Hacker News new | comments | ask | show | jobs | submit login
Ask HN: What prevents Microsoft from adding a 'secure mode' to combat cheating?
7 points by RandomTisk 75 days ago | hide | past | web | favorite | 11 comments
Could Microsoft (using them as an example since gaming is my focus) implement something in the kernel so that applications can "opt in" at the request of the user to be isolated from other processes?

Imagine I run a game server and demand that players who play on it must put their client into secure mode where even if they have root or admin rights, they can't read or write to the memory of the secure process.

Is there any technical or other reason why MS doesn't provide a secure layer inside of windows for applications like online games?

There is no way your game server can verify that the clients are actually running in a hypothetical secure mode.

Any calculation or data that client could send to your server could equally be calculated or sent by a hacked copy running in an insecure environment.

Not necessarily. If TPMs/Trusted Execution Cores come into play, Microsoft can ensure that only trusted software can understand server communications. Most modern systems already have the hardware for this, as it is required for Secure Boot.

See: Netflix 4K requiring Kaby Lake processors for their on-die DRM solution.

The only way for this to work would be for Microsoft to provide the hardware to begin with. As it stands, all the "security" technologies are still under the control of the user, which means the only barrier is the time it takes to reverse-engineer how they work.

> Netflix 4K requiring Kaby Lake processors for their on-die DRM solution.

Just a matter of time before it's reverse engineered. It's not secure by any means. You can prove this by using the same technologies to allow anyone to download (but not use, due to DRM) a private key associated with a lot of cryptocurrency, and see how little time it takes before someone steals the money.

They are working on such a tech. It’s called TruePlay and already exists for UWP games.

As much as a recall it’s not as much Anti Cheat but anti tamper that could be used to detect cheating and then be used to disable access to online gaming or just shutdown the game right there and then.

In its current form it much ask you for permission to monitor your game and is only available for UWP titles and I have yet to be pestered about such premission though the only recent UWP game I currently play is the latest Forza Horizon.

How about you rewrite your program instead? you should never ever trust the client. Validate output, dont send more data than necessary (player positions etc).

I never understood why this isn't the case already for competitive games. I'm not a game dev so I don't know if there are hidden complexities but for e.g. a game like CS:GO with a small number of moving parts, couldn't the server only send positions to a player if they are liable to be able to see the other person, in a manner similar to occlusion culling and spatial partitioning? That would at the very least prevent wallhacks beyond a short distance, and some level of validation on inputs would prevent speedhacks, spinbots etc. I'm guessing the limitation is on the amount of work the server would have to do?

This already happens, spinbots and speedhacks aren’t a thing anymore.

The current hacks are aim triggers, aim lock, aim/spray assist, and some close proximity wallhack.

The cheats calculate the recoil spread and auto lock to enemy heads. It’s obviously not as a bad as before with client side bullets, but it is still a problem.

is that a recent innovation? I haven't really played CS regularly for about a year, but before then when I'd overwatch I saw quite a few cases of blatant long-distance wall hacks - people looking directly at an opponent's head through a wall from spawn to spawn.

I'm not sure how you could feasibly prevent the remaining hacks server-side as they're nigh-indistinguishable from player skill, if the hacks supply some non-determinism/jitter so you're not instantly snapping to a player's head when they're behind you.

This could be one use case of Intel SGX: https://software.intel.com/en-us/sgx

Read up on TPM

> Is there any technical or other reason why MS doesn't provide a secure layer inside of windows for applications like online games?


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact