
Ask HN: What prevents Microsoft from adding a 'secure mode' to combat cheating? - RandomTisk
Could Microsoft (using them as an example since gaming is my focus) implement something in the kernel so that applications can &quot;opt in&quot; at the request of the user to be isolated from other processes?<p>Imagine I run a game server and demand that players who play on it must put their client into secure mode where even if they have root or admin rights, they can&#x27;t read or write to the memory of the secure process.<p>Is there any technical or other reason why MS doesn&#x27;t provide a secure layer inside of windows for applications like online games?
======
FavouriteColour
There is no way your game server can verify that the clients are actually
running in a hypothetical secure mode.

Any calculation or data that client could send to your server could equally be
calculated or sent by a hacked copy running in an insecure environment.

~~~
RandomBK
Not necessarily. If TPMs/Trusted Execution Cores come into play, Microsoft can
ensure that only trusted software can understand server communications. Most
modern systems already have the hardware for this, as it is required for
Secure Boot.

See: Netflix 4K requiring Kaby Lake processors for their on-die DRM solution.

~~~
Rjevski
The only way for this to work would be for Microsoft to provide the hardware
to begin with. As it stands, all the "security" technologies are still under
the control of the user, which means the only barrier is the time it takes to
reverse-engineer how they work.

> Netflix 4K requiring Kaby Lake processors for their on-die DRM solution.

Just a matter of time before it's reverse engineered. It's not secure by any
means. You can prove this by using the same technologies to allow anyone to
download (but not use, due to DRM) a private key associated with a lot of
cryptocurrency, and see how little time it takes before someone steals the
money.

------
Crosseye_Jack
They are working on such a tech. It’s called TruePlay and already exists for
UWP games.

As much as a recall it’s not as much Anti Cheat but anti tamper that could be
used to detect cheating and then be used to disable access to online gaming or
just shutdown the game right there and then.

In its current form it much ask you for permission to monitor your game and is
only available for UWP titles and I have yet to be pestered about such
premission though the only recent UWP game I currently play is the latest
Forza Horizon.

------
rasz
How about you rewrite your program instead? you should never ever trust the
client. Validate output, dont send more data than necessary (player positions
etc).

~~~
beaconstudios
I never understood why this isn't the case already for competitive games. I'm
not a game dev so I don't know if there are hidden complexities but for e.g. a
game like CS:GO with a small number of moving parts, couldn't the server only
send positions to a player if they are liable to be able to see the other
person, in a manner similar to occlusion culling and spatial partitioning?
That would at the very least prevent wallhacks beyond a short distance, and
some level of validation on inputs would prevent speedhacks, spinbots etc. I'm
guessing the limitation is on the amount of work the server would have to do?

~~~
drivebyops
This already happens, spinbots and speedhacks aren’t a thing anymore.

The current hacks are aim triggers, aim lock, aim/spray assist, and some close
proximity wallhack.

The cheats calculate the recoil spread and auto lock to enemy heads. It’s
obviously not as a bad as before with client side bullets, but it is still a
problem.

~~~
beaconstudios
is that a recent innovation? I haven't really played CS regularly for about a
year, but before then when I'd overwatch I saw quite a few cases of blatant
long-distance wall hacks - people looking directly at an opponent's head
through a wall from spawn to spawn.

I'm not sure how you could feasibly prevent the remaining hacks server-side as
they're nigh-indistinguishable from player skill, if the hacks supply some
non-determinism/jitter so you're not instantly snapping to a player's head
when they're behind you.

------
teeray
This could be one use case of Intel SGX: [https://software.intel.com/en-
us/sgx](https://software.intel.com/en-us/sgx)

------
adobeeee
Read up on TPM

------
orf
> Is there any technical or other reason why MS doesn't provide a secure layer
> inside of windows for applications like online games?

Yes

