Anti-Cheat System
Pendragxn
Member
I know this might not sit well with everyone, but I have to say it—I hate cheaters. They ruin the experience for everyone else, turning what should be fun and competitive into something frustrating and unfair.
I also understand that anti-cheat systems like COD Ricochet and Riot Vanguard are intrusive. They operate at the kernel level, which means they have deep access to your system. That makes a lot of people uncomfortable, and understandably so. But the truth is, it works.
Cheating is a constant arms race, and these anti-cheat systems give game developers the upper hand by blocking cheats before they can even take hold. Whether it’s detecting malicious software, stopping hardware hacks, or catching suspicious input patterns, this kind of protection is essential if we want a level playing field.
It might feel intrusive, but at the end of the day, it’s necessary if we want to keep cheaters out and keep gaming fair.
1. Kernel-Level Protection: Both run at the highest system privilege level (Ring 0), enabling deep system monitoring and detection of low-level cheats that would otherwise bypass user-mode anti-cheat systems.
2. Real-Time Cheat Detection: Constant monitoring of memory, processes, and behavior in real time to catch cheats as they happen.
3. Preventive Measures: Both systems block cheats from interacting with game processes before they can affect gameplay, reducing the chance of malicious software taking hold.
4. Automatic Updates: Continuous updates help stay ahead of cheat developers, adapting to new exploit techniques and cheats.
---
Countering Hardware Hacks:
1. Hardware Spoofing Detection: Kernel-level anti-cheats monitor for hardware IDs and anomalies, detecting attempts to spoof hardware signatures, which are often used by hardware-based cheats (like aimbots).
2. Peripheral Monitoring: Vanguard and Ricochet can detect suspicious input patterns from external hardware, like custom input devices (modded controllers or mouse/keyboard setups) that give players unfair advantages.
3. Driver Integrity Checks: They validate loaded drivers to prevent custom hardware drivers from being used to interact with game processes, which hardware cheats sometimes rely on.
By leveraging deep system access and constant monitoring, both systems effectively detect and block hardware and software-based cheats, ensuring a fair gaming environment.
I also understand that anti-cheat systems like COD Ricochet and Riot Vanguard are intrusive. They operate at the kernel level, which means they have deep access to your system. That makes a lot of people uncomfortable, and understandably so. But the truth is, it works.
Cheating is a constant arms race, and these anti-cheat systems give game developers the upper hand by blocking cheats before they can even take hold. Whether it’s detecting malicious software, stopping hardware hacks, or catching suspicious input patterns, this kind of protection is essential if we want a level playing field.
It might feel intrusive, but at the end of the day, it’s necessary if we want to keep cheaters out and keep gaming fair.
1. Kernel-Level Protection: Both run at the highest system privilege level (Ring 0), enabling deep system monitoring and detection of low-level cheats that would otherwise bypass user-mode anti-cheat systems.
2. Real-Time Cheat Detection: Constant monitoring of memory, processes, and behavior in real time to catch cheats as they happen.
3. Preventive Measures: Both systems block cheats from interacting with game processes before they can affect gameplay, reducing the chance of malicious software taking hold.
4. Automatic Updates: Continuous updates help stay ahead of cheat developers, adapting to new exploit techniques and cheats.
---
Countering Hardware Hacks:
1. Hardware Spoofing Detection: Kernel-level anti-cheats monitor for hardware IDs and anomalies, detecting attempts to spoof hardware signatures, which are often used by hardware-based cheats (like aimbots).
2. Peripheral Monitoring: Vanguard and Ricochet can detect suspicious input patterns from external hardware, like custom input devices (modded controllers or mouse/keyboard setups) that give players unfair advantages.
3. Driver Integrity Checks: They validate loaded drivers to prevent custom hardware drivers from being used to interact with game processes, which hardware cheats sometimes rely on.
By leveraging deep system access and constant monitoring, both systems effectively detect and block hardware and software-based cheats, ensuring a fair gaming environment.
0
Comments
Even with kernal level anti-cheat, there are still many ways that players can cheat in a game. One of the most recent kinds of cheating is building a 3d printed robot that plays the game for you. No hardware spoofing or anything, as it just presses the keys. If you own an arduino, a spare android phone, and have access to a 3d printer, you can set one of these up for most popular games in an afternoon (not including print time). You may need to source some servos and actuators, but they aren't hard to get.
However, there are still other, more simple cheats that work with kernal level anti cheat in place. The MSI MEG 321URX comes to mind here.
So really, what this discussion is - whether it is what the OP thought it was or not - is a discussion as to what level of anti-cheat people want.
The most stringent anti-cheat involves kernal level anti-cheat, hardware vetting and a webcam pointed at every players face while they play (probably with some system to ensure it isn't a pre-recorded video, perhaps detecting light refraction from the monitor). Even this will see some people cheating get through.
We can go one step back, drop the webcam and hardware vetting, accept that this will let in a few more people cheating, but is less intrusive.
Or we can go another step back again, and drop kernal level anti cheat - which is in itself very intrusive. This will let in a few more people cheating, but the number of people is more dependent on the game design than anything else.
To me, since even the most stringent level of anti-cheat isn't goint to catch all cheating, my personal preference is for the developer to do what they can without being intrusive - so I prefer to stop before kernal level anti-cheat, as opposed to after it.
The thing to keep in mind with this is that even if there is no kernal level anti-cheat, that doesn't mean cheating will be either rampant or obvious in the game.
The best anti-cheat system is building a game that doesn't really benefit from cheating. An aimbot is an easy cheat to make, and can be made basically impossible to detect. So, build your game in a manner where aiming is significantly less important. People can then run aimbots, but it won't do them a whole lot of good.
In a tab target MMORPG, the bulk of cheats that would give you an advantage (positional cheats) are able to be detected on the games server. In fact, that is the best place to detect them. This is why the bulk of online cheating (not all, just the bulk) come from games that are action combat in nature - specifically the online FPS genre.
I've never personally had to use a webcam or face-tracking, though I know that’s more common in esports or tournaments, especially when playing remotely. For me, that's never been part of the experience, but I get why it’s used in those settings.
What you said makes a lot of sense—no matter how well-designed a game is, people will always try to exploit where they can. There’s no foolproof way to completely stop cheating or abuse of game mechanics. It’s just the reality of online games today.
It would be ideal to avoid using intrusive anti-cheat systems or overly harsh measures, but unfortunately, in today’s gaming world, we have to expect that people will cheat. The challenge is finding the balance between protecting the game and not alienating players with overly aggressive anti-cheat software. In the end, it’s better to err on the side of caution than let cheaters ruin the game or damage its reputation.
Take Albion Online, for example. It’s overrun with bots and cheaters, and it’s driven a lot of players away. The game’s reputation has taken a hit because of it. I’m not even sure if Easy Anti-Cheat really works anymore, to be honest!
So best anti cheat system will be intrepid having actual people live to deal with them and having serious and permanent consequences. This should scare off the bulk who would try leaving only a diminishing return of the more determined cheater.
Direct Memory Access (DMA) cheats are another example of hardware-based cheating. DMA cheats use specialized hardware to directly read and write game memory without the game’s software detecting it. This allows cheaters to access and manipulate data like aimbot coordinates or player positions, all while bypassing traditional anti-cheat mechanisms that monitor software activity.
On top of that, spotting these cheats with the human eye is also challenging. The actions performed by these devices can appear as smooth and consistent as a skilled player's movements, making it hard for other players or even moderators to differentiate between legitimate gameplay and automated input. The precision of these hardware cheats can easily be mistaken for high-level play, further complicating detection efforts.
However, I fall on the other side of the line in regards to kernal level.
To me, that the the line too far - but this is on the assumption that Intrepid do all they can to prevent cheating up to that specific line.
What I see happen often in games (Archeage was a great example of this for a while) is developers using anti-cheat software, and then doing nothing else. I am far more against that than I am against kernal level rootkit anti-cheat software.
What I find interesting is that if you talk to someone that makes game cheats, they will all tell you that the best defence against them in any game is to make a game in which cheats don't give you much of an advantage.
I don't play Albion Online, but since it uses EAC, if it is overrun with bots and cheaters, I don't see any justification there at all for using kernal level anti cheat software.
That said, all of the above was general facts I have been aware of for a long time, and are my reason for falling on the side of not wanting kernal level anti cheat. With the way kernal level anti-cheat works, the ebbs and flows of effectiveness then ineffectiveness that it goes through, if someone were not aware of all of that, I could see how they would just outright want kernal level anti cheat.
EAC (Easy Anti-Cheat) is more of a commercial solution, and while it's used in many games, cheaters, bots, and exploits are still often exposed by the community. A commercial anti-cheat solution can't fully cater to game-specific scenarios or data and tends to be shallow in its performance.
The way forward, in my opinion, is for developers to create their own anti-cheat system, similar to Ricochet or Vanguard, but tailored to the game’s needs, while still having moderators actively monitor the situation. You can't completely remove the human element—no tool is perfect.
It might end up being much more difficult than it sounds, especially if Ashes becomes a popular game with hundreds of thousands or, hopefully, millions of players. The amount of workload might be huge when you face thousands of reports on a daily basis and it becomes easy to get overwhelmed.
In light of recent developments, it’s become clear that Microsoft is looking to significantly alter how third-party applications interact with the Windows kernel. After the major incident involving a faulty CrowdStrike update, which caused widespread system crashes across millions of devices, Microsoft is enhancing its kernel security in Windows 11 and beyond. This update will limit third-party access to the kernel, which has direct implications for anti-cheat systems that operate at this level.
I’ve read several articles covering Microsoft's plans, including from SecurityWeek (securityweek.com/post-crowdstrike-fallout-microsoft-redesigning-edr-vendor-access-windows-kernel) and Petri (petri.com/microsoft-to-boost-windows-security-to-prevent-crowdstrike-style-outages), which highlight how the company is actively encouraging security vendors to adopt safer practices, such as operating outside of kernel mode. While kernel-level anti-cheats provide deep system monitoring, they can also pose serious risks to system stability, as seen in the CrowdStrike fiasco.
For developers of new games, this change presents an opportunity to rethink how anti-cheat solutions are implemented. By designing anti-cheats that do not require kernel-level access, developers can ensure better compatibility with future Windows updates and maintain system stability for players. Microsoft’s move toward safer, non-kernel security solutions will likely set a new industry standard, making non-kernel anti-cheat systems more favorable going forward (redmondmag.com/articles/2024/09/13/microsoft-security-vendors-talk-windows-kernel.aspx).
As these updates roll out, game developers should be aware of the potential issues with kernel-level anti-cheat solutions and consider alternative approaches that align with Microsoft's new security focus. The aim is to balance robust security with a stable gaming environment, and avoiding kernel dependencies is a key step in achieving that.
PS: This is good news for Steam Deck and other Linux-based devices too.
By reducing the reliance on kernel-level anti-cheat solutions, game developers can create anti-cheat systems that are more compatible with platforms like Linux. Kernel-level anti-cheats often have issues running on Linux due to their deep integration with Windows-specific kernels. By moving to user-mode or other less intrusive methods, it becomes easier to ensure compatibility across different operating systems, including Linux-based systems like the Steam Deck. This shift can lead to better gaming experiences on these platforms without sacrificing security.
I'm not sure if it's ironic or a propos that that windows security updates wind up being a boost to Linux.
Not even going to mention every lobby at Ranked Trios Diamond+ was literally cheater vs who has the better cheats
For MMOs
There’s things as bots and scripting programs that allows players to do everything in one button or have gcd hacks so they don’t have to wait for refresh (Evident first hand experience 2010 WoW) everyone who used it had there accounts permanently banned and serves them right
The last expansion (Dragonflight) had so many botting cheaters in that game it became a literal meme
So it looks like anti cheat isn’t getting better or hackers are getting paid/better at hiding it
So, whatever a company has to do I don’t care how much information they see or how uncomfortable people feel as long as it keeps cheaters out of our competitive gaming scene
(For the og players) “Region lock China” 🇨🇳
Basically, it could be the catalyst for something to happen.
我必須誠實、認真地回答你
屏蔽中國人可以淨化遊戲環境
最小化作弊玩家帶給您的不舒適感
See, no.
First, it doesn't work that way - the larger RMT companies are North American, not Chinese. These people are quite happy for you to believe they are Chinese, however.
Second, if a publisher put a block on an entire country, it is as easy as using a VPN to get around - meaning the block would be completely ineffective.
Furthermore, if you create an anti-cheat system for the game and aim to gather analytical data on the types of exploits and cheats being used, you risk limiting your understanding of these issues. Excluding a large segment of the player base could hinder your ability to collect valuable insights that could enhance the game. Additionally, consider the financial implications: excluding players who contribute through subscriptions reduces potential funding for future improvements and expansions. Developers, like those at Intrepid, need financial support to continue their work, so it’s vital to maintain a diverse player base.
亲爱的
首先请原谅我使用我的母语(中文)
我觉得Google翻译很难表达我的想法
首先我能理解您的想法
您提出的见解令我感到惊艳
但是我想告诉你开放中国的IP 进入游戏是自杀行为
我基于现实情况告诉你为何我会提出封锁中国人的原因
1.中国人会有很多人利用非法途径(人口帐户)购买时数或虚拟道具,然后退款或放任让信用卡信用破产
这对游戏社群及游戏开发商都是困扰
2.你不要相信中国人会反馈任何BUG,相反的,他们会尽其所能地利用漏洞开发作弊程序
甚至我知道有很多作弊程序开发者会花费金钱购买BUG相关线索
3.一旦中国人进入欧盟、美国、澳洲伺服器,他们很多野蛮行为将会迫使很多热爱这个游戏的玩家离开
您可以看看阿尔比恩亚洲伺服器,这些中国人开发出透视追踪用于PVP 甚至使用自动采集破坏市场机制
我已经深受这些恶劣玩家的影响,我宁可承受高度延迟也要逃离他们如蝗虫般的破坏
中国玩家的低素质和扭曲的价值观会破坏大多数人的体验
或许给他们一个中国服务器让他们在自己的服务器游玩是个折衷的办法
Intrepid don't need to perform an IP block, the CCP are going to do that.