HN Distilled

Essential insights from Hacker News discussions

Anticheat Update Tracking

Original Article

Hacker News Discussion

Here's a summary of the themes expressed in the Hacker News discussion:

Trust and Security Vulnerabilities in Anti-Cheat Software

A significant concern raised is the inherent trust placed in anti-cheat software, which often requires deep system access (including kernel-level privileges). This trust is undermined by historical incidents and the potential for severe consequences if these systems are compromised.

  • BattleEye Exploit: A particularly alarming example cited is an exploit in BattleEye that allegedly allowed hackers to permanently ban any player. As nulld3v explains, "Apparantly BattleEye anti-cheat had an exploit where hackers could permanently ban any player they wanted. BattleEye allowed anybody to log in as a 'game server' so hackers simply booted up a fake server, told BattleEye that 'player X has logged in and is doing a bunch of suspicious stuff' and then player X's account was no more..." This led to the question, "I'm sorry, why do we trust these guys again?" RonSor points out the underlying reason for this forced trust: "Because game companies force you to in order to play."
  • Trust Boundary Failures: The BattleEye issue is further analyzed as a "classic failure of trust boundary definition," where client attestations were accepted without adequate authentication. Ethan_smith elaborates, "This BattleEye exploit demonstrates a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted without proper authentication or verification."
  • Widespread Bans and False Accusations: Users shared experiences of being banned due to anti-cheat bugs, leading to significant account issues. AHTERIX5000 states, "That's scary. I have an old Steam account with tons of games and already got banned once due to a bug in anti-cheat software and for a while my whole account was marked with a cheater tag." They mention the difficulty of reversing such bans: "I'm sure something similar could happen where problem goes undetected and it would be really hard to try to convince developers to lift a ban."
  • Historical Incidents (Bitcoin Miner): The discussion also brought up past incidents of anti-cheat software being bundled with malicious code. Rak mentions, "ESEA shipped their client and anti-cheat with a free bitcoin miner back in the day."

Invasion of Privacy and Kernel-Level Access

The deep system access required by many anti-cheat systems, particularly kernel-level access, is a major point of contention and concern for users.

  • ** invasiveness of Kernel-Level Anti-Cheat:** Several users expressed discomfort with this level of access. AnthonyMouse dramatically states, "It's crazy that people allow this stuff to effectively run as root. One of these companies is going to have a vulnerability that lets other players run code in kernel mode on your machine." Similarly, bpbp-mango notes, "my friends got me in to valorent for a time, but I found the idea of a kernel level anticheat far too invasive."
  • Prevalence of Kernel-Level Anti-Cheat: There's some debate about how common kernel-level anti-cheat is. 7bit claims, "Most online Games require kernel Level anti Cheat." However, maeln counters, "No, very few of them actually use kernel level anti cheat. Really the only game that use them is Riot's games and Counter Strike private league FACEIT (as far as I remember)." Caem clarifies, "Both EAC and BattleEye are also kernel level anticheats nowadays. Only if you're running them under Linux do they run in userspace only. Other than that it's pretty much only VAC, Overwatch's anticheat and maybe some other obscure ones that run in userspace."
  • Platform Compatibility Issues: The need for kernel-level access can create compatibility issues, particularly with operating systems like Linux. fleebee highlights this: "There's a number of good reasons not to make everyone run a kernel level anti-cheat. Linux (and therefore SteamOS) compatibility is a big one."

Game Design and Server vs. Client Logic

The discussion touches upon the fundamental challenges of game design, specifically regarding the split between server-side and client-side logic, and how this impacts cheating and performance.

  • Server-Side Validation: Varun_ch questions why more game logic isn't server-side to limit data accessible to the client: "Forgive my ignorance, but why don’t game developers put more effort into limiting the amount of data accessible to the client (restricting it only to what’s reasonably necessary)? For example, couldn’t more movement physics be validated or handled server side?" The goal, they suggest, is to limit cheats to just input manipulation: "Cheats might still be able to read some data from the game process, but ideally, they’d be limited to issuing inputs like any other player, based only on the same visible output everyone sees."
  • Performance vs. Security Trade-offs: Boltgolt explains the practical difficulties of this approach due to network latency and the need for smooth visuals: "That's exactly what's being done, but you do not want everything server side over a network delay that is almost always more than the time between frames. Only server side physics would mean a lot of visual jank." He elaborates on the current hybrid model: "It's now usually a model where the client and server make the calculation and the server 'rolls back' the client of they do not match." Data is limited, "like not sending opponent location data unless the client can see them."
  • Interpolation and Jitter: Lvturner further details the challenges, explaining how server-side confirmation for every client action would lead to jittery gameplay: "It begins to fall down when you think in terms of interpolation and movement, if the server had to confirm your every movement it'd end up very jittery and feel awful as you ping back and forth between where your client state thinks you are and the server state thinks you are."

Effectiveness and Alternatives to Mainstream Anti-Cheat

While mainstream anti-cheat solutions are debated, the discussion also highlights services perceived as more effective, even if they require more intrusive measures or have less public information.

  • FACEIT's Perceived Effectiveness: FACEIT is repeatedly brought up as a more effective anti-cheat solution, especially for competitive play in games like Counter-Strike. Chaoz_ notes the lack of information on its methods: "Ehh, pretty sad there's almost no information on FACEIT anti-cheat. One of the most impactful out there. Wonder if it's just the invasiveness that separates it." They contrast it with Valve's efforts: "Valve can't replicate even part of it, while CS2 game modes are flooded with cheaters."
  • Player Choice and Competitive Play: The existence of services like FACEIT suggests a tiered approach to competitive integrity. fleebee argues, "I think the status quo where anyone on any platform can access the vanilla game -- where cheaters may not even be a huge problem depending on one's skill rating -- and the most competitively-minded players have the choice to play on FACEIT, works pretty fine."
  • CS2's Cheating Problem: The state of Counter-Strike 2's built-in anti-cheat is criticized by players who find vanilla modes unplayable due to cheaters. Double_a_92 states, "To be fair in the specific case of CS2, the normal modes without FACEIT are really barely playable. Most games are just a massive loss or win, depending on who has the suspiciously good player with 100 hours in their team."

Anti-Cheat Stability and Implementation Issues

Beyond security, the practical stability and implementation of anti-cheat systems are also a concern.

  • Vanguard's Instability: PeterStuer points out issues with Vanguard's stability: "Meanwhile Vanguard can't even stop crashing every game when you have a slightly non bog standard gaming system, e.g. with more than one adaptive sync monitor, Hyper-V or WSL installed ..." This contrasts with the sentiment from preciousoo early in the thread, which praised Vanguard's approach without "gimmicks" when the "work speaks for itself." This highlights that even advanced systems can have significant performance and compatibility drawbacks.