What is up fellow developers?
I wanted to ask a question regarding the state of anti-cheat for indie game devs and small teams. I am a security engineer particularly interested in hacking and anti-cheat systems. From outside of the game industry looking in, it feels as though anti-cheats and their current license-based subscriptions from the major companies (EAC, BattleEye, etc) make them inaccessible to small teams and indie devs. So I was thinking of trying to start a project around the idea of an “indie anti-cheat” that directly caters to small teams for the cost of a pack of assets or potentially for free. It most likely wouldn't be as extensive as Vanguard, but even if it was only in user-mode and not kernel mode, something is still better than nothing.
I am polling indie devs on this topic, and so I thought what better place to do so than on this forum. I am curious as to if there is already something that fills this gap, or what you all are currently using to combat this problem. Obviously, there are ways to implement things such as logic checks in your game, but I am curious as to if there is a third party solution that already exists outside of the Triple-A space
Anti Cheat For Online Indie Games?
I'm assuming you're talking about multi-player cheating, like aimbots, map hacks, and the like. As an indie, you may be using a platform that has its own anti-cheat built in, such as Steam/Valve, or Unreal/Epic.
As a small indie, it's also the case that your game probably isn't big enough that there's much profit in cheats for your game, so you can probably coast by on good matchmaking and community management for a long while.
If your indie game has any real revenue (enough to “pay salary” for at least a couple of devs) then it's also possible that the “triple A” solution vendors may have a plan that works for you – don't assume that, just because CoD-Battlefield-Apex-PUBG uses some tool, it's impossible for you to use it.
Finally, as an indie, you also have other tools that are harder to do for big visible titles. For example, you can develop some kind of modeling of who is “likely” cheating, and then put all of the “likely” cheaters into the same matches in matchmaking. “Invisible ban” is a powerful tool! Just, whatever you do, make sure you keep a good tab on the numbers. If your system says 20% of all players are cheaters, your system is probably wrong, and it's better to instrument and report, without doing anything, for a while, before you start actually taking action on the signals.
Finally, a gameplay model that is server-authoritative, can more easily detect players that get out of sync often, and thus are likely cheaters (or maybe just playing the game on under-spec machines that can't keep up.) If you can go that way, that's of course better! Similarly, co-op games may not even need anti-cheat – each team of co-op players decide what rules they'll want to enforce on their own.