Kernel level anything is malware and should not be allowed to be sold.
Kernel-level anti-cheat tools aren’t even effective at stopping cheaters. They should just drop that dumb bullshit altogether.
They stop a fair bit of attacks and vectors. There’s many good defcon talks about this
Didn’t they still use heuristics and known database? There’s a video of a guy writing his own cheat and practically went undetected.
This is the video: https://youtu.be/RwzIq04vd0M
My solution is simple: if it does not work on Linux, the game is out.
Same. I didn’t even move my Windows SSD over from my old computer. I wasn’t using it before anyway, since a few years ago. Everything I play just mostly works in Linux now so what’s the point. I didn’t use Windows for anything else but Steam.
Hey, I used my Windows computer for LibreOffice, too! Which reminds me, I need to get that on my Deck.
Long story short, if the Steam Machine gains enough market share, game publishers will want to join in because it will mean more money for them. It’s all about money.
I originally thought the Steam Deck would be enough for that, but it appears not yet. Maybe the combined share can move the needle
Use Linux to game folks
It’s just a skill issue on the part of the developers.
Making anti-cheat properly is hard. Writing a spyware that watches everything that happens on your PC and blocks any attempts of touching the game is way easier, but bypassing that is easy with solutions that have higher privledges, thus being invisible even for the anti-cheat. You can just fake calls or hide memory from the anti-cheat, or just edit the anti-cheat in itself.
The solution for that is to run anti-cheat in the highest possible permission - the kernel.
Now, you could just make another kernel-level program that would have the same permissions to defeat that, or just edit your OS (i.e Linux, or a VM) where your cheat lives outside and has even higher privileges than the anti-cheat.
This is where Windows comes in - the only way to run kernel code is to have it signed by Microsoft, and that certification process is extremely difficult and annoying, which puts a pretty big hurdle in front of cheat developers. It’s the easy way out.
You could also somehow reverse-engineer Windows and run a custom version to bypass this. And that’s where TPM comes in, which (if I understood it right) validates that your Windows is the official signed one, and thus the kernel anti-cheat is safe. You can’t have this kind of affirmation on Linux, and the lazy developers who don’t want to invest into actual moderation and proper anti-cheat solutions just resort to kernel anti-cheat rootkit and require TPM to be enabled.
There’s not much Steam can do about this, aside from locking up their OS with signign keys and certification for priviliged software, along with setting up the whole TPM so you can’t run modified versions, which isn’t really possible since they are based on Linux.
Valorant kernel anticheat stops other kernel drivers and even hypervisor level attacks
You absolutely can have that and more, what we in industry, attestation on Linux. Though the most obvious adaptation of that would the confidential computing space for key bits of the game data instead of the whole fucking OS. Though hardware level memory encryption is a server CPU feature that I don’t think any desktop ones support yet
Yeah confidential compute would be the way to go. But it’s expensive and not mainstream yet
Ryzen so-called “AI” Max Pro has hardware level memory encryption, at least it does on my HP ZBook. But it might be actually be the first laptop to do that as far as I know
The solution for that is to run anti-cheat in the highest possible permission - the kernel.
Cheaters just sidestep the kernel entirely and use DMA hardware instead.
At the moment its rather expensive at ~$400 but prices will probably drop over time.
Oh, cool, so if I understand it right, you have a hardware that directly reads the physical memory, so you can access it unrestricted and undetectable from another PC, where the cheat runs, and then you use a HDMI fuser to merge the output of the game and the cheat that runs on the second PC on a single monitor.
That’s actually really clever, I love solutions like this. Not that I approve of cheating, I have 0 respect for people who (unconsesualy, as in all involved parties agree to it being allowed) cheat. But from the hardware/security point of view, it’s amazing.
Oh, cool. Tbh I haven’t really looked into cheats much, but I did briefly work in cybersecurity where I was doing malware development, where AV avoidance is basically the same problem as game cheats are dealing with, so I just extrapolated what I assumed works the same.
This is a cool piece of tech, I’ll look into it more. I like seeing new exploits, thanks!
That’s too complicated to teabag people in Battlefield, but what would I know about the scene I’m not a part of.
Well, now I’m interested how far it can go in professional cheating. Any vids about that?
Not necessarily cheating, but use of external cheaters like this guy using an AI and electric shocks to have it move his arm
He still uses a software cheat to trigger that
I used to make qol autohotkey scripts for games I played. Take available info on the screen, make notifications or block input at the right time. Stuff like that.
For example, I made an on-screen mini-map and arrow to guide me instead of having to repeatedly read coordinates from a chat.
Playing a ping when something happened on screen was the most basic i did.
I had more fun making my scripts than actually playing the games. It’s fun looking for small queues on the screen and then figuring out practical ways of using that. I didn’t need AI for this.
Thanks for sharing them. I’d consider the second one completely unfair, while the first one is, well, that’s how I’d like to imagine the experience of occasional cheaters from now on.
They could also ban such games from their platform, which would be a huge hit to studios implementing rootkits.
“We’re expecting console numbers this time, and then they developers will have to support it.”
Pretty much the answer I’d expect. In my most outlandish hopes, I’d love for this thing to serve as proper competition to the PS5, it’s certainly more exciting than Xbox right now, and pretty much sounds like what MS is planning to try for the next Xbox anyway.
That’s probably not likely, that kind of threat would require some really aggressive pricing, and Valve can’t guarantee as much vendor lock-in money post-sale as Sony can. That said… man it’d be incredible to see Valve step into that near-monopoly as well and viably compete against both Switch and PS5, as they both pretty desperately need competition to keep them working for the consumer.
I agree it’ll require aggressive pricing, and I’m also sure they know this. I think most of the predictions of price are too high. I won’t be surprised if this is sold at a loss. Valve makes their money off the marketplace, not selling hardware. If they can move console players into their market, that’ll provide huge returns.
Consoles used to be sold at a loss. They don’t now because they don’t directly compete really. Either people get both or they choose based on brand loyalty or peer pressure. I hope Valve comes in and has a price so low you can’t ignore it if you’re looking to buy a console. The Xbox Series S is $400. I’m expecting it’ll be the same at most, potentially even lower if it’s sold at a loss. If it’s $300 then they’ll shake up the market without a doubt.
Couldn’t a problem be that If they set the price too low, companies buy them in bulk and using them as cheap, performant and sexy looking pcs? Consoles are very restricted in terms of os and other software, forcing people to use them in a way that almost guarantees you earning back your loss in the long term.
Steam machines are the opposite, you can install virtually anything on it and use them for whatever.
If they sold it a $400 they’d be at a loss, at $300 they would crash the desktop market. People would by it for general desktop use. Similar how so many PS2 were bought just because it was the cheapest DVD player and didn’t buy games.
Hell, there was a supercomputers built with PS3 clusters. Maybe that explains why the Steam Machine only has a 1Gbps nic…
I think the estimates are that $400 is reasonable for the hardware. It’s not particularly great, and makes some sacrifices for cost saving, which is fine. Like 8GB VRAM is pretty low for modern hardware. It’s enough for a lot of games, but modern AAA games it’s probably a little low.
I agree, $300 will be good enough people will get it for a computer. That’s what selling at a cost does. These manufacturers already get a bulk discount that buying as a consumer doesn’t, and selling it at cost makes it even lower. It’ll definitely be a good value for low performance computing, and I’d wager that’s part of the goal too. It isn’t just a console. It’s also an alternative to your computer and, importantly for Valve, gets you out of the MS ecosystem.
There’s really nothing new, it’s the same as it was on the Steam Deck.
If the devs are not assholes they can easily allow Proton, from what Valve said before often all it takes is literally one checkbox on their side.
I agree, but I also want to point out it isn’t the fault of the devs usually. It’s the publisher and executives. The devs are just trying to make a good game.
That’s true, but unfortunately some of them were against it for all the usual incorrect reasons. :/
What kind of shit question is that???
You should be questioning the game developers if they want to implement server side solutions instead of installing rootkits on users PCs and dictating what settings they should use.
Fuck off Eurogamer. No game should require any sort of kernel level access or setting change on your PC.
How can you implement server-side anti-cheat?
It really is as simple as “don’t trust the client.” Just assume that everyone is trying to cheat and go from there.
Servers should know what valid inputs from clients look like, and aggressively validate and profile those inputs for cheating. Meanwhile, the server should only send data to the client that is needed to render a display. Everything else stays server-side.
The key is to build a profile of invalid activity, like inhumanly fast mouse velocity coupled with accurate kills. There’s an art to this, but for things like FPS games, the general envelope of valid user activity should be straightforward to define. The finer points get caught during QA, and then further refined post-release. Someone might even come up with a library for this if there isn’t one already.
As a bonus, this also catches situations where people are using kernel circumvention like external hardware, in order to cheat. The behavior as seen by the server is what ultimately gets flagged.
It really isn’t.
You are imagining cheats must be superhuman, rather than merely better than the player making use of them. It’s perfectly possible to create a cheat which doesn’t move the mouse impossibly-fast or impossibly-accurately; it just moves it as quickly and accurately as a top-1% player. The bottom-10% player doesn’t care that he can’t beat the world champion, because he can still pwn some noobs.
You are ignoring cheats which display extra information on the screen, which the server can never tell. Did the player shoot someone too soon as they came around the corner, or did they just react quickly? Or did someone on their team warn them? The server doesn’t know.
But that doesn’t matter, if they have to play so carefully, they will be placed into an ELO where their “skill” matches, so they won’t be any more effective than a real player at that level, then they will be forced to be more suspicious and better players sniff out cheaters a lot better than others. So they wouldn’t even last long. This is basically what happens in CS now.
Smurfs can “pwn some noobs” just the same and get called cheaters all the time. Like I said in the other comment chain, we dont need to prevent people from cheating (endless game of cat and mouse), just make it ineffective.
they will be placed into an ELO where their “skill” matches, so they won’t be any more effective than a real player at that level,
Doesn’t the same logic apply to any sort of cheating that isn’t literally granting immunity or unlimited ammo?
Some things are harder, but for starters a few ideas:
-
Either check that the reported positions of players, their movement speed, etc are consistent to what the game would allow you to do (don’t fly, don’t go faster, don’t go through walls,…) or only accept player input, process it server side and then send positions etc back to the client. (You can do some local interpolation, but the server wins, when there’s a miss match). That should get rid of flying, no clip, teleportation, evasion of projectiles, … You can also analyze the inputs for abnormal behavior like the precision with which you aim for the (center of) the head, aiming through walls, etc.
-
Do all hitscan and projectiles etc. server side. Never let clients report that they’re hitting other players. This is calculated on the server.
-
Do only report other player positions when they’re on screen or almost on screen. If the client doesn’t know where the enemies are, wallhacks are impossible or harder (note that some information may be transferred to the client for the sake of spatial audio etc!)
And so on. Do not, never ever, rely on client side data or validation. If a cheat program can alter the client, it can alter the data it sends. How do you ensure, that the client is actually official and “your code”, when it can tell you anything it wants to tell you? You can only make it harder for others to impersonate your client, but never impossible. Especially on PC, when you can execute just about any code you want?
All of those things are already computed on server. The purpouse of anti cheat is to not let computer to game for you. To not precisely click heads, step out of danger within 1ms of seeing it or reliably hit timings and combos. Such things can be hard to detect, and it is an ongoing battle between detectors and cheats. And ordinary people are on the loosing side, as they face forced kernel rootkits, false cheat detections and grace periods during which cheaters are still allowed to play.
Which is what server side AC solves, they don’t want to do it because of money and expertise required vs here have a rootkit.
VACnet has always been like this, trained on all the games played. It’s had its problems sure, but I have never had to install a rootkit to play their video games. That’s the baseline any other game should be achieving.
IMO, I think it also has a lot to do with consoles, and how relying on the platform as a closed and secure system feeds into the thinking going on here. “Turn the PC into something we trust like a console” explains everything.
You’re probably right, I can’t wrap my head around people wanting to be controlled like that sometimes, wanting such intrusive and dangerous software installed just to play a video game. It’s PC, we don’t want a console experience. Even Valve that are making these products is making sure you can just use it like a PC.
So, nothing that can defeat a good aimbot or limited wall-hack then, and a lot that would interfere with lag compensation.
I mean yeah, all that can be done server side should be, but there’s a lot that can’t be.
-
Machine learning. Oh this player did this impossible move more than once, maybe we should flag that.
Valve have been doing it for more than a decade. Now imagine what others could do, they are so caught up on “AI”, but wont try to use it for anything it could actually be useful for.
How do you tell the difference between someone with a good aimbot (that simulates real input) and someone who’s just really good?
You can’t (server side).
Very easily, that’s what machine learning is for.
You can’t tell with client side either, so that’s a null argument. Anti-cheat is always bypassed, most good cheats don’t even run on the same device anymore, completely circumventing any kernel anti-cheat anyway.
On the server, they have all the data of where a player could be, what they could see, what they could hear, what human mouse movement looks like etc. that can all be used to target cheaters in a way they cannot get around. Player reporting would still exist of course for any other edge cases.
Client side anti-cheat has more data than server-side, because that is where the player’s actual screen, mouse and keyboard are.
The cheat only uses data available on the client - obviously - so the extra data about game state on the server is irrelevant.
“ML” is also not relevant. It doesn’t make the server any more able to make up for the data it doesn’t have. It only forces cheats to try and make realistic inputs, which they already do. And it ends up meaning that you don’t understand the decisions your anti-cheat model is making, so the inevitable false positives will cause a stink because you can’t justify them.
It doesn’t have to extinguish 99% of cheaters, hell, it doesn’t even need to extinguish cheating all together. It just has to make the problem manageable and invisible to players. That’s something server side can achieve. I’ll take the odd game with a cheater in if my entire PC isn’t ransom to some random company.
If cheaters exist but can only do it in a way that makes them look like a real player, then it doesn’t really effect the game anymore and the problem isn’t visible to players. You are never going to get rid of cheaters, even at LAN they have injected software in the past. It’s a deeper problem than we can solve with software.
Client-side AC has proven futile over and over again, even today with all the kernel AC. As I already said: most good cheats don’t even run on the same device anymore, completely circumventing any kernel (client side) anti-cheat anyway.
Why be allergic to trying something new? Something that isn’t invasive, a massive security threat or controlling of your own personal system.
It doesn’t have to extinguish 99% of cheaters, but if it affects 1% of legitimate players that’s a big problem. Good luck tuning your ML to have a less than 1% false positive rate while still doing anything.
I mean, Valve could explicitly say that they have some trusted hardware and software stack or something and let games know whether the environment’s been modified.
That’d require support from Valve and be about the only way that you could have both a way to run in locked down mode for multiplayer games where addressing cheating is a problem (and where I think the “closed console system” model is probably mote appropriate and the “open PC model” is at best kludged into kimda-sorta working like a console) and also let the system still run in an “open mode”.
My own approach is just to not play most multiplayer competitive games on PCs. I’ve enjoyed them in the past, but for anything seriously reflex-oriented like FPSes, your reflexes go downhill with age anyway. And they come with all kinds of issues, even on a locked-down system that successfully avoids cheating. People griefing. You can’t generally pause the game to use the toilet, deal with a screaming kid, or answer the door. The other players, unlike game AIs, aren’t necessarily going to be optimized to play a “fun” game for me. You don’t need an Internet connection, and being in a remote area isn’t a limiting factor.
I think that the future is gonna be shifting towards better game AIs. Hard technical problems to solve there, but it’s a ratchet — we only get better over time.
The burden should be on the developers and a server side solution. No PC should be invaded with software to stop cheating. It’s cat and mouse anyway with client side detection, by chasing it so hard they are just incentivizing the creation of less and less detectable cheats.
The whole “its an untampered system” thing doesnt work. It’s like Secure Boot now randomly being required in games. No user should have to enable or disable anything like that just to run a game. It’s their device, they should have the freedom to do what they want and still run an application.
I think the invasion of bots in games is ruining them personally, no matter how old I get, or how bad I get at them, I still want to play against real players. I wouldnt mind a mode with just AI for people, but they should never be mixed in with real players.
The burden should be on the developers and a server side solution.
There are some fundamental limitations on what you can do with purely server-side solutions. If you’re playing online card games, sure, you can do viable pure server-side stuff to resist most cheating. That’ll get everything short of using, say, a calculator to compute probabilities or count cards or something.
But with, say, FPSes, that’s not really practical. You need to have some information on the client that the player shouldn’t be privy to to mitigate things like latency. For example, if another player runs around the edge of a wall and becomes visible, your client needs to know that it’s behind the wall and rounding the corner to rapidly show the opposing character becoming visible. And that means trusting client side code. And that entails trusted hardware to do reliably, and that can’t be done by the game developer — it’s gotta have support from Valve if you want that.
It’s practical, VACnet has existed for over a decade. It might not be perfect, but it’s a start and any company serious about anti-cheat could take that premise further.
The downside is that cheaters have to play at least a game before they are detected. Client side stuff is better for initial prevention, but even that’s becoming trivial as most good cheats dont even run on the same computer as the game anymore, circumventing all AC software anyway. If your game costs money to play, that’s already one of the biggest hurdles, so prevention isn’t worth chasing at the expense of privacy and security of users.
Any downsides from server-side are nothing in comparison to the downsides of client side anti-cheat.
I remember buying a Steam Link directly from Valve back in the day for like $7 because of some sale they had. I really hope the same thing doesn’t happen to the new Steam Machine
Steam link and controller! That was such an amazing deal
Give it the same desktop mode as the Steam Deck and I’m already sold.
That’s KDE Plasma. You can use that on most distros
Thank you!
That’s what I was hoping for, because I’m loving my Steam Deck for it (and Bazzite on my laptop too).Bazzite is peak for a couch or media pc. CachyOS is great for daily use computer with a focus on gaming, especially laptops
Bazzite made installing and running it on an HP Victus laptop with dedicated Nvidia GPU a breeze.
Does CachyOS handle dedicated Nvidia GPUs well?
Arch would be nice as base OS, too. Although I’m quite happy with my Fedora derivative.Oh absolutely use whatever works for you! You can always try Cachy on a live usb if you really want to explore it. And yes it does have great support for Nvidia
I think it would have to be wildly successful to achieve that goal but 🤞🤞
