Comment by hastily3114 2 days ago
Is there really no way to make anti-cheat on Linux that can't be bypassed? I don't know much about this, but it seems very difficult to make an anti-cheat for a platform where you can make changes in the kernel.
Some kinds of cheating can be mitigated that way, but it can't really stop cheats which just play the game more optimally than the user is able to, using the same inputs and outputs that a legit player would use. Aim assistance in shooters, automatic parries in fighting games, economy-breaking levels of automation in MMOs, and so on.
There's also practical limits to how much data you can filter out in complex 3D games, both due to performance constraints, and because culling information too perfectly can cause things to pop into existence too late under real-world network latency. The effectiveness of ESP cheats can be reduced, but not eliminated in practice.
You could probably detect those kinds of cheats heuristically on the server. There are limits to human ability. It’ll take more time to catch the cheaters, but I’m sure it’s possible.
This player is posting 30 auctions per second. Bot.
This player is turning at a rate of 500 radians per second to make perfect headshots. Bot.
this is already running in production for Counter-Strike since 2018 [0][1].
to be honest, it isn’t particularly good - all serious CS2 games operate on a third party provider with a kernel-level anti-cheat. also, the cs2 update banned people for spinning their mouse too fast [2].
[0]: https://www.reddit.com/r/GlobalOffensive/comments/5u2xly/eli...
Aimbots will just add delay and variance then. Guess its a bit fairer but if they're better than shroud level then it's still not great.
Which they do already, because slamming all of the aimbot settings to max is a fast track to getting mass reported and escalated to human review, which will immediately see what's going on. Any cheater with an ounce of desire to preserve their account is going to try and maintain the pretense that they're just very skilled, not impossibly skilled.
I think anything that relies on reflex alone is flawed design. You can design around this, by for example in Dota2 it doesen't matter how fast you click an entity, because the turnrate of your character is limited, so a person clicking reasonably fast and a bot clicking in 0.01ms both arrive there at the same time. Precision also doesn't matter, because a player can click the icon of the enemy instead of trying to match the pixels on screen. MMO scripts that use information already given by the game just seem like the MMO should invest in UX instead of trying to ban people for using the tools the game already gives them.
>for example in Dota2 it doesen't matter how fast you click an entity, because the turnrate of your character is limited, so a person clicking reasonably fast and a bot clicking in 0.01ms both arrive there at the same time. Precision also doesn't matter, because a player can click the icon of the enemy instead of trying to match the pixels on screen.
Even with turnrate, reaction time is very relevant. Reaction time allows you to silence enemies midcast, or to pop a shield, or a BKB, or some other instant measure. Turnrate doesn't mean reaction time doesn't matter, it means the direction you are facing matters.
As for precision, yes it does matter, ask any Phoenix player who gets hexed mid-flight.
People cheat in Dota in these very terms, it's absurd to argue it doesn't matter.
Unless DOTA2 is running at a ~3 tick rate (Which it's not), even taking account processing delays and action batching, a bot will always have faster reaction times than an actual player. It will also never misclick.
This problem is magnified in a shooter game, which would be unplayable with that kind of batching, but where a cheater with an aimbot is actually impossible for a legitimate player to beat.
There is rampant cheating in online chess and poker as well, you know? You can have an opinion about what constitutes a better game for humans: should it be about making better decisions, arriving at them faster or being fast and precise with your mouse but the reality is bots/assistance can make you unplayable in all of those domains.
However, this only solves the cheat problem to a minimal extent. There is a lot of important data that players should not be directly aware of, but which is important for the game. For example, it is important for calculating sounds to know where enemies are nearby, even though you cannot see them, which makes wall hacks possible, etc.
Sounds are core to shooters and very much within the expected abilities of the players to hear them. If anything, I'd incorporate this kind of indicator in the game itself, allowing for deaf people to "hear" footsteps as well
> I'd incorporate this kind of indicator in the game itself, allowing for deaf people to "hear" footsteps as well
That's just discount wallhacks. Fortnite has it and you're basically forced to use it even if you have no hearing issues, because it provides a massive advantage.
Eventually you have to send data to the client and they have to send you back what they did. Assuming you’re running a game server with 240hz updates, on a 120hz monitor with no buffering, on a low latency connection in the same location to your data center, the absolute bare minimum amount of latency you can plan for is about 15ms from server to on screen, and back again) - 8 ms each way, 4ms for the server tick, and 5ms each way for networking. Now move 100 km from the server, or add in double buffering, and you’re closer to 50-60ms. That means at any given time you know there’s a deviance of between 0 and 50ms between your state and the clients - and a client can and will exploit that.
> Doing everything server side does prevent cheating.
No. Server side only protects against some types of cheats, such as telling the server that your bullet in an FPS is actually a grenade.
It cannot prevent snapping your aim to a target on screen.
That only solves half of the cheating problem - illegal inputs from clients.
The other half is much harder to solve. For a simple example - my client knows that there is an enemy player around a corner. It knows exactly where that player is, because that player is walking, and making noise. A cheats could allow the cheater to see his opponent's player's model through the wall.
For a more blatant example, consider cheats in a first-person shooter that just snap your aim to the nearest enemy's head. This involves zero violation of the game's logic, and also makes the game completely unplayable for everyone in a lobby.
You already know where an enemy is if you hear them behind the wall, you don't need a cheat to tell you that there is noise coming from other side of the wall. The server also doesen't need to tell you they are behind it if they're sneaking. A game that allows zero home-in time sounds like a flaw in the game and something solvable on the serverside.
You can replace a playermodel with wider "sound coming from around here" if you want to make it even harder for a cheat to pinpoint a sound
> The server also doesen't need to tell you they are behind it if they're sneaking
This requires the server to calculate line of sight checks for every player, which is costly, requires loading the entire geometry into the server and would be horribly prone to latency. Then you're looking at potential performance problems on the client due to only knowing about a player the second its in view and having to stream the assets to the GPU, which if don't happen in time for the frame you'll experience as hitching.
> You already know where an enemy is if you hear them behind the wall
Yes but this requires using your brain rather than just seeing them straight up through a wall.
> You already know where an enemy is if you hear them behind the wall,
You know they are somewhere behind the wall, you don't know which exact angle they are behind the wall, because headphones and our ears don't work with that degree of accuracy.
The cheater can just swing the corner with his cursor already pre-positioned exactly on his target. Between peeker's advantage (inherent to any online game with latency) and human reaction time, there's not a lot you can do to fight that.
A trusted entity (probably Valve) could provide a locked down distro where kernel integrity is enforced through secure boot and TPM attestation, but that would mean giving up some control over your own system. There's no guarantee that anything client-side is impossible to bypass of course, but the goal would be to more or less match what Windows offers, which isn't perfect either.
> giving up some control over your own system
There could simply be a developer option that disables these integrity checks but subsequently breaks online games that rely on them. Valve could also offer a module that allows signed user-space binaries access to kernel space, which would be an improvement over Windows offers in that anti-cheat wouldn't need to live in the kernel.
I think that's a fine trade off.
You don't even need a developer mode. I was looking into making my own image based distro/system which has its bootchain entirely verified and I intend to make any modifications via system extentions[1], which IIRC also get measured aswell (or was at least planned somewhere). To be fair, this is purely additive or overlaying, so no removing of files, at best changing. This all would be signed using Secure boot and after the fact using dm-verity.
Secure Boot in theory isn't even necessary, only TPM2. Secure boot only ensure that you are actually booting into a binary that you expect to boot in this case, so if your binary is actually different it would result in different PCR values in the TPM indicating something is wrong.
Sadly a lot of end user software (flatpak, ...) isn't packaged & signed in a way which would allow for full "only run software I allow by importing public keys" (read Linux IPE[2]), but what can you do, only your best I suppose...
[1]: https://www.freedesktop.org/software/systemd/man/systemd-sys...
You don't need a full distro, you can just run the game in a VM sandbox with trusted computing extensions alongside whatever distro you want. That breaks cheats that rely on network/memory inspection, you can still cheat using the raw pixel output to drive faked input, but I don't think the loop is closeable there.
Has anyone produced a proof of concept for such a system, for gaming or otherwise?
Given that a certain amount of windows gamers have been having issues making sure their PCs complied with the config requirements for the latest COD/Battlefield, it would seem an even higher bar for a consumer targeted bit of software that needs to do more to be running securely (or add a different mode to your distro install and reboot to it), alongside the wider variety of distros/configs. Distros advertising themselves for gaming or getting people to migrate from windows are also trying to keep barriers to entry low or to appear simple.
That wouldn't be sufficient. You'd need a hardware component to verify the OS signature of the specific distro with a trusted (by the game company) asymmetric key, and that enforced driver signing.
Those things are all possible, but really the only entity that has the power to realistically do them is the OEM - Valve could do it for SteamOS, but only on it's own hardware.
Could reboot into secure mode for these types of games.
It doesn’t have to be 100%. The point is to make it inconvenient. The majority of people will not do it if it is inconvenient.
Thats the point to many things in life that you just make it more difficult and most people won’t be bothered to attempt to circumvent whatever it is.
There will still be circumventers but it is will be less than if you just said fuck it.
Sure. That also means it doesn't have to be kernel-level rootkits that fundamentally break the security model of my operating system and risk my bank account. Most people will be stopped by userland anticheat, right? It's inconvenient. So ... put it *there.*
And if someone does the kernel bypass thing, well, rely on server-side heuristics (which are imperfect, but also unknowable to the attacker) and you'll discourage enough of that with account bans.
Helpfully eSports players tend to have video captures of their gameplay, and most of these "undetectable" cheats are real obvious if you actually watch the footage. That catches most of the serious stuff at the upper level. It's why video verification has been a thing in the speedrunning scene for such a long time.
> Helpfully eSports players tend to have video captures of their gameplay, and most of these "undetectable" cheats are real obvious if you actually watch the footage. That catches most of the serious stuff at the upper level. It's why video verification has been a thing in the speedrunning scene for such a long time.
There's a subreddit called /r/vacsucks which is full of pro players blatantly cheating and getting away with it while the rest of the idiots think they're just good players.
Or, depending on your point of view, full of idiots flagging any player better than they are as cheating.
Aimbots can be "humanized" enough that any such determination becomes subjective.
Correct. E.g. you can aimbot by routing the video signal to a capture card on a separate computer and run image recognition software to generate mouse movements spoofed at the hardware level. The only way to reliably prevent cheating is with in-person tournaments played on hardware provided by the organizers.
As someone said about the lack of a Switch anti-cheat: it's a numbers game. If cheating is as easy as downloading a .exe for a few $$$, you're going to find cheaters everywhere. If it requires a complex, and/or fairly expensive setup, the number is going to be very low.
That's assuming there's no money in being a cheater.
Comparing VAC2 (released in 2005) to FACEIT in 2025 is pretty dumb. There are still absolutely cheaters running rampant on FACEIT and FPL.
The real solution is to limit information sent to the client, make it harder for cheaters to have reliable solutions to get access to critical game information. ARC Raiders has Theia anti tamper (very poor performance) but right now the number of cheaters is minimal because the select few who are smart enough to break the anti-tamper are keeping quiet. See other examples; The Finals, Roblox (Byfron) and Overwatch
> It’s fundamentally incompatible with open source
Yeah, I mean why would they open source their anti-cheats, would defeat the purpose, wouldn't it?
Not sure why you bring up OSS here, it isn't relevant in the least, plenty of non-OSS runs on Linux even though Linux and more is OSS.
Because with Windows, MS can put a list of trusted rootkit anticheats in the kernel and that cannot be changed (without having the source or breaking signatures when hex editing etc).
If Linux did the same, anyone could recompile the kernel with their fake anticheat’s signature. The fake anticheat would then present itself as real to the game. One could go as far as to rewrite the relevant syscall to falsely indicate to the game that the legitimate version is running.
Yes and no. I agree the only thing that can be reliable is server side.
However that means that anything based on reaction times and such is impossible to protect against (under reasonable conditions). At the end of the day you can always have a robot sitting at your desk. But there is steps to that. You can have something that highlights enemies, etc., you can have something that controls keyboard and mouse (maybe inside a VM, so you don't need hardware) and so on. You can reverse engineer packet encryption in a debugger (in most situations) and have something on the network messing with stuff and so on.
So in that regard, yes you can prevent everything you can prevent on the server, but you cannot prevent every sort of cheating on the server.
Everything that has rounds basically can be prevented (other than again a bot playing).
Everything that is complex to automate is better, but might just make cheating more "worthwhile".
The other thing you can do on the server is "dumb cheat" detection. Eg. the odds of someone being consistently as good at a game and such. Statistics like that is widespread and doesn't need any change on the client.
I did a pretty deep dive into this recently, although haven't yet started any implementation work. As far as I can tell, the best strategy that preserves Linux's open-source and user-empowering ideals as much as possible:
- The game obviously needs to run as root, at least until large amounts of this stuff gets upstreamed into the kernel.
- We're going to be leaving the kernel and boot as untrusted, but injecting a hypervisor underneath the running kernel that is responsible for protecting most pages of game memory. This allows users to still run whatever kernel they want.
- The hypervisor sets up two sets of page tables, one that's only active when the game's thread is running and in userspace, one that hides protected pages and is active when the kernel or other threads are running. Note that game code itself needs to get decrypted into protected ram.
- The TPM of the system gets involved when we jump into the hypervisor to attest that the hypervisor is actually running, and the hypervisor then provides attestations to userspace that certain memory regions are protected from kernel or other thread access.
- Any syscalls will fail if they require the kernel to read or write pages that are protected. The game needs to allocate data that should be shared with the kernel into non-protected pages.
- When the game is closed, we can remove the hypervisor and Linux will be back to bare metal operation. This should be unobservable to the rest of the system.
This architecture preserves the ability of users to run arbitrary kernel modules, but does mean a hypothetical attacker can observe data that passes through the kernel (like draw calls/pixels). It's likely that a more complete implementation would also want some way for the hypervisor to attest to the accuracy of keyboard/mouse input and interface with iommu configuration like Windows KAC does.
There’s just no way to stop cheating client side despite what devs love to think. But server side anti cheat is much harder and requires more work; it’s much simpler to just install spyware / rootkits on the client and call it a day.
You can’t prevent wall hacks with only server side anti cheat. The client needs that data locally before the enemy is rendered on screen.
As mentioned in another comment, you can’t do this on the server without expensive checks for every single player that is always checking line of sight, because it’s not just your session running on a single server but multiple sessions.
And let’s say you did this, now you have a latency problem because most modern games to make them feel fluid has client side prediction with server reconciliation. This is what makes your modern games feel more responsive, if you put a constant server check there you have lost this.
No matter what people say online, it isn’t just move all of it to the server, there is data the client needs to know and can’t be spoonfed by the server.
I think it’s an organization accountability issue.
Why would a company pay for anti cheat infrastructure when they can outsource it to some company and blame them if there are cheaters or upset users? Windows is the status quo too, so it’s very easy to point to everyone else when justifying your choice to the execs.
It would be great if steam deck+box start costing studios quantifiable amounts of money that can be used to justify fixing this instead of outsourcing and hand waving.
I think the most stringent types of Windows anti-cheat rely on remote attestation of the operating system. It's theoretically possible to design a Linux-based OS that supports such a capability, but the sort of people who choose Linux are unlikely to accept a third party having the final say over their computer.
I, for one am disappointed that anyone has accepted it. Once it's widespread, service providers can demand it, as we're seeing with mobile banking apps and game anticheat.
I also strongly dislike requiring remote attestation for any kind of software I want to run. But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do.
Personally, I run Windows purely for gaming and don't let it near any important data. For the latter, I boot into Linux with separately encrypted disks.
>But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do.
You can't suggest "run online games as close-knit social groups, with social exclusion punishments for cheaters", which is how most online games used to be run. How old are you?
Game vendors used to be happy letting us host and run our own multiplayer games, until they realised they could get more money out of us -- "battle passes", microtransactions, ability to forcibly turn off multiplayer of older game when newer remake comes out -- and now they've made themselves a mandatory part of your online experience. You have to use their matchmaking and their servers. So now it's down to them to solve the problem of cheaters, enabled by their centralised matchmaking... and their only solution is remote attestation of your machine and yet more data collection?
If you use secure boot and don't let your keys near Windows, you should be fine even if your Windows install is compromised. Unless you don't trust Microsoft themselves, in which case you'd need to re-enroll keys whenever switching operating systems, which is possible, but very tedious.
Linux is resistant to rootkits, which is what these things are, and allows you to remove them, yes.
The correct solution is to verify everything server side, or actually have humans watch replays and ban cheaters, but both of those would reduce profits, so will obviously never happen.
You see cheaters banned in real time in Valorant, and the match is canceled, at least you used to.
IMO the real solution is back in community servers and votekicking.. It works on old games with no anticheat measures..
Maybe add some blatant detection for people teleporting and doing other absolutely impossible things serverside, but I don't understand why my team has to ruin their 'reputation' teamkilling a cheater so he doesn't ruin the game completely in most current games when the anticheat only catches free, old cheats. Just let people votekick and find someone else in the matchmaking queue who's willing to join halfway through.. Once votekicked enough times you can escalate to the AI (always indians) for automated (manual) review.
Also, you don't even have to ban cheaters. Just isolate them to play with each other. Some might find it fun and keep away from the normal players.
Edit: The 'issue' with community server manual review and votekick is you can be kicked for being cracked or garbage at the game legitimately, but TBH at this point you're ruining the fun of everyone else, so you should probably get in another server/match.. Also that premades can have majority, but that's easily solved by reducing their vote weight.
I mean not really, as someone that had been votekicked from many games. Servers with admins does solve this, but has it's drawbacks. But you also cannot have the matchmaking type of game that are popular today.
Back in MW2 if you were the host you could kick players from your game using a cli tool that adjusted firewall rules.
For lobbied ones votekick is great as long as you remove majority vote from premades. So in a 5v5, a 3 man premade isn't able to kick any of the 2 randoms alone.
I remember the misuse of it but it was better than having your only option be teamkilling, which is now punished in all games via reputation systems.
The only thing I don't see this as a solution for are games like Planetside, with massive lobbies. I know they used to have automated detection and manual review by admins teleporting and flying around, usually invisible to sus players. Once we found a bug and got inside the map able to shoot through the ground and in like 15 minutes an admin came, asked us how we got in there and to get out nicely, before he gets us out forcefully :D
Yeah. It’s an erosion of rights that doesn’t solve the problem. You only need one cheater to make a game feel bad and DMA devices or pixel tracking can’t be stopped with these anti-cheats.
Server-authoritative games. Basically the client does stuff, gives the list of moves to the server along with a checksum/end result. Then the server runs the same commands on the same starting state and checks if it got the same result.
If a==b, then everything moves on as normal. If not, the client gets a synchronisation error and has to rewind back to the last known good state.
Completely unfeasible for anything real-time pretty much.
Having done modding for some older shooter games built on the server-authoritative model, it's still possible to create a "pingless" experience, but it requires more calculations and compromises on client/server trust to make it work. For shooters specifically, you want the client to provide instant feedback when the gun fires, and ideally when they hit an enemy. You can achieve this by telling the server "I was at position A and shot my gun at position B and hit enemy Bob." The server will validate all of this before informing the client who fired and the client for "Bob" that Bob was killed. The compromise here is that the server must trust that the client isn't sending forged data, or the server must do additional computations to validate it.
An elaborated version of this idea is called "rollback" where you let the local client predict and execute the game state at time t+1 and will "roll back" the state of the game if it received another game state than the one predicted. Extremely popular and state of the art for 2D fighting games (most of the time the prediction is correct and it greatly reduce the perceived lag) , but probably harder a bit harder to do with 3D games.
You can run a VM using trusted computing extensions for the game. If the VM encrypts traffic, that stops network level cheats. You can still fake inputs/outputs to the machine if you put the work in, but then you can also use a vision model and faked input with actual consoles, so that hole is never going to get patched.
You are looking completely wrong at this. There is no anti-cheat that cannot be bypassed. Period.
You can always run things in a VM, you can always replace your keyboard and mouse with a different device, you can always have your a camera instead of human eyes and have something that recognizes enemies.
Even cheat detection in the real physical world (sports, chess, etc.) is not a completely solved topic.
You can connect computers to other computers so other computers will always be able to control them.
The idea that any (currently realistic) cheat prevention is unbypassable is silly.
> The idea that any (currently realistic) cheat prevention is unbypassable is silly.
The idea that anti-cheats don't make sense because they don't catch 100% of the cheaters is what's silly, who believes that? Not even the people writing these anti-cheats believe catching 100% of them are possible, why are you under the assumption that others think that's possible?
If it removes 80% of the cheaters from the game, the experience goes from "Holy shit lets leave" to "Ok, bothersome, but fine", this is what they're reaching for, not some fantasy utopia that you seem to be under the impression is the target.
I don't think the comment you're responding to is trying to claim that. They're responding to the parent comment asking if there's any way to actually make a Linux anti-cheat method that isn't bypassable and pointing out that this framing isn't really useful because there's no way to make one on any platform that's actually impossible to bypass. Their point isn't about whether it's useful or not to have imperfect anti-cheat but that there's nothing fundamental about Linux that changes the fact that the anti-cheat is going to be imperfect anywhere.
> If people will leave, cheaters will play only with cheaters - problem solved.
Yeah, but it's a bit like the ultimately solution to climate warming; getting rid of all humans on the planet. Fine, it solves the problem, but who is staying to enjoy the solution?
Linux explicitely allows you to do things that makes cheating *really* easy.
There is also complete lack of secure boot and a way to validate that your kernel hasn't been compromised.
I mean seriously, making a cheat for a proton supported game that no anticheat has any hopes of detecting are in 100 lines of a kmod driver and 1 console command: insmod.
On windows you at least need to use scuffed tools like KDU to bypass signature verification requirements and every anticheat can detect you with a simple physical memory scan.
Unfortunately right now SteamOS does not support secure boot or measured boot.
well lack of secure boot is bad wording, lack of vendor defined secure boot.
I think the moment you accept data from the client as truth you've lost the battle already, everything else is just damage control. Loads of games have realized this and kept checking game rules on the serverside and reveal data on a need-to-know basis. This makes it nearly impossible for cheats to be made because anything you know you should know, and everythin you act is parsed by the backend according to rules already present