• MJBrune@beehaw.org
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    34
    ·
    11 months ago

    It’s a Linux problem because you can’t ensure a kernel module in Linux is untouched by the user. This is a design on Linux. This means Linux and secured anti cheat solutions are fundamentally at odds.

    • Client running code should always be considered compromisable, that’s security 101. Relying on kernel module checks is a terrible practice, and not a fundamental guarantee of safety either.

      Good, secure anti-cheat happens serverside. But that’s harder and less broadly applicable, so Epic doesn’t want to bother with it.

      • MJBrune@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        11 months ago

        Client code isn’t trusted but no matter what the is one set of data you most trust that comes from the client. Input data. So with input data it can be manipulated that another application calculate out a headshot and sends that input. So even only trusting the client where you have to, you’ve failed to secure the game fully because you need to trust input data.

        • Riskable@programming.dev
          link
          fedilink
          English
          arrow-up
          14
          ·
          11 months ago

          The first rule of network programming: Never trust the client. How does anti-cheat software work? It trusts the client.

          All clientside anti-cheat is fundamentally flawed and broken by design. It doesn’t actually prevent cheating it just creates an illusion that it’s preventing cheating. The fewer people that believe in that illusion the better off we’ll all be.

          Besides, you can train AI to play any game via MITM in USB (plug the mouse and keyboard into the Raspberry Pi or similar which then pretends to be a mouse and keyboard to the computer playing the game). The simplest method is to just point a camera at the monitor but there’s much lower latency ways where you use some cheap Chinese HDMI decoder/encoders to feed the raw video signal right into the AI.

          With methods like that becoming cheaper and easier every day the whole client-side anti-cheat bullshit kinda seems pointless, yeah?

          • MJBrune@beehaw.org
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            11 months ago

            We’ve already established you have to trust the client to some extent in a typical game.

            Also do you lock your front door despite people being able to lockpick it? Most people do because it raises the barrier to entry.

              • MJBrune@beehaw.org
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                11 months ago

                Most people put security cameras in their homes despite them being able to be remotely hacked. Lots of people have an Alexa which could also be seen as letting a stranger in. A lot of people use tools that could be used to compromise their direct use but trust they don’t as for things like anti-cheat being malware. That’s all FUD. There has not been a single large anti-cheat company known to be sending unneeded or personalized user data.

    • andrew0@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      36
      arrow-down
      1
      ·
      11 months ago

      Cheats nowadays don’t even need to run on your machine. You can get a second computer that is connected to your computer via a capture card, analyze your video feed with an AI and send mouse commands wirelessly from it (mimicking the signal for your USB receiver).

      These anti-cheats are nothing more than privacy invasion, and any game maker that believes they have the upper hand on people that want to cheat are very wrong.

      Opening up anti-cheat support for Linux would at least make them more creative at finding these people from their behaviour, and not from analysing everything that’s running in the background.

        • ampersandrew@kbin.social
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          11 months ago

          None of these solutions are lazy, and I promise you they have large server side components too. From what I can tell, shooters are just especially cursed when it comes to cheating, and there’s no real way to stop it.

      • MJBrune@beehaw.org
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        11 months ago

        Yes but also the barrier to entry on those sorts of hacks is very high. Every houses front door lock can be picked in the matter of minutes. The issue is that lots of people don’t have that skill.

        Lastly there are heuristic anti cheat but that’s really only a catch all for inhuman inputs. Not a full solution.

    • stardust@lemmy.ca
      link
      fedilink
      English
      arrow-up
      14
      ·
      edit-2
      11 months ago

      Sounds like the same excuse that would be made back in 2008 when epic felt consoles were more worth investing in than PC and only seeings cons to the hardware, and took until 2018 to even bother to try to start their own digital distribution.

      And here’s Linux in its infancy just beginning to start becoming a little more accessible to regular people, and potential to enter the market early and also get more control compared to all the platforms run by other companies they complain about. And yet, like before they don’t want to bother investing in anything themselves and taking risks to get established first before competitors gain a foothold.

      Simple fact is for all the technical excuses they don’t care unless another company shows it is profitable to do first.

      • MJBrune@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        11 months ago

        Why should they. They are in the business if making innovative and interesting games. Not innovative hardware or dealing with 2% of the marketplace. They don’t even fully support Mac which has a larger market share. I can’t blame them for making their business one of reducing risks in underdeveloped areas.