this post was submitted on 17 Jul 2024
547 points (97.1% liked)
Games
16785 readers
818 users here now
Video game news oriented community. No NanoUFO is not a bot :)
Posts.
- News oriented content (general reviews, previews or retrospectives allowed).
- Broad discussion posts (preferably not only about a specific game).
- No humor/memes etc..
- No affiliate links
- No advertising.
- No clickbait, editorialized, sensational titles. State the game in question in the title. No all caps.
- No self promotion.
- No duplicate posts, newer post will be deleted unless there is more discussion in one of the posts.
- No politics.
Comments.
- No personal attacks.
- Obey instance rules.
- No low effort comments(one or two words, emoji etc..)
- Please use spoiler tags for spoilers.
My goal is just to have a community where people can go and see what new game news is out for the day and comment on it.
Other communities:
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
People, read the developers comments:
They strictly say that unfortunately it requires Windows to access PSN integrated features, so the multiplayer will not work because it requires said features. The singleplayer should work though. Since Concord is completely multiplayer, it needs the PSN features that only work on Windows.
So did they code themselves into a corner because of malice or incompetence?
It is well known that many multiplayer games like Valorant do not work on Linux due to kernel anticheat. Unfortunately, this is a part of Linux gaming life.
Fuck installing any game that comes with a fucking rootkit
I don't think you understand how code works. What are you worried about it doing, and why does it need admin permissions to do that?
"Kernel" anticheat isn't really any more dangerous than any other executable you run on Windows. Code from untrusted devs isn't safe whether it has admin or not. Games made by small devs are much more dangerous than anything put out directly by Riot or Valve.
There's a lot of hullabaloo that's seeded and encouraged by those who make money on botting and cheats. It's kind of valid, but it's not a larger risk than installing pubg or among us or any other small game.
If you really want to be secure, you have to separate your gaming and personal machines, at least the OS and drives.
The Windows limitation might even make it more secure in that way, if you're willing to limit Windows to games and use Linux for personal stuff. Even then, keeping drives isolated is difficult.
Remember when Sony automatically installed a rootkit on customers' computers if they put in their legally purchased music CD to listen to, that was a security vulnerability that hackers quickly found and exploited? Pepperidge farm remembers.
Incompetence is just as dangerous as malice, and big companies have shown they don't bother to take the care needed to protect your device.
https://en.m.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
I've seen this posted before, this is the first time I've actually read the whole thing. I knew what it was, and what it did, but I never knew about the "uninstaller" part of it.
The fact that they doubled down and made an uninstaller for it that didn't actually uninstall it and ADDED ANOTHER root kit + a backdoor to the system, blows my mind.
I don't think YOU understand how code works. Having a program that you can't verify being run as the highest priority level in your system is a stupid idea. You don't know how secure it is or if it has vulnerabilities because again, it's not open source. They are not even security experts, they are a game development company (which will hire security experts, sure, but the main focus not being security is important) and riot is not know for having a super robust game.
Do you really trust them to release a program that can't be hacked into, which then would give the hacker a way to elevate privileges into the highest security level? Even if you trust them not to harvest and sell private data, you have to also trust them to make an unhackable program.
Yeah, I trust Riot and Valve more than I trust Sony or the developers of Lethal Company or Among Us. Even with higher privs than those other companies get.
Because if PubG is compromised, I'm just as vulnerable as I am if Riot is compromised.
I get the technical difference, but when you combine it with practicality, it doesn't make much difference on one hand. On the other, it does remove cheaters from my games.
If I cared that much I'd have ALL my games on a separate OS anyway. Maybe I will at some point.
What are you talking about!? It makes all of the difference. I know a game can't break my system, I know a game can't erase files I keep under root user, I know a game can't write outside of a very limited set of folders my user has write permissions, the moment you allow games to run on root all of these go out the window.
Sure, because games that do this have no cheaters.... What bubble do you live under? Do you think that games like Dota or CS have more cheaters than Ghost of Tsushima? Literally games that have a competitive scene which is so big that's televised in sports channels don't need root access, but a co-op map on a game does!?
And that's without getting into the fact that client side anti-cheat is a losing battle, you could even have full control of the hardware and software and still wouldn't be 100% secure.
On Windows?
On Windows? That's not common practice.
Is this like how you can't get viruses without granting root?
Without root/admin access, on windows programs can't write in several important folders. By root user they meant program files, system 32 and all those "system files", which, surprise, are root files.
A hacked kernel level program can modify system files and set up a keylogger that doesn't even register on the program monitor, and it can send your information and you wouldn't even notice it without monitoring your outbound packets, so you won't.
Any other program would ask you admin/root access and if that's weird behaviour you can deny it and investigate, kernel level programs have it by default so if they have an exploitable vulnerability, you are fucked by default. It's a huge difference and the fact that you are not acknowledging it makes me feel like you really don't understand how code works.
Also, don't put riot and valve in the same bag. PLEASE.
I guess you're right as long as you don't mind sharing your entire My Documents folder to the world.
No, on Linux, like the Steam Deck that OP mentioned. Windows was never mentioned here until you brought it up, and even there you're wrong, kernel level anti-cheat doesn't have the same level of access than any random game, even on Windows. Even Windows, with it's janky security measures, has some level of containment around users, even on Windows regular users can't edit system files or other users files, even on Windows a virus without root has a lot less access than a virus you give root access, and by having an interface that allows games to gain root access you've given viruses a new path to privesc. I recommend you read some more on cyber security and programming before saying something like "userspace == kernel level", because that's the same as someone attempting to discuss astrophysics with people who have masters on it while claiming the earth is flat. There's a whole field of study into how security can be compromised to go from userspace to kernel level, handwaving it away because you think your user's documents are the important part of a system is reductive at best and malicious at worst.
Do you know what a "strawman" argument is?
Yes, an example of which is someone pointing at a game not working on Linux and someone else ignoring the Linux part and attacking the argument as if it were on Windows. And doing a poor attempt at that, because even on Windows kernel level anti-cheat is invasive and leaves to privesc possibilities.
What a perfect excuse to not pay for it!
So are PlayStation consoles running Windows? FFS this is short sighted tying yourself to your competitor like that.
The point here is that the anticheat solution needs to be written for a specific operating system because it runs "outside" the game in a privileged way to try and detect cheating.
So they have anticheat on Windows, and their own consoles will have a different anticheat system that is specific for the console OS.
Running games on Linux via Proton is effectively an emulation or translation layer, and the Windows-specific anticheat is not going to work with that.
If Sony wanted to provide multiplayer support on Linux they'd also have to provide a native Linux implementation of the whole game, rather than relying on Proton, which sadly not many publishers are doing at all. So its technically quite understandable why this isn't possible.
Now, personally I think client anticheat is garbage and they should not be depending on that as a solution anyway, but that's a separate argument!
Isn’t there some way to design the multiplayer to not trust the client? Assume the client has aimbot and all can see through walls, etc. Design it with those things being expected instead of all this draconian pwn the user’s system nonsense.
Server-side anticheat is more complicated to implement, so companies go with the lazy client-side rootkit instead
Server side anticheat also requires trusted servers.
A lot of games are mostly P2P with minimal stuff actually happening on their own hardware.
Good point, I hadn't thought about that
Server side anticheat is mostly implemented in all popular games. An aimbot however can't be detected on the server side, it could just be a user moving their mouse perfectly. There's lots of client cheats like that, which is why clientside detection still makes sense.
You should read about statistics. An aim-bot will be consistently accurate, humans are not consistently accurate. If your aim-bot is purposefully inaccurate then it's useless. Long story short, your cheating has to be indistinguishable from human, which is HARD to accomplish, and if you do you'll lose 50% of the matches against other humans.
Not to mention a game with server side anti-cheat could purposefully send fake data, e.g. send a position for an "invisible" enemy, if you aim/fire to it you get tagged. It can do lots of similar stuff that would make the aim-bot less accurate than a human, e.g. every time an enemy enters line of sight add another enemy just outside of the frustum culling, or send an enemy behind a wall that has no visible parts. Cheaters will act on that information, regular users won't. At that point the only way to bypass that is with external hardware that acts on the same information an actual user does (which also bypasses client side anti-cheat anyways), at that point you have a robot playing the game for you and losing 50% of the battles....
Exactly, and that's why I expressed the sentiment that client anticheat is a poor solution. If you really really want to stop cheating, you have to do it on the infrastructure that you as the game developer have guaranteed and trusted control over, and that is the server.
How do you suppose to block an aimbot on the server side?
Primarily by not sending non-visible information and by detecting unrealistic/impossible motion. If the aimbot has to limit itself to what humans can do, it doesn't really matter anymore.
It does matter though. If you program the aimbot to act as if they were the best human, the aimbot is still going to beat everyone else, same as if it was behaving unrealistically superhuman. But you can't simply ban the best human from your game.
No human has perfect consistency, and it's always an option to manually review data if it's questionable.
What good is client-side scanning, when you can just run the aimbot outside the client and send the inputs directly through hardware?
Then program some inconsistency into the aimbot. it'll still win against everyone most of the time, still being a problem.
Manual review is always possible, but this requires a lot of people. And if someone really looks at the best players, they seem like an aimbot all the time.
Client-side scanning forces hackers to run the input through hardware, which increases the level of entry and investment necessary to start cheating. Of course everything is always avoidable, but it's about reducing the amount of cheaters by detecting the lazy/stupid people. If you just don't client-side scan at all, there will be a lot lot lot more cheaters. It's about reducing the volume so much that the amount is not that bad anymore and can better be dealt with manually.
It's about forcing cheat developers to spend time/money finding new ways to hide, reducing the value of trying to create cheats.
Of course there are privacy and security concerns. But client side detection in a limited manner does make sense.
I'm not the person you were talking with, but I mostly agree with them.
Here's the thing, client side anti-cheating is a losing battle, it's the equivalent of adding spikes to your key so you can give it to someone so they won't be able to open your door, once they have the key they can remove the spikes. Client side anti-cheat can ALWAYS be bypassed, they rely on security by obscurity to prevent people from removing the actual check, but it's a losing battle, no exceptions.
Server side anti-cheat is the only method that has the possibility of being accurate. Like you said, you can make your aim-bot be indistinguishable from human, but then you're going to be on a human level and other humans might beat you. Any game that worries about this already has a skill based matchmaking, which means that cheaters will end up playing with other cheaters or humans with a similar level of skill, so who cares?. You might get one cheater that's still ranking up on a match, but on the long run they'll cluster together.
Except we have a few ACs that work with proton. battleye and EAC being the notable examples.
https://areweanticheatyet.com/
The issue isn’t that the ACs can’t work. It’s that they don’t run at the kernel level under linux and so some developers have concerns that the ACs wont be as secure.
Though given how things have been lately with MP games. You have to wonder if theyre even secure to begin with.
Akshually, wine is not an emulator!
I'll see myself out.
Mmn yeah. I described it as a translation layer also, which is more accutate, but I used The Bad Word because more people have an understanding of what an 'emulator' is in common usage and it felt appropriate in this context.
And... Wine stands for Wine Is Not an Emulator, too.
Ok but why does a game like Ghost of Tsushima need an anti-cheat to begin with?
They're running FreeBSD (Heavily modified).
this is only mildly better then the conclusion jump. I am almost strictly single player, but the ideology of paying full price(which is becoming increasingly common to be 70$) for a game that I won't actually be able to use all the features of... it's not very appealing to me. Granted it isn't fair of me to expect it since the company doesn't advertise it as being non-windows friendly, but it still doesn't mean I need to buy it. If they want my support, they will need to at bare minimum have it be proton/wine compatible, even if shitty support. If I can't mark that box it's a solid not buying. It's a statistics case, if there are enough people like me, companies would change.
I'm not even asking that they make their games specifically linux-compatible. I'm just asking for them to not prevent compatibility.
I understand making games only for Windows because that's where the market share is. But going out of your way to ensure they won't run on Linux is a dick move.