support- and the simple fact is that 99% of the people cheating are untrained dupes who download trainers which also contain a number of viruses, and they aren't doing it to get an advantage in the game. They are just doing it to get a rise out of the honest players. The 1% that are smart enough to write their own scripts and use it for an advantage, are usually terrible enough at the game that their "advantage" doesn't matter much anyways. Most respectable s

It seems rather futile though..

[boaworm]

The whole concept of anti-cheating is based on making a chip comparing input on mouse/keyboard to input into the program.

So how about:

1: Software that wraps this chip, and returns "true" all the time ?
2: Cheats that does not emulate keyboard or mouse input ? (like radars, spike skins, you name it)
3: Software that generate keyboard/mouse interrupts ?
4: The fact that someone would not buy a CPU/MB with anticheat stuff in it if you intend to cheat. You'd just have a dummy driver emulating this hardware or something.

This only seems to be able to solve a very small portion of cheats.

It's not futile; it's extremely dangerous...

[Erpo]

...because most people who think they understand the nature of Trusted Computing are dead wrong.

In theory you are perfectly correct. There's no sense in trusting data coming from the client. Any hardware or software added to the client's machine to make it disobey its owner can be circumvented.

In practice, the bad guys have come up with a way to make this circumvention difficult and expensive. Here's the basic outline for trusted computing:

* A small chip called a TPM is added to your motherboard. This chip

Re:

[rtechie]

So you can't "wrap the chip in software" like you suggested. Your software won't have the necessary private keys to produce authentic-looking reports from the TPM. You could definitely physically break open the chip and try to extract the private key. You might even be successful if you've got a lot of equipment and education. But that would have to be done on a PC-by-PC basis since each PC will have its own TPM and each TPM will have its own private key.

Two points:

1) There exist, right now, software emulators for the TPM.

2) How will "the internet" or individual services like Valve or ISPs determine the authenticity of the private keys?

This is a very key point. While it is likely there is a fixed format for the keys, I think it's every unlikely that there will be a secure method developed to distribute a list of which keys are valid. Key distribution is the Achilles heel of public key cryptography and it's weaknesses are glaringly apparent here. Look at th

Nothing beer and engineering can't conquer.

[bigattichouse]

So it compare's key/mouse input from the user.. so you get some engineering students and build a par-port output that loops back in as mouse and keyboard-shunt input. A good afternoon or 3 and some beer, and a few engineering students could overcome that problem, and be selling the solution to cheat-software-makers before the intel crap hits stores.

Wow!

[smiltee]

Exactly like DRM, I am sure this restrictive method will work flawlessly! I think Intel is making the right choice by using something you can't update against an entire army of hackers!

Solution: The Istrate

[kaufmanmoore]

This handy device fits in a computer's 5.25" inch bay and if it detects cheating a razor sharp knife comes out and relieves the offending player of the little (as is always the case with cheaters) piece of manhood that the loser has left. (Towels to clean up blood not included).

Great..

[Khyber]

I'm looking forward to the time when I can't play a game online because some POS hardware/software thinks that my MP3 or video encoder is a cheat mechanism.

Lame, very lame. And you KNOW this will eventually happen. Some harmless software program running at the same time as a game will screw your online play without lube.

Why can't the game devs shift focus away from DRM & etc. and try building a solid product that doesn't NEED a third party anti-cheat software running? It's called internal testing, FFS. You made the software yet you can't find the holes, meanwhile some smartass 15 year old Russian just reads your code and goes "Oh! Look at what we have here!"

Re:

[Odiumjunkie]

Why can't the game devs shift focus away from DRM & etc. and try building a solid product that doesn't NEED a third party anti-cheat software running? It's called internal testing, FFS. You made the software yet you can't find the holes, meanwhile some smartass 15 year old Russian just reads your code and goes "Oh! Look at what we have here!"

Because there are some types of cheating that it is just not possible to identify or prevent through a well-designed client. If the game is one that computers c

Re:

[JNighthawk]

Maybe you've never worked on games before, but you seem very naive about it.

Sure, you can build an ultra-secure game that will be near-bulletproof, but you know what? That game wouldn't be fun. You'd have to wait for server auth before you could do anything, so this would only work for non-real time games.

And, finally, on top of what I said, the direct issue brought up (keyboard/mouse movement spoofing) cannot be fixed by games. Period.

Well, I'm not impressed.

[dannycim]

A friend of mine plays the Final Fantasy XI MMORPG on PlayStation 2. I rigged a little box with a bunch of timers, relays, the heart of a USB keyboard which can repeat timed sequences of game macros without supervision. It works wonders for some "skill-upping".

Intel's little trick wouldn't detect that as it involves no software at all, no injection of keyboard events. As far as the console is concerned, it's a keyboard, period.

I could go a whole lot more sophiticated and build a USB box that would emulate both keyboard and mouse events. Marry that with software that can "look" at the screen data and recognize patterns, and you'd have yourself an automated player.

Go ahead Intel, invent better traps. We'll invent better mice.

Re:

[MysteriousPreacher]

You sound quite talented and definitely in a minority. In WoW anyway, most botters are just people who downloaded an app like Glider. If they had to go through the hassle of building hardware or ordering pre-made hardware, a lot will just give up.

Re:

[ZorbaTHut]

I'm not entirely sure I believe this.

In WoW, most botters are, indeed, people who just downloaded an app. This is because the app works. If the app didn't work, they might go and do something more complicated, such as forking over $20 or $30 for a cheap hardware gizmo that does something like what the original poster is talking about.

"People are lazy, and therefore won't go any further effort" is a fallacy when people don't need to go to any further effort. Once that becomes necessary (I mean, if that ever

Re:

[Animaether]

There's keyboards which have this sort of thing already built-in. If people -really- want to 'cheat' that way (is it cheating - or is it just using better hardware? Is a widescreen monitor cheating when compared to a 4:3 monitor because you gain a couple of degrees of vision horizontally? Is using a headset cheating when compared to the person who doesn't have one? etc.) they always can.

That said... the keyboards/etc. have a bit of a signature... the timing on the moves being the same within a few millis

Re:

[nschubach]

What's sad about this is that I recently played a Beta of an MMO called Sword of the New World. The leveling process was so long I actually created macros for my G15 to handle the characters while I went to bed. If the leveling curve on it wasn't so steep, I never would have thought about doing it. Personally, I think if the game would reward people in faster increments they wouldn't resort to "cheating" or macros except to simplify patterned commands. BTW, I actually bought the G15 as a programming too

Re:

[Miseph]

This also brings into question the value of such cheats. If a cheat must be weakened so as to avoid notice, the eventually it needs to be weakened to the point where it doesn't even qualify as cheating any longer. Your home-made bot that acts exactly like a normal player in terms of imperfect timing and lack of percievable omniscience isn't a terribly effective way of cheating.

Re:

[vertinox]

Your home-made bot that acts exactly like a normal player in terms of imperfect timing and lack of percievable omniscience isn't a terribly effective way of cheating.

Except for the fact he doesn't have to be there in person to reap the benefits of the bot at a later time. Otherwise known as gold farming...

Re:

[vertinox]

Marry that with software that can "look" at the screen data and recognize patterns, and you'd have yourself an automated player.

Already done. [engadget.com]

There is no technological fix for this. Eventually, AI will be so good that it will be hard to tell if a player is human or AI. Since the AI will be another computer with a web came and keyboard inputs, there is no detection.

Unless you requite a Voight-Kampff [wikipedia.org] test before being allowed to play online.

Or you could just play Xbox...

[Blakey Rat]

This is actually already implemented by Microsoft in their Xbox and Xbox 360 consoles. I like knowing that, while Microsoft can't do much about exploitable bugs in the games (the sword-flying in the first version of Halo 2, for example), they can easily boot people from the network if they know they've modified their hardware in any way to enable cheating. It would be interesting to know what their record is, and whether anybody's figured out how to bypass the system.

Woo hoo! New type of spam!

[OverlordQ]

Can't wait for the new spam now.

"Download Intel Anti-Cheat update here! http://foo.bar.baz/Intel_Update.exe [bar.baz]"

Now the spammers have a little bit of hardware to read keyboard input installed already for them?

Sure, anti-cheat is the given reason. But...

[GreatBunzinni]

I find it very troubling that this whole new "anti-cheating" technology looks a lot like some beefed up hardware keylogger which not only will be present in every computer out there but also will not come with an off switch. Sure, the reason to push this new trusted computing feature is those damn cheater punks who enjoy them unlawful fragging or that pesky spyware, which only affects ill-managed insecure platforms. Yet, what about the danger that this new feature presents to privacy? I mean, it's a keylogg

Yay for Trusted Computing

[Cheesey]

Remember folks, although the remote attestation features of TCPA could be used by online services to force you to use a particular "trusted" application/OS stack, locking you in to a configuration like "IE on Vista", that's not why they are there.

The point of TCPA isn't to enforce DRM or strengthen software monopolies. It's all about things that benefit you, like preventing cheating in online games, and... erm... many other things.

TCPA is a misunderstood technology. The EFF [eff.org], the FSF [fsf.org] and security experts [cam.ac.uk] are just making a knee-jerk reaction to something that they don't understand. Let me explain:

1. TCPA doesn't take away your ability to run whatever software you want. If every online service requires you to use (say) Vista, and uses TCPA to enforce this, you can just opt out of the Internet entirely and carry on running Linux or .*BSD or whatever. It's your choice.

2. TCPA doesn't spy on you, although it might be used to prevent you modifying software that does. But then you can just opt out of using that software. Again, it's your choice.

So, say yes to TCPA! Like atomic bombs and subdermal RFID chips, the technology isn't inherently evil, and it will certainly never be abused to reduce competition in the software marketplace, preventing free software interoperating with online services.

Re:

[frogstar_robot]

you can just opt out of the Internet entirely and carry on running Linux or .*BSD or whatever.

You yourself have just shown that the EFF, FSF, and security experts have a genuine beef. Using Mickeysoft or "opting out of the Internet" is not an acceptable choice.

Re:

[Oswald]

Well, I went and checked your previous posts and there's no indication that you're any stupider than the rest of us. I'll just chalk this up to Sunday morning lethargy. But really you might want to post a mea culpa or something because your sarcasm detector is seriously hung over.

Just one problem?

[Quarters]

Multiplayer games these days have one problem. Cheating.

Really? Just one? What about:

Bad design

High prices

Poor performance

Steep system requirements

Bugs

Re:Just one problem?

[cshake]

You forgot another one:

EA

I'd also include 'lack of support for old games' but just saying EA covers that pretty well.
(C&C Generals is what, 4 years old? They don't even have a section on their website for it anymore FFS!)

The Scarlet Letter

[grapeape]

Want to fix this in gaming universally and quickly? Employ the usual detection methods then rather than banning (which just prompts signing up again under a different name) simply tag all their account information with an icon designating they are cheaters (I recommend a big scarlet C). Have it follow them around for a set period of time (1st offense 1 month, 2nd 6 months, 3rd 1 year, 4th lifetime). It sounds harsh but I would go so far as to extend the cheater flag to apply to any future account made wi

Re:

[delt0r]

Won't they just sign up for a new account with a big C on it?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Dogtanian]

Nope, I don't think "public embarrassment" will work.

It will if you go round to their house, and tell their Mom that you have something important for them- then when they haul their overweight ass up from the basement and stick their pasty, Cheetoh/Wotsit/whatever-stained face round the door, photograph them and show the world what a loser this person really is.

I don't think they'd like that at all. :-)

Re:

[Charcharodon]

I'd rather have banning. A key ban is the way to go. Sure let them sign up for a new account, that'll be $50 please. If a person makes enough of an nussance of themselves follow it up with a credit card number ban. Sure most people have more than one card, but the truly cronic bastards would be face pretty quickly with a long time ban if they didn't straighten up.

Personally I've been leaning back towards LAN parties. Cheaters are much easier to deal with, you just chuck an empty beer bottle at the

World of Warcraft seems pretty clean

[macz]

Except for lag macros that make you appear to be a few yards away from where you really "are" I haven't really experienced much in the way of cheating in WoW. It could be that I am just ignorant I guess, but their combination of Warden (ugh) and a strong client server protocol seems to be pretty effective.

It's a reputation problem.

[Colin Smith]

You can't trust the person, you can't trust the hardware or the software you can't trust anything which comes back from the client machine.

Da fix? A cross game registry of gamers with identities linked to real addresses and bank details. Something which all the online games can query, though I'd go with hashed values for bank details/address etc rather than real ones. You get caught cheating, you get marked as such. To get rid of the marking you need a new identity.

Will it stop it? Mmm look at the athletes who take drugs, I doubt it. What getting caught would do though is ruin the gaming life in all the games which use the registry. Gaming environments could be split into two areas. One for trustworthy gamers, one for cheating scum.

 

Re:

[Renraku]

Valve marked me a cheater on Half Life 2/Counter-Strike Source (which is all one account) and refuses to mark me as not-a-cheater. I had not played the game in six months, only to come back to find myself banned. They then said all bans were final, and refused to let me know what servers/times/dates/logs/etc (aka evidence) they had.

I guess I have to make a whole new account for when HL2 ep. 2 comes out so I can fucking play on secure servers again.

This may lead to anti trust lawsuits if games....

[Joe The Dragon]

This may lead to anti trust lawsuits if games force you to have this as people will not like being locked in to Intel chip sets and high end games will not want to give up nvidia SLI chip sets for this. Also this may give a big boost to AMD in the AMD VS intel lawsuit as it is braking anti trust laws for Intel to not give this a way for free to other chipsets to use if this ends up being needed to play some games.

Custom cheat hardware will become popular

[dlleigh]

Software that compares the input from the hardware with what the game sees? No problem: just make sure that the input comes from the hardware itself, and not from a piece of emulator software.

I built a cheat box for GTA San Andreas soley because I am lazy. The game requires that the player have their character "exercise" in a gym in order to build strength and stamina. I didn't like the idea of abusing my fingers and keyboard by rapidly typing the necessary keyboard combinations, so I buit a box with three big buttons on it that emulates a USB keyboard. It emits the correct key combinations when I press a button. (NB: I didn't use a programmable keyboard because I'm a hardware guy and was playing with USB anyway. I like my form factor better and used actual arcade game buttons for feel and durability.)

Want to run on the treadmill for the maximum allowed time? Press and hold a button. Want to lift heavy weights quickly and repeatedly? Press a different button. Yes, folks, I was cheating at virtual exercise.

It actually gets worse. I got tired of holding the button down, so I set an old disk drive on it. Then I could just sit back and watch my character get buff. This was the ultimate in laziness: I was cheating at cheating at virtual exercise.

Is it a keylogger?

[Animats]

The question is whether this is effectively a keylogger. If the device does something like compute an MD5 of the last N mouse and keyboard events, readable by the game, that's fine. If it keeps the whole event stream and makes it accessible to any application, that's a major security hole.

Not that it really matters. The future of commercial gaming is consoles and mobile devices, not PCs.

Recent PB update is a rootkit

[rush22]

I was appalled at the recent PunkBuster update. Evenbalance has essentially installed a rootkit on my computer without my knowledge. The only reason I noticed is because my firewall suddenly lit up with warnings.

Normally, PunkBuster is a .dll file in your game folder. However, this recent update downloads two .exe files and places one in the game folder, and one in your Windows system folder. PB says these are necessary only for players who want to bypass admin rights for people who play BF1942 or ArmyOps. Apparently so many people are playing these games on their office network and can't log on as administrator on their own computer that Evenbalance has sent out a rootkit with their recent PB update. The programs are mandatory for everyone, though, regardless if you are the administrator. Any player attempting to play on a PB-enabled server without these files, or otherwise blocking these files with a security program, is kicked for "Losing Key Packets" (PB often has trouble with accurate error messages).

The executables are run upon startup of your computer, and run constantly in the background, regardless of whether you are playing the game. They also intermittently connect to the Internet and send data to Evenbalance's servers. Of course, the player has consented to this (and more) by agreeing to PB's voluminous EULA. In fact, if you read it carefully, players have consented to sending their entire hard drive and hardware information to Evenbalance at any time Evenbalance deems necessary.

Evenbalance will tell you, as support team member Glenn (or someone imitating him) says on a game forum I found: "We're not trying to hide anything or throw anything by the user without his knowledge. These services are doing nothing when a PB-enabled game is not being played, other than waiting to see a PB-enabled game launched. When a PB-enabled game is not being played, we're not scanning your computer or internet traffic or anything of that nature."

Though if you have any sort of firewall on your computer you'll know that that is either total ignorance of their own product or a total lie, as PnkbstrB.exe and PnkbstrA.exe do in fact connect to the Internet while the game is not being played. They also use a large amount of system resources for something that is only supposed to be a service waiting for a game to start.

PunkBuster offers people the option of uninstalling these files, with something called pbsvc.exe which gives you an "UnInstall" option. This doesn't seem to uninstall everything, as the PB files are not only still present but still load on startup despite the uninstaller's "Uninstall Finished!" message.

All-in-all, if PunkBuster cannot even get its act together to create an uninstaller, nor to inform its support team of what a rootkit they just installed on everyone's computer is actually doing, how can anyone expect PunkBuster to detect cheats and hacks? Private home-made hacks can already slip through PB's dragnet--the only ones they can catch are publicly available hacks Evenbalances finds on the Internet, the way a virus detector works, so I think it's pretty clear that the solution does not lie on the player's computer.

Instead I'd say it lies in the programming of the game itself. Wallhacks and radar, for instance, wouldn't work if the server did not send the locations of non-visible players. A difficult task perhaps, and for only one kind of cheat, but it is a real solution. And it doesn't involve uploading my hard drive to Evenbalance and granting them access to information which, as EvenBalance's EULA says, "includes, but is not limited to, devices and any files residing on the hard-drive and in the memory of the computer on which PunkBuster software is installed"

Re:

[dvice_null]

> How am I supposed to cheat now?

Use hardware emulator?

Re:

[Kazymyr]

You could use the Homer Simpson solution [burnham-do...-house.net].

Re:

[Wonko the Sane]

How about only sending data to the user, he/she actually needs. This fixes the seeing through the wall problem.

Maybe it would work better to send the client more data than it actually needs, then only informing it which data is valid at the last possible moment. Even if you can see through walls, you don't know which players you are seeing are real and which are fake.

Re:

[Saville]

Well some of us nerds are busy earning money just like you, but we do it by making video games :P