What an interesting day when you see a site you've worked on for the past 2 (3?) years get posted to HN! Except I tried submitting this site years ago when I had just finished it, but it did not seem like HN was that interested at the time, and I don't blame them. It was very niche and video game related, and the site also looked a lot worse. It's come a long way to the point where there where I collaborated with someone else to do a redesign, which I think has done great for the project at large.
I originally created the site as a way to track which games would be supported on Linux, since at the time the Steam Deck was releasing, and some games were turning to support it. And it has since blossomed into a larger project, which some other tools even pull from! I would have never even imagined that when I first started making this.
I do want to address something I see being talked about in the comments, which is the fact people say that anti-cheats are snake oil, or useless. This is a big misunderstanding, and I feel like those more technically inclined should understand that anti-cheat is a "defense-in-depth" type of approach. Where it is just one of many lines of defense. Some anti-cheats are pretty useless, and don't do much, but some actually do try and protect the game you're playing. But, just like DRM, it can be cracked, and that's why it's more of a constant arms race, rather than a one and done thing.
I'm writing out a longer post about this for the future, but just know that without anti-cheat clientside, it would be far too easy for an attacker to cheat in these games. We're still ways out from letting AI (see VACnet [1] and and Anybrain [2]) determine if someone is cheating server-side, so for now we have to rely on heavier client-side techniques and server-side decision making.
Also if anyone has questions about the site (or for me), I'll try to answer them here when I see them. If not, have a nice day!
I disagree with the onclient kernel stuff. Just like with any website, any checking MUST be server side. Kernel stuff not only makes clients inherently less secure and stable, but also for cheat coders it's only a matter of finding vulnerable driver they can use to avoid being caught.
Empirically, it works. Look at Vanguard as an example. There's obviously a privacy tradeoff, but a lot of people would rather avoid cheaters than maintain tight control of their computers. It would be great if anticheat could all be serverside, but I'd love to hear a proposal for how to prevent aimhacking with serverside anticheat alone.
>This is a big misunderstanding, and I feel like those more technically inclined should understand that anti-cheat is a "defense-in-depth" type of approach. Where it is just one of many lines of defense. Some anti-cheats are pretty useless, and don't do much, but some actually do try and protect the game you're playing.
As a serious player of many multiplayer games I disagree. All it takes is one cheat to circumvent the protections and soon enough every cheater will use that circumvention.
Meanwhile, I, the legitimate player suffer from degraded performance, disconnections (looking at you Amazon Games - you've not been able to fix your (most likely) Easy Anticheat disconnection issue in 2 years!), or outright inability to play.
Perhaps the cheating situation would be worse without anticheats, but considering how rampant it seems to be in fast-paced or grindy games I play, I kind of doubt it.
Anti cheat is DRM. It's added specifically to make it so modifications are DRM circumvention and therefore copyright infringement. This isnt to protect the player, but forced by big suit investors to "protect their investment".
The best anti cheat is proper net code. Games rarely do this because it's expensive and difficult. Consumers will buy it anyways.
Anti cheat overtop is like calling an open window with a loud Weiner dog guarding it "defense in depth".
I don't think the point is to argue anti-cheat isn't effective, the point is to draw a line in the sand and say, this is where it stops.
Take the analogy of enabling better police work by granting unlimited access to our private communications. No one doubts it would be effective, but the cost and the threat is too much.
This is the line we draw in the sand: get out of the kernel, anti-cheat has no business being there. The cost and threat are too great.
This acceptance is the same situation that brought us the Crowdstrike incident. It's unacceptable.
We fail as an industry and as a society when we accept these compromises.
Putting a government monitored streaming video camera in every bedroom and bathroom in the country to detect sexual assault would also be "defense in depth". But it would be a terrible thing to do, both because it's easily evaded (do your rape someplace else) and because of the intrusion. Any kind of defense in depth argument has to consider how easily bypassed the defense is and the cost it comes at.
Believe it or not, most people don't play video games against strangers. Anti-cheat is not of any value to them. Even for people who do play video games against strangers even uncompromised anti-cheat doesn't stop many forms of cheating like macro-mouses. Especially now with all the success being shown at machine learning playing video games with nothing more than a video feed and the button inputs, the amount that anti-cheat can help is clearly quite bounded and getting worse over time.
And the cost? Anti-cheat comes at the cost of general purpose computing, at the cost of being able to control the computers with which you trust your most intimate secrets. It's a civil liberties nightmare, or at least a per-requisite technology for many such nightmares. Opposition to anti-cheat is opposition to RMS's Right to read dystopia (https://www.gnu.org/philosophy/right-to-read.en.html).
I don't think it's too far a leap that saying that anti-cheat or DRM technology that comes at the expense of the availability of general purpose computing is more of a problem for human rights than the farcical bedroom cameras I started with.
So when you advocate anti-cheating technology that locks users out of controlling their own computers, you're favoring an at-best incremental improvement which can still be evaded for a narrow application that most people don't care about... and this comes at the expense of imperiling the human rights of others.
Like with many things there is an asymmetry to the costs: Anti-cheat and DRM substantially fail if even a moderate amount of dedicated people still have a way to cheat. Yet the damage to people's freedom from the loss of general purpose computing is still substantial even when the lockdowns can be evaded.
If anti-cheat came at no meaningful cost the fact that it could be evaded wouldn't be a meaningful argument against it. But it's expensive to develop, intrusive, disruptive, and the more successful it is the more effective it'll be at being abused to deny people control of their computers in anti-social ways.
One thing I don't understand and I would really appreciate if someone could explain this to me.
Why do we need separate anti-cheat programs? Can't the operating systems simply have an option when creating a process that prevents all operations looking at the memory of the process (and maybe if such a process is about to be launched the user has to explicitly accept that by clicking a button)? Wouldn't that stop almost all the cheats without needing separate anti cheat programs, since I assume those programs have to use OS facilities to mess with the game anyway.
Cheats run on the cheater's machine, not on the other players' machines. Of course the cheater would always click accept because it's not an accident that the cheat is running on their machine.
It's not the cheat that has to be accepted, it is the game. The option prevents the cheats (or any other program) from being able to examine the game's memory.
> Can't the operating systems simply have an option when creating a process that prevents all operations looking at the memory of the process
Already the case for userspace programs, due to virtual memory
> those programs have to use OS facilities to mess with the game anyway.
Cheats today essentially are like drivers, they do not run as userspace programs. Hence, they can do literally anything on your computer. In terms of privileges, driver code runs at a level as privileged as the operating system. Hence the need for programs that run at the level of the OS kernel to catch the cheats.
> Already the case for userspace programs, due to virtual memory
Userspace programs can read other userspace programs memory, it's part of the standard win32 api[0].
> Cheats today essentially are like drivers, they do not run as userspace programs. Hence, they can do literally anything on your computer. In terms of privileges, driver code runs at a level as privileged as the operating system. Hence the need for programs that run at the level of the OS kernel to catch the cheats.
Some cheats nowadays do this, but they do this because of anti cheat programs. If there were no anti-cheat programs, they wouldn't have to do this.
If I wanted to write malware the first step to doing so would be turn on the “make me immune to any anti virus or endpoint detection software”
If you want to know why the OS doesn’t enforce this - https://slashdot.org/story/432238 you roll into HN’s other favourite topic of “why can’t I run the X of my choice on my OS?”
Unfortunately injection based cheating is not the most prevalent form of cheating within titles that do a great job at preventing it such as overwatch. Screen bots are used often outside of any monitored process through hdmi streams and such. They can use game features, sprites, and colors to make aim and trigger bots that seem pretty natural. Additionally the most prevalant and annoying cheaters are the ones that trick games into believing keyboard and mouse is a controller which combines sticky aim features of controller input with the precision of mouse and keyboard controls. On consoles this is a dominant persistent cheat that a larger percentage of gamers use as opposed to the small percentage that inject code.
It's not the cheat that has to be accepted, it is the game. The option prevents the cheats (or any other program) from being able to examine the game's memory.
It could if the hardware allowed such separation, but the x86 platform doesn't do anything close to that and allows reading memory of other processes in so many different ways in both userspace and kernel. Not to forget hardware being able to read memory via DMA that many use now.
- Have the user-facing OS be a VM managed by that hypervisor
- Have the game process run under a second sibling VM
The hypervisor can then mediate hardware access and guarantee nothing from VM A can access VM B nor the other way around.
IIRC WSL2 enables such a mode, both the Windows OS the user sees and the Linux VM run under Hyper-V as siblings VMs.
And Xbox One and up do EXACTLY the above: each game runs in its dedicated VM (I presume that's what "trivially" enables Quick Switch/Resume via pausing/shapshotting the VM) and apps run in another.
Tangent: I somewhat wish MS would allow WSL2 on Xbox.
In addition to the technical details mentioned there is also the "social" part:
Having Anticheat lets the company show they are doing "something" against cheating and keeps law abiding players from installing cheats.
You would need hardware support to do this effectively. Telling a piece of software “no one is looking at your memory” as the OS doesn’t take into account rootkits and hypervisors.
For software related cheats maybe, but keep in mind that keyboard, screen and mouse being processed by an entirely separate computer is also very viable.
leaving aside that most anticheats are useless and constantly teetering on the thin line between legitimate software and malware, not enabling anti-cheat solutions that support Linux on Linux is really an asshole move that almost definitely stems from an unmotivated or ideological hostility to Linux in general (I'm specifically referring to Tim Sweeney here).
Another offender is Ubisoft, or more specifically the R6 Siege team. Battleye works perfectly fine on Linux - in fact, other Ubisoft teams have enabled Battleye-Linux support for their games (ex: For Honor) - but for whatever reason, the Siege team refuses to do so, even though it's one of the most upvoted issues on the bug tracker [1].
I agree that they teeter the line, but hard disagree that they’re ineffective. They’re ineffective if you run your own servers and vet your own community because you don’t need them, but that’s not how most popular games are being played these days whether you like it or not. Fall guys was fundamentally broken, they added easy anti cheat and the problem disappeared pretty much.
the best anti cheat that i have experience is vangaurd by riot games. I was running a python script in background for web crawling, left it on and guess what? my account got banned. the support says the vangaurd found a script running. i explained them patiently that it was a web crawling script , still no use.
lol I had something similar but instead of a crawler, I had WinDBG run a BSOD dump file and the game automatically closed. I forgot the game was running in the background while I trying to figure out what was crashing my system. It was a random network monitoring driver (after removing it) problem solved. But I ended up getting shadow banned. After 14 days. My account reverted back to normal. My guess, the game triggered a fail safe and closed to avoid any injection or step process read. But the fact that I was running a debugger to fix problems, it just tells me that some of these anti cheats are trash. It still puzzles me how they do not implement daily offset reset randomizer with encryption + decryption binded to the device. Anyone want to partner up and start an anti cheat service solution let me know. =)
Anti-Cheat will not help, if the games not Update it for more than 8 month.
And one thing the devs could do without Anti-Cheat, is to automate analysis of e. g. head shot rate, movement speed, etc. but most games not do that. If average player make 25 Kills per hour in a game and some 150 over longer periods i did not need an anti cheat to do something.
This is a common misconception. Some players are extremely good at video games, and they look like statistic anomalies / outlier when mapped across the full distribution of players.
Consider, for example, professional gamers. They spend countless hours practicing, and they can easily outcompete casual gamers who don't have the time to refine their skills daily.
Statistical anti cheat is extremely weak in any game where legitimate human players can end up as outliers.
Extremely good players have old profiles that they have used for a long time, gradually getting better. Cheaters are either using a new profile, or an old profile with bad stats that then has a sharp uptick.
I think the real answer is to sidestep all of the direct, deterministic solutions in favor of statistical ones. I am not 100% certain of this, but I believe some there are some games, like EA's Battlefield series, that utilize a degree of statistical modeling to detect cheaters.
We reliably use statistical process control to automatically calibrate incredibly precise, nanometric-scale machinery for purposes of semiconductor engineering. Surely, with the extreme amount of data available regarding every player's minute inputs in something like a client-server shooter, you could run similar statistical models to detect outliers in performance. With enough samples you can build an extraordinarily damning case.
The only downside is that statistical models will occasionally produce false positives. But, I've personally been "falsely" banned by purely deterministic methods (VAC) for reasons similar to others noted in this thread (i.e. leaving debugging/memory tools running for a separate project while playing a game). So, in practice I feel like statistical models might even provide a better experience around the intent to cheat (i.e. if you aren't effectively causing trouble, we dont care).
> like EA's Battlefield series, that utilize a degree of statistical modeling to detect cheaters
Battlefield started out using PunkBuster, one of the earliest kernel-level anti-cheats. With Battlefield 4, they used FairFight, a statistical server-side solution, alongside PB.
With Battlefield 1, they dropped PB, and operated with just FairFight.
And now, EA have decided to create their own kernel-level AC, called EA AntiCheat, and are implementing it on BF5 and BF1, largely because FairFight was not enough.
You could probably detect 90% of cheaters in Rust by detecting people who press DEL during in game non textual interactions. It probably would also have a relatively low false positive rate. It is however easy to evade once known.
But I think collecting all that data and sparingly using it is the best approach. You could combine that with headshot rate, etc. and really narrow down relatively reliably.
In order to play some online games that requires anti cheat.
I avoid these titles myself. In fact, I don't run wine, steam or game console emulators on my Linux workstation. I run Windows VM:s for isolation and security.
You may have strong opinions on anti-cheat software and they may be correct, but it is required for playing certain online multi-player games, and people want to play those games on Linux too (especially the Steam Deck, I would presume). Ergo, people want anti-cheat software on Linux.
Readit News
I originally created the site as a way to track which games would be supported on Linux, since at the time the Steam Deck was releasing, and some games were turning to support it. And it has since blossomed into a larger project, which some other tools even pull from! I would have never even imagined that when I first started making this.
I do want to address something I see being talked about in the comments, which is the fact people say that anti-cheats are snake oil, or useless. This is a big misunderstanding, and I feel like those more technically inclined should understand that anti-cheat is a "defense-in-depth" type of approach. Where it is just one of many lines of defense. Some anti-cheats are pretty useless, and don't do much, but some actually do try and protect the game you're playing. But, just like DRM, it can be cracked, and that's why it's more of a constant arms race, rather than a one and done thing.
I'm writing out a longer post about this for the future, but just know that without anti-cheat clientside, it would be far too easy for an attacker to cheat in these games. We're still ways out from letting AI (see VACnet [1] and and Anybrain [2]) determine if someone is cheating server-side, so for now we have to rely on heavier client-side techniques and server-side decision making.
Also if anyone has questions about the site (or for me), I'll try to answer them here when I see them. If not, have a nice day!
[1] https://youtu.be/kTiP0zKF9bc
[2] https://www.anybrain.gg/
As a serious player of many multiplayer games I disagree. All it takes is one cheat to circumvent the protections and soon enough every cheater will use that circumvention.
Meanwhile, I, the legitimate player suffer from degraded performance, disconnections (looking at you Amazon Games - you've not been able to fix your (most likely) Easy Anticheat disconnection issue in 2 years!), or outright inability to play.
Perhaps the cheating situation would be worse without anticheats, but considering how rampant it seems to be in fast-paced or grindy games I play, I kind of doubt it.
The best anti cheat is proper net code. Games rarely do this because it's expensive and difficult. Consumers will buy it anyways.
Anti cheat overtop is like calling an open window with a loud Weiner dog guarding it "defense in depth".
Take the analogy of enabling better police work by granting unlimited access to our private communications. No one doubts it would be effective, but the cost and the threat is too much.
This is the line we draw in the sand: get out of the kernel, anti-cheat has no business being there. The cost and threat are too great.
This acceptance is the same situation that brought us the Crowdstrike incident. It's unacceptable.
We fail as an industry and as a society when we accept these compromises.
Believe it or not, most people don't play video games against strangers. Anti-cheat is not of any value to them. Even for people who do play video games against strangers even uncompromised anti-cheat doesn't stop many forms of cheating like macro-mouses. Especially now with all the success being shown at machine learning playing video games with nothing more than a video feed and the button inputs, the amount that anti-cheat can help is clearly quite bounded and getting worse over time.
And the cost? Anti-cheat comes at the cost of general purpose computing, at the cost of being able to control the computers with which you trust your most intimate secrets. It's a civil liberties nightmare, or at least a per-requisite technology for many such nightmares. Opposition to anti-cheat is opposition to RMS's Right to read dystopia (https://www.gnu.org/philosophy/right-to-read.en.html).
I don't think it's too far a leap that saying that anti-cheat or DRM technology that comes at the expense of the availability of general purpose computing is more of a problem for human rights than the farcical bedroom cameras I started with.
So when you advocate anti-cheating technology that locks users out of controlling their own computers, you're favoring an at-best incremental improvement which can still be evaded for a narrow application that most people don't care about... and this comes at the expense of imperiling the human rights of others.
Like with many things there is an asymmetry to the costs: Anti-cheat and DRM substantially fail if even a moderate amount of dedicated people still have a way to cheat. Yet the damage to people's freedom from the loss of general purpose computing is still substantial even when the lockdowns can be evaded.
If anti-cheat came at no meaningful cost the fact that it could be evaded wouldn't be a meaningful argument against it. But it's expensive to develop, intrusive, disruptive, and the more successful it is the more effective it'll be at being abused to deny people control of their computers in anti-social ways.
But, in practice, it usually doesn't result in any new cheaters. There is a myriad of reasons for this, but I won't go over them here.
Dead Comment
Why do we need separate anti-cheat programs? Can't the operating systems simply have an option when creating a process that prevents all operations looking at the memory of the process (and maybe if such a process is about to be launched the user has to explicitly accept that by clicking a button)? Wouldn't that stop almost all the cheats without needing separate anti cheat programs, since I assume those programs have to use OS facilities to mess with the game anyway.
Of course nowadays DRMs are sort of baked-in, so I guess anti-cheats could be too?
Already the case for userspace programs, due to virtual memory
> those programs have to use OS facilities to mess with the game anyway.
Cheats today essentially are like drivers, they do not run as userspace programs. Hence, they can do literally anything on your computer. In terms of privileges, driver code runs at a level as privileged as the operating system. Hence the need for programs that run at the level of the OS kernel to catch the cheats.
Userspace programs can read other userspace programs memory, it's part of the standard win32 api[0].
> Cheats today essentially are like drivers, they do not run as userspace programs. Hence, they can do literally anything on your computer. In terms of privileges, driver code runs at a level as privileged as the operating system. Hence the need for programs that run at the level of the OS kernel to catch the cheats.
Some cheats nowadays do this, but they do this because of anti cheat programs. If there were no anti-cheat programs, they wouldn't have to do this.
[0] https://learn.microsoft.com/en-us/windows/win32/api/memoryap...
If you want to know why the OS doesn’t enforce this - https://slashdot.org/story/432238 you roll into HN’s other favourite topic of “why can’t I run the X of my choice on my OS?”
https://en.wikipedia.org/wiki/Cheating_in_online_games#Sandb...
- Have the user-facing OS be a VM managed by that hypervisor
- Have the game process run under a second sibling VM
The hypervisor can then mediate hardware access and guarantee nothing from VM A can access VM B nor the other way around.
IIRC WSL2 enables such a mode, both the Windows OS the user sees and the Linux VM run under Hyper-V as siblings VMs.
And Xbox One and up do EXACTLY the above: each game runs in its dedicated VM (I presume that's what "trivially" enables Quick Switch/Resume via pausing/shapshotting the VM) and apps run in another.
Tangent: I somewhat wish MS would allow WSL2 on Xbox.
Dead Comment
[1] https://r6fix.ubi.com/projects/RAINBOW6-SIEGE-LIVE/issues/LI...
Having anticheat ban everyone doesnt make it good. What makes anticheat good is it banning cheaters while leaving honest players not.
Apparently it's not really effective at all.
And one thing the devs could do without Anti-Cheat, is to automate analysis of e. g. head shot rate, movement speed, etc. but most games not do that. If average player make 25 Kills per hour in a game and some 150 over longer periods i did not need an anti cheat to do something.
Consider, for example, professional gamers. They spend countless hours practicing, and they can easily outcompete casual gamers who don't have the time to refine their skills daily.
Statistical anti cheat is extremely weak in any game where legitimate human players can end up as outliers.
Anti-Cheat software https://en.wikipedia.org/wiki/Cheating_in_online_games#Anti-...
We reliably use statistical process control to automatically calibrate incredibly precise, nanometric-scale machinery for purposes of semiconductor engineering. Surely, with the extreme amount of data available regarding every player's minute inputs in something like a client-server shooter, you could run similar statistical models to detect outliers in performance. With enough samples you can build an extraordinarily damning case.
The only downside is that statistical models will occasionally produce false positives. But, I've personally been "falsely" banned by purely deterministic methods (VAC) for reasons similar to others noted in this thread (i.e. leaving debugging/memory tools running for a separate project while playing a game). So, in practice I feel like statistical models might even provide a better experience around the intent to cheat (i.e. if you aren't effectively causing trouble, we dont care).
Battlefield started out using PunkBuster, one of the earliest kernel-level anti-cheats. With Battlefield 4, they used FairFight, a statistical server-side solution, alongside PB.
With Battlefield 1, they dropped PB, and operated with just FairFight.
And now, EA have decided to create their own kernel-level AC, called EA AntiCheat, and are implementing it on BF5 and BF1, largely because FairFight was not enough.
But I think collecting all that data and sparingly using it is the best approach. You could combine that with headshot rate, etc. and really narrow down relatively reliably.
I avoid these titles myself. In fact, I don't run wine, steam or game console emulators on my Linux workstation. I run Windows VM:s for isolation and security.