CSGO used to have Overwatch which is an anti cheat system that uses trusted and experienced players to go through video footage of reported players. With this method I both reported blatant spinbotters, wall hacking, and other chears. I also was on the side of watching back footage of hacking players.
Say AI trains on this data, it might work.
I’m not a fan of this though because knowledgeable and experienced players will be better than AI.
What actually exists but what I have yet to see implemented in any game I play are those server-side “AI anti-cheat” solutions like from anybrain that basically just analyse the players behavior to fit certain criteria. According to areweanticheatyet.com though there are four games using it already (the most well-known one probably being Lost Ark). In theory ai models can be very efficient and accurate at this (we are not talking about transformer models here like with the current llm craze) but that all depends on how they train a model and what the training data looks like.
I am not sure what the user above is thinking, but to play devil’s advocate:
One thing that modern AI does well is pattern recognition. An AI trained on player behavior, from beginner level all the way up to professional play, would be able to acquire a thorough understanding of what human performance looks like (which is something that games have been developing for a long time now, to try to have bots more accurately simulate player behavior).
I remember someone setting up their own litmus test using cheats in Tarkov where their main goal was just to observe the patterns of other players who are cheating. There are a lot of tells, a big one being reacting to other players who are obscured by walls. Another one could be the way in which aimbots immediately snap and lock on to headshots.
It could be possible to implement a system designed to flag players whose behavior is seen as too unlike normal humans, maybe cross-referencing with other metadata (account age/region/sudden performance anomalies/etc) to make a more educated determination about whether or not someone is likely cheating, without having to go into kernel-level spying or other privacy-invasive methods.
But then…this method runs the risk of eventually being outmatched by the model facilitating it: an AI trained on professional human behavior that can accurately simulate human input and behave like a high performing player, without requiring the same tools a human needs to cheat.
Cheating humans already perform closely enough to trick such a system. Many cheaters are smart enough to use an aimbot only for a split-second to nail the flick. With a tiny bit of random offset, those inputs indistinguishable from a high-skill player.
These tricks may make it indistinguishable to a human moderator, but machine learning is actually really good at detecting that. But most companies don’t have the expertise, resources or training data to build a proper model for it.
Machine Learning is really good at CLAIMING it detected that.
The reality is that every few months there is a story about a fairly big streamer/e-sports player MAYBE getting caught cheating on stream. Sometimes it is obvious and sometimes it really becomes “Did they just know the map well enough to expect someone to come around that corner?”.
And a lot of times… it really is inconclusive. A somewhat common trope in movies is the veteran gunslinger literally aims at the wall of a stairwell and tracks where they expect the head to be and either fires a few rounds through the wall or waits for them at the bottom and… that is not entirely inconceivable considering that people tend to not crouch or move erratically down stairs. Obviously Jonathan Banks has a wallhack but Mike Ehrmantraut is just that damned good.
And false positives are a great way to basically kill a game. ESPECIALLY if they are associated with demonstrably false negatives too.
But you can be damned sure most of the major esports games are already doing this. It really isn’t expensive to train and they have direct feeds of every player in a tournament or twitch event. The issue is that there are (hopefully) tens of thousands of servers active at any moment and running Computer Vision+Inference on every single server is very costly.
And… I seem to recall there was a recent intentionally poorly defined Movement about maybe keeping user hostable dedicated servers a thing? How does that mesh with having every single server need to phone hom (a fraction of) all 32 players feeds to a centralized cluster?
Machine learning doesn’t necessarily require a centralized cluster. Usually running those kinds of models is pretty cheap, it’s not an LLM basically. They usually do better than human moderators as well, able to pick up on very minute ‘tells’ these cheats have.
I understand your point about edge cases, but that’s not something the average player cares about much. E-sports is a pretty niche part of any game, especially the higher ranks. You just want to filter out the hackers shooting everyone each game that truly ruin the enjoyment. Someone cheating to rank gold instead of silver or whatever isn’t ruining game experiences; they’re usually detectable too, but if you get a false negative on that it’s not the end of the world. A smurf account of a very highly ranked player probably has a bigger impact on players’ enjoyment.
Depending on the model, inference can be run with CPU only. To distinguish what was originally proposed (a momentary flick consistent with aimbotting), you are either doing ray tracing (really expensive) or analyzing (effectively) video feeds. Both of which tend to put things more into the GPU realm which drastically increases the cost of a server.
But also? The only way these models can work is with constant data. Which means piping feeds back home for training which basically is never inexpensive.
Aside from that: if it was as simple as you are suggesting then this would be a solved problem. Similarly, if people don’t care about hackers outside of e-sports then there would be no reason for games to spend money on anti-cheat solutions when any match that matters would have heavy scrutiny. And yet, studios keep pumping out the cash for EAC and the like.
Since human beings are hot garbage and will always cheat, I really enjoyed playing against the AI soldiers in BF. It can also ensure that the game is playable forever OFFLINE.
Where I live I cant play BF4 anymore. Servers are down for my country, but I paid money for the game. Digital media is a scam once the servers go down. That is why I jailbroke every console I own. Ppl are already reviving BF2 with AI bots. The future is looking bright.
Pretty much the same as all the other modern BFs. They all had cheats in the Beta/early release versions. I’ve played and own literally every BF game since the original release of 1942. Cheats have always been present more or less.
My machine went into a boot loop and I had to clear CMOS to boot again.
I wonder how many people without the resources to fix a problem like that easily are going to end up without computers for an extended period of time because of this.
I had issues aswell where I couldn’t boot, and you wanna know why? Because I didn’t follow the step by step instructions EA tells you to follow. Follow those instructions, and it’ll work just fine.
From my research, while I could see that being the case, “Secure Boot” is classified by the Free Software Foundation and the GNU Project as Tivoization, and GPL-3 was made to fix that. That’s how I saw it, at least.
Same. Keeps things simple with Linux, and Windows doesn’t even complain about it being disabled, so long as it’s present. I’ll never understand why it’s even required if you don’t even have to enable it.
So they can have an excuse to force you to upgrade to Windows 11 beyond “whoops, turns out making an operating system as a ‘buy once’ product is a bad idea.”
Joke’s on them; I already upgraded to Windows 11. I was among the first. It’s actually a solid OS once you disable all the ads and telemetry with O&O Shut Up 10.
You can still get win 11 without TPM by using Rufus and bypassing TPM which will have to be done for a lot of old PCs and we will have to do it by October this year.
Your computer will gradually get more and more filled with security holes that will be problematic to patch. Eventually, programs will stop supporting it as well.
Does this disable updates though? My wife somehow had Win11 installed on her pc without enabling secure boot, and her updates got so far behind that now it refuses to update and needs to be reinstalled.
I am still baffled that anyone thinks that Kernel AC is any kind of effective at stopping hacks, people have been literally making a living off of defeating it, and selling those hacks / methods for almost a decade now…
But nope, still got hordes of idiot gamers who think they work, think they’re necessary, think they can’t be spoofed.
Not sure how you could read this and come away with the idea that I do believe that…
I am talking about the subset of gamers that go on internet forums and discord servers and make false, unsupported claims as to the effectiveness or necessity or Kernel AC over other forms of AC, tell people this just is how it is now, get with the program, eat the bugs, play the spyware game, its fine, everyone is doing it.
Indirectly buyers are making a decision on anticheat. If someone buys a game with anticheat, they’ve made the decision to reward the developer for making the decision to include anticheat.
We have to ask the question if cheat developing wasn’t profitable, and even if developers actually operated at a loss, would there be as many cheats on the market as there are now?
You can, but most everything that would let you run your own boot-time code is supposed to end up in the TPM event log, which the TPM is happy to attest to with its unique/uniquely bannable attestation key. Not too difficult to set it up so that no attestation = no access.
This type of attestation is far from perfect for a lot of different reasons, and it would be really impractical to automate bans with it, but I guess it's a tool they see value in.
so glad we have to give huge corporations tons of access to our private data just to play a game we paid for! so cool!
Real talk: Not all multiplayer games require kernal level anti cheat. Fortnite is a good example. If this type of anti-cheat, forced secure boot is so necessary to prevent cheating, why doesn’t Fortnite have problems with rampant cheating? Or do they and I just don’t notice because I’m losing either way? lol
There are a lot of good reasons for secure boot both in game and in general. If your distro does not support it then that should be a complaint directed towards the maintainers. And… getting that through Proton is a different mess.
But EA have been spending the past year or so actively updating older Battlefields (I want to say all the way back to 3?) to actively block linux/proton. For whatever reason, they actively want to block anything but Windows for their games.
Secure boot can be used as part of a chain that eventually ends with unlocking your cryptographic keys only if the software stack has not been modified.
Sure, for most people that’ll make little difference, but it is an actual benefit.
First, Yo. Doesn’t even need to be a good password.
Second, what you are describing is something very different. Outside of very rare situations (most of which theoretical or specifically targeting a specific system by a state level actor), to be able to “boot the bios and disable it” would generally mean the machine is already VERY compromised or the bad actor has physical access to the machine.
A good way of thinking of it is that secure boot isn’t the lock on the door. It is the peephole that you look through to make sure that the person with your pizzas is from Georgio’s AND you actually ordered pizza. Rather than just opening the door because “Yo, free food”.
On its own? It doesn’t do much. But it goes a LONG way towards improving security when combined with other tools/practices.
I was able to get around secure boot by installing the beta on my PS5. From then, I had the pleasure of being unable to enter due to broken menus! Can’t complain for having spent nothing and having little trust in the franchise.
There’s nothing wrong with Secure Boot and enabling it can prevent a small subset of attack vectors with no real downsides. That being said, the things Secure Boot does protect against aren’t likely to be an issue for most users but it’s nothing to be afraid of.
Things were better when private servers had actual mods and admins, they acted more like pubs where you could go see the regulars, actually form a community.
This is where we need dedicated servers and self moderation
My knowledge towards battlefield games ends at BF4 but I’m pretty sure people pay to host custom servers, EA refuses to open source it and only supply a handful of third parties with the actual code for them to charge hosting fees.
Needlessly intrusive. Can obviously be circumvented by cheaters anyway, so quite possibly superfluous. Apart from that it protects against the kinds of attacks that typically require physical access to the computer. If you have physical access you have full access anyway. Etc.
I get your pc, “tamper” it, then i install a fake bios that tells you all is well and that your tpm and secureboot and whatever else bullcrap they invent is still happy.
A USB keylogger is not detectable by the computer, not in firmware nor operating system. It passively sniffs the traffic between the USB keyboard and the computer, to be dumped out later.
I recently had an rfid scanner immediately rma-d back that had just been returned to us. The new issue was caused by a setting and not by a defect. I asked our IT/help desk if it WAS a setting that could be changed
“I don’t know. I get the thing, I check these settings, I check those settings, that’s all I know”
😑😑😑
So me and another person are out of our equipment for another couple weeks while the scanner is sent back for “repairs” and the repair people will go “😑 tap tap tap idiots”
(Edit: I know it’s a setting because I talked with the other person who uses it and I explained the issue and he let me know it is something he changes)
And Microsoft is shutting out most third parties in the near future because of Crowdstrike, so Linux likely won't be supporting Secure Boot in the future, even if someone did want to enable it for some odd reason.
Microsoft’s kicking third parties out of the kernel because of crowdstrike. Secure boot is a completely different thing Microsoft can’t kick people out of.
Do you have any advice for someone that dual boots SteamOS and Windows 10 on a Steam Deck?
I’ve heard online that since SteamOS manually signs keys or something, that if any changes happen to the kernel that later need to be updated by SteamOS, I’d need to re-sign the keys or whatever. Idk I’m not well versed in any of this
I’ve heard it’s as easy as downloading the M$ keys to enable Secure Boot, but I also don’t want to brick my Deck.
Windows 10 support is ending soon so there’s no reason to have it on your steam deck. Steam will stop supporting it sooner after Microsoft does, just like steam does with Apples operating system.
You never made that point. Stop moving the goal posts.
Do we have any evidence that Steam will not supported anything Windows 10 related, given that commercial licenses are ending and many people are shifting to enterprise licenses?
And it’s not like Steam hasn’t already been doing this. People have used enterprise licenses for legit and nefarious purposes for years. I doubt they’d change anything in October. They aren’t owned by M$
(1) Yeah, well the secure boot keys needed for Linux distributions expire in September (tomshardware.com/…/microsoft-signing-key-required…), so that seems like a sustainable solution, sure buddy. (3) What’s your income? What region of the world do you live in and what hardware is available to you? I’m still using an am4 platform PC as my daily driver because I can’t burn money. One of my buddies has an AM3 PC. Many people use modified surplus office PCs (especially in developing nations like South America or SEA), which don’t have secure boot as an option. Check your privilege, and maybe donate some of your spare hardware to those who need it, if you want to make this “a non issue” for everyone. (4) Yeah. I own my hardware, I configure my software. I gut Windows like a fish and keep it on a leash for these games, and use Linux for my work and for the games that respect the ecosystem.
New keys have already been released and you can always just create and enroll your own damn keys. This is sensationalist nonsense.
“Check my privilege” over secure boot? Calm down, Karen.
I think gaming on PC is going to get interesting in the coming decade as Microsoft kicks third parties out of the kernel (thanks crowdstrike!) and more and more people just stop putting up with windows. Enterprise in the US is hooked but everyone else? Na, they are gonna drop it.
Edit: these are listed as 1,3,and 4 in my post in voyager but lemmy shows 123. Interesting.
On the list thing, it seems that adding numbers with periods in a list seems to auto configure it to ascending numbers. That’s why I used (1) (3) (4). Weird, but I guess that’s the work around.
Enrolling your keys doesn’t work btw, because battlefield checks which keys you enroll, only accepting the default MS keys. Also on the hardware front, it is a big problem for gamers on a sub-300 USD budget these days - the best deals are on legacy hardware or surplus office equipment, mainly AM3-AM4 era.
The number list is how markdown works. You can enter all 1’s and it will automatically create ordered list.
Handy when you may need to edit list items, as you dont need to renumber even in plain text.
Markdown spec should allow for explicit number by using a bracket ‘)’ instead of a dot, but it may not work everywhere.
Let’s give it a go
<span style="color:#323232;">3) start from 3
</span><span style="color:#323232;">1. Then
</span><span style="color:#323232;">1. Continue
</span>
Having Anti-Cheat of any kind outside of the game is laziness or lack of resources.
I believe just have physical limitations of the character or objects and verify the movement every once in a while to make sure that their movement is not super human (ie, aim bots).
It takes more work and resources to do what they’re doing. They already do server side anti cheat. And realistically, this is more effective than not doing it, though it definitely still gets defeated anyway. I would say the things that it asks of the customer are not worth the trade even if they were 100% effective, but they are more effective.
The best thing is back when Battlefield was Battlefield, it would self-regulate because most people played on self-hosted servers, so cheaters and bad actors were taken care of swiftly. But now they want their own control to put shitty bots and SBMM in the game, so here we are.
This whole game is a case of the devs making bad decisions and then instead of changing them decisions, they apply the quickest bandaid fixes they can.
Overall scope was set by EA, they wanted a more mainstream shooter to compete with the likes of Call of Duty, so they could jump into the seasonal content/battle pass grind. But the devs made all these little individual decisions that add up.
The issue with “just analyze the players” is that it is VERY expensive computationally. And it causes issues with non-official servers as it drastically increases the cost of a dedicated server and makes a listen server nigh unusable.
To be clear: I do not think the kernel level anti-cheats are a consumer friendly solution. But it takes a special kind of arrogance to insist you know better than decades worth of research and work in trying to stop hacking.
Yeah I mean its not like Valve has been using a combination of server side and client side game file only validation to do AC for Counter Strike for 20 years or anything.
Yep yep yep, the whole industry uses Kernel AC, other than the devs of the longest running comoetetive FPS genre ever, yep yep yep!
Valve is also barely a blip in the market when it comes to this, funny enough.
Valve’s data can be more or less officially pulled and steamdb lists them as having 1 million concurrents in whatever the default window is (looks like this month). Call of Duty claims to be closer to 70 million but most conservative estimates agree they are at least in the low 10s of millions of “active players” rather than anyone who just popped in to check their dailies to see if they wanted to do them.
Personally? I think the vast majority of games (including Battlefield…) would be perfectly fine with VAC and I like VAC. But there are reasons that the studios that make more money than some small nations on their games (as opposed to their storefront, which is what VAC actually is based on) literally pay for more invasive solutions.
Which is actually the other point worth remembering. Punkbuster and EAC and rolling their own costs money. Whereas VAC is “free” with Steam (and possibly elsewhere but that gets murky). Many of the mega games are associated with their own proprietary launchers but plenty of midtier games that ONLY care about Steam still feel the need to pay for EAC or whatever.
And… there is a reason beyond “We want to spend money to hurt our users”.
Okay. Apparently EAC is free if you sell your game on Epic but… ain’t fucking nobody considering EGS their be all end all platform. Even frigging Epic sued the hell out of Apple to get into the app store for crying out loud (not quite the same but roll with me).
I mean yeah, thats why I said longest lived, not ‘most popular’.
But I am glad you agree that… VAC is reasonable, and works pretty darn well.
But this leads into Part 2…
Why does VAC work pretty darn well?
Beyond the technicals of the methods of AC…
Because if you fuckup bad enough, your entire Steam Library can be deleted.
Steam is a platform.
Every single other major company that is trying to force Kernel AC on the PC market is acting as if they do, or should just also be the de facto platform, as they are on consoles.
Yep, cheat on Xbox or PS and your account can get banned there too… but a PC is more than a gaming console, has a lot more private stuff on it than one, typically.
Valve are PC natives so they never pushed for Kernel AC.
They just allow, and now warn you about Kernel AC from other mega publishers on their platform, and these other game publishers.
Their whole thing is that they want you to use their platform instead of Steam. They’ve pretty much all done it at this point, at least tried… Ubisoft, Rockstar, MSFT/GFWL, ActBlizz (now technically MSFT but w/e), etc etc etc
And they want to force Kernel AC down your throat on your PC as well as consoles… because it gives them more data, which they can use themselves, and sell to data brokers.
… Anyway, the funniest part?
EAC and BattleEye have offered full support to game devs to get their AC working on linux via Proton… for 3 to 4 years now.
It comes with their licensing agreements.
But management almost never cares to tell development to actually use this support thst they are already paying for!
… Because they get lots of money from MSFT, and MSFT hates Linux.
Also, if you go on areweanticheatyet … you can see that almost every single AC system of any kind, in the last 10 years… has at least one game that showcases it working on Linux.
This means that it is provably, entirely possible to get nearly all AC systems working on Linux, as some game dev team has done this.
Its just that most game dev teams, under most management… are not directed to.
There is no real technical reason why AC cannot be made to work in a satisfactory way on Linux.
At best, it is dev/management laziness/nonprioritization, at worst, it is publishers not wanting to upset MSFT, or still pursuing their idea of what should be normalized in terms of a gaming distribution platform, and the backend business side of profiting from dataharvesting.
Yep yep yep, the devs of the FPS game with endemic cheating so horrible the competitive scene had to introduce their own matchmaking system with kernel AC.
So, again, Kernel level AC can be, and routinely is defeated, all the time.
This is easy to verify with a simple websearch and maybe 30 minutes of time, I don’t want to directly link to where you can purchase working cheats/hacks/methods that can defeat Kernel AC, because I do not want such things to proliferate.
But you appear to be claiming the competetive scene for CS has introduced a Kernel level AC.
I cannot find this, this does not appear to be true, but I could be wrong, could you please source this claim?
I cannot find a competetive CS community or league or tournament that has… somehow rolled their own custom version of CS, overlayed with some other AC, on top of VAC.
Frankly, I don’t see how this would be possible without somehow forking CS, and then either stripping out or modifying VAC… as … two AC systems working at the same time are nearly 100% guaranteed to fight each other, and class the actions of the other AC… as cheats and hacks.
Its essentially analagous to how, 15 to 20 years ago, if you had McAfee and Norton and whatever other realtime, always active, system level anti virus software running, simultaneously… they would fight eachother, treat the other AV system as a virus, as malware.
…
All I can find is CS communities discussing the problem broadly, mixed with a lot of speculation that a recent VAC overhaul now does include Kernel AC… despite there being no actual evidence for this, beyond the collective bias and fallacious logic that if an AC becomes more effective, the only possible explanation is that it must be because of Kernel access.
What Valve actually did, was hook up AI to greatly enhance its serverside cheat detection capabilities and accuracy… one of the rare actually good use cases of AI as it relates to cybersec.
It seems to have improved their, again, server side heuristic detection abilities… without needing Kernel level access.
…
So yeah, please source your claim.
Unlike my easily verifiable ‘claim’ that I do not wsnt to cite for cybersec reasons, your claim should not have that problem at all.
So yep, again, Kernel level AC, routinely defeated, all the time, with such regularity that it is a viable business model.
Almost like Kernel AC doesn’t do what people seem to think it does, it isn’t a panacea, and the tradeoff is that you lose all your computer security… for nothing, really.
I did not say that kernel level anti cheats makes cheating impossible. The improvement in the experience is not nothing. You would not understand unless you played both for yourself.
Kernel anti-cheat does absolutely nothing to prevent aimbots/triggerbots, as most are run using 2 separate machines, anyway. The first machine runs the game in a totally clean and legitimate environment, but sends its video output (either using standard streaming tools like OBS or by using special hardware) to the 2nd machine. The 2nd machine runs the cheat and processes the video to detect where to aim and/or when to shoot, and sends mouse input back to the 1st machine.
Colorbots are extremely efficient and can be run on just a raspberry pi.
Human reaction time is ~200-250ms, while the cheat will be introducing easily less than 10ms of latency.
I’ve never used cheats in a video game because I don’t see the point and it would spoil the fun of playing, but as a software developer, it is interesting to learn about how they work and are implemented
Wall hacks could be defeated by the server only reporting the positional information about enemy players to game clients when it detects that the client player’s camera should be able to see some part of the other player’s silhouette. This is possible, albeit computationally expensive, but the main functional issue is latency. Nobody wants enemies magically popping into view when their view changes quickly because their ping was more than 6ms lol
youtu.be
Gorące