Hacker News new | past | comments | ask | show | jobs | submit login

Shouldn't that be detectable?





It should be - if a server firehose streams all players' network data to an analysis thing, it should be able to detect patterns of impossible accuracy and response time, even though there is some margin for error due to e.g. lag and packet loss (iirc intentional lag / packet loss are some strategies cheaters use to obfuscate things like aimbots, e.g. generating movements that shoot someone in the head but holding them back for a second or so so that in theory a competent player could have done the required motions within a second instead of 1/100th thereof)

Nope.

Evolutionary pressures on cheaters drives them to get better.

Eventually someone finds a stable chink in the server armor and it is exploited en masse.

The goal is to make it inconvenient to cheat on average.

There’s probably some ratio of games with cheaters to games without cheaters that players can tolerate that governs this.


Without kernel level anti cheat you can detect (some) other usermode cheats, but not kernel level cheats. With kernel level anticheat, you can detect the vast majority of other kernel level cheats. Vanguard is effective enough that most successful cheaters are using external devices and DMA to bypass the kernel altogether (or they just use Macs because Apple doesn't allow Vanguard). And despite Riot's insistence to the contrary, they have not "detected" DMA cheats.

Advanced DMA/IOMMU attacks are hard, soft and firmware specific. In order to detect it, you'll have to do a ton of very expensive work all the while you risk destroying the customers soft, firm and hardware. Good luck explaining the judge what you did.



Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: