Are We Anti-Cheat Yet?

Original Article ↗ Hacker News Discussion ↗

Scope of the problem & netcode limits

  • Servers already “distrust” clients for core rules (damage, movement bounds), but can’t do everything server-side without making fast games unplayably laggy.
  • For smooth play, clients must predict and interpolate future positions and keep some “extra” state (e.g., players about to appear from behind walls), which inherently leaks information exploitable by cheats.
  • Proposals like sending multiple “fake” character paths are criticized as too expensive, hard to synchronize with latency/rollback, and ultimately still needing to reveal the true state.

Types of cheats and why they’re hard to stop

  • Memory-based cheats (aimbots, wallhacks, HUD overlays) can often be fought with client scanning + server validation, but developers note the focus has shifted.
  • Increasingly common are:
    • Input-manipulation devices (recoil macros, controller spoofers).
    • External “screen bots” using computer vision on video output (HDMI grabbers, separate machines).
    • Hardware-level attacks (PCIe/DMA).
  • These don’t need to touch game memory and can look like “perfect but legal” player input, making detection via rules very hard.

Client-side anti-cheat: effectiveness vs. intrusion

  • Some argue anti-cheat is “snake oil” or primarily PR, since cheats still feel rampant in popular FPS titles; they report bans for benign tools, crashes, or disconnections.
  • Others (including developers) frame anti-cheat as defense-in-depth: no silver bullet but significantly raising the bar for cheap, mass-market cheats and making many lobbies playable.
  • Kernel-level systems are defended as empirically effective but criticized as rootkit-like, privacy-invasive, fragile (e.g., CrowdStrike-style failures), and harmful to the idea of user-controlled computers.

Linux, Steam Deck, and platform issues

  • The linked site tracks which anti-cheats work on Linux/Steam Deck; users complain when studios or vendors refuse to enable Linux support despite technical feasibility.
  • Some worry Linux support might ease cheating, but others note the Linux cheater market is tiny and rarely worth targeting.
  • A segment of users refuses to run invasive anti-cheat on their main OS, using separate hardware or Windows VMs instead.

Server-side statistics & AI detection

  • Many suggest statistical/ML methods: monitor headshot rate, reaction time, movement patterns, long-term performance.
  • Counterpoints: top players and smurfs are genuine outliers; naive stats will ban pros; sophisticated systems are costly and mostly used where money is at stake (e.g., gambling).
  • Historical examples (Battlefield’s FairFight, ML systems in other games) show stats help but eventually get supplemented by traditional or kernel-level anti-cheat.

Social and ethical dimensions

  • Some see cheating as fundamentally a social problem requiring stigma, stronger account identity, and possibly legal action against cheat sellers.
  • Others see invasive anti-cheat as a civil-liberties and general-purpose-computing issue, arguing that modest fairness gains for online games don’t justify deep OS-level surveillance.