It’s a Linux problem because you can’t ensure a kernel module in Linux is untouched by the user. This is a design on Linux. This means Linux and secured anti cheat solutions are fundamentally at odds.
Client running code should always be considered compromisable, that’s security 101. Relying on kernel module checks is a terrible practice, and not a fundamental guarantee of safety either.
Good, secure anti-cheat happens serverside. But that’s harder and less broadly applicable, so Epic doesn’t want to bother with it.
Client code isn’t trusted but no matter what the is one set of data you most trust that comes from the client. Input data. So with input data it can be manipulated that another application calculate out a headshot and sends that input. So even only trusting the client where you have to, you’ve failed to secure the game fully because you need to trust input data.
The first rule of network programming: Never trust the client. How does anti-cheat software work? It trusts the client.
All clientside anti-cheat is fundamentally flawed and broken by design. It doesn’t actually prevent cheating it just creates an illusion that it’s preventing cheating. The fewer people that believe in that illusion the better off we’ll all be.
Besides, you can train AI to play any game via MITM in USB (plug the mouse and keyboard into the Raspberry Pi or similar which then pretends to be a mouse and keyboard to the computer playing the game). The simplest method is to just point a camera at the monitor but there’s much lower latency ways where you use some cheap Chinese HDMI decoder/encoders to feed the raw video signal right into the AI.
With methods like that becoming cheaper and easier every day the whole client-side anti-cheat bullshit kinda seems pointless, yeah?
Most people put security cameras in their homes despite them being able to be remotely hacked. Lots of people have an Alexa which could also be seen as letting a stranger in. A lot of people use tools that could be used to compromise their direct use but trust they don’t as for things like anti-cheat being malware. That’s all FUD. There has not been a single large anti-cheat company known to be sending unneeded or personalized user data.
Cheats nowadays don’t even need to run on your machine. You can get a second computer that is connected to your computer via a capture card, analyze your video feed with an AI and send mouse commands wirelessly from it (mimicking the signal for your USB receiver).
These anti-cheats are nothing more than privacy invasion, and any game maker that believes they have the upper hand on people that want to cheat are very wrong.
Opening up anti-cheat support for Linux would at least make them more creative at finding these people from their behaviour, and not from analysing everything that’s running in the background.
None of these solutions are lazy, and I promise you they have large server side components too. From what I can tell, shooters are just especially cursed when it comes to cheating, and there’s no real way to stop it.
Yes but also the barrier to entry on those sorts of hacks is very high. Every houses front door lock can be picked in the matter of minutes. The issue is that lots of people don’t have that skill.
Lastly there are heuristic anti cheat but that’s really only a catch all for inhuman inputs. Not a full solution.
Sounds like the same excuse that would be made back in 2008 when epic felt consoles were more worth investing in than PC and only seeings cons to the hardware, and took until 2018 to even bother to try to start their own digital distribution.
And here’s Linux in its infancy just beginning to start becoming a little more accessible to regular people, and potential to enter the market early and also get more control compared to all the platforms run by other companies they complain about. And yet, like before they don’t want to bother investing in anything themselves and taking risks to get established first before competitors gain a foothold.
Simple fact is for all the technical excuses they don’t care unless another company shows it is profitable to do first.
Why should they. They are in the business if making innovative and interesting games. Not innovative hardware or dealing with 2% of the marketplace. They don’t even fully support Mac which has a larger market share. I can’t blame them for making their business one of reducing risks in underdeveloped areas.
It’s a Linux problem because you can’t ensure a kernel module in Linux is untouched by the user. This is a design on Linux. This means Linux and secured anti cheat solutions are fundamentally at odds.
Client running code should always be considered compromisable, that’s security 101. Relying on kernel module checks is a terrible practice, and not a fundamental guarantee of safety either.
Good, secure anti-cheat happens serverside. But that’s harder and less broadly applicable, so Epic doesn’t want to bother with it.
Client code isn’t trusted but no matter what the is one set of data you most trust that comes from the client. Input data. So with input data it can be manipulated that another application calculate out a headshot and sends that input. So even only trusting the client where you have to, you’ve failed to secure the game fully because you need to trust input data.
The first rule of network programming: Never trust the client. How does anti-cheat software work? It trusts the client.
All clientside anti-cheat is fundamentally flawed and broken by design. It doesn’t actually prevent cheating it just creates an illusion that it’s preventing cheating. The fewer people that believe in that illusion the better off we’ll all be.
Besides, you can train AI to play any game via MITM in USB (plug the mouse and keyboard into the Raspberry Pi or similar which then pretends to be a mouse and keyboard to the computer playing the game). The simplest method is to just point a camera at the monitor but there’s much lower latency ways where you use some cheap Chinese HDMI decoder/encoders to feed the raw video signal right into the AI.
With methods like that becoming cheaper and easier every day the whole client-side anti-cheat bullshit kinda seems pointless, yeah?
We’ve already established you have to trust the client to some extent in a typical game.
Also do you lock your front door despite people being able to lockpick it? Most people do because it raises the barrier to entry.
Do I lock my door? Absolutely.
Do I let strangers into my home? As little as possible.
Most people put security cameras in their homes despite them being able to be remotely hacked. Lots of people have an Alexa which could also be seen as letting a stranger in. A lot of people use tools that could be used to compromise their direct use but trust they don’t as for things like anti-cheat being malware. That’s all FUD. There has not been a single large anti-cheat company known to be sending unneeded or personalized user data.
Cheats nowadays don’t even need to run on your machine. You can get a second computer that is connected to your computer via a capture card, analyze your video feed with an AI and send mouse commands wirelessly from it (mimicking the signal for your USB receiver).
These anti-cheats are nothing more than privacy invasion, and any game maker that believes they have the upper hand on people that want to cheat are very wrong.
Opening up anti-cheat support for Linux would at least make them more creative at finding these people from their behaviour, and not from analysing everything that’s running in the background.
Anti cheat should always be primarily server-side, but devs are lazy
None of these solutions are lazy, and I promise you they have large server side components too. From what I can tell, shooters are just especially cursed when it comes to cheating, and there’s no real way to stop it.
It is fundamentally impossible to secure a Turing complete system.
Yes but also the barrier to entry on those sorts of hacks is very high. Every houses front door lock can be picked in the matter of minutes. The issue is that lots of people don’t have that skill.
Lastly there are heuristic anti cheat but that’s really only a catch all for inhuman inputs. Not a full solution.
Sounds like the same excuse that would be made back in 2008 when epic felt consoles were more worth investing in than PC and only seeings cons to the hardware, and took until 2018 to even bother to try to start their own digital distribution.
And here’s Linux in its infancy just beginning to start becoming a little more accessible to regular people, and potential to enter the market early and also get more control compared to all the platforms run by other companies they complain about. And yet, like before they don’t want to bother investing in anything themselves and taking risks to get established first before competitors gain a foothold.
Simple fact is for all the technical excuses they don’t care unless another company shows it is profitable to do first.
Why should they. They are in the business if making innovative and interesting games. Not innovative hardware or dealing with 2% of the marketplace. They don’t even fully support Mac which has a larger market share. I can’t blame them for making their business one of reducing risks in underdeveloped areas.