This is so funny because rust has one of the worst cheating situations and majority of their players are windows users, and theres lots of games that have anticheat that allows linux and have notably less significant cheating problems like marvel rivals. in reality rust doesn’t take cheating very seriously because if they did they would have more server side software that detects illegitimate behaviour like tons of other games do successfully… even most popular Minecraft servers have better functioning anti cheat that is completely server side than rust has while getting kernel access to your pc. its pathetic and lazy development tbh and this entire post from them reads like such extreme cope…
Absolutely. You know where all the players are and what they have. Just check if something that the client is reporting is IMPOSSIBLE and kick the player who threw the request. If you have a player who is performing at over a certain level of realistic performance, have someone manually check them to verify they’re legitimately that skilled and if so, flag the account as “actually just that good”. It’s the only reliable solution.
I’m not a gaming dev, but a full-stack web dev; is it not common sense that data needs to be validated on the server side, not client? I don’t really get why client-side “anti-cheat” is a thing, but may be missing something.
Not a game dev either but my guess would be the main reason is server performance/compute cost.
Any checks that are done on the client run on the users’ hardware instead of the publisher having to pay for more/better servers and electricity.
I think the disconnect with most other types of developers stems from the respective goal hierarchies. In most fields of computing, correctness isn’t just a high-value goal - it’s a non-negotiable prerequisite. With online multiplayer games, one of your chief concerns is latency and it can make sense to trade some cheating for a decrease in lag. Especially if you have other ways of reducing cheating that don’t cost you any server processing power.
Also, aren’t many of the client side anti-cheat solutions reused in several games? If you’re mainly checking that the player is running exactly the same client that you published, I imagine the development cost for anti-cheat is lower.
TLDR: Money. It’s always money.
You can also just check 1 in every 10 or 100 player actions
Aimbots and esp is client side only.
hmmm I see; could not at least aimbots still be detected on the server side?
Not 100% no. And any evaluation method you do will either allow more cheaters or catch very good players. Not to say this isn’t done because it totally is just that it’s very far from perfect.
Hell I’ve heard of cases where some really good streamers had to be an a special list of people to not kick/ban from this kind of detection because they’ve repeatedly been falsely detected. If you aren’t a streamer you will have a lot harder of a time to get unbanned though not just because you aren’t famous but also because it’s harder to prove your innocence.
I remember Valve placing honeypots that would be impossible for a honest player to see or reach, and banning in mass the players who fall for it after some time to avoid the adaptation of the cheaters. And that is a cheap yet effect way to clean the player base.
Other interesting strategy is to limit the client information available, of the character is not looking with a scope, the client doesn’t need to know if there is another player far in that direction.
Probabilistic analysis is not the only way.
But I know that some strategies would demand major reworks or good planning from the development phase.
Honeypots are not an easy solution either though unless you only really do it as a one off thing. And to be worth it you have to allow those cheaters to continue for some time before banning. You shouldn’t underestimate how adaptable cheats developers are.
Limiting information is easier said than done especially for circumstances that matters the most. And don’t forget people can still hear others through walls.
What performance threshold should that be? 10%? So 140,000 manual checks of CS:GO players? 1% is still 14,000. How are you going to check those people - go to their houses? If they don’t let you in just ban them? What about people who install cheats that allow them to perform as well as someone in the top 2% but not top 1%? They have a free ride?
It’s not possible to catch all cheats, but pure server-side cheat detection is basically worthless.
Doesn’t CS do it by using volunteers, showing clips to players waiting for matches or something where they can vote if the player was using cheats? I could be remembering wrong though, my CS knowledge comes entirely from watching klicksphilip :P
No, they don’t do that anymore. It ended with CS:GO.
CS has VAC which can issue VAC bans - unless something’s changed. They may also get volunteers to assess stuff idk.