
GNU/Linux local username triggers Steam VAC ban - bdz
https://github.com/ValveSoftware/Source-1-Games/issues/2475
======
bdz
In Team Fortress 2, there is a group of people who host multiple cheat-
controlled aimbotting bots, which run around on servers, destroying everyone
playing in the other team. These are called cat-bots.

To host these bots, you need to set up a Linux environment. Then you can use a
script, which automatically prepares your system for hosting the bots. One of
the things it does is it creates multiple users in Linux (to run multiple
Steam instances), all of them starting with "catbot".

[https://github.com/nullifiedcat/catbot-
setup](https://github.com/nullifiedcat/catbot-setup)

And the script creators already changed every mention of "catbot" to "kisak"
(name of the Github moderator for Valve)

[https://github.com/nullifiedcat/catbot-
setup/commit/58582f81...](https://github.com/nullifiedcat/catbot-
setup/commit/58582f8103064d63db063eef4b2d31792ebb2cd0)

~~~
ajross
So in one sentence, a user name containing "catbot" is a legitimate signature
of an actual work of malware Valve is trying to mitigate.

HN, you got trolled. There's nothing wrong here at all.

~~~
rnhmjoj
A legitimate signature would be a sequence of actions the client sends the
server that are clearly not possible to have been performed by an actual user
playing the game. Like an incredibly improbable statistic or too fast actions
or something else.

This is a poor solution: it's the equivalent of blocking spammers by IP
address. It works but will also lock out legitimate users.

~~~
ajross
That's not the way this kind of thing works, not even in commercial AV. What
you are asking for is for Valve to solve the halting problem before addressing
ongoing actual cheating in it's games. That's ridiculous.

You take what clues you can get and you push the fix. This is what all their
users not named catbot want.

~~~
revelation
Which is why commercial AV routinely throws up entirely bogus reports. Not a
good example.

Comparing statistics (accuracy, reaction time, chat messages, what have you)
server-side to a not cheating player population seems like a very promising
solution, given it doesn't involve the game client (which is assumed
compromised). I don't see how that has anything to do with the halting
problem.

------
baobrain
> Good day, I've received word from the VAC team that this is intentional and
> not open for discussion on Github.

> In general VAC issues are not handled on Github in any capacity and further
> issue reports on this may result in being banned from the Valve Software
> issue trackers.

This is just incomprehensible from a PR standpoint, even for a company like
Valve, especially since people on the thread have brought up legitimate
concerns for users that might be caught in the flak.

~~~
nickodell
Innocent users _might_ be caught by this, but so far that's entirely
hypothetical.

The user that posted this has a pinned repo named "AimTux." The second guy is
a contributor to "catbot." Ditto the third guy.

One of the people in the thread suggests that he wants to have a TF2 aimbot
installed, but it's not for cheating at TF2, honest.

~~~
deusum
Sad that you don't defend the innocent because you deemed them hypothetical.

~~~
dkonofalski
He/she didn't deem them hypothetical. They are hypothetical until a legitimate
user that doesn't use bots makes the claim that they were banned for this.
According to updates made to this, the username wasn't even the source of the
ban so these "innocents" are definitely hypothetical.

------
hitekker
As Nickodell and PlutoIsAPlanet pointed out, this "issue" was raised by a
group of banned Team Fortress 2 cheaters, who are developing obfuscated
aimbots.

In all likelihood, VAC's detection is premised on other factors in combination
with the username. Like, for example, botting in online multiplayer games.

This may come as a surprise to half the users in these comments, but, for the
99% of gamers who are not malware enthusiasts, banning bad actors is a
feature, not a bug.

~~~
FRex
No, it's clearly not. There are people in the linked issue saying they had no
cheats and just the username and got banned and the last comment is a Valve
employee stating this is all intentional and forbidding any further discussion
of it. This is an incredibly dumb way to catch "cheaters" and now that they
know they will easily defeat it.

This is absolute bullshit and like saying "issue of rape in prison was raised
by criminals who are evil so it's a feature for society they get raped".

And here's a money quote (guess whose):

> When the truth of one issue goes against a person's political leanings, that
> person will generally say whatever they can to avoid feeling guilt or shame.

------
emsy
As someone who plays a lot of games, I can't wait for the day when Steam gets
replaced by something better. And given Steam's current state, "something
better" is a really low bar to go by. At this point I would prefer individual
installers for each game, without any "platform" whatsoever.

~~~
jhasse
That's what you have on gog.com :)

~~~
jakebasile
I'd love for GOG to be better competition for Steam, and they've made
wonderful strides - I actually prefer their Galaxy client over Steam, though I
also think UPlay is nicer than Steam since Steam has so much going on that I
don't need. But like sibling commenter points out it's a numbers game and
GOG's stock just doesn't compare yet. You can't get many AAA releases on GOG
even after some time has passed since release - publishers are simply allergic
to their strong no-DRM policy and see no reason to be there when people will
happily buy it on Steam.

Where GOG is deftly competing is the AA market - games from smaller
developers/publishers such as CD Projekt Red (CDPR is owned by the same
company as GOG but they are a titan in the AA/AAA field), THQ Nordic, Paradox
Interactive, and so on. Many of the games from these companies are released
day and date on GOG.

~~~
jhasse
You're right, that's something which will hopefully improve over time.

I would count The Witcher 3 as AAA though.

------
PlutoIsAPlanet
Given that all the accounts claiming to have been banned are somehow linked
back to CSGO cheating on their GitHub profiles, gonna say this is just
cheaters trying to get unbanned.

~~~
Kr4ken
Including the Valve Employee that confirmed their issue?

~~~
dkonofalski
The Valve employee only confirmed that the bans were correct and that GitHub
was not the correct place to dispute the bans. A different employee on Reddit
has already confirmed that the "issue" reported on GitHub is incorrect and
that the bans were instituted based on multiple criteria. They can't go into
it any further without risking compromising their detection systems.

------
subway
Remember when Valve made cool games, instead of bilking kids for hat money and
removing product functionality because of your username?

~~~
xroche
> Remember when Valve made cool games

Remember when Valve made games...

~~~
novium
So that card game they're talking about isn't a game?

[0] [https://www.theverge.com/2017/8/9/16117586/artifact-
dota2-ga...](https://www.theverge.com/2017/8/9/16117586/artifact-dota2-game-
valve-official-teaser)

~~~
Mithaldu
Let's be fair here: It's an easy pivot where they keep paying the DOTA artists
already on the payroll with a minimum staff of software and game design devs
in order to milk the plump microtransaction teat.

Yes, it's a game. But barring the DOTA IP and existing graphics assets it will
not be particularly different from any given other offering in this specific
market space.

And that's the unspoken thing in the post you're replying to: "new". Valve
hasn't made any truly new game since Left 4 Dead, and i'm sure it could easily
be argued that even that wasn't particularly ground-breaking.

------
zkomp
Ouch I did not know Valve had sunk so low... String matching parts of a local
username alone can not ever be enough for a ban... Completely ridiculous

------
Karunamon
Remember when Valve's official stance about VAC was that it will only ever
detect cheats, that it doesn't make mistakes, and that if you got a VAC ban,
you had it coming?

And then they had a number of false positives over the years where they had to
rescind the bans?

And now they're detecting things that aren't cheats. A username on the local
machine is not a cheat, end of fucking discussion.

~~~
ReverseCold
Why would you set your username to the name of a known cheat though?

And if you are VAC banned because of it, you can still play your games on non
official servers. "Less evil DRM" if you will.

~~~
stordoff
Why would expect users to know the names of all known cheats though? If
someone created a bot called, say, "VerseC", I doubt you'd be thrilled if that
resulted in you being banned.

I also suspect the crossover between cheat names and gamer user names is high
- "catbot" would not look at all out of place in a list of user name.

~~~
paulmd
Anyone who's still playing TF2 at this point has a pretty good idea of the
names of the various bots at this point, because they spam them in chat while
they're running.

GET GOOD GET LMAOBOX has ruined many a session for me, and I would never think
of using 'lmaobox' as a username. Even if you aren't actually hacking, that's
a quick route to the other denizens of the server votebanning you. Nor would I
ever dream of using it as a system user.

I think the context you and most other people are missing here is that these
bots are a fucking plague on what remains of the TF2 community and we're more
than willing to have zero tolerance for anything connected to them.

~~~
stordoff
A) The cheat may post-date your choice of username. Even if you're aware of
the name (and thus avoid using it in-game), you probably wouldn't change (or
even think to change) a long standing system username.

B) Non-TF2 players probably _aren't_ going to be aware of TF2 cheat names. A
CS:Source player may not know of them, as it's not their game, but the same
VAC ban covers both CS:S and TF2 (FWIW I play CS:S occasionally and have never
seen such ads. there).

I understand that it is a major issue (it's one of the reasons I haven't
returned to TF2 in a while), but that's not a great reason to accept a poor
solution that could effect innocent users.

------
morpheuskafka
Just wait till someone writes a bot that runs under a 'tux' user by default...

~~~
gsich
or "root"

~~~
jandrese
I have to wonder how many people would go "Yeah, sketchy cheatbot app, go
ahead and run as root. That seems like a good idea."

~~~
dpwm
There's nothing special about the name root, it's just a convention that it
maps to uid 0. You can change it to something else and then rename an account
with a uid != 0 to root. Whether this breaks anything is largely distribution
dependant.

Whether or not that would result in the check being changed to see if "root"
is uid 0 is another step in an arms race. Because with containerization or
virtualization you can run as root with much more acceptable levels of risk
than usual.

------
NelsonMinar
A Valve employee showed up on Reddit to say this bug report is not correct.
[https://np.reddit.com/r/linux_gaming/comments/7ndjdt/valve_w...](https://np.reddit.com/r/linux_gaming/comments/7ndjdt/valve_will_vac_ban_you_automatically_for_having/ds2dulw/)

------
jimnotgym
I'm not sure I want Steam on my PC anymore. My local accounts are non of their
business. What other nonsense are they up to?

------
drngdds
So if I'm understanding this right, you can get permanently banned from all of
these games
([http://store.steampowered.com/search/?category2=8](http://store.steampowered.com/search/?category2=8))
just for having a certain username? That's crazy, no matter what the username
is.

~~~
dkonofalski
You're understanding the way they described it right. The reality, however, is
not correct. You cannot get banned from those games just for having a certain
username. You would have to have that username and also trigger other
detection parameters.

------
jimjimjim
It's their software, they can do whatever they like. Manufactured drama.

------
varjag
[http://www.catb.org/jargon/html/D/Don-t-do-that-
then-.html](http://www.catb.org/jargon/html/D/Don-t-do-that-then-.html)

~~~
jimnotgym
catb as a name is dangerously close to getting you banned by Steam

------
chickenfries
This is by far one of the strangest things I have seen HN get mad about. The
commenters on the linked issue seem to be mostly aimbot users. Wouldn't be
surprised if they're here too.

------
jwilk
VAC = Valve Anti-Cheat

[https://en.wikipedia.org/wiki/Valve_Anti-
Cheat](https://en.wikipedia.org/wiki/Valve_Anti-Cheat)

------
csense
New Year's resolution: Don't buy anything else on Steam.

------
andrewmcwatters
My answer to Valve's behavior in recent years was to just stop buying games
from them, or on Steam in general, so they don't receive revenue from me.

------
arkona
> Good day, I've received word from the VAC team that this is intentional and
> not open for discussion on Github.

> In general VAC issues are not handled on Github in any capacity and further
> issue reports on this may result in being banned from the Valve Software
> issue trackers.

This is not the way to address a paying customer. These people truly are a
bunch of clowns.

