developer of game 'Rust' talks about anticheat on linux
This is so funny because rust has one of the worst cheating situations and majority of their players are windows users, and theres lots of games that have anticheat that allows linux and have notably less significant cheating problems like marvel rivals. in reality rust doesn't take cheating very seriously because if they did they would have more server side software that detects illegitimate behaviour like tons of other games do successfully...... even most popular Minecraft servers have better functioning anti cheat that is completely server side than rust has while getting kernel access to your pc. its pathetic and lazy development tbh and this entire post from them reads like such extreme cope....
674
Comments292
It's almost like client side anti cheat doesn't work and if proper server side anti cheat is made it wouldn't matter what platform the client is on.
"never trust the client" is pretty much a motto of infosec, idk what the hell game devs expect
See, the wild thing is that I used to run with some actual hackers in GMod... and... I learned from the exploits that they did, how you actually design at least a game mode script that can't be fucked, can't be poked proded or queried directly.
Of course, if the actual exploit is lower level than what I'm writing at, well then I'm still fucked...
I can remember at least one GMod originated, lower level exploit, caused by Garry leaving some direct, unsanitized interface to Steam itself directly exposed via lua... which caused Steam/Valve themselves to step in and rewrite a part of all of Steam, because Garry is s fucking moron, and more or less allowed a virus/malware to propogate through Steam itself, independent of Garry's Mod...
Never did figure out if any of the goobers I knew had any direct ties to that or not.
But anyway, fucking yes, literally never trust the client with anything beyond their own GUI, and barely trust them with that, don't just let them click on anything in their screen space to see if its an item they can put in their inventory, do an actual server side vector ray trace, from the item to the playet, make sure the thing they clicked on is actually near them, put that all into a buffer that locks up if they're calling it at inhuman rates...
It was so easy to item dupe and stat boost and even hijack other players accounts in so many gamemodes I saw.
Fucking one of them had the user set and enter a login password to 'access' their various characters, pick one to spawn as.
Problem?
... That gamemode was actually doing the id check via SteamID, duh.
The username/password thing was a fucking phishing scam, that game mode had a forum, everyone used the same user names, a bunch of people got their hotmails or whatever fucked, by the dev of that gamemode.
... Anyway... yeah, I learned all this infosec type shit first hand, in an earlier 'FacePunch Studios' production.
Fuck Garry, fuck FacePunch, these people are idiot clowns.
Roblox exists now, the GMod roleplay communities independently invented their own ways of monetizing their gamemodes via syncing to their sites and forums with payoal widgets, ya'll missed the boat on that one, no one is going to play S&ndbox in anything close to GMod in its heyday numbers.
That sounds entirely on Steam. The game is the client in this context, and Steam as the server shouldn't be trusting anything from the client.
This was like, over a decade back, I don't remember it in accurate detail, and also, Garry deleted all the old Facepunch forums, which I do remember having a lot of discussion about this...
But, best I can recall, it was something like a buffer overflow/memory space exploit, because Garry exposed a core Steam function, that normally is only called by other Steam functions, in c++...
Well, Garry decided to give basically a lua api / reference method of accessing it directly, allowing doing arbitrary code injection into it, from anyone running a GMod server or networked client.
So I mean yeah, you can say Valve should not have trusted Garry with low level access to Source and Steam, that that's their bad, they should have expected he would create a serious security exploit out of naivette/hubris, like the proverbial junior sql db admin who just does 'DROP ALL' on prod, as an 'experiment'.
Uh yep, I would agree with that.
... I think this may have had something to do with Steam's, fairly new at the time, achievements system roll out, but I'm not sure if that's correct.
EDIT:
For those that don't know, the vast, vast majority of what GMod is, is basically just opening up core Steam/Source calls done in C++, opening those up to Lua, by mapping them with reference methods, and then allowing Lua scripting via those methods.
Then on top of that, you draw like, the item spawning menu, tool menus, make a standardized template for making a new tool or weapon (SWEPs) or entities, or players or NPCs, etc.
So uh, yeah, if you're not careful with that, if you don't know what you're doing at the lowest level, that can be very dangerous and easily lead to uh, unforseen consequences.
I'm still confused why any game having a way to upload a worm into Steam is good and why it was uniquely a GMod problem. It sounds like a case of a problem waiting to happen and the first place it happened to happen was GMod.
sir, this is a wendy's
Fuck you, take my order, stupid hallucinating AI drive thru working off an 18 year old microphone!
Oh Wait!
You're closing half your locations after trying to push realtime adjusting prices.
Nah I'm good, I'm gonna be posted up at the abandoned Wendy's, screaming at it all day long.
Get those pigtails in a hairnet, and my fries in a bag, thanks very much.
And this naïve understanding of infosec somehow makes people forget that this is not infosec, and there is more to anti-cheats than ignoring a client which says its travelling at warp speed.
The Problem is that that would increase the load on the server as well as make latency-mitigation much harder.
As with everything, it‘s always a tradeoff.
It's not a motto. It's a given must design. (I have work context)
The issue with pure client side is latency. At some point, you need some kind of predictive client side to smooth out the gaps to feel playable, but that also can lead to rubber banding and jumping around.
They're totally different scenarios. How is the server supposed to know if a player has (e.g.) walls disabled and knows where the enemies are?
Because the client has to know where the enemies are while still hiding it from the player.
People who have no idea how things work and go off on quotes they see online is why these discussions are useless.
That's the neat part: you don't. If their idea of anti cheat means taking over my machine to scan everything that runs on it, it's a lost battle. Either find a way to do it server side based on behavioral heuristics, or don't bother.
Oh, so the only options are rootkits and server-side. Weird, I didn't know the calculator app was one of those.
Depends on the game but largely enemies don’t need to appear in the client until they’re becoming visible to the player
So the server has to compute whether a single pixel of the enemy's body or shadow is visible to every client? How does the client play spatialised audio for enemy footsteps if it doesn't know where they are - does the server calculate that as well?
I mean, if the client is thin, with everything computed server-side, this works, but that's not what games are.
Easy to say but if you use Unreal Engine it's very hard to do that. Unreal doesn't have a built in way to not replicate something not seen and the inbuilt networking is built on any action a player makes is tied to the player. So if you want to hear that player walking or shooting that player will exist on the client.
Finally someone who seems to have some sense of how things actually work and if course they get down voted...
Sure I get why people don't like kernel anti cheat but they should at least understand the difficulties from not having it.
There's been an increase in games that don't give the client full knowledge of enemies. That data doesn't actually need to be sent to the client if you can do checks on the server to know if they're visible. Yeah, it needs to be simplified from a full raytraced solution from the camera, but it can be good enough that it isn't much of a issue, depending on the game.
IIRC, some game (it may be Counter Strike, but idk) only gives your client player data for the "room" you're in, and adjacent ones, or something like that. You can still see through walls near you, but you can't see people on the other side of the map.
Yes, there's always going to be a point where there's nothing more you can do and you just have to hope for the best, and mitigate what you can on the client. Still, the naive "the client has to know where the enemies are" isn't accurate. A well designed anti-cheat solution will try to come up with a solution for this. Sometimes it isn't possible, but often there's some amount of information that doesn't need to be sent to players that can be hidden.
Why? :3 If a player shouldn't be able to see someone, just don't send their location.
But if they're not rendered, what about their sound effects like walking, or something like their bullets?
This is actually an issue in War Thunder, where if the server thinks you shouldn't be able to see a tank, it won't render it, but this also causes it fairly frequently to not play noises from the tank like the engine or shots, and to not render projectiles from them either. So a teammate can die right next to you and you won't know how because the shot wasn't rendered on your screen even though you were looking in the direction of the enemy when they fired it. Or a tank with an engine louder than a semi truck will sneak up and kill you because the game simply decided that you shouldn't be able to hear them.
Just send sounds too
So send their location then, since sounds have to be played from the player's location in order to project from the right spot.
Only when you're making sounds. Not when you're being silent.
Maybe I'm wrong but the server could read where the players are and what are they don't and see if they can do that without using cheats. Then you keep the statistics of every player and flag every time there's something strange. If too much flags raise, check the user. I don't see the need to do it in real time. Some games will be bad... but nothing stops the server from rescoring the game after checking if a cheater is detected. The server can even send an alert to the other players of that game and let them decide how to fix the end result of the game.
I love how in every anticheat discussion someone who actually knows something about how games work get downvoted into oblivion.
If your objection to client-side anti-cheat is that it "doesn't work" what till you see what server-side anti-cheat fails to accomplish!
There's no way with a pure server-side implementation to even try to work out whether the client is using an aimbot or wallhack. No solution is perfect, which is why the best solutions try to combine methods.
These people are delusional, don’t listen to them. Their cognitive dissonance drives them to jump through the biggest hoops to defend something that is simply flat-out wrong. You can't beat most cheaters with a server side anti cheat only, unless you do what World of Tanks does and have everything server-sided which isn't feasible for all games. Take CS2 or CS:GO for example. The game is riddled with cheaters, despite getting multiple VAC updates this year.
I don't think it's cognitive dissonance driving them, I think it's hatred of rootkit anti-cheat that bleeds into other client-side anti-cheat.
People aren't very good at separating different but related things, it seems.
Why would you even send the location of players behind walls? You can just do the visibility check on the server first. But hey that's extra CPU cycles that they don't want to be spending on helping you.
Visibility check of what?
This amounts to making players use thin clients and putting all visual and audio rendering on the server if you want it to work and not suck. Will you be happy to save £1000 on your PC at the cost of having games cost £150 a pop? Thought not. Or did you think the "extra CPU cycles" were just free?
@FishFace @x00z my small thought -> i think today no solution can prevent "cheaters" because you can't differ "cheaters" from users anymore if they want to.
Here is why ->
One PC is running the game -> a second PC emulates Keyboard and mouse inputs using a CAM (Capture Card) / Sound (microphon / digital capture) and an on the Game trained AI.
So what does any "cheat protection" offer if they don't protect against serious cheating ?
PS: "The only still working protection is lan play with control over hardware / software and players like done on real events"
Yes, there is no way to prevent all cheats. However, to prevent as many as possible, you need to use all available methods. It's quite reasonable that kernel-level anti-cheat should not be available, as it it's an overreach and a security risk. However, client-side anti-cheat is not that.
Many of the cheater ridden games don't even do a simple CPU based PVS check on the server side. You don't need a GPU for this because it's super fast.
An example of strictness in protection using PVS: https://www.youtube.com/watch?v=8w1ICIBO3D4
Tarkov for example doesn't even do a super simple check.
Oh and there's many more performant methods such as https://github.com/87andrewh/CornerCulling
It's a very hard thing to check for though especially with how complex the world can be in games today. Even if it was feasible you don't know where a client will be in a few frames so you basically need to do a "what players can be seen from this general location" check. The higher movement speed the bigger of a volume is your possible viewpoint.
This is also ignoring all the things you need replicated even when you can't see the player such as footsteps or them shooting or interacting with something.
You use both server and client side anti cheat.
Using only one will not work the way it should.
That, or cloud gaming needs to replace it.
All client anti-cheat have server components, otherwise they will be bypassed.
I don’t pay multiplayer. That said, what if there is no anticheat? Would that level the playing field? Let everyone aimbot if they want to.
It will ruin the experience for anyone playing competitively in a ranked mode, which means invalidating that mode entirely. This drives players away from competitive games like CS, Valorant, etc. which is why those games all use anti-cheats.
Similarly if there is a persistent world or some state that the game relies on to make the game fun for everyone, e.g. extraction shooter, MMORPG, etc then if the game state's integrity is compromised it loses meaning entirely. Imagine playing chess but your opponent can move the pieces any way they like; it stops being a game.
I do agree that games where everyone agrees on cheating should allow it.
Get your anticheat code off my fucking cpu and onto your servers where it belongs.
Garbage games do this, simple as.
Absolutely. You know where all the players are and what they have. Just check if something that the client is reporting is IMPOSSIBLE and kick the player who threw the request. If you have a player who is performing at over a certain level of realistic performance, have someone manually check them to verify they're legitimately that skilled and if so, flag the account as "actually just that good". It's the only reliable solution.
I'm not a gaming dev, but a full-stack web dev; is it not common sense that data needs to be validated on the server side, not client? I don't really get why client-side "anti-cheat" is a thing, but may be missing something.
Not a game dev either but my guess would be the main reason is server performance/compute cost.
Any checks that are done on the client run on the users' hardware instead of the publisher having to pay for more/better servers and electricity.
I think the disconnect with most other types of developers stems from the respective goal hierarchies. In most fields of computing, correctness isn't just a high-value goal - it's a non-negotiable prerequisite. With online multiplayer games, one of your chief concerns is latency and it can make sense to trade some cheating for a decrease in lag. Especially if you have other ways of reducing cheating that don't cost you any server processing power.
Also, aren't many of the client side anti-cheat solutions reused in several games? If you're mainly checking that the player is running exactly the same client that you published, I imagine the development cost for anti-cheat is lower.
TLDR: Money. It's always money.
I think you're wrong about one thing - it's not about compute cost, but about complexity of accounting for latency. You could check if the player can see the enemy they're claiming to have shot, but you really need to check if they feasibly could've seen the enemy on their computer at the time they sent the packet, and with them also having outdated information about where the enemy was.
The issue gets more complex the more complex the game logic is. Throw physics simulation into the mix and the server and clients can quickly diverge from small differences.
Ultimately, compensating for lag is convoluted, can still cause visible desync for clients (see people complaining about seeing their shots connect in CS2 without doing damage), and opens up potential issues with fake lag.
More casual games will often simply trust the client, since it's better for somebody to, say, fly around on an object that's not there for other players, than for a laggy player to be spazzing out and rubberbanding on their screen, unable to control their character.
You can also just check 1 in every 10 or 100 player actions
Aimbots and esp is client side only.
hmmm I see; could not at least aimbots still be detected on the server side?
Not 100% no. And any evaluation method you do will either allow more cheaters or catch very good players. Not to say this isn't done because it totally is just that it's very far from perfect.
Hell I've heard of cases where some really good streamers had to be an a special list of people to not kick/ban from this kind of detection because they've repeatedly been falsely detected. If you aren't a streamer you will have a lot harder of a time to get unbanned though not just because you aren't famous but also because it's harder to prove your innocence.
I remember Valve placing honeypots that would be impossible for a honest player to see or reach, and banning in mass the players who fall for it after some time to avoid the adaptation of the cheaters. And that is a cheap yet effect way to clean the player base.
Other interesting strategy is to limit the client information available, of the character is not looking with a scope, the client doesn't need to know if there is another player far in that direction.
Probabilistic analysis is not the only way.
But I know that some strategies would demand major reworks or good planning from the development phase.
Honeypots are not an easy solution either though unless you only really do it as a one off thing. And to be worth it you have to allow those cheaters to continue for some time before banning. You shouldn't underestimate how adaptable cheats developers are.
Limiting information is easier said than done especially for circumstances that matters the most. And don't forget people can still hear others through walls.
Hello game, yes, I am indeed actually on the other side of the wall, now inside the enemy's base.
What performance threshold should that be? 10%? So 140,000 manual checks of CS:GO players? 1% is still 14,000. How are you going to check those people - go to their houses? If they don't let you in just ban them? What about people who install cheats that allow them to perform as well as someone in the top 2% but not top 1%? They have a free ride?
It's not possible to catch all cheats, but pure server-side cheat detection is basically worthless.
Doesn't CS do it by using volunteers, showing clips to players waiting for matches or something where they can vote if the player was using cheats? I could be remembering wrong though, my CS knowledge comes entirely from watching klicksphilip :P
No, they don't do that anymore. It ended with CS:GO.
CS has VAC which can issue VAC bans - unless something's changed. They may also get volunteers to assess stuff idk.
Just look how well this went for Valve & CS2... It's riddled with cheaters, despite having multiple updates to VAC over the year. This method only works for games like World of Tanks, where most things are server sided.
So many games that work flawlessly on Linux, so I just skip those that don't:]
This is the way.
And let people run their own dedicated servers again.
There are community rust servers with EAC disabled (mainly for linux players). I don't know what the fuss is about.
How many of them competitive multiplayer?
many. Marvel rivals, a bunch of the battlefield games, arma 3, dayz, dead by daylight, halo, hunt showdown, team fortress, war thunder, csgo, deadlock, vail vr most of these games manage to have less rampant cheating than rust while supporting linux at the same time, meanwhile rust claims that only 0.01 percent of players, only 14 people, were linux players and somehow thats causing a serious cheating problem that they cant resolve? anyone can tell how dumb that sounds.....
Very obviously many. But I gotta say my reaction to your reply is just "eeew, I'm so glad I'm not one of those people" (who only play those kinds of games).
Server side anti-cheat should be the focus of every game company with an MMO game in their catalog. Relying on kernel access is madness.
Let's do some math here, they said:
Let's do a quick math. The maximum peak users for Rust was 259,646 concurrent users according to https://steamcharts.com/app/252490 . Let's assume 60% (more than half) of all the .01% users were cheaters, congratulations, you got rid of all those 16 cheaters... I haven't played much Rust, but I'm fairly confident that there's a bit more than 16 cheaters there.
And that's without getting into the whole client side anti-cheat doesn't work.
You dont understand linux users have black magic hacks that ruined the game for every player on every server, their power cant be understated... Theyre a whole bunch of dangerous hardened criminals
I feel like some people think Linux is only for hackers and cybersecurity professionals
And genuine hackers and cybersecurity professionals have got way better things to do than cheat in Rust.
The cheaters are all obnoxious 12-year-olds who couldn't land a single hit without the cheats, that's why all the compilation videos of cheaters falling foul to fake cheat software are so funny. They'll spend 10 minutes trying to go through a doorway without it ever occurring to them that something must be wrong.
🤣 beware the Linux users
"Do not tangle with the type of people who decide to put Linux on their PlayStations. Trust me, you are wasting your time."
every single one is a l44t hack3r bro
It was the elite hacker 4chan, they hacked all their servers and stole all their ram.
If Valve's expanding hardware lineup helps increase SteamOS adoption, they'll change their tune.
I doubt that they will, given the fact that Linux is misrepresented a lot. They use Linux servers, so why not support Linux already?
Not a chance.
Overhaul your entire game stack || Blame Linux for being too small
Why would they need to overhaul their game stack? Rust would run just fine on Linux if they didn't block it intentionally.
When I say they're gamestack, I'm talking about their client and their backend services and their associated middleware.
Moving a game that is mostly client authoritative to server authoritative is a hell of a lot of work and requires serious rewrites to both the client and the server.
It also requires a lot more compute to handle the back end.
When you go from calculating everything on the front end and just sending the data back to the back end to sending actual controls to the back end and doing simulations, you need to rewrite a significant portion of everything.
It's way cheaper and way faster just to write it in the client, and require the kernel/secured OS to police risky actions to the application.
The last couple of projects I looked at were probably 50% more man hours to make it server authoritative out of the box. Trying to come back and do it after the fact, It's much, much higher.
I would bet that the claim of more than half of Linux players cheating is false positives due to shitty anti cheat. Like the anti cheat relying on some windows process or trying to initiate some process and linux is structured differently so it fails.
THE INTEGRITY OF YOUR DEVICE COULD NOT BE VERIFIED
If your cheat detection runs on the client side only, you don't have cheat protection.
Well, there only so much in gaming that reasonably can be done server side.
Sure, the server could identify that a player shouldn't be visible and not transit that location to a client, addressing seeing through walls, in theory.
But once a player is hypothetically visible, aimbot can happen. If you are crawling in a ghillie suit in the grass, but the other player has a client that skips rendering grass and replaces the ghillie suit model with a suit made of traffic cones...
Now intrusive anti cheat isn't worth it, but it is an unavoidable reality that it is up to the client to preserve the integrity.
Closest you get would be streamed gameplay, where the rendering even is server side. Also not worth it. But even then I could see cheating machine vision and faked controls to get an edge unfairly.
lol
So Linux users were 0.01% - one in 10,000 players - and also the main cheating problem?
Some odd math there.
No, he said he saw more cheat users using Linux than legitimate users using Linux. He also said Linux is another vector to cheats, not that its the main one.
He said he saw more cheaters than legitimate players on Linux after they stopped support. I mean, no shit?
He said when they stopped. That could mean at the moment of the stop or starting from the point they stopped the support. Both are a possibility, yet only one makes more sense than the other.
Minecraft is actually a good example.
Server owners pay very little to nothing for anticheat, and cheaters have dozens of extremely elaborate clients to choose from, all interfacing with the very open and moddable game. And still, servers that do give a fuck have basically zero rage cheating. ESP? Sure, but that can be solved as well. But beyond that, everything can and is detected. And that in a game as sandboxy and freedomy as MC. It was designed to have a lot of slack in movement and actions, yet ACs are extremely good.
literally when i thought about it for even a few seconds i was like this is some bullshit minecraft has better cheat moderation than rust..... the biggest servers all manage to do so completely adequately and theyre just community servers....
I think the main tool is private self hostable servers. The big public ones have to think about anti cheat (more out of preservation of there own economy) but if you just whant to build with your mates. Have at it.
One of the biggest Minecraft servers I know of had basically no anti-cheat and just relied on user reports and bans. And it was extremely effective. It was a PvP based server, and I only encountered cheaters in like 0.1% of games, and even then they were usually banned before the match finished.
Unfortunately this usually requires a dedicated mod team. For smaller servers it's not much a problem but when that scales up, companies often decide paying for an enormous dedicated mod team to review reports and make bans isn't worth it when there are cheaper (albeit shittier) options.
And then there is 2b2t where everyone cheats as much as possible.
Can't you cheat in MC by just removing a pixel in a block to make it transparent?
But I only ever played it coop, so it doesn't really matter.
Basically, yes. There are many ways. But:
An anti-xray plugin is nowadays as common for servers as lithium or essentials. It either removes all important blocks from view, inserts fake blocks (eg. ores) or just makes everything appear as only stone. The middle option can even serve as evidence of a player using xray. For preventing ESP, you can do effectively the same but with players: Hide them and their particles until they're in view, and randomize their sounds' position, so that a client mod does not provide any more advantage than having decent headphones.
Server-side culling essentially.
The ones that modify the world’s blocks often cause a lot of lag unfortunately.
The game doesn't render blocks that aren't exposed to air. So that trick let's you see caves and some ores, but not most ores.
Copius maximus
This whole anticheat thing is so stupid. Remember when Sony got sued bigtime for including rootkits on their audio CDs? Why are game developers getting away with it no problem? Society is regressing and it's frustrating to watch.
People are never interested in learning from history, they'd rather run face first into that wall.
The abusers typically.did read histor, saw what worked well, what didn't, learned from that to become even better abusers.
This doesn't only apply to games, it applies to politics, celebrities, religious clerks,you name it
Just saw a comment in a topic about steam machines about "why do we even need to care about the past, its in the past, it doesnt matter anymore"
humanity is devolving to a state dumber than the chimp that scratches its ass, sniffs its finger, and falls off the log in shock at the smell.
They dropped Linux before proton was invented. Go on any cheat website and the requirements will always say to have windows. Maybe proton is exploited by some cheaters, news to me. You should just ban windows, no more cheaters.
It's not proton that is exploited. It's the kernel itself that cannot be monitored by anti-cheats, meaning cheaters could install a modified kernel to mess with the anti-cheat
as if the cheaters can't already evade anti-cheats even on windows.
Exactly. There are two methods that bypass kernel-level anticheat fairly easily, and there isn't really any way around them.
You can run the game in a virtual machine, with cheats running at the hypervisor level. This level is more privileged than the virtual machine's kernel, and can thus read or modify the active program without detection.
The other way is to load the hack into the bootloader, so the cheat loads before the kernel and, again, can thus be in a more privileged permissions state.
The only effective solution is to detect cheating server side, or change the game engine so cheats don't work (like loading all models with no line of sight behind the player, so wall hacks and modified game models don't matter.
There's another whole category that also doesn't care about what the game is running on the kernel: seperate device cheats. They act as a man in the middle for the input and output signals, and can auto shoot when you'll hit or adjust your aim if you're close but not quite there. Or just play for you entirely if it's that good at processing the output.
And blocking that isn't likely possible without killing streaming for the game or convincing all users to get input devices with encrypted connections or they can't play your game.
I'd respond to the original comment that anyone who doesn't have server side cheat detection isn't serious about stopping cheaters. In any case, I just removed that game from my wishlist. Not that I needed another survival builder game anyways, though they do tend to catch my eye.
Good point. I remember seeing one about a monitor that can give edge-of-screen glow to indicate proximity of enemies in LoL or DOTA2 based on minimap information.
Fascinating.
I will never understand, how people use their ingenuity to fake being good at a game.
Like, I get the hacker aspect of it: developing a cheat, breaking the game, exploit and find ways around the counter measures. Fair enough. But then you would do it once and showcase it, that wouldn't disrupt a game's community.
So there are people out there, who load cheats with the bootloader, in order to pretend being better than some randos in an online game. Wow.
Same kind of people who lie all the time to look good to others. Some people want to be awesome but know they suck, or even more pathetic don't suck but can't stand not being the best, and cheating is their pathway to getting the social results of being awesome without needing to develop the skills.
The way I've seen it for ages now, being a loser isn't just about losing games, it's how you handle losing games and how much you internalize that. I see it as short for "sore loser". Cheaters are losers in that sense.
Though it makes the idea of them still losing despite cheating even more hilarious, which is why I love the idea of games that detect cheaters but stick them in cheating queues instead of just banning them.
Maybe it’s mostly kids? Like the genre of kid that told you their dad works for Nintendo so they have Mario 5.
Kids, and people making a profit.
Easier to make a profit off RMT if you bot and cheat.
I mean as a electrical engineering student who likes to program, building such a system seems like fun but playing with it not so much. If there was a game that was purly made for cheaters with the goal of beating the anticheat without detection i would love to try that. I feel like this could be something like the capture the flag competitions some groups make where you have to hack a website faster than others or break some encryption.
Desstroying other players without effirt is like playing a game in easy mode and i dont get that at all, where is the fun if there is no challenge?
Just look at sports. All those antidrug tests are there for a reason.
Feels a bit different to me though. I mean, while doped in sports it is still you who brings in the results. You can also take, idk, focus-enhancing drugs in esports to have the advantage (I wouldn't, but I've never been very competitive and don't get it in general). But cheating, like e.g. using aimbots, it detaches the results somehow from you. The equivalent, to me, in sports would be to have somebody go through all the hustle to get competitive and then pretend to be you, so you can get the cup and the pictures afterwards. Just strange ¯\_(ツ)_/¯
It's the same as being the only one to use steroids. Or using methanol in the fuel. Or having a card in your sleeve.
They probably gave up on preventing cheat entirely, and are just trying to reduce the amount of cheaters by making cheating as annoying as possible.
I do actually believe them when they say that cheating on Linux can be made significantly easier and more comfortable than on Windows. I think it's a real fundamental issue for Linux, multiplayer games with toxic playerbases can be unplayable due to users being able to do what they want. They would have to make systems to allow for playing in smaller human-moderated servers, or rely purely server-side solutions
And that it self is measurable. Never understood the attempt to have total control on byod setups. Its never going to happen lol
That .01% number is out of line with the overall share of Steam users in 2018 by literally an order of magnitude. I can understand some deviation within a particular game, but that figure is so far off that I kind of suspect he just made it up on the spot.
I think he refers to the amount of Linux users playing their game.
Yes, but it's still weird that their audience is so far outside the average proportions
Is it? Major FPS game sounds like the least likely game Linux users would be playing on Linux.
Why?
I play a fair amount of multiplayer FPS and I pretty much just assume I have to boot into my Windows partition for them because of anti-cheat. The fact there are some FPS games that actually support Linux is surprising news for me, hopefully more devs start adding support.
Because they historically didn't work on Linux. Looking at shooters from 2018:
But taking it further, they're the gamer-iest games, so if you're playing one of these titles there's a high chance you're playing a lot of games, probably with friends, and each one your friend group picks up is another chance for Linux support to be poor, meaning that you're going to miss out. Obviously that doesn't apply to everyone, but it's absolutely going to reduce the number of people using Linux to play. With the Steam Deck now, this trend won't be as prevalent, especially for stuff played with controllers, but I bet you'll still see the phenomenon with AAA, multiplayer titles design for KB+M.
There was a native Linux build up until 2019. I also wouldn't really class Rust as an FPS, but that's beside the point.
Right but a Rust player is probably playing these other shooters.
I mean, Linux player base is only .01%, even if they are all cheaters, they will literally have no impact... You can't say "Linux user base is too small", and "if you support Linux you want cheaters" at the same time if you want to make sense.
Yeah, but saying "Our codebase is so terrible Linux keep showing us new bugs we won't fix" or "We can't sell your personal data with Proton" is worse PR...
I gave up Rust when I moved to Linux.
They are changing the game from building a cozy PvP Minecraft, to a clan based wargame.
Cozy players, don't cheat, clans do (Not all, of course).
Changing? Zergs have run servers since the first day I played almost 10 years ago. Small monuments are war zones the first few days of wipe. I don't think that's changed much since. Rust has never been cozy on any server with a population.
Rust PVE on community servers is pretty cozy.
Yeah I should've specified vanilla pvp servers. It's always been a KoS hellhole. If anything, recent changes have made pvp less punishing.
Am I reading this wrong? Or is this guy really trying to say the very predictable rise in exploit users on the platform after they stopped patching the exploits is proof that the platform is full of cheaters?
Yes. It sounds like they removed anti cheat from linux for a spell and watched an uptick in cheater switching platforms. So they weren't willing to support the anticheat, removed it from the game and watched cheaters flock to the platform. I don't think they are saying linux users are cheaters, just that cheater will use linux if vulnerable.
Maybe he meant at the point they stopped support, not after. But its not very clear from the way he worded it.
Curious take, Rust has about 137k users online (24h peak via steam charts rn atleast). Dev claims 0.01% of users play on Linux. That's 13-14 players. If even a single person decides to cheat or run Linux to cheat the amount of "cheaters on Linux" would indeed "dramatically increase". But that's a really bad way to tell the narrative.
I don't really care, i haven't played rust in years and as others mentioned there's way to much games i can play instead. Ive been playing a lot of The Finals recently and I've had a blast. They have Proton support and anti-cheat and atleast publicly say that they do want to continue supporting Linux.
If not supporting Linux is a business/economical decision just say so. This is a really bad way to discuss the situation and an attempt to frame linux players as cheaters. If you have 14 players total on Linux out of a total 100k then they most likely aren't the problem.
I’d imagine people on Linux who want to play Rust would be more than happy to shell out $15 and go through the little effort it is to download DLC so they can play on a Premium server when the other option is to shell out $140 for a Windows 11 license and go through the effort of installing that spyware trash to their PC.
On the other hand, Alistair clearly doesn’t want your money so maybe stop trying to give it to him.
i didnt plan to anyway lol and i dont think people should bother, rust is not a game worth the extra money or even worth the time in general...... and its damn well not worth a windows install, and i say that as someone who alrdy has one just in case on my system, i wouldnt even choose to boot up windows to play rust......
Skill issue.
Who could have imagined that the people who create toxic PvP games are as toxic as the people who play them?
Fair point. Means I'm not going to play the game, but that's fine too.
Curious to see though if the Valve Frame/Gabe Cube changes things.
mentioning EA games like Apex Legends removing support is laughable. Sure Alistair, ALL those EA games ALL decided around fall of 2024 to ditch support for Linux/Proton. All at the Same time. Not because EA has a deal with Microsoft/Game Pass and NOT because a few months later Microsoft announced their own Handheld with Asus. Just like Riot.
So Alistair how long until Rust is announced for Gamepass with all DLC included?
That's a bit tinfoil-hatty. EA is a big company and these types of decisions typically come from the top, and if it was decided that they don't want to bother with Linux, because, let's be fair, they don't really have that much of an incentive, the profits they get from Linux is probably worth less than the headache of supporting another platform, then they most probably decided to apply that to the whole company, not just a single game.
I will be so happy when the era of client-side anticheat is over. I think it will happen eventually, especially now that Valve is releasing the new Steam Machine and has been so successful with Proton-based gaming lately.
Plus, Windows getting so much worse and the zero days and exploits of these kernel-level anticheats will put pressure on the devs to move away from them imo.
yea i think its a matter of time linux is very quickly becoming the operating system of enthusiasts not in spite of gaming but for gaming too. Some older games dont even run properly on windows
But for people with older pcs priced out of the market who are still very heavy gamers they will naturally trend toward debloated windows variants and linux, and with the speed linux has grown in even just the last year its pretty likely itll be more close in market share to macos sooner rather than later. and more of the people who leave windows go to linux vs mac based on stats available so its in some good standing right now.
i talk to many regular people about linux and many seem completely open to switch tbf these are more educated people in school though and one does programming but i think majority of people would be open to running something like a debian or ubuntu and even something more complex with the right applications to support daily usage
on the enthusiast note for example, if you want the best vr performance on your index or vive or other wired headsets your best performance will be running monado on linux using openvr translation, thats just reality, steamvr is pretty ass. And many alternative softwares for gaming like wivrn are completely free and available to everyone instead of charging for similar windows software, gamers use linux and they make sure its a relatively good experience
This is actually one of the absolute worst trade-offs they could have made, if you think about it for like 2 minutes :
They said 0.1% of players were on Linux.
Even if they were ALL cheaters, that's still a tiny amount of cheaters you just "banned"
Almost 100% of whom will just cheat on Windows instead ; whereas all the legitimate Linux players will loudly complain forever.
They decided to sacrifice all the free PR from one of the most vocal groups of players out there, in order to get a ~ 0% reduction in the number of cheaters.
In more simple terms, they just shot themselves in the foot for no benefit whatsoever (though I do grant it's a relatively small "gun")
Not only that, but the steam deck exists, the gabecube is coming, Linux gaming has been on the rise. The shit you did "several years ago" is irrelevant. If they allowed Proton, windows players with steam decks can now also play on the go. Instead they repeatedly have to poorly explain why they won't.. to stop basically 0 cheaters. I'd be willing to bet that the only people who actually stopped cheating in rust when Linux support was dropped did so because they lost interest anyway.
I searched just to see, there's a python script right on github that claims to have an aimbot, esp, wallhack, no recoil and several other features, along with "safety settings" so you don't get caught. Does it work? I don't know, but the codes right there to look at and there are dozens of other results in the search.
The Gabecube. Thank you for that. Totally stealing it.
they actually said 0.01 which is literally only 14 players compared to the average player base..... they shot themselves in the foot to fuck with 14 ppl lmfao even though it's unlikely the number is that small its likely just them exaggerating to make it seem like less people are affected
I also highly doubt their statement that more users were cheating under Linux than not. I'd like to see how they came to this conclusion. And if it's so easy to identify who was cheating, why not just ban them if it's .01 players? That's like 7 or 8 bans. An insignificant amount of effort would go a long way here.
Remember when Apex banned Linux during a cheating low, and then cheaters started trending upward AFTER the ban? Pepperidge Farm remembers.
Glad I never gave this cunt any money.
His argument is valid, wdym?
It isn't. Cheating is a game culture problem, not a technical problem. Just to counter example. Rust is filled with cheaters precisely because they haven't done everything they can to fix cheating. They are culturally fixated in a single lane thinking. As a result, they're flooded with cheaters (plenty on Windows) who exploit their inflexible strategies. This is top Flanders "we haven't done anything and we are all out of ideas". Linux is not the source of cheating on Rust either, but he's arguing as if it is. He is lazy. That's not bad on itself, but he is also disingenuous and is arguing in bad faith.
Make server side anti cheat and suddenly what OS the player is running becomes irrelevant.
Edit: another contradiction in their argument. Linux was less than 0.1% of the Rust user base. But, Linux was also the biggest source of cheating? How? It is just a disingenuous and dumb argument made to spite Linux out of hatred. It has no basis in reality.
To adress your edit first. That's not what he said. He said the majority of Linux users are cheaters, not that the majority of cheaters are on Linux.
If you want to be upset about things people say, at least understand what they're saying...
I don't think you're a programmer. I don't think you've worked on the backend of software. It's seldom as easy as "just fix it". All software are built in blocks, added over time. Sometimes, it's not until much later you realise one of the blocks are unstable. But it's not as easy as just replacing the block. You'll have to dismantle everything built above it, reconstruct the entire block, and then build everything back up. Sometimes from scratch, because while you're at it, might as well fix some other issues too.
It's a massive undertaking, can take a very long time. And while you're doing all of that. You don't have time for anything else.
What he is saying, is that they're currently fighting enough cheaters on Windows as it is, they don't have time to do it on Linux either, all while maintaining two codebases instead of one.
Now. I don't play rust. Just not my cup of tea. But it's silly, how many comments here either don't even understand the argument he's making (including yourself) and/or have no understanding what so ever of what software development on projects decades old actually entail.
It's so funny how you say they don't care about their creative work at all, because in my experience. You'd have to care a lot about the project to justify the headache of maintaining decade old codebases. It's seldom fun. We're talking months of headache for a single day of gratification. And then it starts all over.
Rust's top player count was ~263,000, so .01% of players is 26. Good job stopping between 14 and 26 cheaters by not supporting Linux.
He's saying that cheaters who probably play on Windows, used hooks dedicated for Linux/Proton to bypass anti-cheat code.
That is not at all what is said. The guy you're replying to is also wrong. Alistair only claimed most of Linux users were cheaters, that would be 0.005%, not that most of total cheaters were on Linux. But that means during their all time steam player count peak (which was after the Linux ban) if 260k players, a total of about 13 people were cheating on Linux.
Which contradicts his position that cheating is a massive huge front to wage an endless war on. 13 people is a ban list, not a cry for rootkits on all clients. It stands to reason that if Linux was 0.01% and even if they were all cheating, it is not a massive problem. Is it tiny or is it massive? It can't be both at the same time.
Every extra cheater is a bad thing.
Do you think a player would care they only make up x% of the playerbase when they get insta killed through walls and lose all their resources by someone in god mode?
Of course any one cheater is bad. But this is a massively successful game studio complaining about cheating when they admit to not putting any resources towards creating a team to combat cheating.
No, they wouldn't care. It's a mild annoyance at worst. Nothing critical was lost. Maybe stop putting money into digital goods that have no tangible value and zero guarantee of property.
Fucking trolls, seriously.
No it isn't, I can't even be bothered to read it.
You’re getting downvoted because the truth hurts. Most people are here are not devs on competitive games clearly. What sane developer would multiply their anticheat costs for .01% player growth?
It’s a network effect issue. More people need to game on Linux before it’s relevant enough to support for competitive multiplayer games. Same reason why Riot dropped it.
Developers are cunts, good to know
Well the garbage takes itself out
On Windows the cheating program it's a simple exe that will get kernel access with a simple uac request.
Everyone, especially 12 years olds, are able to run it. (And maybe get malware/ransomware disguised as a cheating program)
None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that
aha! so you admit, IT'S POSSIBLE! Well aren't we lucky we have microshoft who won't let anyone recompile their colonels! shows you mr silly yunix!
;D
I don't play games that require anti-cheat. Simple as that. If a game is full of cheaters, I don't play those games either. I am not going to have a windows installation just to play games. I am not going to have a console that only plays games. I am a simple man, if it supports Linux and doesn't have anti-cheat I play. But also I don't have friends so...
Explain something to me. It’s a multiplayer game anything that affects all players should be handled on the server side, not the client. So if I make a cheat it can only be installed client side, not server side.
So if my hypothetical cheat looks at object placement and any time I sees a small object approaching at a high velocity it can say “I’m going to assume that’s a bullet based on what the server told me about it.” Then my cheat would say “your character moves from here to here until the bullet passes by, then moves back. I will tell the server you moved to the left 20 inches in the blink of an eye then moved back”
This works because the server just trusts what it’s told in this example.
So there are two options here to resolve this. Either the server sets thresholds and denies any placement changes look like the Flash is playing rust, or the server evaluates suspicious placement changes later when the cpu load it’s under is lower. The first approach stops much of this instantly but is computationally expensive and could not scale well for lots of players. The second would work well enough. You need to catch cheaters but it’s doesn’t have to be within the same exact cpu cycle.
In either case, these work because the server is taught to look for something that shouldn’t be possible. The enforcement happens server side. The client doesn’t fucking matter.
There is zero reason to put anti cheat on the client side when it’s not a P2P instance. Target a few servers, not thousands of players.
Your head is in the right place, but your example is very wrong. First, unless it's a very slow projectile that's not how bullets work in games, second movement takes place in the server, to do so in the client is nuts. Client sends inputs, sever moves, gives back player location, client adapts. While waiting for a reply the client simulates the movement expected, but sometimes the server doesn't receive the package and so tells you you haven't actually moved and you teleport back.
What's usually not done is calculate vision cone, instead the server gives you everyone's position and you calculate whether you can see them on your GPU. Which is why if you can get access to the GPU pipeline you can tweak it so it shows you objects through walls. If you move the LoS calculation to the server you completely eliminate wallhacks, however that is very expensive to do (although ray tracing GPUs might provide a good approach in the future)
For the vast majority of games, it’s in between, because the latency if you waited for the server every frame you moved would be way too much.
It’s something like you have a local model of where everything is, and send updates to the server of where your local model says your character (and whatever else your inputs affect) are. The server receives that data, potentially validates it (server side anti cheat checking that your movement makes sense, similar to the OP post, for example), and then forwards that info to all players. The client side positions of everything are updated based on that info. Usually some interpolation is added to make things move more smoothly.
Yes I meant movement happens server side, which is why this example cheat couldnt work. it would be telling the server what to do, and the server could always say "no, fuck off, thats not something you were coded to be able to do". Sorry if I didnt convey that clearly.
I also understand the client has to draw things faster than the server can respond "okay, I moved you 12 inches to the left" so it guesses the outcome and if the server later responds with "denied, no teleportation in rust" it will just snap you back to the last position the server approved of.
My point is anticheat client side suggests bad code server side.
Yeah but this approach makes the game stutter and/or sluggish for everyone. Client side computation isn't just cheaper, it also ensures that you have a smooth gaming experience.
As someone else said, most games do a middle way here. Compute on client side. Verify on server side.
Yes but if you are verifying server side anyway, why do you need anti cheat client side?
Well, first off: Money. The more you verify, the more it costs you to run your game's servers.
But also because you cannot detect every kind of cheat via server side anti-cheat. How does a server detect if my flick-headshot (which won this crucial round) in counter strike was luck, or if I had help from a program running on my machine? Maybe it didn't even make me react faster, just nudged the cfosshair another few pixels to ensure the hit.
Of course you can run statistics, and can flag outliers. But it's no proof. If someone always cheats you won't catch them, while you will flag someone have a good day (or a friend playing on their machine).
This sounds like a super clever argument, until you think about the scale.
If the cost to host a game went up by 50% it probably wouldn't make it into an investor call. Its a small price. It could be 10x as much and still be completely affordable to many games companies.
How does the client detect that when running said cheat on another machine? It doesn't. The current solution isn't perfect either.
I think the one who's not thinking about the scale is you. As the server owner you pay (compute) for every additional player. This goes directly against the wish to have as many players as possible playing your game.
This discussion spun of from a company stating specifically they don't want to invest more into anti cheat solutions. And that's from a company which absolutely could afford it.
You make it sound like I said that, but I didn't. In fact I'm very much against kernel level anti cheat.
The client side anti cheat is a low effort hack that was good enough. Video game anti cheat devs are cheap as fuck because looking at client bits cost nothing compared to expensive machine learning pipelines that need to analyze all player performance. This is not a tech problem but a product/skill one.
You don't need machine learning for this we've had perfectly good server-side anti-cheat for a while now and none of it's been AI-based until recently. If we know the top speed the game should allow players to move any movement greater than that speed must be a cheat or lag, either way it shouldn't be allowed.
There's more to cheating than moving quickly.
Obviously. They gave one of a thousand examples. That doesnt mean their point is weak, it means they didn't have the will (reasonably) to make their comment 50000 characters long.
If you have a specific example that doesn't work to a reasonable extent, post that rather than this short, vauge retort.
Wallhack is an obvious one or anything that reads client and modifies the display.
Wallhack could be discovered through machine learning but very difficult I'd imagine. Other simpler rendering hacks like skin swap would be probably the hardest thing to detect server side as there's no trace.
I think thats a fair ground though. Clearly client side anti cheat simply doesn't work and if someone wants to put hats on their characters to headshot them easier then let them be the losers they are.
Absolutely, but thats strongly mitigated via not giving the client information it doesnt need to know.
Totally thought if you take a look at dota2 cheat scape the losers still come up with ways to mod an edge but a lot of that can be still detected when you put a competent engineers hat. I think the only really undetectable change is model/texture replacement which is honestly not that big of a deal as far as ruining fun for others sort of cheaters.
It's a huge part of cheating though. Fast movement, auto aiming, and wall hacks are the three biggest problems in cheating and all three can be solved algorithmically, without resorting to AI which is inconsistent and processor intensive.
You check whether the movement is possible for the allowed speed in the game.
You count the hit to miss ratio per weapon and build up statistical averages, anybody using auto aiming is going to be consistently out of that average, obviously you do this with each weapon in the game separately, snipers are obviously going to have a better hit rate than LMGs.
Finally you don't send data for players that are out of sight. Wall hacks can't work if the client isn't given this information.
The great thing about all of these techniques is that it's method agnostic, it doesn't matter what method the cheaters are using to inject their cheats, because you're not looking for the injection, you're looking for the end result.
Battlefield 6 has kernel level anti-cheat and it's straight up doesn't work because the cheaters are always ahead of the game. It also doesn't help that the game is glitchy on its own.
If Linux gamers are not worth his time as we are so few then maybe this singular person's comments are not worth our time over and over.
I hope for more than merely support for a freer OS. I want the whole video games industry to move away from a proprietary model to software freedom - where demand for support is not dependant on the original dev.
well yea idc i wasnt gonna play rust anyway i just posted since i saw it was being talked about and thought it might have some fun reactions about how stupid it is
I'm gonna make my own Rust, blackjack and h-.. A better blackjack.
TBF, you'd have to pay me to play most of these "anti-cheat" games anyhow.
BF6 is pretty great honestly
But I think you still would have to pay him if you want him playng BF6.
I can't speak with 100% accuracy. I just have something that tells me so.
Fair. There are other games I can play on Linux,.
Hardware level cheat detection has always been a losing game. I'm a professional in similar area (not games) but it's fundamentally impossible to do when you dont control physical hardware, it's stupid. The only way to detect cheaters is machine learning based behavior analysis, period.
TL;DR: skill issue
Either the entire game industry is incompetent, or you're wrong. Machine learning is a powerful tool, but the only way? No chance.
Entire game industry is incompetent as in "willfully not doing the best as long as it keeps selling, or not having resources to do it anyway". I can believe that
Yes they are willingly incompetent because kernel anti cheat costs nothing while ML pipelines would cost thousands if not millions usd in compute and engineering every year.
Luckily now with AI boom it brought down many machine learning costs significantly as well so we'll see much more server side anti cheat.
It's not even real Rust unless it's coded in the real Rust language of Rustlandia.
Otherwise it's just sparkling oxidation
I'm sure I've been playing a lot of games with EAC, because it's actually one of the few ones that support Linux.
If I'm not mistaken (judging entirely by the RAC popup/loading), from the games I'm playing, Hell Let Loose, Fellowship, Helldivers 2, I think even The Finals used it.
Hell Let Loose wasn't working at first, because you have to check a checkbox and enable Linux support when building, which did take them a while.
So, unless I'm misremembering/confusing it with another anticheat, this is bullshit.
Also "unless you have an in-house anti-cheat team"
You made millions out of your player base. You can afford it. You're just lazy.
yea thats one of the funniest parts like oh so your game that makes tons of money and has rampant cheating doesnt have any team dedicated to the issue? that explains a lot!
You can set the EAC flag in lutris and have it run on proton just fine. That is how all of the star citizen players do it. Its the new ones that need BIOS level stuff that I dont think will ever jive with linux unless they build a lib and make it for them.
This is the same BS CrowdStrike uses to sell their rootkit EDR. I mean, by all means it is a very solid EDR, but it's being used exclusively to cover gaping holes in discrete security as a cop out for not properly composing enterprise infrastructure.
A kernel space agent should only really be running in an environment where every process must be heavily scrutinized and the design of the kernel module is tightly controlled and itself under constant review, like in a proper data center with thousands of critical nodes. Not your laptop or the shitty windows box used to display ads in the screens at the airport.
Crowdstrike keeps spamming new features and techniques without serious consideration to keep their enterprise customers happy, similar to crappy solutions like Vanguard.
Covering obvious blatant logic flaws should be included in your server software, it's the same as sanity checking your inputs because there is always the possibility in may not match what you expect.
This statement is especially insulting to the massive library of games that successfully added Linux support without so much as a hint of issue relating to cheating. Even crappy outsourced dev War Thunder doesn't need to do anything after enabling EAC/BattilEye because they actually spend the .000001% extra cash from their whale revenue to run a service moderation team.
Hell even Valve's VAC system is mostly just about automating moderation tasks so that hackers can be taken down ASAP instead of a lengthy review process.
Or you know, the thousands of games that have better game logic than Rust's anticheat.
People who play games to cheat are the problem with the world. Born losers.
This guy is from the UK and former military. I think there must be some kind of weird haywire thing where the military experience made him irrationally upset about people who do not follow rigid rules and structure or something.
No doubt he spends most nights stalking cheater forums and dreaming about the day he finally wins his war lol
Stereotypes are so edgy.
But often true
i think its moreso the people most likely to go into military already tend to be more narcissistic people willing to kill others or easily convinced of extreme things like that for ego. Though the service can only really worsen those issues for most people. I also dont think he stays up at night like that lol i think he just hardly really gives a fuck cuz hes convinced he couldnt be going about it wrong despite him openly admitting other groups manage to and he just convinces himself its impossible with his team when every large server has their own moderation staff and can make use of tools if given them. His whole comment is so silly.
Image Text:
From linux_gaming community on Reddit
Posted by: Alistair_Mc
There are no plans to support Proton or Linux. It's a vector for cheat developers, and one that would be poorly maintained by both us and EAC due to the low user base. When we stopped support for Linux, we saw more cheat users exploiting Linux, than actual legitimate users.
When monitoring cheats for Rust, we keep a close eye on wider cheat communities across several major games. We look at what cheat developers are doing, and how other studios are responding.
From that experience, I'm very comfortable saying that if a game supports Proton or Linux, they're not serious about anti-cheat. The only exception would be if they have a fully mature, dedicated in-house anti-cheat team, even then, I'm not seeing anyone handle Proton and Linux well.
Apex Legends also dropped Proton support in October 2024 for the same reasons as we did several years ago.
Could we limit Proton to Premium servers? yes, but I think it's total bullshit asking Proton users to buy the game and then $15 worth of DLC. I'd be pissed if I were forced to do that.
When we stopped supporting Linux, users made up less than .01% of the total player base, even if that number has doubled, or tripled, it's not worth it.
I know that every time I post something like this, some Proton and Linux users call us lazy or dismissive. The reality is that fighting cheaters on one front (Windows), is already a never-ending battle. Adding more fronts multiplies that challenge without adding meaningful benefit to the wider player base.
Never heard of Rust, but it sounds like something I can afford to ignore.
OS shouldn't even matter to prevent cheating; do your anticheat validation server side. Anyone who knows anything about security knows the client side can never be trusted.
Ultra toxic survival game where you build a base, get raided by 4 guys with rocket launchers and bombs while yelling slurs at you. Then rinse and repeat.
Yeah Rust is super toxic indeed, bit I think that's part of the appeal
Did you ever try getting gud?
Oh, I'm very good at avoiding games like that.
I thought that was the trans crab programming language
The garbage took itself out.
Why isn't this the standard everywhere? These servers prove that server side anticheat works.
It is. All games have this kind of server side verification which denies not allowed actions. The difference is in Minecraft it comes down to "no, you cannot fly, or" no, you cannot build a pig spawner because you don't have one in you inventory". But in Counter Strike you need to decide if one player's 14ms headsbot is legit, while some other player's 20ms kill was not. Or if someone was acting on information they shouldn't have (radar and wall hacks). That's orders of magnitudes harder.
Generally speaking, the slower a game, and the less hand eye coordination are necessary, the easier is server side cheat detection. On the other side, there's chess...
Well, yes, but, let me counter with this:
You can completely remove wall hacks from the equation by doing some FoV calculations in the server, this completely solves that issue, there's no client side hack that would be able to show you enemies behind the wall because the server isn't sending them to you.
And to the other point, if the 20ms kill is bad but the 14ms kill is good, there's space to argue that the cheater is worse than the players so you don't really need anti-cheat so solve that, Skill based matchmaking takes care of that for you, he would eventually be placed with people who are better than him even with hacks.
Sure, server side anti-cheat can't capture everything, but neither can client side, but server side anti-cheat can make it so that your client side cheats are pointless, because they can't make you better than everyone, you have to remain averageish, and if you're consistently above average skill based matchmaking will bump you up and up until you're going to lose even with cheats or you will be playing against other people with the same cheats as you.
Please see my other answer. Yes server side fog of war solves a lot, but not everything because it works with your FoV+some extra. On top of that there's enemies' sounds and objects that will make wall/radar hacks work.
Yes, skill based matchmaking would take care of the consistent not-inhuman cheater, but unfortunately the number of games getting that right can be count on two hands, I would say. It's an interesting problem on its own for team based games.
I'll reply to the server FoV there. Skill based matchmaking is hard to solve, but I think most games who have enough players to worry about anti-cheat to this level should have some level of skill based matchmaking in place, in my head that's way more important than anti-cheat because even with cheaters the games are fun for everyone, and cheaters end up bubbling up into their own group.
Absolutely.
I've said this before about wall hacks. The only reason they are possible is because the positions of all players are being sent to the client and then the client just doesn't draw them to screen. It would be extremely easy to simply not send the data for players you shouldn't be able to legitimately see.
And you are not the first person to have this idea.
Most games do that to some degree. The thing is they are working with a threshold, which means they send your client the information of a few "extra meters" - beyond your field of vision. If they didn't, enemies would sudddnly pop into existence, instead of smoothly running around the corner. Especially in fast paced games there's nothing more frustrating than losing to this.
But there's more: non visual clues. If an enemy is outside your vision, but makes a noise, you cannot give that information to the client without revealing the enemies position. It's simply not possible (again, not without risking giving completely wrong info by the time it reaches the client).
Same goes for non-player objects, which are the result of a player's action somewhere else. If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
We'd be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
Hmm very well said. Thank you for explaining that. Definitely a harder problem to solve than I thought at first.
Sure you can, for starters audio is a lot less reliable to pinpoint location than video, so the server can randomize the position somewhat and still be accurate enough. Not to mention that sound bounces off walls, so it's not exactly wrong to give the point of origin of a sound as a wall nearby the origin or destination, and an even more advanced system could use ray tracing to calculate sound path and give you a fully accurate sound point that doesn't reveal the source exactly.
But again if you're not sending the bucket position until it's in FoV that doesn't matter at all.
It's not the end all, but it does take are of whole categories of hacks.
Still both can be calculated back to the source of origin. It may not be enough for a wall hack to reliably point out the enemies exact position, but definitely enough for a radar or proximity hack.
Edit: Your also completely ignoring the mandatory threshold where the server absolutely needs to send you enemy information already in order to avoid enemies popping into existence. The faster the game, the bigger that threshold.
And by all means, sound (in video games) is a pretty linear thing. You can only randomize so much, until players complain that it's not reliable.
In the games were talking about these kind of additional info or heads-up are an unfair advantage in competitive play.
The solution sounds easy, but I do believe that if it was, we would see it in at least some current games.
You're almost correct, but a sound bouncing off a wall sounds the same as something beyond it, or coming from a slightly different angle, just like how visually a reflection is "beyond" the mirror. Sure, you can try to calculate that back to the original location, but that's not very accurate, nor does it tell you the origin of the sound, could be an enemy, could be a friend, could be random low sound spawns sent by the server to bait cheaters.
For the threshold I think it's a lot smaller than you think, while a wall hacks that shows an enemy that will become visible the next frame is useful, it's a lot less useful than current wall hacks.
As for the audio, you can absolutely randomize stuff enough that it's useless to hacks but useful for players, because no person will hear a sound and know the exact source of it, only a general direction. Hell, most games don't even do proper wall bouncing or other sound mechanics that would allow humans to pinpoint location in real life.
I find a number of problems with the level of authoritativeness that you speak and some of the arguments you've made.
The core of your first argument lumped together is that a small amount of extra latency is the same thing as "impossible". This is obviously not true as even with some relatively fast paced genres, what is acceptable varies wildly. Maybe such an argument could be used for Valorant, but not for Pubg or escape from Tarkov (games that are already known for netcode slow enough that this would not truly/notably harm the experiences of players if they were designed for this from the start).
This example is contrived, and just the type of thing where there are a number of options available.
One could simply not send the bucket, send it with a delay, the bucket could not exist (the majority of games), the buckets origin could be randomized just enough to be at the tested limit of player perception, the game could include a trace shadow by default.
For every example like this, there are options available which aren't entrusting a black box to access all of your data with a pinky promise.
There is no kill-it-all solution, and this is a clever little re-framing of the argument by you where the new solution has to be perfect, when the status quo can just be mid.
I don't understand how you lump my arguments into "extra latency". Server side anti cheat doesn't add latency (I mean technically it does, but that's not the concern right now), but latency is very much the reason for the downsides I pointed out. The smaller the margins, the higher the chance one of the two players doesn't see the other coming solmoothly around the corner, but suddenly materializing in full view.
Your examples illustrate that very well. It's OK for PUPG or Tarkov (and even there only long distances), but a hard for Valorant.
And now, instead of the irrelevant bucket, make the same argument for a relevant object - like a grenade, or tracers. You cannot just get rid of everything or implement random delays or randomized origins.
It's not reframing. The original argument I replied to claimed these hacks only exist because the server sends everything, and it would be extremely easy to fix this. Neither of which is true.
Followed by
Is wild to me.
Seems like you understand perfectly fine.
This is both you agreeing yet disagreeing with my argument and I don't get the point exactly.
If its feasible reasonably, the point of your argument is diminished.
You're fighting a strawman by pretending that my argument was ever to "just get rid of everything or implement random delays or randomized origins".
My point applied in specific cases where relevant, and the dishonesty in your argument here is by acting like I am talking about not having a game. The bucket example was specifically about a bucket going towards a player from an unseen location with no line of sight.
For a situation like a grenade, the grenades direction becomes visible, somewhat randomized, from when the player should be able to see it. This presents no gameplay problems and solves the edge case of figuring out its trajectory for cheats, especially as a little bit of randomization results in a wildly inaccurate origin point.
As for the bullet, where are people shooting others without line of sight, where the bullets path would also simultaneously be visible? Its not a realistic scenario to bring up at all.
If we're going to that extent, we might as well also then say that all client side anti cheat is worthless because you can use a secondary machine to read the ram of a primary machine or other such high effort cheating strategies.
Firstly, it absolutely is reframing, because they never claimed anything was a kill-it-all solution. They claimed one thing was a specific solution for a particular problem, which it is.
The only part that you actually have shown good reason to disagree with is the last claim, as with the second you've admitted that it in fact would be effective, but that there would be downsides potentially (as if there arent downsides with every option).
It's tellingly ironic that for you it's totally okay to make a broad statement, then when being called out cut it back to "where relevant". And in the same sentence you make a strawman yourself, claiming that I'm acting like you are "talking about not having a game at all". If you want your arguments understood "where relevant", maybe show the same consideration.
As for the grenade and bullet examples I simply disagree. Given a certain observable trajectory it's freakishly easy to get a good enough point of origin to get an unfair advantage with that information. As for an example about the bullets, I believe there's enough FPS games with tracers out there. An extreme example would be Unreal Tournament Instagib matches. Where you see literally all tracers - directed at you or not.
Correct. Client side anti cheat can only make it so hard. Never impossible.
Yes, they said wall hacks would not exist if the server would only send what a user can actually see:
And that's not true. Wall hacks would still exist, as necessary information can be used to determine an enemies position. To a certain extend.
And yes, put to an unreasonable extreme it would eliminate wall hacks entirely. Just nobody would want to play such a game.
Have a good day.
True
Because they've been forced to implement server-side anti-cheat because they can't implement it into the game because they don't control the game and mojang don't seem interested in adding much in the way of anti-cheat to Minecraft.
These other companies actually control the games they're running the servers for, so they can go the simple route and put kernel level anti-cheat in the game, and then call it a day. Corporations will always take the easy cheap option, even if it's not very good.
They're on that lie still?
Cool, cool. I've got plenty of games to choose from to care about lazy lying assholes who can't be bothered to come up with a better excuse than that for why they irrationally hate Linux
Is there any way with steam to verify those player numbers because 0.01% seems very low. Market share is about 3% so I would expect numbers more in line with that. Obviously it's not going to be a one-to-one match up but two orders of magnitude different than from the expected number.
If you actively prevent your players from using Linux, your Linux player numbers will be very low.
Rust became unplayable on Linux a good few years before the Steam Deck-induced Linux boom. Back then the Linux share was still counted in tenths of a percent, if that.
And from what I've heard they rendered their build all but unplayable a good while before dropping support entirely.
Now they don't even need to maintain their own. The community will fix the issues through Wine and Proton if Valve doesn't do it themselves.
So really, their only excuses are low player count (self inflicted, and at this point companies pulling shit like this is what's slowing adoption probably as much as fear and unfamiliarity) and cheating (which, why would someone build cheats via Linux if most they'd be making them for are using Windows? Which has rampant cheating all on its own, so their solution is bullshit and useless to begin with)
Granted I don't keep up much with gaming communities but I personally was playing up until the breaking EAC update with no issue and don't seem to recall reading about people having problems.
To be fair, I've not been involved with it at all, this is just based off what I've read recently.
In any event, their anticheat supports Linux just fine and plenty of other games that use it work perfectly fine in Linux
Rust is a shit game with a terrible community and rampant cheating.
I'd say rust is a great game with the worst community and therefore riddled with cheaters and unplayable.
I think the game is pretty fun, but it heavily relies on the people who play it. To me it's impossible to play. Rust players are usually 15 hours a day online. If you play on eu servers, good luck playing against mostly russians who have nothing going on in their lives than being assholes online.
I haven't played in years but even then running your own server was the way to go
The terrible community is an important gameplay mechanic of Rust
You are not wrong.
I have literally never played a game and encountered an obvious cheater and if I did, I think I'd just change servers. Is this really such a huge problem and if so, what are its consequences beyond maybe being annoyed for 5 minutes?
Some people take their game worlds entirely too seriously. I find far too many in the competitive gaming scene treat video game accomplishments/loot/losses on the same level as real-world ones.
Some games, like Tarkov, are plagued with cheaters, but Linux plays no part in any of it.
First time I went into labs I encountered a cheater, that's when I learned to not play tarkov. Especially solo good lord
Single Player Tarkov (SPT) with the co-op mods and various other mods to spice up the game is a great way to play it tbh - stopped playing official servers years ago.
I've come across many, is it annoying? Sure. Is it the end of the world? No. You just leave the lobby/server and go in a fresh one.
No cheating is bad enough to justify a rootkit.
I've also been called a cheater a lot and they always sound very convinced even though they have no idea at all. I imagine these are the same people constantly complaining about cheating.
Hundreds of hours in Marvel Rivals and I've also never encountered anyone I was sure was a cheater. Nor have any of the friends I play with, and I've never had anyone on voice tell me about encountering a cheater.
I've definitely had a handful of matches cancel with an alert that a cheater was detected though.
Maybe I'm lucky. Maybe kernel-level anti-cheat is a farce.
Referencing my comment in the other thread, Facepunch employees keep being disingenuous about this claim. Even if it is true, due to how unplayable Facepunch made the Linux build a short while before they axed it for "a rampant cheating problem", this claim does not have enough evidence. The linked comment goes into some more detail, but it is insane how much the developers keep doubling down on their disinformation.
This is what happens when your game is exclusively a commercial product and not a creative work. This exact logic is why accessibility features are being implemented sparsly and slowly.
If all he cares about is money, let's just not give it to him. There's thousands of better games, more worth our time and money.
I tried Rust, but quit quickly due to the extreme levels of racism and open Nazis. Maybe they should address some core issues of the game before blaming Linux for their problems?
Also, how was their playerbase only 0.01% Linux? Was their game terrible on Linux? Why did it have hundreds of time less players than other platforms
well they dont see that part as a problem because the apple doesn't fall far from the tree
i wonder if this guy heard about counter strike...
Does the anti-cheat break the game on Linux? Not buying the game. I don't need that kind of crap in my life.
What a clown ahahha
That week I played Rust on Linux before they dropped support was pretty fun
LOL
don't play this shit
didn't plan to lol
I think Helldivers 2 uses EAC and it works on Proton just fine.
Helldivers uses nProtect not EAC but yes, EAC in general is compatible with Proton. The Finals use to run EAC for the longest and Arc Raiders currently uses it and both those games run well.
Does Deep Rock Galactic or maybe Marvel Rivals use EAC? I could've sworn I've seen pop-ups mention it and those are the three games I've played on Linux. But also, memories are bad, constructed memories happen, yadda yadda.
I thought Deep Rock Galactic was PvE anyway
It is. That's just the only game I've played lately that may have had an anti cheat splash.
Neither of those use EAC. I think Rivals uses some NetEase anti cheat and DRG doesn't use anti cheat at all. Lots of games nowadays have pop ups so I don't blame you for misremembering.
Isn't the real issue the PCIe bus being undetectable-y intercept-able with devices that sit between the gpu and cpu?
correct that is where majority of cheats are, because as they dig deeper with anticheat backdoors it pushed people to take advantage of shit like injecting the data directly into the pcie bus untraceably, and the ways to catch that have all been unshockingly server side......
This is the Garry's Mod dude?
I feel like the 0.01% is either a mistake or an exaggeration? Isn't Linux something like 1-2% of the gamer base depending on how you measure it? Why would a Linux supported hard-core game be 100x less than that?
No 0.01% was quite possibly the actual number at the time. What he didn't tell is that by the time they stopped the Linux port it was in an abysmal state after months or years of neglect. Poor performance at best, up to outright not working, depending on your hardware.
Its a clue in to why their argument is in bad faith.
Their game was never supported strongly enough to actually encourage people on linux to trust it.
its one or the other yea lol
@Jumpropegazing
they are loosing the battle against Cheaters on the windows user side, don't make them loose the battle on the Linux side aswell 🤣
not tight or constricting;
THE WORD YOUR LOOKING FOR. to fail, to be defeated, etc.,
sorry, this is just one I keep seeing more and more and it's driving me absolutely bonkers
@mojofrododojo
thank you 👍 i appreciate the correction
These comments are a real Dunning-Kruger festival.
In fashit, or here?
explain
Peoples understanding of game development, especially competitive gaming, seem to be lacking with Linux users.
Probably because none of them are able to play them because of anti-cheat.
From the POV of most ppl here they should either spend a significant amount of money on server side anticheat and accept that lag will significantly increase or just allow Linux to play without anticheat because "there are so many cheaters why even bother"
Not sure what to believe here due to I haven’t gamed in years. What’s everyone take on this? Educate me.
Linux is gay anyway I'd rather have mac support
c/lostlemmyers
Lemmings
bitch you're just jealous because Linux is
( -_•)▄︻テحكـ━一💥
Sometimes it's Trans also.