Anti-Cheat System

I know this might not sit well with everyone, but I have to say it—I hate cheaters. They ruin the experience for everyone else, turning what should be fun and competitive into something frustrating and unfair.

I also understand that anti-cheat systems like COD Ricochet and Riot Vanguard are intrusive. They operate at the kernel level, which means they have deep access to your system. That makes a lot of people uncomfortable, and understandably so. But the truth is, it works.

Cheating is a constant arms race, and these anti-cheat systems give game developers the upper hand by blocking cheats before they can even take hold. Whether it’s detecting malicious software, stopping hardware hacks, or catching suspicious input patterns, this kind of protection is essential if we want a level playing field.

It might feel intrusive, but at the end of the day, it’s necessary if we want to keep cheaters out and keep gaming fair.

1. Kernel-Level Protection: Both run at the highest system privilege level (Ring 0), enabling deep system monitoring and detection of low-level cheats that would otherwise bypass user-mode anti-cheat systems.

2. Real-Time Cheat Detection: Constant monitoring of memory, processes, and behavior in real time to catch cheats as they happen.

3. Preventive Measures: Both systems block cheats from interacting with game processes before they can affect gameplay, reducing the chance of malicious software taking hold.

4. Automatic Updates: Continuous updates help stay ahead of cheat developers, adapting to new exploit techniques and cheats.

---

Countering Hardware Hacks:

1. Hardware Spoofing Detection: Kernel-level anti-cheats monitor for hardware IDs and anomalies, detecting attempts to spoof hardware signatures, which are often used by hardware-based cheats (like aimbots).

2. Peripheral Monitoring: Vanguard and Ricochet can detect suspicious input patterns from external hardware, like custom input devices (modded controllers or mouse/keyboard setups) that give players unfair advantages.

3. Driver Integrity Checks: They validate loaded drivers to prevent custom hardware drivers from being used to interact with game processes, which hardware cheats sometimes rely on.

By leveraging deep system access and constant monitoring, both systems effectively detect and block hardware and software-based cheats, ensuring a fair gaming environment.

Find more posts tagged with

Comments

Noaani

So, here's the thing.

Even with kernal level anti-cheat, there are still many ways that players can cheat in a game. One of the most recent kinds of cheating is building a 3d printed robot that plays the game for you. No hardware spoofing or anything, as it just presses the keys. If you own an arduino, a spare android phone, and have access to a 3d printer, you can set one of these up for most popular games in an afternoon (not including print time). You may need to source some servos and actuators, but they aren't hard to get.

However, there are still other, more simple cheats that work with kernal level anti cheat in place. The MSI MEG 321URX comes to mind here.

So really, what this discussion is - whether it is what the OP thought it was or not - is a discussion as to what level of anti-cheat people want.

The most stringent anti-cheat involves kernal level anti-cheat, hardware vetting and a webcam pointed at every players face while they play (probably with some system to ensure it isn't a pre-recorded video, perhaps detecting light refraction from the monitor). Even this will see some people cheating get through.

We can go one step back, drop the webcam and hardware vetting, accept that this will let in a few more people cheating, but is less intrusive.

Or we can go another step back again, and drop kernal level anti cheat - which is in itself very intrusive. This will let in a few more people cheating, but the number of people is more dependent on the game design than anything else.

To me, since even the most stringent level of anti-cheat isn't goint to catch all cheating, my personal preference is for the developer to do what they can without being intrusive - so I prefer to stop before kernal level anti-cheat, as opposed to after it.

The thing to keep in mind with this is that even if there is no kernal level anti-cheat, that doesn't mean cheating will be either rampant or obvious in the game.

The best anti-cheat system is building a game that doesn't really benefit from cheating. An aimbot is an easy cheat to make, and can be made basically impossible to detect. So, build your game in a manner where aiming is significantly less important. People can then run aimbots, but it won't do them a whole lot of good.

In a tab target MMORPG, the bulk of cheats that would give you an advantage (positional cheats) are able to be detected on the games server. In fact, that is the best place to detect them. This is why the bulk of online cheating (not all, just the bulk) come from games that are action combat in nature - specifically the online FPS genre.

Pendragxn

It's interesting—I looked up some of the things you mentioned, especially regarding the monitor, plugins, and peripherals, and one feature that stands out is the built-in KVM switch. It's a practical tool for managing multiple systems, and maybe it even connects to that scenario you mentioned about building a robot to bypass anti-cheat systems.

I've never personally had to use a webcam or face-tracking, though I know that’s more common in esports or tournaments, especially when playing remotely. For me, that's never been part of the experience, but I get why it’s used in those settings.

What you said makes a lot of sense—no matter how well-designed a game is, people will always try to exploit where they can. There’s no foolproof way to completely stop cheating or abuse of game mechanics. It’s just the reality of online games today.

It would be ideal to avoid using intrusive anti-cheat systems or overly harsh measures, but unfortunately, in today’s gaming world, we have to expect that people will cheat. The challenge is finding the balance between protecting the game and not alienating players with overly aggressive anti-cheat software. In the end, it’s better to err on the side of caution than let cheaters ruin the game or damage its reputation.

Take Albion Online, for example. It’s overrun with bots and cheaters, and it’s driven a lot of players away. The game’s reputation has taken a hit because of it. I’m not even sure if Easy Anti-Cheat really works anymore, to be honest!

Zehlan

I would like to put in to this that if a company doesn't give a shit about people cheating than any anti cheat measures are worthless. Look at COD if a person is caught they only receive a 3 day shadow ban including for repeat offenders. New world from what I saw didn't even give that much.

So best anti cheat system will be intrepid having actual people live to deal with them and having serious and permanent consequences. This should scare off the bulk who would try leaving only a diminishing return of the more determined cheater.

Pendragxn

Hardware-based cheats in online games are difficult to spot because they operate outside the game's software, bypassing traditional anti-cheat systems. These cheats use external devices (such as robots, programmable controllers, or modified input devices) to mimic human input, making them nearly undetectable by software that scans for abnormal behavior or memory tampering.

Direct Memory Access (DMA) cheats are another example of hardware-based cheating. DMA cheats use specialized hardware to directly read and write game memory without the game’s software detecting it. This allows cheaters to access and manipulate data like aimbot coordinates or player positions, all while bypassing traditional anti-cheat mechanisms that monitor software activity.

On top of that, spotting these cheats with the human eye is also challenging. The actions performed by these devices can appear as smooth and consistent as a skilled player's movements, making it hard for other players or even moderators to differentiate between legitimate gameplay and automated input. The precision of these hardware cheats can easily be mistaken for high-level play, further complicating detection efforts.

Noaani

Pendragxn wrote: »

It would be ideal to avoid using intrusive anti-cheat systems or overly harsh measures, but unfortunately, in today’s gaming world, we have to expect that people will cheat. The challenge is finding the balance between protecting the game and not alienating players with overly aggressive anti-cheat software. In the end, it’s better to err on the side of caution than let cheaters ruin the game or damage its reputation.

This part is true, and is what I'm saying also.

However, I fall on the other side of the line in regards to kernal level.

To me, that the the line too far - but this is on the assumption that Intrepid do all they can to prevent cheating up to that specific line.

What I see happen often in games (Archeage was a great example of this for a while) is developers using anti-cheat software, and then doing nothing else. I am far more against that than I am against kernal level rootkit anti-cheat software.

What I find interesting is that if you talk to someone that makes game cheats, they will all tell you that the best defence against them in any game is to make a game in which cheats don't give you much of an advantage.

Take Albion Online, for example. It’s overrun with bots and cheaters, and it’s driven a lot of players away.

I don't play Albion Online, but since it uses EAC, if it is overrun with bots and cheaters, I don't see any justification there at all for using kernal level anti cheat software.

That said, all of the above was general facts I have been aware of for a long time, and are my reason for falling on the side of not wanting kernal level anti cheat. With the way kernal level anti-cheat works, the ebbs and flows of effectiveness then ineffectiveness that it goes through, if someone were not aware of all of that, I could see how they would just outright want kernal level anti cheat.

Pendragxn

I get what you're saying, but I don't think it's possible to fully develop a game or mechanics that can address every cheat or exploit without negatively impacting the game itself or bubble-wrapping everything. There needs to be a balance between anti-cheat measures, design, and active moderation to effectively counter these issues.

EAC (Easy Anti-Cheat) is more of a commercial solution, and while it's used in many games, cheaters, bots, and exploits are still often exposed by the community. A commercial anti-cheat solution can't fully cater to game-specific scenarios or data and tends to be shallow in its performance.

The way forward, in my opinion, is for developers to create their own anti-cheat system, similar to Ricochet or Vanguard, but tailored to the game’s needs, while still having moderators actively monitor the situation. You can't completely remove the human element—no tool is perfect.

Flanker

I hope Intrepid will have a decent Customer Support that actually does its job. I don't want New World 2.0 where I literally recorded multiple videos with bots, showed and explained their algorithm and patterns only for that to be completely ignored.

It might end up being much more difficult than it sounds, especially if Ashes becomes a popular game with hundreds of thousands or, hopefully, millions of players. The amount of workload might be huge when you face thousands of reports on a daily basis and it becomes easy to get overwhelmed.

ariatras

Windows Kernel Security Updates and Implications for Anti-Cheat Development

In light of recent developments, it’s become clear that Microsoft is looking to significantly alter how third-party applications interact with the Windows kernel. After the major incident involving a faulty CrowdStrike update, which caused widespread system crashes across millions of devices, Microsoft is enhancing its kernel security in Windows 11 and beyond. This update will limit third-party access to the kernel, which has direct implications for anti-cheat systems that operate at this level.

I’ve read several articles covering Microsoft's plans, including from SecurityWeek (securityweek.com/post-crowdstrike-fallout-microsoft-redesigning-edr-vendor-access-windows-kernel) and Petri (petri.com/microsoft-to-boost-windows-security-to-prevent-crowdstrike-style-outages), which highlight how the company is actively encouraging security vendors to adopt safer practices, such as operating outside of kernel mode. While kernel-level anti-cheats provide deep system monitoring, they can also pose serious risks to system stability, as seen in the CrowdStrike fiasco.

For developers of new games, this change presents an opportunity to rethink how anti-cheat solutions are implemented. By designing anti-cheats that do not require kernel-level access, developers can ensure better compatibility with future Windows updates and maintain system stability for players. Microsoft’s move toward safer, non-kernel security solutions will likely set a new industry standard, making non-kernel anti-cheat systems more favorable going forward (redmondmag.com/articles/2024/09/13/microsoft-security-vendors-talk-windows-kernel.aspx).

As these updates roll out, game developers should be aware of the potential issues with kernel-level anti-cheat solutions and consider alternative approaches that align with Microsoft's new security focus. The aim is to balance robust security with a stable gaming environment, and avoiding kernel dependencies is a key step in achieving that.

PS: This is good news for Steam Deck and other Linux-based devices too.

By reducing the reliance on kernel-level anti-cheat solutions, game developers can create anti-cheat systems that are more compatible with platforms like Linux. Kernel-level anti-cheats often have issues running on Linux due to their deep integration with Windows-specific kernels. By moving to user-mode or other less intrusive methods, it becomes easier to ensure compatibility across different operating systems, including Linux-based systems like the Steam Deck. This shift can lead to better gaming experiences on these platforms without sacrificing security.

Pendragxn

Interesting topic. My thoughts on this are that it is generally better for game developers to create their own anti-cheat systems rather than relying solely on commercial solutions. Custom anti-cheat systems can be tailored to the specific game, offering better protection against game-specific exploits, quicker response to emerging threats, and more flexibility in integration and updates. While kernel-level access can provide deeper security, it also introduces risks like you mentioned system instability. By designing their own systems, developers can balance performance and security without relying on third-party tools that may not be as adaptable or safe.

Flanker

Pendragxn wrote: »

Interesting topic. My thoughts on this are that it is generally better for game developers to create their own anti-cheat systems rather than relying solely on commercial solutions. Custom anti-cheat systems can be tailored to the specific game, offering better protection against game-specific exploits, quicker response to emerging threats, and more flexibility in integration and updates. While kernel-level access can provide deeper security, it also introduces risks like you mentioned system instability. By designing their own systems, developers can balance performance and security without relying on third-party tools that may not be as adaptable or safe.

Buddy, if we wanted to ask ChatGPT about it, we could do it ourselves

ShivaFang

ariatras wrote: »

PS: This is good news for Steam Deck and other Linux-based devices too.

I'm not sure if it's ironic or a propos that that windows security updates wind up being a boost to Linux.

Caww

I would prefer AoC use ingame telemetry to curb abuse and not brute-force a mechanic unless they really need to, most likely well after a full launch and real cheating becomes identifiable with minimal false-positives.

Pyrolol

The CoD anti cheat clearly doesn’t work
Not even going to mention every lobby at Ranked Trios Diamond+ was literally cheater vs who has the better cheats

For MMOs
There’s things as bots and scripting programs that allows players to do everything in one button or have gcd hacks so they don’t have to wait for refresh (Evident first hand experience 2010 WoW) everyone who used it had there accounts permanently banned and serves them right

The last expansion (Dragonflight) had so many botting cheaters in that game it became a literal meme

So it looks like anti cheat isn’t getting better or hackers are getting paid/better at hiding it

So, whatever a company has to do I don’t care how much information they see or how uncomfortable people feel as long as it keeps cheaters out of our competitive gaming scene

(For the og players) “Region lock China” 🇨🇳

Noaani

As a point worth noting, Microsoft are potentially planning on moving the security features built in to windows outside of the kernal. This won't have a direct impact on Linux users, but if this happens, it may have some sort of implication in relation to this whole thing - though Linux developers will still need to step up.

Basically, it could be the catalyst for something to happen.

Noaani

Zakheaka wrote: »

Anti-cheating system = blocking Chinese IP
我必須誠實、認真地回答你
屏蔽中國人可以淨化遊戲環境
最小化作弊玩家帶給您的不舒適感

See, no.

First, it doesn't work that way - the larger RMT companies are North American, not Chinese. These people are quite happy for you to believe they are Chinese, however.

Second, if a publisher put a block on an entire country, it is as easy as using a VPN to get around - meaning the block would be completely ineffective.

Pendragxn

I don’t necessarily agree with blocking an IP based solely on the group or region it belongs to. Anyone can exploit a system, regardless of their location. A more nuanced approach, such as implementing a region lock for specific servers in response to significant issues, might be more effective.

Furthermore, if you create an anti-cheat system for the game and aim to gather analytical data on the types of exploits and cheats being used, you risk limiting your understanding of these issues. Excluding a large segment of the player base could hinder your ability to collect valuable insights that could enhance the game. Additionally, consider the financial implications: excluding players who contribute through subscriptions reduces potential funding for future improvements and expansions. Developers, like those at Intrepid, need financial support to continue their work, so it’s vital to maintain a diverse player base.

Noaani

Zakheaka wrote: »

但是我想告诉你开放中国的IP 进入游戏是自杀行为
我基于现实情况告诉你为何我会提出封锁中国人的原因

To be clear, Intrepid expect Ashes to be banned in China.

Intrepid don't need to perform an IP block, the CCP are going to do that.

Child Item