As others already said, not any big suprises, but it was a decently well written piece.
Actually, the core conclusion isn't that bad...
"Ultimately, the most effective anti-cheat strategy is to make cheating feel unnecessary."Better matchmaking is not a bad ide'a except in some respects, but it's only part of and being mean's to an end, and I think matchmaking at all can be problematic, especially if you want to allow people joining favorite servers playing against other people manually joining servers. But for matchmaking games, not a bad idea.
Only way I can imagine people not being able to wall hack is to always use some form of server side sandboxing of the information in the game itself. Wallhacking is a client side hack using information in the game to show players through overlays. What if the server never gave that info to the client unless the client was authorized to have it. As in, server-side line of sight checking, if that checks out, then you get to see the enemy, as long as you dont have line of sight, you don't get the info at all client-side. The problem with that approach is that it takes a radically different way of doing things and probably requires a whole lot of extra coding and complexity server side since you will have to simulate actions, Sounds, lights, shadows of players, together with objects more closely to still supports throwing grenades around corners, etc.
Another problem is latency since today many games have compensating algoritms that try to "equal" the playing field. And decent player back in quake days could easily compensate for extra latency themselves, but two equal players, the ones with the best latency always won, and that is often gone from the game but with the price that everything feels a bit loose.
The problem is that bad players cheating smart is raising their level, and in doing so, become "better" as to equal good players. The thing is that a smart cheater will probably be quite indistinguisable from a really good player without a serious effert in analysing of patterns including screens, game data, etc And that is unfortunately a manual process, because it's extremely hard to automate at the higher levels. I would deem it as hard as to have a computer playing chess against a master, doable, but pretty hard. Top percent of players in some games like quake, cs, etc is good. They instantly know when things spawn, where to expect enemies at certain times, especially in some maps there is a flow to the game where you definitely know where people will be and the timing of it. Look at de_dust on CS for instance, any decent CS player will have that info down, same with good quake players.
Look at games like BF, they are different since they don't have as much precision to them and are more chaotic, but if you play a whole lot and employ good tactics, you will be called a cheater regularly because many people wont have the ability to distinguess that from a bad player with one that could be using a WH. I'm a very decent player in BF, but then, I spent probably upwards of a couple of thousand hours on the series and regularly think about tactics and the meta game and mental side of it, and study which tactics that would work, peeking, pre-firing around corners where there's a high likelyhood of enemies being, using surround, throwing nades to get sound ques, listening to footsteps, etc. Most info is there, but as I've heard, many people complain not being able to hear footsteps in headphones, while I on my surround, hear them perfectly well, including direction, that gives me a fair bit of advantage right there. Together with BF4's sync bug's and client side hit detection where you can be visable on somebody elses screen while you dont see them on yours, it's hard to distinquish a cheater from somebody having lag and actually having a legitimate kill as far as current construction is. Often, you probably dont know when you are the one killing somebody that though they were safe behind a corner, etc. So that is definitely things that need to be tightened up.
JohnC wrote:The most effective anti-cheat strategy is first of all creating a custom (without wasting money on third-party useless tools like PunkBuster or FairFight) client-side detection tool similar to current commercial antimalware programs (with daily updates and ability for users to submit suspicious files for analysis, so someone can buy a subscription to one of the paid cheating frameworks and just keep submitting new versions of these as soon as they appear),...
Except since it's still a negative sum game. You will impact the big mass with something made for catching a very small minority, and still play and cat and mouse game that you basically can't win without radically changing something about the plattform. And considering there is a ton of money involved, there will be real incentive to fool that single piece of software. And considering, at least the PC platform, I'm not sure that you can write such a piece that are in any way foolproof while at the same thing not making it a dedicated platform for gaming alá console based on pc hardware with custom OS, etc.
You dont think the gaming companies already has people buying cheats and looking into them trying to stop this. While I don't know enough about fairfight to deam it either workable or not, and people i know working within anticheat for some publishers are under NDA and very tight lipped about how it works, you are definitely right in that PunkBuster is pretty much a bust in many situations. WIth active adminning and admins taking client side screenshots, it has potential, but I've never seen it perfectably workable except for some veryfied hacks. Although when playing both BC2, BF3 and 4, you constantly see globally banned people using aimhot/multihacks trying to enter servers. So at least it weeds out the blatant cheaters which is always something.
The thing is, a new client would't neccessarily be a good solution since it will invariable not be foolproof, it will have a certain percent of false positives. And it will most likely have performance impacts on your system. To be fully effective it would also have a need to hook deep into things, possibly leading to stability issues and incompatibility issues, just like different anti-malware and AV programs has today. Working within a company doing security monitoring as a core business has it's benefits, and let me tell you this, what actually catches threats, is not signature information from vendors. Of everything that goes through the engine, less then 25% of the advanced threats are detected by signatures, so things like anti-virus and IDS solutions are easily fooled by themselves as a single product. What you need is aggregate data and massive correlation and heurstics on behaviour. Those things together is where you can distinguish the malware from just badly coded but legitimate software and eliminate false positives to a much higher degree.