• notfromhere@lemmy.ml
    link
    fedilink
    English
    arrow-up
    14
    ·
    4 months ago

    Isn’t there some way to design the multiplayer to not trust the client? Assume the client has aimbot and all can see through walls, etc. Design it with those things being expected instead of all this draconian pwn the user’s system nonsense.

    • Revan343@lemmy.ca
      link
      fedilink
      English
      arrow-up
      17
      ·
      edit-2
      4 months ago

      Server-side anticheat is more complicated to implement, so companies go with the lazy client-side rootkit instead

      • conciselyverbose@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        11
        ·
        4 months ago

        Server side anticheat also requires trusted servers.

        A lot of games are mostly P2P with minimal stuff actually happening on their own hardware.

      • Azzu@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        Server side anticheat is mostly implemented in all popular games. An aimbot however can’t be detected on the server side, it could just be a user moving their mouse perfectly. There’s lots of client cheats like that, which is why clientside detection still makes sense.

        • Nibodhika@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 months ago

          You should read about statistics. An aim-bot will be consistently accurate, humans are not consistently accurate. If your aim-bot is purposefully inaccurate then it’s useless. Long story short, your cheating has to be indistinguishable from human, which is HARD to accomplish, and if you do you’ll lose 50% of the matches against other humans.

          Not to mention a game with server side anti-cheat could purposefully send fake data, e.g. send a position for an “invisible” enemy, if you aim/fire to it you get tagged. It can do lots of similar stuff that would make the aim-bot less accurate than a human, e.g. every time an enemy enters line of sight add another enemy just outside of the frustum culling, or send an enemy behind a wall that has no visible parts. Cheaters will act on that information, regular users won’t. At that point the only way to bypass that is with external hardware that acts on the same information an actual user does (which also bypasses client side anti-cheat anyways), at that point you have a robot playing the game for you and losing 50% of the battles…

    • tiramichu@lemm.ee
      link
      fedilink
      English
      arrow-up
      12
      ·
      4 months ago

      Exactly, and that’s why I expressed the sentiment that client anticheat is a poor solution. If you really really want to stop cheating, you have to do it on the infrastructure that you as the game developer have guaranteed and trusted control over, and that is the server.

      • Azzu@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        How do you suppose to block an aimbot on the server side?

        • FooBarrington@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          4 months ago

          Primarily by not sending non-visible information and by detecting unrealistic/impossible motion. If the aimbot has to limit itself to what humans can do, it doesn’t really matter anymore.

          • Azzu@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            4 months ago

            It does matter though. If you program the aimbot to act as if they were the best human, the aimbot is still going to beat everyone else, same as if it was behaving unrealistically superhuman. But you can’t simply ban the best human from your game.

            • FooBarrington@lemmy.world
              link
              fedilink
              English
              arrow-up
              8
              ·
              4 months ago

              No human has perfect consistency, and it’s always an option to manually review data if it’s questionable.

              What good is client-side scanning, when you can just run the aimbot outside the client and send the inputs directly through hardware?

              • Azzu@lemm.ee
                link
                fedilink
                English
                arrow-up
                3
                ·
                edit-2
                4 months ago

                Then program some inconsistency into the aimbot. it’ll still win against everyone most of the time, still being a problem.

                Manual review is always possible, but this requires a lot of people. And if someone really looks at the best players, they seem like an aimbot all the time.

                Client-side scanning forces hackers to run the input through hardware, which increases the level of entry and investment necessary to start cheating. Of course everything is always avoidable, but it’s about reducing the amount of cheaters by detecting the lazy/stupid people. If you just don’t client-side scan at all, there will be a lot lot lot more cheaters. It’s about reducing the volume so much that the amount is not that bad anymore and can better be dealt with manually.

                It’s about forcing cheat developers to spend time/money finding new ways to hide, reducing the value of trying to create cheats.

                Of course there are privacy and security concerns. But client side detection in a limited manner does make sense.

                • Nibodhika@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  4 months ago

                  I’m not the person you were talking with, but I mostly agree with them.

                  Here’s the thing, client side anti-cheating is a losing battle, it’s the equivalent of adding spikes to your key so you can give it to someone so they won’t be able to open your door, once they have the key they can remove the spikes. Client side anti-cheat can ALWAYS be bypassed, they rely on security by obscurity to prevent people from removing the actual check, but it’s a losing battle, no exceptions.

                  Server side anti-cheat is the only method that has the possibility of being accurate. Like you said, you can make your aim-bot be indistinguishable from human, but then you’re going to be on a human level and other humans might beat you. Any game that worries about this already has a skill based matchmaking, which means that cheaters will end up playing with other cheaters or humans with a similar level of skill, so who cares?. You might get one cheater that’s still ranking up on a match, but on the long run they’ll cluster together.