This is so funny because rust has one of the worst cheating situations and majority of their players are windows users, and theres lots of games that have anticheat that allows linux and have notably less significant cheating problems like marvel rivals. in reality rust doesn’t take cheating very seriously because if they did they would have more server side software that detects illegitimate behaviour like tons of other games do successfully… even most popular Minecraft servers have better functioning anti cheat that is completely server side than rust has while getting kernel access to your pc. its pathetic and lazy development tbh and this entire post from them reads like such extreme cope…
You must log in or # to comment.
On Windows the cheating program it’s a simple exe that will get kernel access with a simple uac request.
Everyone, especially 12 years olds, are able to run it. (And maybe get malware/ransomware disguised as a cheating program)
None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that
None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that
aha! so you admit, IT’S POSSIBLE! Well aren’t we lucky we have microshoft who won’t let anyone recompile their colonels! shows you mr silly yunix!
;D
If your cheat detection runs on the client side only, you don’t have cheat protection.
Well, there only so much in gaming that reasonably can be done server side.
Sure, the server could identify that a player shouldn’t be visible and not transit that location to a client, addressing seeing through walls, in theory.
But once a player is hypothetically visible, aimbot can happen. If you are crawling in a ghillie suit in the grass, but the other player has a client that skips rendering grass and replaces the ghillie suit model with a suit made of traffic cones…
Now intrusive anti cheat isn’t worth it, but it is an unavoidable reality that it is up to the client to preserve the integrity.
Closest you get would be streamed gameplay, where the rendering even is server side. Also not worth it. But even then I could see cheating machine vision and faked controls to get an edge unfairly.
This is actually one of the absolute worst trade-offs they could have made, if you think about it for like 2 minutes :
They said 0.1% of players were on Linux.
Even if they were ALL cheaters, that’s still a tiny amount of cheaters you just “banned”
Almost 100% of whom will just cheat on Windows instead ; whereas all the legitimate Linux players will loudly complain forever.
They decided to sacrifice all the free PR from one of the most vocal groups of players out there, in order to get a ~ 0% reduction in the number of cheaters.
In more simple terms, they just shot themselves in the foot for no benefit whatsoever (though I do grant it’s a relatively small “gun”)
Not only that, but the steam deck exists, the gabecube is coming, Linux gaming has been on the rise. The shit you did “several years ago” is irrelevant. If they allowed Proton, windows players with steam decks can now also play on the go. Instead they repeatedly have to poorly explain why they won’t… to stop basically 0 cheaters. I’d be willing to bet that the only people who actually stopped cheating in rust when Linux support was dropped did so because they lost interest anyway.
I searched just to see, there’s a python script right on github that claims to have an aimbot, esp, wallhack, no recoil and several other features, along with “safety settings” so you don’t get caught. Does it work? I don’t know, but the codes right there to look at and there are dozens of other results in the search.
The Gabecube. Thank you for that. Totally stealing it.
Hardware level cheat detection has always been a losing game. I’m a professional in similar area (not games) but it’s fundamentally impossible to do when you dont control physical hardware, it’s stupid. The only way to detect cheaters is machine learning based behavior analysis, period.
TL;DR: skill issue
The only way to detect cheaters is machine learning based behavior analysis, period
Either the entire game industry is incompetent, or you’re wrong. Machine learning is a powerful tool, but the only way? No chance.
even most popular Minecraft servers have better functioning anti cheat that is completely server side
Why isn’t this the standard everywhere? These servers prove that server side anticheat works.
It is. All games have this kind of server side verification which denies not allowed actions. The difference is in Minecraft it comes down to “no, you cannot fly, or” no, you cannot build a pig spawner because you don’t have one in you inventory". But in Counter Strike you need to decide if one player’s 14ms headsbot is legit, while some other player’s 20ms kill was not. Or if someone was acting on information they shouldn’t have (radar and wall hacks). That’s orders of magnitudes harder.
Generally speaking, the slower a game, and the less hand eye coordination are necessary, the easier is server side cheat detection. On the other side, there’s chess…
Well, yes, but, let me counter with this:
You can completely remove wall hacks from the equation by doing some FoV calculations in the server, this completely solves that issue, there’s no client side hack that would be able to show you enemies behind the wall because the server isn’t sending them to you.
And to the other point, if the 20ms kill is bad but the 14ms kill is good, there’s space to argue that the cheater is worse than the players so you don’t really need anti-cheat so solve that, Skill based matchmaking takes care of that for you, he would eventually be placed with people who are better than him even with hacks.
Sure, server side anti-cheat can’t capture everything, but neither can client side, but server side anti-cheat can make it so that your client side cheats are pointless, because they can’t make you better than everyone, you have to remain averageish, and if you’re consistently above average skill based matchmaking will bump you up and up until you’re going to lose even with cheats or you will be playing against other people with the same cheats as you.
I’ve said this before about wall hacks. The only reason they are possible is because the positions of all players are being sent to the client and then the client just doesn’t draw them to screen. It would be extremely easy to simply not send the data for players you shouldn’t be able to legitimately see.
And you are not the first person to have this idea.
Most games do that to some degree. The thing is they are working with a threshold, which means they send your client the information of a few “extra meters” - beyond your field of vision. If they didn’t, enemies would sudddnly pop into existence, instead of smoothly running around the corner. Especially in fast paced games there’s nothing more frustrating than losing to this.
But there’s more: non visual clues. If an enemy is outside your vision, but makes a noise, you cannot give that information to the client without revealing the enemies position. It’s simply not possible (again, not without risking giving completely wrong info by the time it reaches the client).
Same goes for non-player objects, which are the result of a player’s action somewhere else. If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
We’d be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
Hmm very well said. Thank you for explaining that. Definitely a harder problem to solve than I thought at first.
If an enemy is outside your vision, but makes a noise, you cannot give that information to the client without revealing the enemies position.
Sure you can, for starters audio is a lot less reliable to pinpoint location than video, so the server can randomize the position somewhat and still be accurate enough. Not to mention that sound bounces off walls, so it’s not exactly wrong to give the point of origin of a sound as a wall nearby the origin or destination, and an even more advanced system could use ray tracing to calculate sound path and give you a fully accurate sound point that doesn’t reveal the source exactly.
If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
But again if you’re not sending the bucket position until it’s in FoV that doesn’t matter at all.
We’d be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
It’s not the end all, but it does take are of whole categories of hacks.
Still both can be calculated back to the source of origin. It may not be enough for a wall hack to reliably point out the enemies exact position, but definitely enough for a radar or proximity hack.
Edit: Your also completely ignoring the mandatory threshold where the server absolutely needs to send you enemy information already in order to avoid enemies popping into existence. The faster the game, the bigger that threshold.
And by all means, sound (in video games) is a pretty linear thing. You can only randomize so much, until players complain that it’s not reliable.
In the games were talking about these kind of additional info or heads-up are an unfair advantage in competitive play.
The solution sounds easy, but I do believe that if it was, we would see it in at least some current games.
I find a number of problems with the level of authoritativeness that you speak and some of the arguments you’ve made.
The core of your first argument lumped together is that a small amount of extra latency is the same thing as “impossible”. This is obviously not true as even with some relatively fast paced genres, what is acceptable varies wildly. Maybe such an argument could be used for Valorant, but not for Pubg or escape from Tarkov (games that are already known for netcode slow enough that this would not truly/notably harm the experiences of players if they were designed for this from the start).
Same goes for non-player objects, which are the result of a player’s action somewhere else. If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
This example is contrived, and just the type of thing where there are a number of options available.
One could simply not send the bucket, send it with a delay, the bucket could not exist (the majority of games), the buckets origin could be randomized just enough to be at the tested limit of player perception, the game could include a trace shadow by default.
For every example like this, there are options available which aren’t entrusting a black box to access all of your data with a pinky promise.
We’d be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
There is no kill-it-all solution, and this is a clever little re-framing of the argument by you where the new solution has to be perfect, when the status quo can just be mid.
I don’t understand how you lump my arguments into “extra latency”. Server side anti cheat doesn’t add latency (I mean technically it does, but that’s not the concern right now), but latency is very much the reason for the downsides I pointed out. The smaller the margins, the higher the chance one of the two players doesn’t see the other coming solmoothly around the corner, but suddenly materializing in full view.
Your examples illustrate that very well. It’s OK for PUPG or Tarkov (and even there only long distances), but a hard for Valorant.
This example is contrived, and just the type of thing where there are a number of options available.
And now, instead of the irrelevant bucket, make the same argument for a relevant object - like a grenade, or tracers. You cannot just get rid of everything or implement random delays or randomized origins.
There is no kill-it-all solution, and this is a clever little re-framing of the argument by you where the new solution has to be perfect, when the status quo can just be mid.
It’s not reframing. The original argument I replied to claimed these hacks only exist because the server sends everything, and it would be extremely easy to fix this. Neither of which is true.
I don’t understand how you lump my arguments into “extra latency”.
Followed by
but latency is very much the reason for the downsides I pointed out.
Is wild to me.
Seems like you understand perfectly fine.
Your examples illustrate that very well. It’s OK for PUPG or Tarkov (and even there only long distances), but a hard for Valorant.
This is both you agreeing yet disagreeing with my argument and I don’t get the point exactly.
If its feasible reasonably, the point of your argument is diminished.
And now, instead of the irrelevant bucket, make the same argument for a relevant object - like a grenade, or tracers. You cannot just get rid of everything or implement random delays or randomized origins.
You’re fighting a strawman by pretending that my argument was ever to “just get rid of everything or implement random delays or randomized origins”.
My point applied in specific cases where relevant, and the dishonesty in your argument here is by acting like I am talking about not having a game. The bucket example was specifically about a bucket going towards a player from an unseen location with no line of sight.
For a situation like a grenade, the grenades direction becomes visible, somewhat randomized, from when the player should be able to see it. This presents no gameplay problems and solves the edge case of figuring out its trajectory for cheats, especially as a little bit of randomization results in a wildly inaccurate origin point.
As for the bullet, where are people shooting others without line of sight, where the bullets path would also simultaneously be visible? Its not a realistic scenario to bring up at all.
If we’re going to that extent, we might as well also then say that all client side anti cheat is worthless because you can use a secondary machine to read the ram of a primary machine or other such high effort cheating strategies.
It’s not reframing. The original argument I replied to claimed these hacks only exist because the server sends everything, and it would be extremely easy to fix this. Neither of which is true.
Firstly, it absolutely is reframing, because they never claimed anything was a kill-it-all solution. They claimed one thing was a specific solution for a particular problem, which it is.
The only part that you actually have shown good reason to disagree with is the last claim, as with the second you’ve admitted that it in fact would be effective, but that there would be downsides potentially (as if there arent downsides with every option).
My point applied in specific cases where relevant, and the dishonesty in your argument here is by acting like I am talking about not having a game.
It’s tellingly ironic that for you it’s totally okay to make a broad statement, then when being called out cut it back to “where relevant”. And in the same sentence you make a strawman yourself, claiming that I’m acting like you are “talking about not having a game at all”. If you want your arguments understood “where relevant”, maybe show the same consideration.
As for the grenade and bullet examples I simply disagree. Given a certain observable trajectory it’s freakishly easy to get a good enough point of origin to get an unfair advantage with that information. As for an example about the bullets, I believe there’s enough FPS games with tracers out there. An extreme example would be Unreal Tournament Instagib matches. Where you see literally all tracers - directed at you or not.
If we’re going to that extent, we might as well also then say that all client side anti cheat is worthless because you can use a secondary machine to read the ram of a primary machine or other such high effort cheating strategies.
Correct. Client side anti cheat can only make it so hard. Never impossible.
because they never claimed anything was a kill-it-all solution. They claimed one thing was a specific solution for a particular problem, which it is.
Yes, they said wall hacks would not exist if the server would only send what a user can actually see:
The only reason they are possible is because the positions of all players are being sent to the client and then the client just doesn’t draw them to screen.
And that’s not true. Wall hacks would still exist, as necessary information can be used to determine an enemies position. To a certain extend.
And yes, put to an unreasonable extreme it would eliminate wall hacks entirely. Just nobody would want to play such a game.
Have a good day.
Because they’ve been forced to implement server-side anti-cheat because they can’t implement it into the game because they don’t control the game and mojang don’t seem interested in adding much in the way of anti-cheat to Minecraft.
These other companies actually control the games they’re running the servers for, so they can go the simple route and put kernel level anti-cheat in the game, and then call it a day. Corporations will always take the easy cheap option, even if it’s not very good.
They dropped Linux before proton was invented. Go on any cheat website and the requirements will always say to have windows. Maybe proton is exploited by some cheaters, news to me. You should just ban windows, no more cheaters.
It’s not proton that is exploited. It’s the kernel itself that cannot be monitored by anti-cheats, meaning cheaters could install a modified kernel to mess with the anti-cheat
as if the cheaters can’t already evade anti-cheats even on windows.
Exactly. There are two methods that bypass kernel-level anticheat fairly easily, and there isn’t really any way around them.
You can run the game in a virtual machine, with cheats running at the hypervisor level. This level is more privileged than the virtual machine’s kernel, and can thus read or modify the active program without detection.
The other way is to load the hack into the bootloader, so the cheat loads before the kernel and, again, can thus be in a more privileged permissions state.
The only effective solution is to detect cheating server side, or change the game engine so cheats don’t work (like loading all models with no line of sight behind the player, so wall hacks and modified game models don’t matter.
Fascinating.
I will never understand, how people use their ingenuity to fake being good at a game.
Like, I get the hacker aspect of it: developing a cheat, breaking the game, exploit and find ways around the counter measures. Fair enough. But then you would do it once and showcase it, that wouldn’t disrupt a game’s community.
So there are people out there, who load cheats with the bootloader, in order to pretend being better than some randos in an online game. Wow.
Maybe it’s mostly kids? Like the genre of kid that told you their dad works for Nintendo so they have Mario 5.
Kids, and people making a profit.
Easier to make a profit off RMT if you bot and cheat.
I mean as a electrical engineering student who likes to program, building such a system seems like fun but playing with it not so much. If there was a game that was purly made for cheaters with the goal of beating the anticheat without detection i would love to try that. I feel like this could be something like the capture the flag competitions some groups make where you have to hack a website faster than others or break some encryption.
Desstroying other players without effirt is like playing a game in easy mode and i dont get that at all, where is the fun if there is no challenge?
Same kind of people who lie all the time to look good to others. Some people want to be awesome but know they suck, or even more pathetic don’t suck but can’t stand not being the best, and cheating is their pathway to getting the social results of being awesome without needing to develop the skills.
The way I’ve seen it for ages now, being a loser isn’t just about losing games, it’s how you handle losing games and how much you internalize that. I see it as short for “sore loser”. Cheaters are losers in that sense.
Though it makes the idea of them still losing despite cheating even more hilarious, which is why I love the idea of games that detect cheaters but stick them in cheating queues instead of just banning them.
There’s another whole category that also doesn’t care about what the game is running on the kernel: seperate device cheats. They act as a man in the middle for the input and output signals, and can auto shoot when you’ll hit or adjust your aim if you’re close but not quite there. Or just play for you entirely if it’s that good at processing the output.
And blocking that isn’t likely possible without killing streaming for the game or convincing all users to get input devices with encrypted connections or they can’t play your game.
I’d respond to the original comment that anyone who doesn’t have server side cheat detection isn’t serious about stopping cheaters. In any case, I just removed that game from my wishlist. Not that I needed another survival builder game anyways, though they do tend to catch my eye.
They’re on that lie still?
Cool, cool. I’ve got plenty of games to choose from to care about lazy lying assholes who can’t be bothered to come up with a better excuse than that for why they irrationally hate Linux
Is there any way with steam to verify those player numbers because 0.01% seems very low. Market share is about 3% so I would expect numbers more in line with that. Obviously it’s not going to be a one-to-one match up but two orders of magnitude different than from the expected number.
Rust became unplayable on Linux a good few years before the Steam Deck-induced Linux boom. Back then the Linux share was still counted in tenths of a percent, if that.
And from what I’ve heard they rendered their build all but unplayable a good while before dropping support entirely.
Now they don’t even need to maintain their own. The community will fix the issues through Wine and Proton if Valve doesn’t do it themselves.
So really, their only excuses are low player count (self inflicted, and at this point companies pulling shit like this is what’s slowing adoption probably as much as fear and unfamiliarity) and cheating (which, why would someone build cheats via Linux if most they’d be making them for are using Windows? Which has rampant cheating all on its own, so their solution is bullshit and useless to begin with)
Granted I don’t keep up much with gaming communities but I personally was playing up until the breaking EAC update with no issue and don’t seem to recall reading about people having problems.
To be fair, I’ve not been involved with it at all, this is just based off what I’ve read recently.
In any event, their anticheat supports Linux just fine and plenty of other games that use it work perfectly fine in Linux
People who play games to cheat are the problem with the world. Born losers.
i wonder if this guy heard about counter strike…
Explain something to me. It’s a multiplayer game anything that affects all players should be handled on the server side, not the client. So if I make a cheat it can only be installed client side, not server side.
So if my hypothetical cheat looks at object placement and any time I sees a small object approaching at a high velocity it can say “I’m going to assume that’s a bullet based on what the server told me about it.” Then my cheat would say “your character moves from here to here until the bullet passes by, then moves back. I will tell the server you moved to the left 20 inches in the blink of an eye then moved back”
This works because the server just trusts what it’s told in this example.
So there are two options here to resolve this. Either the server sets thresholds and denies any placement changes look like the Flash is playing rust, or the server evaluates suspicious placement changes later when the cpu load it’s under is lower. The first approach stops much of this instantly but is computationally expensive and could not scale well for lots of players. The second would work well enough. You need to catch cheaters but it’s doesn’t have to be within the same exact cpu cycle.
In either case, these work because the server is taught to look for something that shouldn’t be possible. The enforcement happens server side. The client doesn’t fucking matter.
There is zero reason to put anti cheat on the client side when it’s not a P2P instance. Target a few servers, not thousands of players.
The client side anti cheat is a low effort hack that was good enough. Video game anti cheat devs are cheap as fuck because looking at client bits cost nothing compared to expensive machine learning pipelines that need to analyze all player performance. This is not a tech problem but a product/skill one.
You don’t need machine learning for this we’ve had perfectly good server-side anti-cheat for a while now and none of it’s been AI-based until recently. If we know the top speed the game should allow players to move any movement greater than that speed must be a cheat or lag, either way it shouldn’t be allowed.
Your head is in the right place, but your example is very wrong. First, unless it’s a very slow projectile that’s not how bullets work in games, second movement takes place in the server, to do so in the client is nuts. Client sends inputs, sever moves, gives back player location, client adapts. While waiting for a reply the client simulates the movement expected, but sometimes the server doesn’t receive the package and so tells you you haven’t actually moved and you teleport back.
What’s usually not done is calculate vision cone, instead the server gives you everyone’s position and you calculate whether you can see them on your GPU. Which is why if you can get access to the GPU pipeline you can tweak it so it shows you objects through walls. If you move the LoS calculation to the server you completely eliminate wallhacks, however that is very expensive to do (although ray tracing GPUs might provide a good approach in the future)
second movement takes place in the server, to do so in the client is nuts.
For the vast majority of games, it’s in between, because the latency if you waited for the server every frame you moved would be way too much.
It’s something like you have a local model of where everything is, and send updates to the server of where your local model says your character (and whatever else your inputs affect) are. The server receives that data, potentially validates it (server side anti cheat checking that your movement makes sense, similar to the OP post, for example), and then forwards that info to all players. The client side positions of everything are updated based on that info. Usually some interpolation is added to make things move more smoothly.
Yes I meant movement happens server side, which is why this example cheat couldnt work. it would be telling the server what to do, and the server could always say “no, fuck off, thats not something you were coded to be able to do”. Sorry if I didnt convey that clearly.
I also understand the client has to draw things faster than the server can respond “okay, I moved you 12 inches to the left” so it guesses the outcome and if the server later responds with “denied, no teleportation in rust” it will just snap you back to the last position the server approved of.
My point is anticheat client side suggests bad code server side.
Yeah but this approach makes the game stutter and/or sluggish for everyone. Client side computation isn’t just cheaper, it also ensures that you have a smooth gaming experience.
As someone else said, most games do a middle way here. Compute on client side. Verify on server side.
Yes but if you are verifying server side anyway, why do you need anti cheat client side?
Well, first off: Money. The more you verify, the more it costs you to run your game’s servers.
But also because you cannot detect every kind of cheat via server side anti-cheat. How does a server detect if my flick-headshot (which won this crucial round) in counter strike was luck, or if I had help from a program running on my machine? Maybe it didn’t even make me react faster, just nudged the cfosshair another few pixels to ensure the hit.
Of course you can run statistics, and can flag outliers. But it’s no proof. If someone always cheats you won’t catch them, while you will flag someone have a good day (or a friend playing on their machine).
Well, first off: Money. The more you verify, the more it costs you to run your game’s servers.
This sounds like a super clever argument, until you think about the scale.
If the cost to host a game went up by 50% it probably wouldn’t make it into an investor call. Its a small price. It could be 10x as much and still be completely affordable to many games companies.
How does a server detect if my flick-headshot (which won this crucial round) in counter strike was luck, or if I had help from a program running on my machine?
How does the client detect that when running said cheat on another machine? It doesn’t. The current solution isn’t perfect either.
I think the one who’s not thinking about the scale is you. As the server owner you pay (compute) for every additional player. This goes directly against the wish to have as many players as possible playing your game.
This discussion spun of from a company stating specifically they don’t want to invest more into anti cheat solutions. And that’s from a company which absolutely could afford it.
How does the client detect that when running said cheat on another machine? It doesn’t.
You make it sound like I said that, but I didn’t. In fact I’m very much against kernel level anti cheat.
Does the anti-cheat break the game on Linux? Not buying the game. I don’t need that kind of crap in my life.
I don’t play games that require anti-cheat. Simple as that. If a game is full of cheaters, I don’t play those games either. I am not going to have a windows installation just to play games. I am not going to have a console that only plays games. I am a simple man, if it supports Linux and doesn’t have anti-cheat I play. But also I don’t have friends so…
Get your anticheat code off my fucking cpu and onto your servers where it belongs.
Garbage games do this, simple as.
Never heard of Rust, but it sounds like something I can afford to ignore.
OS shouldn’t even matter to prevent cheating; do your anticheat validation server side. Anyone who knows anything about security knows the client side can never be trusted.
I thought that was the trans crab programming language
Ultra toxic survival game where you build a base, get raided by 4 guys with rocket launchers and bombs while yelling slurs at you. Then rinse and repeat.
Did you ever try getting gud?
Let’s do some math here, they said:
More cheaters using Linux than legit users (…) .01% of all players base
Let’s do a quick math. The maximum peak users for Rust was 259,646 concurrent users according to https://steamcharts.com/app/252490 . Let’s assume 60% (more than half) of all the .01% users were cheaters, congratulations, you got rid of all those 16 cheaters… I haven’t played much Rust, but I’m fairly confident that there’s a bit more than 16 cheaters there.
And that’s without getting into the whole client side anti-cheat doesn’t work.
You dont understand linux users have black magic hacks that ruined the game for every player on every server, their power cant be understated… Theyre a whole bunch of dangerous hardened criminals
🤣 beware the Linux users
“Do not tangle with the type of people who decide to put Linux on their PlayStations. Trust me, you are wasting your time.”
- Extra Credits host guy, like a decade ago.
every single one is a l44t hack3r bro
It was the elite hacker 4chan, they hacked all their servers and stole all their ram.
I feel like some people think Linux is only for hackers and cybersecurity professionals
And genuine hackers and cybersecurity professionals have got way better things to do than cheat in Rust.
The cheaters are all obnoxious 12-year-olds who couldn’t land a single hit without the cheats, that’s why all the compilation videos of cheaters falling foul to fake cheat software are so funny. They’ll spend 10 minutes trying to go through a doorway without it ever occurring to them that something must be wrong.
