Can’t stop aimbots and wallhacks server side.

I always thought a good way to handle a huge swath of cheating would be to see what the limits a real human could actually do, and if it’s impossible (like having a reaction speed faster than 2 miliseconds) it’s flagged. Though the one game I know for sure has done this also had a huge problem with false positives. I guess no one working on Planetside 2 thought you could ever kill 1000 people with a single grenade; despite it being a clusterfuck of an MMO with plenty of people getting stuck in a doorway for that to be entirely possible and not even too hard to pull off.

And even that wouldn’t necessarily stop wallhacks and aimbots.

Now a days, I am convinced the only way to really mitigate (and not even fully stop) cheating would be to have a human referee. Like CS’s Overwatch program. And you might also need it to use an AI agent to analyze everything for pattern recognition because it can be really easy to hide cheating from actual people.

One of the big problems is stuff that a server wouldn’t know is happening

A simple example is wallhacks in FPS games, if you can somehow get the client computer to not render walls properly, the player can see where everyone else is in the level.

You don’t need to mess with the game client here if you’re clever about it, you mess with the operating system and graphics drivers so that a signed binary can continue to connect and behaves entirely legitimately from the server’s perspective.

Of course there are mitigations we could come up with for this, but you’re just in a game of cat and mouse. If it was a solved problem, kernel level anti-cheat just wouldn’t be a thing for the most part. Yet it’s what the competitors demand in the top flight competitions, because there isn’t a better way to prevent a whole class of cheating.

To be clear, not defending it and I personally avoid games that use it, but I understand why it exists

This always grinds my gears. When I was hosting custom Minecraft servers back in 2011 we had so many server side anti cheat measures in place. Prevented people from moving too fast. Randomized blocks until you exposed them so xray wouldn’t work. Logblock to identify griefers and do immediate rollbacks.

I remember this one time we had a group get on and grief someone that didn’t set up a claim yet and they thought they were so sneaky by distributing the loot amongst friends and chests. We just followed the stacks in the logs and restored everything then banned them. We actually had more people end up joining because how much auditing we could do, they probably felt like they could invest time into the server.

Now it’s like just trust the clients for everything and “oh we can’t ban them until the next ban wave because we don’t want them to know how we caught them”. It’s lazy. Back in the pubg days I remember seeing someone get 75 kills in a matter of 3 minutes. They didn’t get banned. They didn’t even have line of sight. Ban waves still allow peoples experiences to be compromised.

The traditional rationale, back in the time of the boomer shooters, is that the server doesn’t have enough computational power to update and control the game state for all clients at once, with acceptable latency.

The developers that go this route (for example, the makers of Infinity Nikki) explicitly check whether the hardware is a Steam Deck or compatible, and refuse to run if not. That way they can claim to support Steam Decks while blocking Linux players, which they still consider as too much of a cheating vector to allow at all.

For real? I’d be curious about how to get this running.