This is why client-side anti-cheat is a terrible idea. It gives you the illusion of control, but really it doesn’t prevent a motivated party from cheating, and it opens up everyone else to kernel-level vulnerabilities when the anti-cheat software inevitably has a bug.
Client side anti-cheat should merely discourage low effort attacks, and the real cheat detection should always be server side looking at patterns of behavior. Unfortunately, it’s a lot easier to reach for client side anti-cheat than build an effective server side anti-cheat.
This is a really good answer, thanks! I like to imagine what a fully open-source future would look like and I imagine server-side anti cheat is the solution.
I don’t think popular games will ever be fully open source, but our operating systems could be.
I have very little proprietary software on my system outside of games, and it’s mostly limited to a handful of firmware blobs (e.g. GPU and WiFi firmware, CPU microcode, etc), with the clear exception bring browser DRM for streaming services. Everything proprietary on my system is sandboxed in some way, so I’m reasonably protected from most of that nonsense, but it’s still there and probably always will be.
Having proprietary software isn’t the issue IMO, as long as I can sandbox it. I can’t sandbox kernel level anti-cheat, so I’m never going to install a game that requires it. That’s my line in the sand.
One thing that I hope becomes more common is open source game code + proprietary art, sound and narrative. Game devs, artists, writers, etc deserve to get paid for their work, and we deserve to know what’s running on our computers. The more game devs use open source engines, the closer we get.
Maybe it’s because I am an amateur dev and not just a user but I like the freedom with assess that are creative commons and am put off when an open source game uses (edit) proprietary assests. Don’t see why they can’t get paid the same way open source dev would.
I don’t think we need open source games, we just need to be able to sandbox them so they don’t cause security or privacy issues. As long as they don’t need control over the kernel, I can containerize them and only give access to the things they need.
Not all anti-cheats are kernel-level though, only the most invasive ones are. BattlEye, the one used in this game, is not one of them, though I don’t know the specifics of how it works.
Sure, and I don’t have issues with those, provided they are happy living in a sandbox. I think clientside anti-cheat is stupid for other reasons, but I won’t actively avoid a game just because it has it, provided I can separate it from the rest of my system.
This is why client-side anti-cheat is a terrible idea. It gives you the illusion of control, but really it doesn’t prevent a motivated party from cheating, and it opens up everyone else to kernel-level vulnerabilities when the anti-cheat software inevitably has a bug.
Client side anti-cheat should merely discourage low effort attacks, and the real cheat detection should always be server side looking at patterns of behavior. Unfortunately, it’s a lot easier to reach for client side anti-cheat than build an effective server side anti-cheat.
This is a really good answer, thanks! I like to imagine what a fully open-source future would look like and I imagine server-side anti cheat is the solution.
I don’t think popular games will ever be fully open source, but our operating systems could be.
I have very little proprietary software on my system outside of games, and it’s mostly limited to a handful of firmware blobs (e.g. GPU and WiFi firmware, CPU microcode, etc), with the clear exception bring browser DRM for streaming services. Everything proprietary on my system is sandboxed in some way, so I’m reasonably protected from most of that nonsense, but it’s still there and probably always will be.
Having proprietary software isn’t the issue IMO, as long as I can sandbox it. I can’t sandbox kernel level anti-cheat, so I’m never going to install a game that requires it. That’s my line in the sand.
One thing that I hope becomes more common is open source game code + proprietary art, sound and narrative. Game devs, artists, writers, etc deserve to get paid for their work, and we deserve to know what’s running on our computers. The more game devs use open source engines, the closer we get.
Maybe it’s because I am an amateur dev and not just a user but I like the freedom with assess that are creative commons and am put off when an open source game uses (edit) proprietary assests. Don’t see why they can’t get paid the same way open source dev would.
I don’t think we need open source games, we just need to be able to sandbox them so they don’t cause security or privacy issues. As long as they don’t need control over the kernel, I can containerize them and only give access to the things they need.
Not all anti-cheats are kernel-level though, only the most invasive ones are. BattlEye, the one used in this game, is not one of them, though I don’t know the specifics of how it works.
The important part is: Never Trust User Input!
Sure, and I don’t have issues with those, provided they are happy living in a sandbox. I think clientside anti-cheat is stupid for other reasons, but I won’t actively avoid a game just because it has it, provided I can separate it from the rest of my system.