You cannot "prevent" cheating, you can at best mitigate it, it's a balance.
There plenty of way to mitigate cheating in game, but the game industry is focusing on the ones where they don't bear the cost and only the customer will (and this view is in part due to the model of F2P games, where banning cheater is useless as it doesn't cost them anything to create a new account).
Letting game developer having complete control and spying on the device playing the game is fine in a physical tournament were they provide the device, but it's insanity when it's the user own device in its home.
> There is no technical way to prevent cheating in advance without secure boot.
I'm not really sure I buy this. I can't really give a way that can guarantee no cheating but I know for example games like Genshin Impact run almost all the code (dmg calculation etc) server-side. Perhaps something that's an extension of Geforce Now might be the best "anti-cheat" technically speaking.
To run anti-cheat in that way, you need all game mechanics to be run server-side, and you need to not let the client ever know about something the player should not know - e.g. in a first-person shooter you need to run visibility and occlusion on the server too! Otherwise the cheating will take the form of seeing through walls and the like. This is going to boost the cost of the servers and probably any game subscription, and might lead to bandwidth or latency problems for players - just to avoid running any calculation that is relevant to game balance on player hardware.
Well yeah, that's the correct way to run a server, don't send information you don't want the user to get.
But as you are pointing out, forcing client-side intrusive anti-cheat is cheaper, thus this as nothing to do about preventing cheating, but about reducing cost.
It's not just about cost. Theoretically yes, you shouldn't send information that you don't want users to get and abuse. However, in the context of games, this is not always possible because most games are realtime and need to tolerate network latency. There is no perfect solution - there will always be tradeoffs.
Ideally player A shouldn't be networked player B if there is a wall between them but what happens when they're at the edge of the wall? You don't want them to pop in so you need some tolerance. But having that tolerance would also allow cheaters to see players through walls near edges. Or your game design might require you to hear sounds on the other side of the wall (footsteps, gunshots, etc.) which allows cheats to infer what what may be behind the wall better than a person would.
> Or your game design might require you to hear sounds on the other side of the wall (footsteps, gunshots, etc.) which allows cheats to infer what what may be behind the wall better than a person would.
Yes, and you cannot prevent this except in in-person tournament.
Any output send toward the player, even a faint audio queue could be analyzed, and use to trigger an action or display an overlay to the screen, and no amount of kernel-level stuff will prevent that, as you can do this outside of the computer running the game.
The end state of your argument is the game runs entirely on hosted hardware and you pay for a license to stream the final rendered output to your monitor. This is already happening. Soon games won’t be able to be “bought” at all, you’ll just pay the server a number of dollars per hour for the privilege of them letting you use their hardware.
If all surfaces are fully opaque, maybe. The second particle effects and volumetric effects and all sorts of advanced techniques play a role in actual gameplay, no. And that’s only for this one type of cheating.
Back in my day we all played on private, community ran servers where you could easily vote to kick/ban folks, the server owner was your buddy, or you played with people you trust.
Now everything is matchmaking, private servers, live service and that sense of community is gone.
It's very hard to gather full teams (usually 10 persons) in a small communities. Public matchmaking gives an opportunity to start a game in a minute from clicking "play", regardless of how many people you have at hand right now.
Small communities still exist, it's just that vacant places are now filled with strangers.
lot of thing happened, 6th gen consoles started a new way of using online games (no keyboard, no third party chat/vocal, no group chat out of game, no private server), then the industry pivoted away from private server to have more control on their games, then the whole F2P economy then GaaS took any agency out of players hands.
The goalpost just needs to be moved further than is economically interesting for cheaters in general to reach.
Perhaps secure boot by itself isn't enough, but I would imagine it would be a relatively large bump, when combined with a kernel-level anti-cheat. I presume such anti-cheats would e.g. disable the debugger access of game memory or otherwise debugging it, accessing the screen contents of the game or sending it artificial inputs.
What vectors remain? I guess at least finding bugs in the game, network traffic analysis, attempting MitM, capturing or even modifying actual data in the DRAM chips, using USB devices controlled by an external device that sees the game via a camera or HDMI capture.. All these can be plugged or require big efforts to make use of.
>Perhaps secure boot by itself isn't enough, but I would imagine it would be a relatively large bump, when combined with a kernel-level anti-cheat
VALORANT also adds TPM to the mix alongside SB and a kernel AC and yet is still trivially easy to cheat in as long as you have a driver you can use. Granted, it needs to be signed (=financially unreachable by a big part of the community), but if stubborn enough...
