This is so funny because rust has one of the worst cheating situations and majority of their players are windows users, and theres lots of games that have anticheat that allows linux and have notably less significant cheating problems like marvel rivals. in reality rust doesn’t take cheating very seriously because if they did they would have more server side software that detects illegitimate behaviour like tons of other games do successfully… even most popular Minecraft servers have better functioning anti cheat that is completely server side than rust has while getting kernel access to your pc. its pathetic and lazy development tbh and this entire post from them reads like such extreme cope…
The garbage took itself out.
On Windows the cheating program it’s a simple exe that will get kernel access with a simple uac request.
Everyone, especially 12 years olds, are able to run it. (And maybe get malware/ransomware disguised as a cheating program)
None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that
None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that
aha! so you admit, IT’S POSSIBLE! Well aren’t we lucky we have microshoft who won’t let anyone recompile their colonels! shows you mr silly yunix!
;D
I tried Rust, but quit quickly due to the extreme levels of racism and open Nazis. Maybe they should address some core issues of the game before blaming Linux for their problems?
Also, how was their playerbase only 0.01% Linux? Was their game terrible on Linux? Why did it have hundreds of time less players than other platforms
even most popular Minecraft servers have better functioning anti cheat that is completely server side
Why isn’t this the standard everywhere? These servers prove that server side anticheat works.
Because they’ve been forced to implement server-side anti-cheat because they can’t implement it into the game because they don’t control the game and mojang don’t seem interested in adding much in the way of anti-cheat to Minecraft.
These other companies actually control the games they’re running the servers for, so they can go the simple route and put kernel level anti-cheat in the game, and then call it a day. Corporations will always take the easy cheap option, even if it’s not very good.
It is. All games have this kind of server side verification which denies not allowed actions. The difference is in Minecraft it comes down to “no, you cannot fly, or” no, you cannot build a pig spawner because you don’t have one in you inventory". But in Counter Strike you need to decide if one player’s 14ms headsbot is legit, while some other player’s 20ms kill was not. Or if someone was acting on information they shouldn’t have (radar and wall hacks). That’s orders of magnitudes harder.
Generally speaking, the slower a game, and the less hand eye coordination are necessary, the easier is server side cheat detection. On the other side, there’s chess…
Well, yes, but, let me counter with this:
You can completely remove wall hacks from the equation by doing some FoV calculations in the server, this completely solves that issue, there’s no client side hack that would be able to show you enemies behind the wall because the server isn’t sending them to you.
And to the other point, if the 20ms kill is bad but the 14ms kill is good, there’s space to argue that the cheater is worse than the players so you don’t really need anti-cheat so solve that, Skill based matchmaking takes care of that for you, he would eventually be placed with people who are better than him even with hacks.
Sure, server side anti-cheat can’t capture everything, but neither can client side, but server side anti-cheat can make it so that your client side cheats are pointless, because they can’t make you better than everyone, you have to remain averageish, and if you’re consistently above average skill based matchmaking will bump you up and up until you’re going to lose even with cheats or you will be playing against other people with the same cheats as you.
Please see my other answer. Yes server side fog of war solves a lot, but not everything because it works with your FoV+some extra. On top of that there’s enemies’ sounds and objects that will make wall/radar hacks work.
Yes, skill based matchmaking would take care of the consistent not-inhuman cheater, but unfortunately the number of games getting that right can be count on two hands, I would say. It’s an interesting problem on its own for team based games.
True
I’ve said this before about wall hacks. The only reason they are possible is because the positions of all players are being sent to the client and then the client just doesn’t draw them to screen. It would be extremely easy to simply not send the data for players you shouldn’t be able to legitimately see.
And you are not the first person to have this idea.
Most games do that to some degree. The thing is they are working with a threshold, which means they send your client the information of a few “extra meters” - beyond your field of vision. If they didn’t, enemies would sudddnly pop into existence, instead of smoothly running around the corner. Especially in fast paced games there’s nothing more frustrating than losing to this.
But there’s more: non visual clues. If an enemy is outside your vision, but makes a noise, you cannot give that information to the client without revealing the enemies position. It’s simply not possible (again, not without risking giving completely wrong info by the time it reaches the client).
Same goes for non-player objects, which are the result of a player’s action somewhere else. If a player kicks a bucket across the map, the bucket flying through your screen makes it trivially easy to calculate the point of origin - and you know something happened there / player was there.
We’d be really really lucky if server side fog of war would be the kill-it-all solution to cheating.
They’re on that lie still?
Cool, cool. I’ve got plenty of games to choose from to care about lazy lying assholes who can’t be bothered to come up with a better excuse than that for why they irrationally hate Linux
Is there any way with steam to verify those player numbers because 0.01% seems very low. Market share is about 3% so I would expect numbers more in line with that. Obviously it’s not going to be a one-to-one match up but two orders of magnitude different than from the expected number.
Hardware level cheat detection has always been a losing game. I’m a professional in similar area (not games) but it’s fundamentally impossible to do when you dont control physical hardware, it’s stupid. The only way to detect cheaters is machine learning based behavior analysis, period.
TL;DR: skill issue
The only way to detect cheaters is machine learning based behavior analysis, period
Either the entire game industry is incompetent, or you’re wrong. Machine learning is a powerful tool, but the only way? No chance.
@Jumpropegazing
they are loosing the battle against Cheaters on the windows user side, don’t make them loose the battle on the Linux side aswell 🤣loose
not tight or constricting;
lose
THE WORD YOUR LOOKING FOR. to fail, to be defeated, etc.,
sorry, this is just one I keep seeing more and more and it’s driving me absolutely bonkers
@mojofrododojo
thank you 👍 i appreciate the correction
Let’s do some math here, they said:
More cheaters using Linux than legit users (…) .01% of all players base
Let’s do a quick math. The maximum peak users for Rust was 259,646 concurrent users according to https://steamcharts.com/app/252490 . Let’s assume 60% (more than half) of all the .01% users were cheaters, congratulations, you got rid of all those 16 cheaters… I haven’t played much Rust, but I’m fairly confident that there’s a bit more than 16 cheaters there.
And that’s without getting into the whole client side anti-cheat doesn’t work.
You dont understand linux users have black magic hacks that ruined the game for every player on every server, their power cant be understated… Theyre a whole bunch of dangerous hardened criminals
every single one is a l44t hack3r bro
I feel like some people think Linux is only for hackers and cybersecurity professionals
And genuine hackers and cybersecurity professionals have got way better things to do than cheat in Rust.
The cheaters are all obnoxious 12-year-olds who couldn’t land a single hit without the cheats, that’s why all the compilation videos of cheaters falling foul to fake cheat software are so funny. They’ll spend 10 minutes trying to go through a doorway without it ever occurring to them that something must be wrong.
🤣 beware the Linux users
Isn’t the real issue the PCIe bus being undetectable-y intercept-able with devices that sit between the gpu and cpu?
correct that is where majority of cheats are, because as they dig deeper with anticheat backdoors it pushed people to take advantage of shit like injecting the data directly into the pcie bus untraceably, and the ways to catch that have all been unshockingly server side…
Explain something to me. It’s a multiplayer game anything that affects all players should be handled on the server side, not the client. So if I make a cheat it can only be installed client side, not server side.
So if my hypothetical cheat looks at object placement and any time I sees a small object approaching at a high velocity it can say “I’m going to assume that’s a bullet based on what the server told me about it.” Then my cheat would say “your character moves from here to here until the bullet passes by, then moves back. I will tell the server you moved to the left 20 inches in the blink of an eye then moved back”
This works because the server just trusts what it’s told in this example.
So there are two options here to resolve this. Either the server sets thresholds and denies any placement changes look like the Flash is playing rust, or the server evaluates suspicious placement changes later when the cpu load it’s under is lower. The first approach stops much of this instantly but is computationally expensive and could not scale well for lots of players. The second would work well enough. You need to catch cheaters but it’s doesn’t have to be within the same exact cpu cycle.
In either case, these work because the server is taught to look for something that shouldn’t be possible. The enforcement happens server side. The client doesn’t fucking matter.
There is zero reason to put anti cheat on the client side when it’s not a P2P instance. Target a few servers, not thousands of players.
The client side anti cheat is a low effort hack that was good enough. Video game anti cheat devs are cheap as fuck because looking at client bits cost nothing compared to expensive machine learning pipelines that need to analyze all player performance. This is not a tech problem but a product/skill one.
You don’t need machine learning for this we’ve had perfectly good server-side anti-cheat for a while now and none of it’s been AI-based until recently. If we know the top speed the game should allow players to move any movement greater than that speed must be a cheat or lag, either way it shouldn’t be allowed.
Your head is in the right place, but your example is very wrong. First, unless it’s a very slow projectile that’s not how bullets work in games, second movement takes place in the server, to do so in the client is nuts. Client sends inputs, sever moves, gives back player location, client adapts. While waiting for a reply the client simulates the movement expected, but sometimes the server doesn’t receive the package and so tells you you haven’t actually moved and you teleport back.
What’s usually not done is calculate vision cone, instead the server gives you everyone’s position and you calculate whether you can see them on your GPU. Which is why if you can get access to the GPU pipeline you can tweak it so it shows you objects through walls. If you move the LoS calculation to the server you completely eliminate wallhacks, however that is very expensive to do (although ray tracing GPUs might provide a good approach in the future)
second movement takes place in the server, to do so in the client is nuts.
For the vast majority of games, it’s in between, because the latency if you waited for the server every frame you moved would be way too much.
It’s something like you have a local model of where everything is, and send updates to the server of where your local model says your character (and whatever else your inputs affect) are. The server receives that data, potentially validates it (server side anti cheat checking that your movement makes sense, similar to the OP post, for example), and then forwards that info to all players. The client side positions of everything are updated based on that info. Usually some interpolation is added to make things move more smoothly.
Yes I meant movement happens server side, which is why this example cheat couldnt work. it would be telling the server what to do, and the server could always say “no, fuck off, thats not something you were coded to be able to do”. Sorry if I didnt convey that clearly.
I also understand the client has to draw things faster than the server can respond “okay, I moved you 12 inches to the left” so it guesses the outcome and if the server later responds with “denied, no teleportation in rust” it will just snap you back to the last position the server approved of.
My point is anticheat client side suggests bad code server side.
Yeah but this approach makes the game stutter and/or sluggish for everyone. Client side computation isn’t just cheaper, it also ensures that you have a smooth gaming experience.
As someone else said, most games do a middle way here. Compute on client side. Verify on server side.
Yes but if you are verifying server side anyway, why do you need anti cheat client side?
Well, first off: Money. The more you verify, the more it costs you to run your game’s servers.
But also because you cannot detect every kind of cheat via server side anti-cheat. How does a server detect if my flick-headshot (which won this crucial round) in counter strike was luck, or if I had help from a program running on my machine? Maybe it didn’t even make me react faster, just nudged the cfosshair another few pixels to ensure the hit.
Of course you can run statistics, and can flag outliers. But it’s no proof. If someone always cheats you won’t catch them, while you will flag someone have a good day (or a friend playing on their machine).
I feel like the 0.01% is either a mistake or an exaggeration? Isn’t Linux something like 1-2% of the gamer base depending on how you measure it? Why would a Linux supported hard-core game be 100x less than that?
No 0.01% was quite possibly the actual number at the time. What he didn’t tell is that by the time they stopped the Linux port it was in an abysmal state after months or years of neglect. Poor performance at best, up to outright not working, depending on your hardware.
its one or the other yea lol
This is actually one of the absolute worst trade-offs they could have made, if you think about it for like 2 minutes :
They said 0.1% of players were on Linux.
Even if they were ALL cheaters, that’s still a tiny amount of cheaters you just “banned”
Almost 100% of whom will just cheat on Windows instead ; whereas all the legitimate Linux players will loudly complain forever.
They decided to sacrifice all the free PR from one of the most vocal groups of players out there, in order to get a ~ 0% reduction in the number of cheaters.
In more simple terms, they just shot themselves in the foot for no benefit whatsoever (though I do grant it’s a relatively small “gun”)
Not only that, but the steam deck exists, the gabecube is coming, Linux gaming has been on the rise. The shit you did “several years ago” is irrelevant. If they allowed Proton, windows players with steam decks can now also play on the go. Instead they repeatedly have to poorly explain why they won’t… to stop basically 0 cheaters. I’d be willing to bet that the only people who actually stopped cheating in rust when Linux support was dropped did so because they lost interest anyway.
I searched just to see, there’s a python script right on github that claims to have an aimbot, esp, wallhack, no recoil and several other features, along with “safety settings” so you don’t get caught. Does it work? I don’t know, but the codes right there to look at and there are dozens of other results in the search.
The Gabecube. Thank you for that. Totally stealing it.
they actually said 0.01 which is literally only 14 players compared to the average player base… they shot themselves in the foot to fuck with 14 ppl lmfao even though it’s unlikely the number is that small its likely just them exaggerating to make it seem like less people are affected
I also highly doubt their statement that more users were cheating under Linux than not. I’d like to see how they came to this conclusion. And if it’s so easy to identify who was cheating, why not just ban them if it’s .01 players? That’s like 7 or 8 bans. An insignificant amount of effort would go a long way here.
Remember when Apex banned Linux during a cheating low, and then cheaters started trending upward AFTER the ban? Pepperidge Farm remembers.
This is the same BS CrowdStrike uses to sell their rootkit EDR. I mean, by all means it is a very solid EDR, but it’s being used exclusively to cover gaping holes in discrete security as a cop out for not properly composing enterprise infrastructure.
A kernel space agent should only really be running in an environment where every process must be heavily scrutinized and the design of the kernel module is tightly controlled and itself under constant review, like in a proper data center with thousands of critical nodes. Not your laptop or the shitty windows box used to display ads in the screens at the airport.
Crowdstrike keeps spamming new features and techniques without serious consideration to keep their enterprise customers happy, similar to crappy solutions like Vanguard.
Covering obvious blatant logic flaws should be included in your server software, it’s the same as sanity checking your inputs because there is always the possibility in may not match what you expect.
From that experience, I’m very comfortable saying that if a game supports Proton or Linux, they’re not serious about anti-cheat
This statement is especially insulting to the massive library of games that successfully added Linux support without so much as a hint of issue relating to cheating. Even crappy outsourced dev War Thunder doesn’t need to do anything after enabling EAC/BattilEye because they actually spend the .000001% extra cash from their whale revenue to run a service moderation team.
Hell even Valve’s VAC system is mostly just about automating moderation tasks so that hackers can be taken down ASAP instead of a lengthy review process.
Or you know, the thousands of games that have better game logic than Rust’s anticheat.
They dropped Linux before proton was invented. Go on any cheat website and the requirements will always say to have windows. Maybe proton is exploited by some cheaters, news to me. You should just ban windows, no more cheaters.
It’s not proton that is exploited. It’s the kernel itself that cannot be monitored by anti-cheats, meaning cheaters could install a modified kernel to mess with the anti-cheat
as if the cheaters can’t already evade anti-cheats even on windows.
Exactly. There are two methods that bypass kernel-level anticheat fairly easily, and there isn’t really any way around them.
You can run the game in a virtual machine, with cheats running at the hypervisor level. This level is more privileged than the virtual machine’s kernel, and can thus read or modify the active program without detection.
The other way is to load the hack into the bootloader, so the cheat loads before the kernel and, again, can thus be in a more privileged permissions state.
The only effective solution is to detect cheating server side, or change the game engine so cheats don’t work (like loading all models with no line of sight behind the player, so wall hacks and modified game models don’t matter.
There’s another whole category that also doesn’t care about what the game is running on the kernel: seperate device cheats. They act as a man in the middle for the input and output signals, and can auto shoot when you’ll hit or adjust your aim if you’re close but not quite there. Or just play for you entirely if it’s that good at processing the output.
And blocking that isn’t likely possible without killing streaming for the game or convincing all users to get input devices with encrypted connections or they can’t play your game.
I’d respond to the original comment that anyone who doesn’t have server side cheat detection isn’t serious about stopping cheaters. In any case, I just removed that game from my wishlist. Not that I needed another survival builder game anyways, though they do tend to catch my eye.
Good point. I remember seeing one about a monitor that can give edge-of-screen glow to indicate proximity of enemies in LoL or DOTA2 based on minimap information.
Fascinating.
I will never understand, how people use their ingenuity to fake being good at a game.
Like, I get the hacker aspect of it: developing a cheat, breaking the game, exploit and find ways around the counter measures. Fair enough. But then you would do it once and showcase it, that wouldn’t disrupt a game’s community.
So there are people out there, who load cheats with the bootloader, in order to pretend being better than some randos in an online game. Wow.
I mean as a electrical engineering student who likes to program, building such a system seems like fun but playing with it not so much. If there was a game that was purly made for cheaters with the goal of beating the anticheat without detection i would love to try that. I feel like this could be something like the capture the flag competitions some groups make where you have to hack a website faster than others or break some encryption.
Desstroying other players without effirt is like playing a game in easy mode and i dont get that at all, where is the fun if there is no challenge?
Same kind of people who lie all the time to look good to others. Some people want to be awesome but know they suck, or even more pathetic don’t suck but can’t stand not being the best, and cheating is their pathway to getting the social results of being awesome without needing to develop the skills.
The way I’ve seen it for ages now, being a loser isn’t just about losing games, it’s how you handle losing games and how much you internalize that. I see it as short for “sore loser”. Cheaters are losers in that sense.
Though it makes the idea of them still losing despite cheating even more hilarious, which is why I love the idea of games that detect cheaters but stick them in cheating queues instead of just banning them.
Maybe it’s mostly kids? Like the genre of kid that told you their dad works for Nintendo so they have Mario 5.
Kids, and people making a profit.
Easier to make a profit off RMT if you bot and cheat.
They probably gave up on preventing cheat entirely, and are just trying to reduce the amount of cheaters by making cheating as annoying as possible.
I do actually believe them when they say that cheating on Linux can be made significantly easier and more comfortable than on Windows. I think it’s a real fundamental issue for Linux, multiplayer games with toxic playerbases can be unplayable due to users being able to do what they want. They would have to make systems to allow for playing in smaller human-moderated servers, or rely purely server-side solutions
And that it self is measurable. Never understood the attempt to have total control on byod setups. Its never going to happen lol
It’s not even real Rust unless it’s coded in the real Rust language of Rustlandia.
Otherwise it’s just sparkling oxidation
