SteamOS is on the verge of huge growth to its player base with the Steam Machine's arrival, and that's why this one factor can't be ignored by game developers.
Ah I see. That all makes sense, but yeah, these are products and they do a cost benefit analysis, and deem this stuff to be too expensive. And I think sometimes they deem it too brittle.
There’s also the problem of ban evasion not being solved either. So even with good ban actions, people just return. I’ve seen this first hand in a platform I hang out in.
It’s always an ongoing problem, and some people are really dismissive of how difficult it really is when you consider all the angles.
I appreciate the discussion and input.
Are you aware of any platforms or games who do it “right”? And if not, is it just because of the time commitment, like you already stated?
World of Warcraft (yes it still has a bot problem, turns out it’s even more complicated of an analysis with hundreds of thousands of people playing the game wrong) unironically is the biggest game to do this and report on it. They track player movement, skill usage, cursor position on screen and likely a thousand more data points to determine if a real player could possibly do the things being done and auto flag and auto ban based on that.
I believe VAC also has heuristic capability for FPSs if you enable it as a developer, as CS2 (at least, I think CS Source had a similar system) can detect unrealistic movements, perfectly timed clicks and all manner of movement scripts based solely on timing and not memory editing or other executable interference.
But yes most games really don’t want to have an active cybersecurity team dedicated solely to studying game mechanics and deciding what is or isn’t realistic, and while heuristic analysis of memory (i.e. catching injected cheats) is also a thing, that also requires a security team capable of that; and as someone who once tried to get into the cybersecurity field all of that is expensive. You’re not getting a single person, much less a team, for less than 6 figures a year, and the amount of work generated that cannot be automated necessitates a fairly large team. CS2 gets around this a bit by having trusted players review iffy VAC detections which then feed into VACnet (which was released fairly recently) to have AI auto-review the heuristic detections based on known good reviews; but still the sheer volume of detections in a heuristic system (even well tuned ones) requires constant moderation.
Ah I see. That all makes sense, but yeah, these are products and they do a cost benefit analysis, and deem this stuff to be too expensive. And I think sometimes they deem it too brittle.
There’s also the problem of ban evasion not being solved either. So even with good ban actions, people just return. I’ve seen this first hand in a platform I hang out in.
It’s always an ongoing problem, and some people are really dismissive of how difficult it really is when you consider all the angles.
I appreciate the discussion and input.
Are you aware of any platforms or games who do it “right”? And if not, is it just because of the time commitment, like you already stated?
World of Warcraft (yes it still has a bot problem, turns out it’s even more complicated of an analysis with hundreds of thousands of people playing the game wrong) unironically is the biggest game to do this and report on it. They track player movement, skill usage, cursor position on screen and likely a thousand more data points to determine if a real player could possibly do the things being done and auto flag and auto ban based on that.
I believe VAC also has heuristic capability for FPSs if you enable it as a developer, as CS2 (at least, I think CS Source had a similar system) can detect unrealistic movements, perfectly timed clicks and all manner of movement scripts based solely on timing and not memory editing or other executable interference.
But yes most games really don’t want to have an active cybersecurity team dedicated solely to studying game mechanics and deciding what is or isn’t realistic, and while heuristic analysis of memory (i.e. catching injected cheats) is also a thing, that also requires a security team capable of that; and as someone who once tried to get into the cybersecurity field all of that is expensive. You’re not getting a single person, much less a team, for less than 6 figures a year, and the amount of work generated that cannot be automated necessitates a fairly large team. CS2 gets around this a bit by having trusted players review iffy VAC detections which then feed into VACnet (which was released fairly recently) to have AI auto-review the heuristic detections based on known good reviews; but still the sheer volume of detections in a heuristic system (even well tuned ones) requires constant moderation.