> Besides, it's a cat and mouse game where the vendor is the mouse.

The goal of anti-cheat isn't to stop the world's most advanced cheaters. Those are already unstoppable because they now use Direct Memory Access over the PCI-E bus, so the cheats don't even run on the same computer anymore. However since those cheaters are few and far in-between they can be handled through player reports.

The goal is to stop the mediocre cheater who simply downloaded a known cheat from a cheating forum. If you don't stop those you'll get such a large wave of cheaters that you can't keep up with banning them quickly enough.

With the emergence of AI cheating, cheats don't even need access to memory anymore. The cheat can entirely run on mouse and screen peripherals and the computer will have totally no idea what's going on. The best you can do is behavior analysis. But it always comes with chance of misreports.

Direct Memory Access cheats will always perform better as they can reveal the location of an opponent before they're even visible on the screen.

Why are players who aren't on screen even in the client memory? The server shouldn't be sharing sensitive information.

Although that looks like an obvious solution on first glance it's not really technically feasible. Things like gunshots or footstep sounds are not visible to the player, but still need to be relayed to the client.

As far as I see the only way around not sharing anything that's outside of the immediate perception of a player is to have the audio and graphics be entirely rendered server-side.

You can minimize that to some degree (Valorant does this), but due to movement prediction/network latency you do have to overshare a little bit.

I imagine that most game devs just look at the incredible amount of work this takes to implement and complexity it adds, and decide to not bother. Valorant can do it because the game itself is low complexity, the developer has deep pockets, and also the added competitive integrity is valuable.

Game servers are complicated and have a lot to manage.

It's infeasible for the server to keep track of each player and do frustum and raycasting to every other player to check who can see who every frame.

Culling out of view entities also has the problematic effect of when a player spins around you now have to stream in several big chunks of world state in the few milliseconds before the user clicks to get that 180 no-scope.

How else would the game render the enemy player's sound around corners and in adjacent rooms without knowing their location for instance?

DMA hardware and cheats are getting more and more accessible. It's not just chosen few anymore

> Those are already unstoppable because they now use Direct Memory Access over the PCI-E bus, so the cheats don't even run on the same computer anymore.

Working on mostly server platforms, I had forgotten that IOMMU enablement (and, where relevant, enforcement) was not the default.

Consumer hardware and software is terrifying.

Not sure how that's relevant, unless you find it terrifying that owners of hardware have control over their hardware.

It's your IOMMU, you can do what you want with it. Maybe you need to write heaps of stuff to take advantage of it, but what's new there?

The only thing you're getting by saying "no IOMMU" is "I want any devices in my machine to be able to do anything, not just what I want them restricted to".

Okay, but he's specifically brought it up in the context of a computer's owner doing something that the software vendor (and also myself as another gamer harmed by cheating) would prefer he did not.

And if they want complete control, they can choose not to use a vendor and do it themself, for all the control they could want.

Hooray, freedom!

I have no idea what you're trying to say

> unless you find it terrifying that owners of hardware have control over their hardware

I mean that the presence or absence of an IOMMU doesn't impact whether owners of hardware have control over their hardware.

It just means that the owner of the machine is able to limit what memory the devices in their system are able to access, in the same way that MMUs limited what memory every process on your system could access.

In my world, we won't let a system boot with production credentials unless the IOMMU is enabled.

This is enforced by a greatly enriched TPM (and it's willingness to unwrap credentials). We have trust several layers of firmware and OS software, but the same mechanism allows us to ensure that known-bad versions of those aren't part of the stack that booted.

If I wanted secure games (and the market would tolerate it), I'd push for enforcement of something similar in the consumer space.

> they now use Direct Memory Access over the PCI-E bus

Do you have any good resources with keeping up with this kind of thing? Seems like a fun topic to learn about

As long as games are running on user hardware/OS, you'll always deal with cheating. Server-side checks and computation can only go so far.

For example: in competitive shooters (where cheaters are most prevalent) you can't have things appearing out of thin air. The client needs to know about things ahead of time to play sounds and to give other environmental hints.

Exactly, nothing short of streaming the entire game fully rendered from the server will stop cheats. And even then you can probably still do aimbotting with modern day computer vision.

This reminds me of a discussion around 2 decades ago, where someone showed a picture of his "undetectable aimbot" for a turn-based artillery game: a ruler, a page of charts, and a handheld calculator; followed by a copious amount of discussion of whether that was considered cheating.

I hope this was for gunbound, lovers that turn based artillery game.

How exactly will it stop cheats? Any skill based game can still be cheated. Just analyze the video stream, or go even lower tech, point a camera at your screen. Many games can be effectively cheated like this. For eaxmple Aimbots in counter strike and peak human reflexes in dota/lol.

Surely the server can tell the client what sounds to play and what other environmental hints to do, just as well as the server can choose to tell the client where the other players are when they are in sight.

If the server says "there are footsteps from these coordinates" then it's telling the client there's a person at these coordinates.

Due to latency, the client has to at least do a little prediction.

Maybe, but I think that would've been done already if it was feasible.

In certain competitive environments framerate is definitely limited. Here [0] are the rules for Fallout 4 any% speed runs, framerate must be capped at 60FPS. AFAIK that rule applies to all games in this engine due to physics behavior. I don't follow tournament FPS games, but it wouldn't shock me if there are rules for competitive play there as well.

If you are asking why games like counterstrike don't have limits on online play, that's mostly a commercial question. Would those games be as popular if they limited performance to what was achievable for minimum specs? I certainly wouldn't want to play at 1920x1080 on my nice widescreen monitor, but setting the minimum to a $1500 monitor and the hardware to drive it would guarantee very few players.

[0] https://www.speedrun.com/fallout_4?h=Any-Full-game&rules=gam...

Edit:typo

Yeah and in real world people from different countries with vastly different economic backgrounds compete on the same stage, I think video games are fine.

This isn't exclusive to video games. Much of the improvements to world records in sports are due to improvements in gear, yet we don't consider those records to have been unfairly achieved.

Some games do impose limits though, for example Overwatch doesn't allow you to use an aspect ratio larger than 16:9 and selecting a wider aspect ratio actually cuts down on your vertical field-of-view rather than granting you more horizontal field-of-view. This lessens the potential advantage of ultra-wide monitors.

How would consoles be any more immune to computer vision based cheating? Instead of feeding the output to a spoofed keyboard & mouse, you'd just be feeding it to a controller input. I'm not really seeing any difference in technical challenge here, and you wouldn't even need esoteric hardware since console controllers are USB devices anyways.

Controller-based cheats have been around for awhile, like Cronus which allows scripted actions; reduced recoil in CoD, for example.

Sure, but that's because they're not protected. They could easily be protected.

Someone doesn’t know about the chronus zen or how big console cheating is!

Let’s just say that my finals experience isn’t the same as yours! ;)

They are often more convenient and secure. If you don't mind a single-purpose device that severely limits your ability to modify your experience. Better is subjective after all.

> Anti-cheat today is a stop-gap measure at best. For various reasons such as improved OS security and security concerns with this software, ring zero anti-cheat won't be around forever.

I think that traditional kernel-level anticheat is going away. But the reason is more that when CrowdStrike caused mass outage, Microsoft stated that they want to provide standard interfaces for security sensors, and forbid kernel-level access otherwise (and anticheat can be considered a kind of security sensor too).

If these interfaces become standardized then Valve/Linux could in principle implement them too.

It might be a cat and mouse game, but that doesn't mean we shouldn't be trying.

Any anti-malware software ends up ultimately being a cat and mouse game, but that doesn't mean we stop updating our signature updates.

The goal isn’t to stop 100% of cheats but the majority of them and that’s fine. Either way, it’s the only thing stopping me from playing the rest of my games on steamos.