Gabe Newell Responds: Yes, We're Looking For Cheaters Via DNS 511
dotarray writes "Valve has stepped up to answer allegations that the company's anti-cheat system was scanning users' internet history. Rather than a simple, sanitized press release or a refusal to comment on 'rumours and innuendo,' Valve CEO and gaming hero Gabe Newell has personally responded."
Newell or not, not everyone will like the answer. The short version is that Yes, Valve is scanning DNS caches, with a two-tiered approach intended to find cheating users by looking for cheat servers in their histories. Says Newell: "Less than a tenth of one percent of clients triggered this second check, accessing the DNS cache. 570 cheaters are being banned due to DNS searches."
Still abusive (Score:5, Insightful)
Sorry Gabe, you're not allowed to see my DNS history. You aren't allowed to see GabeNewellNatiliePortmanHotGritsFanFiciton.net in my history. That's not allowed.
Re:Still abusive (Score:5, Informative)
Whoosh (Score:3)
Re: (Score:2)
So what if someone puts a URL for a cheat site in a forum comment somewhere, disguised as something else?
Re: (Score:3)
Re: (Score:3)
It means you still haven't read the article.
(Sorry, that's rude, but seriously go have a read, you're 100% safe to visit all the terrible hacking website you want. Just don't use the hacks they sell.)
Re:Still abusive (Score:4, Insightful)
The app is comparing DNS records with a client-side database of cheat sites, and if it finds a match sending it to Valve's servers for verification & ban-hammer. It's not sending every site you visit, unless the only sites you visit were via DNS records used by cheat developers.
Compare: We record images using your laptop's webcam, but we only look at them if our software algorithm thinks the images show you doing something that violates our ToS.
Re:Still abusive (Score:5, Insightful)
Re: (Score:2)
It's more like an anti-theft service that when it thinks the laptop may have been stolen, it then turns on the camera to see who is using the laptop.
That would be me choosing to enlist my private sensors in a service that is specific to the use of those sensors. Two significant differences in this case: In the narrow sense, the user has not given informed consent to the use of his private sensors. In the broader sense, our society has not had a frank discussion about requiring access to a person's private s
Re:Still abusive (Score:5, Informative)
That would be me choosing to enlist my private sensors in a service that is specific to the use of those sensors.
Except in the case of VAC you did choose to enlist the use of VAC to prevent cheats, specifically, when you connected to a VAC enabled multiplayer server. VAC isn't some generic thing Valve sticks on all Steam games, you know: it's only enabled when you connect to a server that is VAC enabled (which is in every game I've player very clearly marked as such). You don't want VAC poking around on your computer? Don't play on a VAC server.
Re:Still abusive (Score:5, Insightful)
OK, I'm going to rant a bit here, and it's not specifically directed at the parent comment.
Hashs are NOT a form of magic pixie dust you spread on information to make them magiclly private.
Consider:
You enter your SSN, the app hashes it and then sends it to me to compare against a hashed list of SSNs from some other source. I never get your unhashed SSN.
Are you safe?
No. There is NOTHING preventing me from hashing every possible SSN and comparing them. the total number of possible SSNs (ignoring for the moment that I can narrow the attack space significantly by ruling out SSNs that have not been issued yet) is not computationally prohibitive to search, even salted.
OK, now bringing us back to the case in point.
Does hashing the DNS address provide you any useful privacy preservation benefit?
Well Valve has already said that they have a list of DNS addresses they're searching for. Ergo, they have hashed that list ot compare against your DNS. How hard would it be to hash the $(sites viewed as evil by your cultural/legal framework) and compare it to your hashed DNS list. Trivial.
Do you feel like your privacy is preserved?
Min
Re: (Score:2)
So what? It's still a violation of my privacy and therefore unethical.
Re:Still abusive (Score:5, Informative)
did you even read his response? They look for indications that the cheat is in play, THEN they check DNS as verification, and send a HASH of the dns name to their servers for comparison. This means they don't even see the actual dns name on their side, they can just check against known hashes of the sites the DRM used for verification. That is why it is two staged. Simple existence of the names in your DNS cache won't trigger the ban hammer.
Re:Still abusive (Score:5, Insightful)
did you even read his response? They look for indications that the cheat is in play, THEN they check DNS as verification...
Explaining something does not justify it. They should not go rummaging through my computer. Period.
Re: (Score:3)
I agree with you 100% however I'm guessing somewhere in the super duper fine print that you agree to when installing Steam, you give them permission to do this. If it's not there it will be within the next week.
Re: (Score:2)
They should not go rummaging through my computer. Period.
Then prevent them. Use an OS that prevents on application from rummaging through your computer.
Re: (Score:3)
If you think looking at DNS is abusive, you probably don't want to know what it takes to find installed rootkit based cheats or similar. The fact that they are only sending hashes of the names found, in my mind, makes this a reasonable approach as a 2nd pass to verify that they don't have false positives. From the way I read this, the idea is to do a 2nd check just to verify that the first check didn't flag you incorrectly.
Re:Still abusive (Score:4, Informative)
So are you saying that if I go through your mail and send the contents of anything that looks sketchy to someone, that's bad... but if I translate the contents into a different language before I send them, that's OK?
Oh, if the FBI had evidence that you'd, say, been sending letters to terrorist cells, then yes, I think it would be totally reasonable for them to go through your mail. If they had no such suspicion, no, that wouldn't be reasonable. That's the analogy that (somewhat works).
What they SHOULD be doing is downloading their hash list to YOUR computer, comparing THEIR list against your cache, and setting a flag if there's a match.
As every game company knows, the server should not expose any information to the client that you don't want the user to know, whether the software will tell them or not. Valve likely does not want the list of websites to get out, as not finding your favorite website in the banned list means you can view it with impunity. I wouldn't trust the public key security (all they have to do is mess it up), so why should they bother when they can run the checks server-side instead?
Of course, if it's done locally, then all it takes is a quick hack to get around the detection system, and they're no further ahead. But now that the system is known, all people have to do is flush their DNS cache prior to playing and THIS system is stymied too.
That's true, the system will only catch the unwary cheater.
Re: (Score:3, Informative)
You are using their service. You agree to their terms. Don't like it, don't use their service.
They are only looking out for their honest customers who would otherwise be affected by the cheating that would go on, and who may then decide to leave and not return.
Re:Still abusive (Score:5, Interesting)
>Explaining something does not justify it. They should not go rummaging through my computer. Period.
Do you understand how VAC and similar anti-cheat software looks? It will scan through your memory looking for certain DLLs loaded, look through your computer files for cheats, and so forth.
Other than you being ignorant of what is actually happening before, I don't see anything that has changed with this announcement.
It's not like they're recording all of your metadata, uploading all your facebook posts to a data center in Utah, and targeting people for drone strikes using cell phone records.
Re:Still abusive (Score:4, Interesting)
Then don't connect to VAC enabled servers. It's that simple. If you connect to a VAC enabled server, you are implicitly giving Valve permission to rummage around in your computer for cheats, because that is how anti-cheat software works (all anti-cheat software. That's how they work: scanning the memory, running programs, etc.) It's quite simple, really: if you want to connect to someone else's server, and that person requires you to use VAC, then you use VAC or you don't connect.
Except for some of the CODs, you don't even have to connect to a VAC server to play multiplayer anyways.
Re:Still abusive (Score:4, Informative)
You do understand what Valve Anti-Cheat is trying to do right? By definition it has to go rummaging through your computer to find third party cheat applications. If you don't like this, then you need to play games that don't have anti-cheating measures in place. They're a little hard to find though, because those games online communities tend to be destroyed by the cheaters.
Re:Still abusive (Score:5, Insightful)
This isn't quite the same as that old "well, just don't use it" canard.
Valve was engaging in a set of behaviors which you considered acceptable, and so "purchased" (more on why "purchased" is in quotes in a second) some games from them.
They've changed their behavior. Let's say you don't want to do business with them anymore. You could, of course, stop using Steam ... and lose access to all your games, which you probably thought you "purchased" in some sort of "I can use it for the rest of my life" sense, but actually just got a license to use for as long as they feel like it. This is different from a "service" where the expectation is that the benefit you're getting from them is recurring on some sort of cycle.
Someone will, doubtlessly, point out that you can put the Steam client into offline mode. To which I'll say that you can't do it indefinitely. To which they'll say "but Valve says you should be able to do that," to which I'll point to http://www.pcgamer.com/2013/11... [pcgamer.com] which basically says "Valve says they want to make offline mode work 'forever', but they're not there yet."
It doesn't really matter, IMHO, that the scope of what they did here was relatively minor. The issue is that Valve, much like Sony, feels like they can trawl through your computer in areas that have nothing to do with playing the game. Today it was minor because it makes sense to start small; but if they feel comfortable trawling your DNS history -- and Newell clearly says that he has no problem with this practice -- what else do they feel comfortable doing?
Re:Still abusive (Score:4, Informative)
You can still play your games without using VAC.
You can still play your games ONLINE without using VAC.
You simply cannot play on VAC enabled servers (run by the community, not by valve) without using VAC.
Re: (Score:2, Insightful)
I am not a gamer so I don't know if this is permitted by their TOS.
However, I don't care if they are sending a hash or the actual DNS inquiry. If they have a matching hash on their end, they are simply translating one entry into another form and back again. How do we know the limit of hashes for sites they have accumulated outside of known cheat sites?
If their TOS permits it, well, then buyer beware. But, I remember how everyone kicked and screamed when Apple and Microsoft did similar things.
They ARE exa
Re:Still abusive (Score:4, Interesting)
I am not a gamer so I don't know if this is permitted by their TOS.
However, I don't care if they are sending a hash or the actual DNS inquiry. If they have a matching hash on their end, they are simply translating one entry into another form and back again. How do we know the limit of hashes for sites they have accumulated outside of known cheat sites?
If their TOS permits it, well, then buyer beware. But, I remember how everyone kicked and screamed when Apple and Microsoft did similar things.
They ARE examining your personal DNS history cache and sending, supposedly, matching entries. That is spyware - pure, simple and evil.
If you are not a gamer then why bother contributing to a discussion that specifically deals with online gaming?
The truth is that to make a successful online game now you need to do something about cheats. They ruin the game for everyone.
The two main anticheat products I know of are VAC and Punkbuster and both are pretty invasive. They need to be.
The moron who noticed this behaviour then posted it on hacking forum so you can be fairly sure he was a cheating scumbag trying to find out how he got caught. We don't know how many innocent people have this happening if any.
Re: (Score:2, Interesting)
Re:Still abusive (Score:4, Interesting)
I once wrote a fishing bot for World of Warcraft. I was curious how it worked and if I, myself, could make one. I was successful. Afterwords I never used it again.
It's my way of learning little things on my off time when I'm bored. It's better than watching reality TV afterall.
Re:Still abusive (Score:4, Interesting)
A good question would be "is VAC running all the time, or only on a VAC-enabled game"...
Re: (Score:3)
I've had more entertainment with some MMOs writing bots than playing the actual game. I wrote a bot for Everquest 2 crafting that was great fun to write and tune (there was actually some game strategy to that goofy crafting system, so there was a neat optimization puzzle there). But you should anticipate the ban hammer when you do stuff like this - don't have any linkage between the meta-game and any game account you actually care about.
Re:Still abusive (Score:5, Informative)
This is incorrect on a few levels.
1. This isn't beyond curiosity. Just because I read about Hitler and the Holocaust doesn't mean I have more than a passing morbid curiosity in the history.
2. You can be really good AND visit these sites all day. Unless VAC trips on you (and being "really good" never gets you caught, they look for specific actual hacks and vectors, not just some K:D ratio), it will never check your DNS.
3. The DNS entry it's looking for isn't "www.hacks.com", it's looking for the call-home function of the hack itself; because hackers don't pay (imagine that) the hacks themselves need DRM.
You have to be caught by VAC (using a hack) and then you need to have a current call-home function to a known hacking service/program to get tripped up by this. That's why it "only" caught ~500 users, this isn't some massive dragnet to ban anyone who's googled the words "counter strike hack".
Re:Still abusive (Score:5, Informative)
So you can't be good at video game and curious about technologies at the same time?
You can be, actually. As Gabe pointed out, the cheats these days have DRM installed to ensure that users of the cheat are actually paying for it. VAC, if it detects indications of the cheat, checks to see if the DRM's phone-home servers are in your DNS record, then sends back hashes of those servers for verification in Valve's system. It was made pretty clear that merely visiting the site for a cheat to check it out, whether intentional or accidental, would not result in getting flagged for the DNS check, let alone getting banned. Even purchasing the cheat would not get you banned, in and of itself.
Basically, the DNS check only kicks in after you've purchased a cheat and used it in a game, at which point you've crossed the line from mere curiosity into abuse, and even then, they weren't banning people immediately, but rather doing the DNS check for final confirmation of cheating activity. And even then, it's only looking for the phone-home servers, not the web servers, used for those cheats, so people who were merely good players and had looked at the servers for the cheat without ever installing and running it would be perfectly fine.
So...what's your gripe then?
Re:Still abusive (Score:5, Insightful)
That's all fine and well and I don't have any problems with that... provided that system is ONLY activated for multi-player games. If I - or anyone else - wants to cheat in a single-player game (even if the game itself has multi-player, but the cheating happens in a single-player campaign) that's my - or their - own business and nobody SHOULD be able to prevent anyone from doing that, let alone BAN based on that.
I hate, hate, HATE cheating in multi-player games. I don't usually do it in a single-player game either, but there have been occasions when I've played a particular game n+1 times through and I just want to have some fun and see what is possible with cheats. This SHOULD BE allowed in all instances, as it does NOT, in any way, shape or form harm - or indeed affect - anyone else's gameplay.
I sincerely hope that system does not flag anyone based on cheats used while playing single-player. At MOST what a system like that should do, is disable on-line functionality while the cheat is in use. Nothing else. At LEAST not BAN anyone based on that, that just insane.
Re:Still abusive (Score:5, Informative)
That's all fine and well and I don't have any problems with that... provided that system is ONLY activated for multi-player games. If I - or anyone else - wants to cheat in a single-player game (even if the game itself has multi-player, but the cheating happens in a single-player campaign) that's my - or their - own business and nobody SHOULD be able to prevent anyone from doing that, let alone BAN based on that.
VAC is only activated in multiplayer games that support it, and usually only on VAC-enabled servers (in fact, you can find servers for many of those games that explicitly permit cheats). Some games only support VAC servers (specifically, some of the CODs), but those are exceptions.
Re: (Score:3)
That's all fine and well and I don't have any problems with that... provided that system is ONLY activated for multi-player games.
...You just described VAC, buddy. It's only active for a few multiplayer games, IF you connect to a VAC-enabled server. There are even multiplayer game servers that encourage cheating.
Re:Still abusive (Score:5, Insightful)
I am not the person you are responding to, but for my part:
At this stage I have no real gripe at all and would have opted into this without hesitation, had it been disclosed. (I also understand that disclosing it mitigates its effectiveness as the cheat makers will now all switch to ip based lookups, or rotating dns names etc to make detection more difficult, however, as this cat and mouse game between valve and cheaters is being waged on MY computer I still feel I should have some idea what is going on.)
That said, I do find it... somewhat disturbing that they took the liberty they did. The fact that they didn't abuse it still raises the issue that they could have.
When the next shoe drops will it be revealed that some anti-cheat / anti-virus / anti-malware software is quietly reading my bank statements when I view them online automatically for evidence of cheating / infection / whatever.
And it raises the point yet again just how little we collectively realize what applications are doing with data on our system, how desperately we need to figure out how to mainstream sandboxing / selinux type permissions / application partitioning etc in a way that makes it both easy and reliable, and how much information even the host operating system leaks about us to other applications.
Re:Still abusive (Score:5, Informative)
He specifically says that it doesn't care about what web sites you are visiting, it's the adresses to the cheat DRM servers it looks for, to detect if a cheat has dialed home from that computer. It only checked this if the account was already suspected of using the cheat.
So, in an impressive turn of events, many cheats now include DRM and anti-cheat codes. These phone home to a DRM server that confirms whether or not a cheater has paid to use that particular cheat
Also, he says that since the cheats invented countermeasures to this in just 13 days, they already stopped doing it. The summary is quite misleading. (Not necessarily a big surprise on slashdot...)
Re: Visiting does not imply guilt (Score:2)
They are non-www servers, so it would be special i (Score:4, Insightful)
They explain that these are non-www servers, so you can't visit them. They are used directly by the apps to find their license servers, it's not the servers where you can download the files.
And if you need to visit cheat sites for this, I would open them in some VM since these aren't the most trustworthy sites.
Re: (Score:3)
Actually, yes, you don't have to visit them, but you have to be actively using the cheat, because the VAC method involves checking for DRM checks (phoning home for verification) for cheat programs (believe it, it's actually a thing). Looking online for cheats and all those FUDdy things people keeps spewing in the comments is not the point, the point is recognizing the DRM servers for the cheat tools, only sanely accessible when using the tool itself, I don't think anyone will stumble upon that host during d
Re: (Score:2)
Re: (Score:3)
And, if I'm using my cheat in a game I only play in single player?
Then, unless you have deliberately activated VAC on your private server while running the cheat (in which case, you're a moron), VAC won't do anything at all whatsoever, because VAC only turns on when you connect to a VAC enabled server in a multiplayer game..
Re:Still abusive (Score:5, Informative)
I don't care what it is sending or not sending to Valve. It's still an unnecessary invasion of privacy. In fact, its so easy to circumvent that I have a hard time believing that he is even being honest about why they are looking at the DNS records to begin with. How hard is it to clear my history, browse in Incognito mode, or do all of my cheating on a separate machine or in a VM? Trivial.
It's not your web browser accessing cheat websites, it's your cheat software itself accessing its servers. Clearing your history or browsing in Incognito mode won't do anything. You cannot use a VM, since the cheat software must be run on the same machine as you are running the game (and VAC).
And in fact, it may incorrectly flag me as a potential cheater anyway. I have looked up exploit information for games. I did not look in order to cheat at the game, but because I kept running into people who were not being busted for cheating and I wanted to know how they were exploiting the game. I was looking for a better way to tell when someone was cheating, not to actually cheat myself.
Then it will not flag you as a potential cheater, since you were not running the cheat software to access the DNS entries in question. Further, it would never flag you as a potential anyway. This mechanism is only triggered after some other behavior has already flagged you as a potential cheater. This is a confirmation mechanism.
While the basic idea of a piece of software accessing and reporting this information, at least in Valve's public explanation of what they were doing, it was entirely in good faith.
Re: (Score:2)
It's not your browser cache...
Re: (Score:2)
Don't worry, all the DNS names were MD5 hashed, so Gabe will only know you visited b80747491a0922eeaf0d800983ddc886 :)
Re: (Score:3)
Sorry Gabe, you're not allowed to see my DNS history.
So what OS model can we use to isolate one program from another? Do we want that kind of model?
Is it in the TOS? (Score:5, Interesting)
Re: (Score:2)
Re: (Score:3)
you pledge your soul to serve in our undead army against God in the end days...
Sorry Valve, that one has to be signed in blood.
TOS? Doesn't apply here.... (Score:4, Interesting)
The scanning is done client-side, which means it's just an internal function of the software.
It isn't divulging any of your internet browsing or usage history. It's just combing the local cache for specific things, and is a process it doesn't even do in the first place unless a user is suspected of trying to abuse Valve's gaming environment by cheating.
If the TOS has to state an app is going to access your local DNS cache, then Windows operating systems are probably in violation themselves!
How common is cheating with VAC? (Score:2)
I know in the olden days, I just assume everybody else was cheating (they usually were) but how common is cheating now that VAC has been around for a while?
Re: (Score:2, Funny)
I think that this is a, 'we don't have any gays in Iran,' type of situation.
Re:How common is cheating with VAC? (Score:5, Interesting)
Re: (Score:2)
This is why I don't like the idea that games seemed to have moved away from hosting your own server.
Sadly, even most of the games with random matching force one of the players to serve as the server. Only MMOs really work in the way you describe.
Re:How common is cheating with VAC? (Score:5, Interesting)
Like you I imagine, I've been playing online games for a long time. I even ran a half dozen TFC / Natural Selection / CounterStrike / Half-Life Deathmatch / etc. servers for three or four years. I never found cheating to be common except for CounterStrike. For some reason that game attracted cheaters like crazy. The other games, not so much. Cheating wasn't just uncommon - it was rare.
When PunkBuster and similar products became popular it was amazing how much better I became compared to other players when playing on a protected server. (o:
VAC has, in my opinion, done a very good job overall of keeping up with the cheating crowd. I can't remember the last time I came across a player that I suspected of cheating - and having had to do detection manually by watching player behavior, I'm very confident in this.
There's a few things you can look for manually when looking for cheaters.
Your typical aimbot is easy to detect. Jump into spectator mode or whatever and pick the first person view for the selected player. Instead of the smooth movements a typical player will have, you'll see the player's aim snap to positions on a screen. It's rare to see these anymore because detection is so incredibly easy.
Driver hacks to provide see-through textures, or model hacks that have a long cross through them that extend through walls, are also pretty easy to detect by watching the player. Is someone across the map and scoring head shots through walls? Does he always seem to know where the enemy is? He's using one of these.
The interesting cheat is the second one (wall / model hacks) which allows one to see opponents behind objects, because it's not a mechanical advantage like an aim bot; it's a strategic advantage, an information advantage. It doesn't change the ability of the cheater to aim more accurately; it changes the cheater's behavior. A player without the cheat information will act as if the opponent is not there; a player with the information will.
So, you'll see tactical advances / retreats, shots fired / grenades thrown, etc. that would not occur in normal non-cheating game play. Yes; there will always be the person who gets the lucky what-the-hell shot. That happens.Sometimes more than once. What you need to look for is a consistent pattern over time that cannot be attributed to simply being "good", having a better overall strategy, or having an unusual play style.
I bet that with enough information collected it would be possible to detect this kind of behavior and flag individual players for follow-up manual inspection. It would be a fascinating bit of research, really.
Resource hacks are very dead these days, as information about resources (ammunition carried, money earned, life amount, etc.) are all stored server-side for most games. There's no way for the client to fiddle with that data.
Re: (Score:3)
While I think most of your points stand, I can say with 100% certainty that he acted like he could see through walls. He was so good that he routinely killed people (with headshots, even) through walls. Had I not seen his monitor with my own eyes, I would have known he was cheating. He was frequently accused of cheating. In fact, he could only play
Not sending history to Valve (Score:5, Informative)
The biggest part of his announcement is that this checking is done client side; your DNS history is not sent to Valve. They also only record MD5 hashes that match the cheat sites they are looking for, not your entire DNS history. Finally, they claim to only check for DNS lookups of servers used by the cheat software itself, not just websites where you might read about and download cheats (although in some cases I imagine these could be the same), and use this as a second check after the client has already detected a cheat installed on you machine. So simply visiting cheat software websites without using them shouldn't get you banned.
Re: (Score:3)
Why couldn't they just MD5 the files for the actual game, to verify that they match with the official binaries? Seems a lot less intrusive, and less potential for abuse.
FWIW, it shouldn't matter what information I discover; what matters is what I do with it. Maybe I hack games, maybe I like to visit the sites that teach you how so I can understand what that means; either way, unless I'm using the knowledge I gained from game-hacking websites to.. er, well, hack Steam games, then IMO it's none of Gabe's fuck
Re:Not sending history to Valve (Score:4, Interesting)
Cheats have evolved beyond file tampering. Most are done with code injection, and boy is that history a long one. I suspect the actual DNS being hunted for are the cheats' "DRM" servers that ensure you paid the guy who made the cheat money. CheatHappens.com or whatever they're calling themselves these days was one of the first to start doing this in a big way.
Re: (Score:2, Informative)
Why couldn't they just MD5 the files for the actual game, to verify that they match with the official binaries? Seems a lot less intrusive, and less potential for abuse.
A lot of anti-cheat systems already do things similar to that, but it only catches one category of cheats. It doesn't help so much for cheats that change the game after it is loaded into memory, ones that change behavior of the video card that make things easier to see without touching the game, and ones that help control inputs without editing the game.
maybe I like to visit the sites that teach you how so I can understand what that means;
Then this check won't flag you, because that is not what it is looking for. Various cheat programs these days have their own DRM system because the makers
Re: (Score:2)
Don't need to change the actual files to patch it. See DLL Injection: http://en.wikipedia.org/wiki/D... [wikipedia.org]
Re: (Score:2)
Often times they are not modifying the binaries themselves. The cheats are separate DLLs that are injected into the process at run time.
Re: (Score:3)
Re: (Score:2)
Most cheating involves modifying processes in memory, not the files on disk.
I do agree that it's really heavy-handed of Valve to ban players over DNS entries, though. What's to stop me from posting a page on some heavily-trafficked site with embedded image tags pointing to those systems (they may not load, since who knows if the cheat servers are even running web server components, but visiting machines will still cache the DNS entries), trying to get anyone who visits it banned on Steam?
Re: (Score:2)
If it just MD5ed fhe files, the games would be hacker heaven, since you don't need to touch the files.
There are tons of ways to do this. You can attach a custom DLL to run code, or just inject code directly. You can do this when the program starts up even before it has a chance to run any code itself. You could modify your graphics driver to change the way the game renders so that the game itself sees everything about itself is fine because it is.
Also, files for the actual game are hashed, at least in S
Valve vs NSA (Score:2, Insightful)
I trust Valve more than the NSA.
The NSA doesn't protect me against hackers.
Misleading article... read the real post by Gabe (Score:3, Informative)
They did not look at DNS histories of your browsing... there are cheats that have their own DRM that phone home to the cheat server to make sure you paid for the cheat (/irony). All Valve was looking for was the phone home to the cheat servers, not your bloody porn searches, or even visiting a cheat website.
Why do we still allow this sort of overeach? (Score:4, Insightful)
The more I see stories about various programs accessing all sorts of stuff they aren't supposed to, the more I wonder why we still allow this? I use my browser for something, there shouldn't be any other program on the computer that knows about it. It's time we eliminate this idea that every app has access to every file on our computers. I really don't understand why sandboxing every app is not only not the default, but also very rarely even available on most operating systems.
It seems these days most apps are hostile to the users, it's time we treated them as such and stopped letting them have the run of our computers.
Re:Why do we still allow this sort of overeach? (Score:5, Insightful)
We tolerate it because cheaters ruin games. If do not want to play the game, or do not want your privacy violated, then do not play games on Steam.
For those of us that do play games, and do play them honestly, this is another step in the right direction. Cheating simply kills these games. I am willing to give up a bit of privacy in exchange for fewer aimbots and wallhacks in the FPS games that I play. If you read the article, or the comments, you would realize that the DNS scanning is a second level of review that takes place when other indicators point towards a person who might be cheating.
Re: (Score:2)
This particular case may have a "noble" goal, but the exact same techniques could be (and probably are) used for much more nefarious purposes. There is no good reason why it is even possible for any app to do this.
Apps should NEVER have access to anything outside of themselves without explicit permission. There is no good reason for it, under any circumstances, and it causes huge security holes.
Re: (Score:3)
So you're ok with your word processor telling it's owners every website you've ever visited, and possibly your online banking info that was in your cache too while it's at it? how about your image viewer? that weather widget should be able to access every file on your computer and every register in memory too and phone it home, why not? after all, you gave it "explicit permission" (the same permission you gave VAC, a simple install, your OS didn't ask for more.)
The point is that whatever you think of this p
Re: (Score:3)
Then I can give them permission to do so.
The OS should assume the worst from any application asking for access outside of itself, and let the user decide. I should be able to give it access, deny it access, or fake the results.
The problem here isn't what VAC is doing, the problem is that any app can do this without any oversight at all.
As a side note, anti-virus and anti-malware wouldn't be issues if we stopped this ridiculous idea that every app should have full and complete control of the user's system.
Re: (Score:3)
I agree on the OS part anyway; the OSes that are popular today were designed very, very long ago. But, that's some
Re: (Score:2)
> It seems these days most apps are hostile to the users, it's time we treated them as such and stopped letting them have the run of our computers.
Well that the tradeoff when it comes to closed source software. You have to trust that the provider of the binary is Not Evil.
> It's time we eliminate this idea that every app has access to every file on our computers.
Mobile has made some progress here with "App Permissions", such that you can limit what an app can do. It's easy to do this when you build a
Re: (Score:2)
Mobile has not really done any better. most mobile OSs will tell you what permissions an app is asking for, but won't allow you to select which ones to allow. In addition, the apps are still not fully sandboxed. For example on my android phone I have an app that won't run on rooted phones. It doesn't request root permission, so it SHOULD have no possible way of knowing I'm rooted, however it has full access to the file system (without any special permissions) and therefore can figure it out on it's own.
It's
Re: (Score:2)
Don't use VAC. AFAIK (correct me if I'm wrong), it should only be activated if you join VAC-enabled servers. VAC is specifically Valve's Anti-Cheat System and it does what it says on the tin. Although I guess I do agree on the whole sandboxing thing. But you still have the problems of cheating in online games.
Re: (Score:2)
This particular case has a "noble" goal, but the exact same techniques could be used for much more nefarious purposes. There is no good reason why it is even possible for an app to do this.
Apps should NEVER have access to anything outside of themselves without explicit permission. There is no good reason for it, and it causes huge security holes.
Re: (Score:2)
The more I see stories about various programs accessing all sorts of stuff they aren't supposed to, the more I wonder why we still allow this?
It's because we like it when programs work well together. As a result general purpose computers have the model that anything running as the user is the user. So preventing one application from interfacing with/messing with another program would be the same as blocking the user from doing the same. Any OS that tries to put up garden walls between programs is decried as an attack on computational liberty.
Not actual cheat websites being checked (Score:3, Informative)
One point that I don't think a lot of the commenters aren't getting, is that it isn't the actual "cheat websites" that are getting detected by this system, the system doesn't even check for them.
As Gabe explained, most cheating software uses DRM, similar to that of games themselves, which "phones home" to the cheat software publishers to ensure that all of the users of the software are actually paying for it. These "DRM servers" will have their own domain names, and it's these domain names which VAC is looking for. This is to avoid flagging people for simply having visited the cheat website.
It's also worth pointing out that this check is only triggered *AFTER* VAC has already detected that the player is cheating through other means, it can be thought of as a second factor of cheat authentication. This means that players can't get "tricked" into being VAC banned by having malicious javascript on a website causing their PC to perform DNS lookups on these blacklisted domains, as they won't even be checked by VAC unless the player is detected as cheating through other means.
That being said, there's always the possibility of false positives, and if you combine that with malicious javascript mention above, you could just be incredibly unlucky and accidentally get VAC banned.
Better than nothing (Score:5, Insightful)
I don't like the answer, but it could be worse, and it's nice the director answered honestly.
RTFA (Score:5, Informative)
Why ban? (Score:5, Interesting)
Why not just shuffle anyone detected cheating into a separate game room? If they're paying customers, then they can all cheat together, and everyone wins.
SteamOS Hacking? (Score:2)
Given the openness of SteamOS - I'm guessing the side effect would be to develop anti-VAC kernel modules to fool VAC into thinking everything's sane and good even if the user is cheating to heck and back (and unless VAC is using a kernel module, it's pretty hard to protect against it...).
I mean, should Valve/Steam pull this off in the future, it's trivially simple for something the user puts on SteamOS to hide the DNS resolver cache, to hide the cheat processes and fake the file hashes from any process...
Nothing new here - RAM/DISK scans are part of AC (Score:2)
Anticheat software have been scanning memory forever.and when if scans memory it's obviously comparing data to a pattern to decide if tha'ts a cheat or not.
Not sure what's the difference between you mail account lying open on the background holding all your personal communications beeing scanned by punkbuster or vac, or the dns cache beeing scanned too.
Code caves, hooking, etc. I'm not sure if anticheat software can't beat online game cheaters.
Funny (Score:3)
1: Post image hosted on cheating server in a forum frequented by Value customers
2: Wait for them to all get banned.
3: ???
Surfing the sites won't trigger it (Score:2, Insightful)
VAC looks for the DRM servers that ensure you're a paying user of the cheat. Check the Reddit post.
Re: (Score:2, Informative)
Assuming Gabe is being truthful when he states that this is a secondary check triggered by some other evidence for cheating, then just visiting these sites wouldn't be enough.
Its suspicious activity (reported by players? detected through other methods? not sure) that triggers the additional check(s).
Re:Visiting a Site Isn't Cheating (Score:5, Informative)
It's not an issue of viewing cheating sites; Steam is looking for DNS lookups performed on DRM servers (not the Steam ones). Many cheats are paid-for so, in a cruel twist of fate some might say, they use DRM to check if the cheater has paid for the priviledge of doing so.
gaben himself has said that this tactic only lasted a matter of weeks anyway, until the cheatware started futzing around with the player's DNS cache to avoid these checks.
Re: (Score:2)
Mind you, it's less checking if you visited a site and more if your computer accessed a proscribed host.
Many of the cheats VAC is checking for are not only sold, but protected by a form of DRM that checks an authorization server before they let you use the cheat. VAC is more often looking to see if your computer is connecting to the authorization server; e.g., they are more interested in seeing if you visit authorization.cheaters.com than forums.cheaters.com
Not that I think that is much better, and I imagin
Re: (Score:2)
Mind you, it's less checking if you visited a site and more if your computer accessed a proscribed host.
The use of the emphasized phrase with a straight face is exactly what's wrong with this methodology.
It's the Internet. Sane societies don't have "proscribed hosts".
Also cheating with single player is fine (Score:2)
Re: (Score:2)
The point is that these aren't sites you would normally visit out on the interwebs. It's a bit like saying "oh but what if I somehow stumbled upon udashdiasd.dashbduiqidasdjkasd.dasbdaskd.hdasuida.something.com?" when the only known vector for ever hitting up udashdiasd.dashbduiqidasdjkasd.dasbdaskd.hdasuida.something.com is through a piece of malware, and complaining that your anti-malware package threw up a red flag.
More specifically, your comment's subject:
Re: (Score:2)
Re: (Score:2)
Mr Newell, I suggest that some, if not most of your apparent cheaters, are due to YOUR companies lack of technical skill.
While you may suggest that, it is a load of crap and doing so makes you look ignorant.
Cheaters have nothing to do with Valve's lack of technical skill, and everything to do with the client/server based nature of the games. As long as the games are running on hardware that the company does not control, there will be cheaters. It is the age old adage that if the attacker (in this case th
Re: (Score:2)
Do you you honestly think battle.net is hackproof? And you think I am ignorant?
And for those of you who can not infer simple concepts, I used the words 'The vendor has come to a flawed conclusion' to indicate I knew they were not the same as valve. Sorry I did not take the time to spell it out for some of you (again, I'm the ignorant one (rolling eyes/).
Re: (Score:3)
I don't think Mr Newell has anything to do with Battle.net so I'm not sure what you're complaining to him about it for. Have any examples of false positives in VAC games?
Re: (Score:3, Informative)
Re: (Score:2)
It should only trigger the dns check if VAC believes you are cheating.
VAC checked for the presence of these cheats. If they were detected VAC then checked to see which cheat DRM server was being contacted. This second check was done by looking for a partial match to those (non-web) cheat DRM servers in the DNS cache. If found, then hashes of the matching DNS entries were sent to the VAC servers. The match was double checked on our servers and then that client was marked for a future ban.
Emphasis mine.
Re: (Score:2)
Re: (Score:2)
A DNS hit is a DNS hit. Whether cheat software or your browser initiates the name resolve, it will end up in the DNS cache. The only protection is what the parent said, it already has to suspect that the player is cheating. Makes me wonder why the dip in the DNS cache is even necessary. To me, it implies that they're afraid of false-positives.