this post was submitted on 15 Dec 2024
509 points (96.5% liked)

Games

32937 readers
846 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 2 years ago
MODERATORS
 

Now that Stop Killing Games is actually being taken seriously - maybe we need to take a look at Stop Fucking Around In Our Kernels

I haven't really been personally affected by it before - I don't play any competitive multiplayer games at all. But my wife had her brother over, and he's significantly younger than us. So he wanted to play FortNite and GTA V, knowing I have a gaming PC. FortNite is immediately out of the question, it'll never work on my computer. Okay, so I got GTA V running and it was fun for a while, but it turns out all of those really cool cars only exist in Online. But oh look, now they've added BattlEye and I can no longer get online.

While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot), it's really not. Even if I wanted to install Windows ever again, I do NOT want random 3rd party kernel modules in there. Anyone remember the whole CrowdStrike fiasco? I do NOT want to wake up to my computer not booting up because some idiot decided to push a shitty update to their kernel module that makes the kernel itself shit the bed. And while Microsoft fucks up plenty, at least they're a corporation with a reputation to uphold, and I believe they even have a QA team or 2. CrowdStrike was unheard of outside of the corporate world before the ordeal and tbh nobody has ever heard of it afterwards again.

So I think this would be a good angle to push. That we should be careful about what code runs in our OS kernels, for security and stability reasons. Obviously it'd be impossible to just blanket ban 3rd party kernel modules to any OS. However, maybe here in the EU at least we could get them to consider a rule that any software that includes a component running in the OS kernel, MUST justify how that part is necessary for the software to function in the best possible way for the user of the computer the software is running on. E.g I expect a hardware driver to have a kernel module, and I can see how security software needs to have a kernel module, but I do NOT see how a video game needs to have an anti cheat with a kernel module. How does that benefit me, the customer paying to be able to play said video game?

you are viewing a single comment's thread
view the rest of the comments
[–] boonhet@lemm.ee 113 points 1 week ago (3 children)

It should be said that I'm not against games detecting cheaters and banning them from online play. It's very specifically kernel-level anticheats that I can't stand on principle.

[–] wreckedcarzz@lemmy.world 0 points 6 days ago

The one downvote from a cheater πŸ‘Œ

[–] ampersandrew@lemmy.world 54 points 1 week ago (3 children)

I'm against them being able to ban you from playing online in its entirety, which is something they can do because most online games don't let you run the servers yourself anymore. Sure, if someone cheats on official servers, ban them from the official servers. They should still be able to play, cheating or not, on the server they run themselves, but that's not an option we even have most of the time.

[–] vodka@lemm.ee 6 points 1 week ago

Make a cheater pool and put anyone you detect using cheats in a separate matchmaking system that only matches cheaters with cheaters.

And never ban anyone, ofc.

[–] tiz@lemmy.ml 51 points 1 week ago* (last edited 1 week ago) (1 children)

This one is such an overlooked part of this whole dilemma. The problem is NOT THAT the official servers not allowing clients without kernel level anti cheat. It’s just we don’t have an option to host our own servers anymore and we’re confined to following the rules.

[–] boonhet@lemm.ee 12 points 1 week ago (2 children)

Yes, that's part of the StopKillingGames agenda as well. Allow us to control our own servers! For fuck's sake, it's CHEAPER for them, because WE'RE paying for hosting. A dedicated server costs money! And it keeps people buying into the ecosystem after the initial sales high because you form communities and then tell people IRL how awesome the game is. Assuming you have time for real life friends of course.

I'm not against the existence of a matchmaking system, or even against it being the default. Just give us a tiny menu item "Dedicated Servers" somewhere and keep that one around forever, even when the publisher is long bankrupt because the CEO blew all their profit on sculptures of oddly shaped penises or something.

[–] xavier666@lemm.ee 1 points 5 days ago

A dedicated server costs money!

Game company: "Why don't you give that money to us and we will give you a server?"

[–] ampersandrew@lemmy.world 4 points 1 week ago

They see it as a threat to their business model. Without any other option, you have to be on the latest version, seeing the latest skins, and you're unable to bypass their store and mod them in yourself. If I can help it, not giving me the option to run the server myself will be a threat to their business model.

[–] Passerby6497@lemmy.world 23 points 1 week ago* (last edited 1 week ago) (3 children)

"Butbutbutbut server side anticheat is haaaaaaard and requires us to actually think about what values are actually valid and understand our own internal game states. Kernel level anticheat ~~lets us be lazy~~ costs us less and requires less development time!"

[–] LaLuzDelSol@lemmy.world 3 points 6 days ago

Look if companies could implement successful anticheat without kernel access they sure as hell would, regardless of cost or effort. There is a TON of money to be made in competitive fps games alone, and they're pretty much all overrun by hackers

[–] rumba@lemmy.zip 1 points 5 days ago

requires less development time

Here, step into this 200GB repo with about 50 third party plugins and someone else's game engine and find all the states that aren't exactly like they are on the design docs, and do it at scale, across a cluster of servers that all have to interact.

20 years ago, i'd be right there with you.

It's actually hard for a big game to do those things. The people making the cheats are as good as the developers and only need to find one nick it the armor every time.

FWIW, I'm against kernel-level anticheat, and I didn't downvote you :)

[–] ampersandrew@lemmy.world 18 points 1 week ago (2 children)

Unless they deviate substantially from how they build games in genres like shooters, server side anti-cheat isn't going to catch everything that kernel level anti cheat does. However, kernel level anti cheat doesn't catch hardware cheating anyway, so if cheating is always going to be imperfect, we ought to stop short of the kernel.

[–] NuXCOM_90Percent@lemmy.zip 10 points 6 days ago

Was it Delta Force that made everyone lose their shit because it "accidentally" warned people would be banned for usb thumb drives?

Because... that is coming. No, not the thumbdrive. But scanning your various devices to detect hardware based cheats. Which... is likely also going to be pushed by logitech and razer to get ahead of the crowd that are sick and tired of needing their bullshit software to properly use mice and are looking toward alternatives.

[–] Passerby6497@lemmy.world 1 points 6 days ago (2 children)

That's the thing, you're never going to catch everything. But anything important can be sanity checked by the server when the client checks in, all without opening a vulnerability in your customers' systems.

So much kernel level anticheat is about offloading the processing power to the customer, and unreasonable desires for control over the systems involved and overall game environment (and probably a decent amount of data mining).

[–] ampersandrew@lemmy.world 2 points 6 days ago (1 children)

A lot of cheats send completely legitimate information back to the server, and that's what they're seeking to stop with the client side implementation; I don't think it has anything to do with costs. I haven't heard of any data mining happening, and surely someone would have caught it with wire shark by now, but there are enough things that we know for sure about kernel level anti cheats to make it offensive.

[–] nekusoul@lemmy.nekusoul.de 4 points 6 days ago

I think the way to go about detecting cheats server-side would be primarily driven by statistics. For example, to counter wallhacks one might track how often a player is already targeting an enemy before they become visible. Or to counter aimbots one could check for humanly impossible amounts of changes in the direction of mouse movement, somewhat similar to how the community found out a bunch of cheaters using slowmo in Trackmania.

Add in a reputation system that actually requires a good amount of playtime to be put into the highest tier of trust for matchmaking and I think one could have a pretty solid system that wouldn't have to rely on client-side anticheat at all.

[–] NuXCOM_90Percent@lemmy.zip 1 points 6 days ago

That’s the thing, you’re never going to catch everything

The problem is that the things that aren't caught? People don't say "Ugh. Easy Anti-Cheat suck". they say "Ugh, fucking Battlefield is un fucking playable. BOYCOTT IT!!!!"

There are alternative methods that may be even more effective (I personally think this is a genuinely great use case for "AI" to detect things like tracking players through walls and head snapping). They also have drawbacks (training and inference would get real expensive real fast since it needs to be fairly game specific).

Whereas kernel level bullshit? It clearly works well enough that the people who have the data (devs and publishers) are willing to pay for it.

And if it reduces the risk of a particularly bad exploit hurting the reputation of the game and tanking it harder than Concord?

Which is why "fighting back" is so difficult. We, as players, are asking for the devs/publishers to trust us. But we have also demonstrated, at every fucking step, that we won't extend even an iota of trust back and will instead watch thousands of hours of video essays on why this game sucks because of a bad beta.