Hi all,

I don't want to be that guy who comes onto a forum to whinge about getting pwned in cs. I would like to discuss what has really taken me by surprise and alarm.

Basically, after quite a hiatus in online gaming I decided to buy CS:GO. The caveat is that I am using the steam controller. I've clocked several fps's with it and I have been getting better though still trouble with the harder bots in ut2k4. Basically, I'm not expecting to win. I've clocked 1000's of hours in my past - basically every fps worth playing ever since 1996. I know what a fair game feels like.

1st game of CS:GO. Getting shot through smoke (actually every game i was getting shot through smoke), watching other players aiming through walls as they approaching their target. Aiming snapping from 1 target to the next while spamming M60.

So I did some research on forums - some players laying down some rough stats, tagging everyone them play with and then seeing how many were banned 6 months later.

It would appear that at least 3% of regularly active pc gamers are cheating in some detectable form. That is the lowest figure from these stats. Some guy who did this test has 11% banned 3 months later (certain times of year attract more cheaters and bans usually get sent out in batches before a big release/patch/holiday season). 1 guy said that of the 30 people he reported in the last month all of them were banned. In a 16 players match you will encounter a cheater every other game at least. In bf4 there will be a cheater in every game. VAC is banning 10,000 cheaters per month. Note that we are only counting cheaters that are caught. There are ways to limit your exposure to cheaters by joining specific local servers or servers with active admins / clan members. CS:GO is £10, valve has to take CS:GO out of the sale weekends because they were selling far more than expected and the accounts were not becoming active until after a ban wave. Some players have dozens of accounts and they use a different account on a rotating basis so they get less reports and land at the bottom of the video pile (of which there is a never ending amount) and don't rank up too quickly.

In CS:GO if a cheater is banned and you played with him on the winning team you lose points, if you played on the opposing team you get the lost points back. The round is declared null and void. When the ban waves are sent out people are gaining/losing points in noticeable quantities automatically.

A glossary of words is now common that I have never encountered before. Prefiring and Spinbotting to name a couple.

Overwatch - the latest social anti cheating tool where you can report recorded video for banning. This has come about because anti-cheat software isn't effective and cheating is a big problem.

TL:DR Cheating is quite widespread, its not just noobs moaning.

My big questions is, what can we do? It seams like an unwinnable situation.

I think I could write a packet sniffer / man in the middle proxy and get a working wallhack overlay with about 10-20 hrs of dev, I could also route mouse commands through the OS to make an aim assist. This would be completely undetectable by any anti cheat. As long as I didn't obviously stare through walls I would never get banned. Anticheat isn't scanning your machine for other programs, even if it was it wouldnt have a clue what they were doing. You can run screen capture with framerate overlay and it isn't flagged as a cheat. You can really only detect sloppy DLL hooks, binary modification and obvious aimbotting.

Herein lies the problem. Reading plain characters from a port is completely insecure. I would propose that a custom network card is developed that has hardware decryption (they can make the key untracable right??). If a packet is flagged as such the first X bytes (encrypted) get written to memory and then the game directly talks to the NIC, each read is hardware decrypted. The remaining bytes pass through as normal to the port. I'm not big up on security and drivers, maybe someone here could tell if this is possible. I doubt it would ever happen and if it did it would take a long time for hardware vendors to adopt it, it would need to be a special deal between valve and a manufacturer, and then incorporated into match-making - some servers require the device. To cheat with this you would need to know the key and modify the driver which I think could be detected though I'm not sure, its probably possible to spoof anything when you have full control.

I think when games are patched to stop cheaters they are really just breaking the cheats. If the order of the packet data changes or memory is in a different order then the cheats will break until the cheat developer corrects it. I think this is interpreted by the gaming community as improved anti cheat protection and more bans but I don't think that has been true for a long time.

TL;DR. How the hell do we stop them?

It is a cat-and-mouse game to be sure. There are ALWAYS ways for players to cheat, from hacks like removing visible walls to teleport cheats to aim-bots, plus ways to attach automated controllers externally, like something that tampers with network packets, or a camera pointed at the screen that fine-tunes mouse and keyboard input.

There are many things that can be done, and bigger games and platforms take steps to stop it. Valve's Anti Cheat mechanisms are one, and there are various technologies built into console game systems as well.

Game developers need to validate input, first and foremost. That includes validating that the actions are reasonable for the game, such as suddenly jumping to an unexpected location, or rapidly turning to face and fire. Games can also limit the information sent to clients, giving them only what they need to see so cheaters have less information to cheat from.

After that, statistical information is very useful. Players who take actions at a radically different pace than others are suspect but not proven cheaters. If a player has a high rate of rapidly twitching the mouse and getting a headshot where that is a rare event for most players, that's a flag. If players have abnormally high rates of any type of precision movements, those are signs.

As for actions, most companies have no problem banning the explicit cheaters. Ranking systems go a long way to reducing the impact of other cheaters, often placing the highly skilled but statistically human players in one set of games, and statistically-identified probable-cheaters go in another set of games where they can cheat amongst other cheaters.

But in environments where anybody can run a server, anybody can host a game, and anybody can join, that is an environment where "buyer beware" comes into play. If you join what is the equivalent of a back-alley craps game it is hard to reasonably complain that cheating happens. If you're using company-sanctioned servers from major games and hardened corporate environments, it is more like going to a casino where you can be quite sure most cheating doesn't happen.

Go ahead and make a cheat for CS:GO then. They're worth hundreds of thousands if undetectable.

However, odds are you don't really understand the game enough to call out cheaters. CS:GO is all about predicting where people will be, and setting up easy shots/using set wallbangs to hit common hiding spots. PM me your steam acount/add me if you want me to prove this is possible without cheating.

Go ahead and make a cheat for CS:GO then. They're worth hundreds of thousands if undetectable.

However, odds are you don't really understand the game enough to call out cheaters. CS:GO is all about predicting where people will be, and setting up easy shots/using set wallbangs to hit common hiding spots. PM me your steam acount/add me if you want me to prove this is possible without cheating.

Sure, I've been there done that. Like i said, I used to play a lot, I was frequently at the top of matches. I know all the tricks.

The statistics on cheaters are accurate, the price of cheats has dropped due to volume increase. The churn of CS:GO sales is ongoing because of cheaters and valve have acted to address this in the past.

I know it is possible to score just as highly as many cheaters (most of which are probably very young and use poor tactics), this is not a rant about sucking, I expect to lose because I'm out of practice and not using M/K. I was encouraged to do some reading around the frequency. Most cheaters are trying to hide their cheats, go read the cheater forums, this is what it is all about.

Anti-cheat software isn't effective, a cheat isn't worth anything, lots of them go undetected. BF1 doesn't have any form of anti cheat, just statistical analysis yet cheaters were recorded in the beta and on day 1 of release. Why do you think they didn't bother? Why do we have overwatch if the cheats are detected?

Im not going to post links to cheat forum threads on undetectable cheats here but you can google for them yourself.

Your attitude is part of the problem, you can take offense to that if you want but maybe if gamers had called out the problem sooner companies developing cheats might have had a tougher market to break into.

But in environments where anybody can run a server, anybody can host a game, and anybody can join, that is an environment where "buyer beware" comes into play. If you join what is the equivalent of a back-alley craps game it is hard to reasonably complain that cheating happens. If you're using company-sanctioned servers from major games and hardened corporate environments, it is more like going to a casino where you can be quite sure most cheating doesn't happen.

most of your points i already know and are easily countered.

However, on your last point, I find its more like going to play poker underground and if you cheat you will get your fingers broken but if you cheat in vegas you'll just get thrown out. Private servers usually have admins floating around and also have repeat visitors. There is no sense for cheaters to frequent the same servers. Sticking to a clan server is your best bet to avoid cheaters.

Combating cheating in a multiplayer game is a lot harder than it sounds, and it doesn't sound easy.

There are techniques for detecting cheating and there are techniques for evading detection. It's a never-ending, constantly-escalating arms race, pure and simple.

If a game can be profitably cheated, cheats will exist there, period. People pay good money for "reliable" cheats which means the black market is thriving.

I suspect it will always be this way. Trusted computing is theoretically one way around it, but there are ways to defeat trusted computing platforms.

I would be very surprised if a game ever thrived without a seedy underbelly of scum trying to break it.

I would be very surprised if a game ever thrived without a seedy underbelly of scum trying to break it.

That's why I mentioned the statistically-detected cheaters.

In all the major games I know of, players are ranked and all matchmaking is done by rank.

The statistically-detected cheating flag might be visible or might not, depending on the game, but it plays a part in matchmaking.
For matchmaking purposes, players who are likely cheaters get bundled together into matches away from players who are not flagged as likely cheaters. I know EA's shared matchmaking libraries include it because I've used them so you'll see them in Mass Effect, Battlefield, and others. I've read about similar results from other companies

It might be that the player who is amazingly skilled at headshots is detected and placed into games with people using aimbots that are also amazingly skilled at headshots, but at least they're all evenly skilled.

For matchmaking purposes, players who are likely cheaters get bundled together into matches away from players who are not flagged as likely cheaters. I know EA's shared matchmaking libraries include it because I've used them so you'll see them in Mass Effect, Battlefield, and others. I've read about similar results from other companies

We do this where I work as well. It seems fairly effective.


(Edit) malformed quotes...

1st game of CS:GO. Getting shot through smoke (actually every game i was getting shot through smoke), watching other players aiming through walls as they approaching their target. Aiming snapping from 1 target to the next while spamming M60.

Those are all features of counter-strike, not exploits. Seriously, seeing through smoke and shooting at players who can't see you is a feature of the gameplay. If you don't pre-aim at targets through walls with your powers of prediction or snap aim from one target to the next in as few frames as mechanically possible, then you get vote-kicked out of competitive mode matches by your team after being called a noob...

1st game of CS:GO. Getting shot through smoke (actually every game i was getting shot through smoke), watching other players aiming through walls as they approaching their target. Aiming snapping from 1 target to the next while spamming M60.

Those are all features of counter-strike, not exploits. Seriously, seeing through smoke and shooting at players who can't see you is a feature of the gameplay. If you don't pre-aim at targets through walls with your powers of prediction or snap aim from one target to the next in as few frames as mechanically possible, then you get vote-kicked out of competitive mode matches by your team after being called a noob...

whatever, sure people play well as ive explained and I have done so (since CS beta 2, yes they had grenades and movement then too) but you cant know where some one's head is before you've seen them. 1/20 active players are getting banned regularly, mostly through overwatch. Savvy cheaters play good enough to come top of the game but not good enough to get noticed.

I dont even know what kind of motive someone would have to argue this way against statistics and the industry response to the problem. Maybe you feel it tarnishes your little niche hobbie somehow - similar to when football fans get annoyed by suggesting the industry is corrupt and its all money.

Its been 20 years since quake2. Some people don't have time to play to such lengths but have done so in the past. Been there, done that, bought the t-shirt, couldn't be arsed anymore. If you dont want to be part of the solution don't join in the conversation.

Additional: If i wanted to get good at a challenging game CS:GO would be pretty low on the list. In my past i've never struggled to come consistently top of the game. Other games have proved to be significantly harder.