25
votes
Battlefield 6 developer issues report on kernel-level anti-cheat, citing success
Link information
This data is scraped automatically and may be incorrect.
- Title
- Battlefield Comms on X (formerly Twitter): "https://t.co/uXgozX0NhG / X"
- Authors
- Battlefield Comms
- Word count
- 37 words
'We caught all the cheaters we found, therefore anyone we didn't catch must not be cheating!'
mhmm.
And now you have the CrowdStrike vulnerability: someone can push a bad update to their piece of shit rootkit, and render your machine inoperable. And you just have to trust that they aren't using it to spy on you.
This further solidifies my done-ness with PC gaming. Consoles are isolation for game company lunacy, and generally a better experience.
TBH, I found PC gaming a lot more enjoyable once I stopped playing competitive games alltogether.
Pretty much anything with ELO means that once you're where you belong, you're looking at a win rate of between 49% and 51% for the rest of time. And that kind of feels like crap. Even if they do ban all the cheaters.
Don't get me wrong, I'll still play those games on occassion. But I'm going to be that guy jumping ramps in fortnight instead of actually playing half the time.
Yeah, I don't really do anything ranked anymore either. Fortnite is the most competitive game I probably play now, unranked, and I pretty much just do quests until I realize there are ten people left and then spend a few minutes actually trying.
Final Fantasy XIV, I still play on my computer (a Mac), but that's more of a cooperative experience than PvP, and they don't have the need for invasive anti-cheat software. It's a server-authoritative architecture, and I suspect they have some sort of statistical analysis they do to flag cheating on high end instanced content, because they've caught and revoked world-firsts in the past. (Cheating manifests more in the form of advance warning of boss moves or such, as movement an abilities require a round trip to the server.)
Agree soooo much. I spent more than a thousand hours on Cs (counter strike) source in high school (christ, 20 years ago) and for most of it I sucked. But I found a couple servers I liked and it was more about the community and the steady and visible improvement against a group of strangers with a familiar core as the benchmark. Good days and bad, but the skill gulfs were part of the joy.
Going back to cs go or Cs 2 more recently the game felt better but the match making just seemed antithetical to my main memories of what made the game my steady state for so many years.
Better to sometimes be a god and sometimes be cannon fodder than to always be joe average. If your game requires a player wins to be fun, then about half the time your game isn't fun. Make an experience where losing can be fun and, well....
Battlefield 6's anti-cheat solution Javelin is similar to Riot's (in)famous Vanguard anti-cheat.
But what Vanguard does by running in the background 24/7, Javelin did by forcing users to enable secure boot, which in my opinion is a better solution.EDIT: As per @DefiantEmbassy's correction, Vanguard's prerequisites are actually identical to Javelin's, it just runs 24/7 on top. Not sure why.I'm far from a security expert, but given that multiple companies have now pivoted into using kernel level anti-cheats makes me think that against persistent for-profit cheat developers, these measures have become necessary. Remember, these cheats get offered on expensive subscriptions. For CoD I've seen prices exceed 30 USD per month, and that was years ago. Given that these cheat developers sit in countries beyond legal reach, and where 1 USD carries you much further than the local currency, they have a natural advantage and can offer pretty well paying jobs to develop these cheats. It's unfortunately become a business.
There was actually an interesting discussion about that in this thread about that. At least, I think it is interesting certainly in the context of the conclusion you are drawing now. I am sure that client kernel level anti-cheat is more effective compared to regular client level anti-cheat.
I am just not sure if it is necessary, or as I speculated in that previous discussion, a financial choice as it is cheaper than doing so on server level. Maybe more importantly, if it is a financial choice rather than a technical one. Are we talking about it cutting in the profit margins or being so much more expensive that it really is impractical?
Of course, companies will be heavily invested in painting a picture that the solution they have chosen is the correct one. So reports like the one you posted should be seen in that light. So they will be creative in their presentation. For example, in this twitter post they are not actually comparing it to previous solutions at all. They do link to a previous article. Where they mention
Great! They even provide a nice graph with it! But, hold on a second, they never mention what the rate was. And that nice graph, the Y axis, isn't labeled either. So, effectively, we can't draw any conclusions out of it.
This is a perfect example again of something I mentioned in a different context a while ago.
Again, this is one of those areas where I feel it is extremely important to be aware of the source author. Which is not to say they are wrong, but it is very clear that it is colored in their favor.
Personally, as a player I think it’s incredibly obvious it’s effective. There is a night and day difference between Valorant and BF6 and, say, CSGO. The latter is almost unplayable at mid-high ELO.
I’m not even going to bother playing a multiplayer game without kernel level anticheat. It’s a waste of my time. Having one is table stakes.
Sure, I am not doubting it is effective. It also isn't what I am arguing about.
I'm actually kind of confused, what do you mean by serverside anti-cheat?
Are you talking about taking a dumb terminal don't-trust-the-client-with-anything model? That's actually what Quake's original netcode was, and it was quickly abandoned as being completely unworkable in practice. Carmack then wrote QuakeWorld, which introduced the server authority with clientside prediction model that 99% of FPS games use today.
So...beyond server authority, what exactly are you expecting? Do you have any concrete examples of games that have a server-side anti-cheat you're thinking of? Do you have any particular examples of a particular game not doing something that you consider server-side anti-cheat?
The people most able to provide evidence that server-side-only anti-cheat is effective are the same developers accused of bias. So of course the people presenting the evidence for their side are biased; who else even has the experience to do so? Anti-cheat for a small game has very different incentives than anti-cheat for a very popular game.
Are there any games we can point at to contradict? Are there any games that are competitive, require low latency, very popular, do not have kernel-level anti-cheat, and do not have a lot of cheaters? I'm not a widely experienced gamer so I truly don't know if there is one that fits that. I just know CSGO/CS2 is not one of those lol.
I don't think there are any examples around, but that also ties into the question I asked in my comment
As I said already, I am absolutely confident in stating that client-side cheat detection is cheaper in many ways. Specifically compute costs as anything done on the server side is at the expense of EA where anything on the client side is billed towards the customer (hardware investment, power bill, all that sort of stuff).
At the same time, it seems impossible to me that they are not doing anything server side. No sane game developer who truly cares about this sort of stuff should actually operate on 100% trusted client network model. Actual detection should also still be done on the server side of things, you should never trust the client. Never trusting the client is a paradigm that is widely accepted across the IT industry, not just games.
With kernel level anti-cheat it does strike me an awful lot at trying to make the client still trustworthy through all means possible. So it seems to me that they are trying to do as much as possible on the client side of things, even though we know it shouldn't be trusted. Which either means that expanding server side detection isn't feasible, or that it would be more expensive (and some flavors in between those two). In a lot of the discourse around this subject, I am missing this context. Specifically, when the communication comes from EA and such.
The fact that it is missing and that they are heavily focussing on the successes. Combined with their very creative presentation of numbers is something I think people should be at least aware of. Even more so considering how invasive kernel level anti cheat is.
Occam's Razor would be that client-side and server-side anti-cheat detection used in conjunction is more powerful than just either one, so game publishers go for both. I'm failing to see where the disagreement is here and in the other thread. Client-side (provided the boot is secure) will catch a class of problems that server-side cannot, but client-side cannot be perfectly trusted either, thus necessitating that server-side must still exist. I don't see any disconnect here except that there's some strawmen being argued against.. No one is saying that the client-side anti-cheat must be the only solution. But some of us are saying that server-side will miss so much that it makes sense to raise the bar on the cheater by making the client really darn hard to hack.
Imperfect analogy, but a lock will never stop criminals. So we add in the criminal system and law enforcers, but even though those exist, I'm still going to use a hefty lock and maybe a camera system.
EDIT: P.S. I've never played Valorant because I won't use Vanguard. I play League because the macOS League client doesn't use a kernel-based Vanguard, but will drop the game the day it does. I get the arguments out of principle, but I also acknowledge that any game that aspires to a level of competitive integrity needs a way to make cheating really hard and letting clients go wild is not it.
To be clear, I'm not arguing that server-side alone would be sufficient, or that client-side anti-cheat doesn't add value.
I am full agreement that it likely has to come from both. So I am really not disagreeing with that as a base concept.
What I am however questioning is where the balance truly should be and that when we look for an answer trusting what EA has to say about this should come with a healthy dose of skeptisism.
When a company rolls out something as invasive as kernel-level anti-cheat, I think it's reasonable to ask: "Was this truly necessary, or was it chosen because robust server-side detection would eat into margins?" "
Basically, I am talking about corporate decision making, not about whether client-side detection works.
And to bring it in this specific context. When I look at how EA presents their data I see a few very obvious things. Graphs with unlabeled axes, percentage improvements without baselines and no comparisons to alternatives.
This reads more like marketing, rather than evidence.
That doesn't mean they are wrong. But it does mean I strongly believe we should not take their word for it that this level of invasiveness was the only viable path.
The analogy of the lock actually can illustrate the point. Yes, locks help even though they are imperfect. But, if my landlord wanted to install a lock that required my fingerpints and a retinal scan, I'd really wnat some evidence that a regular deadbolt wasn't good enough first.
The way I see it, multiple companies have come out stating that their invasive anti-cheat was necessary. Now the onus is on the group against that to provide any evidence contradicting, but they have not(?), so what reason is there to doubt these companies? The existence of any singular game that meets the criteria I laid out would refute the claims.
I get you don't like the EA graphs; here's the article from Riot I was thinking of and their graphs at least have labelled axes.
Funnily enough, that graph proofs they have caught fewer cheaters. Not necessarily that there are fewer cheaters in the game. Having said that, companies operating in the same market often face similar decisions with similar financial incentives. It isn't surprising that they will frequently choose the same approach.
The only people who can refute that it is necessary are the same people who have a financial incentive to not refute it. That does create a bit of a chicken and egg problem. Since we as a consumer can't really prove it either way.
What I as a consumer can do is look at articles like the one from EA and Riot and notice how they are being cheeky with graphs and numbers. These clear shenanigans can mean multiple things. It can simply be that they are being lazy in their presenting, it can also mean that in a different context they paint a slightly less clear-cut picture.
Either way, I do firmly believe at being critical towards any sources you are presented. Not just in this specific context, but overall.
Yes, when you've stopped cheats from happening, fewer cheaters get banned later because they are unable to cheat. That's how it works. And you advocate for critical thinking, but there's no reason to believe that the changes at the kernel level mean that they disabled all client-side detection or server-side detection that existed prior to it. Any somewhat competent person would have enabled the new protection rolled out with existing levels to gauge what effect the new protection has*. If none of the prior measures were dropped, then there's no reason to imply that they rolled out an ineffective system that's just letting people cheat at the same/higher rates and getting away with it.
There's being critical at sources and then there's sticking your head in the sand.
Honestly, I think we are just having two different discussions here. In the basis I am not disagreeing with you, I just also can see that the way they present numbers is very colored. As I also said, that might mean nothing but it is good to be aware of companies being creative with numbers and how they present arguments.
I'll now bow out of this talk as I think this
and this
Is uncalled for.
I do not perceive us as having two different discussions. I saw that you agree that invasive anti-cheat is more effective, but you disagree that it's proven that it's necessary. However, all available evidence that I'm aware of points to it being necessary. Your rebuttal is that the evidence can be manipulated in order to serve the company's financial interests. Unless there is something else you can point to, you're giving zero way to disprove what you're saying. If a company showed more extensive stats, you could say that they omitted any stats that disprove their idea. If a company showed all their data, you could say that they haven't proven they executed the most optimal server-side detection. And so on and so on.
I am, to be clear, saying that the stance that "we don't know that invasive anti-cheat is necessary" is a wrong stance to hold (unless there can be an example pointed at for the industry to follow). Until then, it looks more like the industry has evolved towards an optimal solution, as unfortunate as it is for gamers like me who detest invasive anti-cheat.
EDIT: reworded a little to be clearer. I think I wrote something the opposite of what I meant.
If you detest invasive anti cheat, why support it? Do you type other credentials or do sensitive things on your computer with a malware compromised kernel that's poking around on your PCIe bus and all your other application's memory? That's a lot of trust to place in malware developers who don't have your best interests at heart.
I don't support it! I avoid any games that have it. I do recognize that some gamers want it because they prefer the benefits. If that's what they want, fine, I will just play other games.
Oh right sorry. Misunderstood! Same as me then pretty much.
Do you separate your activity into multiple user accounts? If you don’t, then the reality is that any user mode software (on Windows) can surreptitiously key log you, or steal files on your computer not stored in an admin-only directly.
(I do advocate for better sandboxing here, but the reality is that it isn’t currently the case.)
The reality is that for a lot of people (including me), kernel-level ACs quite literally presents no difference in security and privacy. Not to mention the effectiveness.
If you’re trying to claim that kernel level spyware presents no risks in addition to what you can do in userland then I don’t believe it.
Firstly why would they even bother with kernel code if they could accomplish their spying in user mode equivalently.
Secondly whilst user mode software does exist that can do those things, such programs tend not to be quasi mandatory and installed in a sidecar type way, and most software I’d install wouldn’t be specifically designed to spy on me.
Anyway there’s clearly a gulf here and I noped out of the entire thing by just avoiding these products.
Because what kernel-mode gives you visibility into is other kernel-mode processes, not user-space. But you're not running any of your computing in the kernel, you're running it in user-mode. You can basically spy on anything else in user-mode from user-mode.
The other benefit here is being able to attest the status of the environment.
Vanguard specifically tells you what you're installing. It doesn't silently do anything.
VAC (Valve Anti-Cheat) is far more surreptitious. It installs silently alongside Steam or a VAC-required game. It is performing signature scans on your computer for hacks, without you having any control over it. The only difference is that it is entirely in user-mode.
Ultimately, you have to trust whatever software is running on your computer, whether it is "designed for spying" or not (I think most vendors would dispute that claim, anyway). If you do not trust a game vendor... you shouldn't be worried about the anti-cheat, you should be worried about the game itself. The game you install can steal your files, and key log you. There is no need to even go into the kernel-level there.
Seeing these conversations unfold again and again, I always wonder what it is specifically about kernel anti-cheat and secure boot anti-cheat that rankles people so much more than the myriad of other ways that players' privacy and security can be put at risk by the game itself.
The best explanation that I can come up with is that Secure Boot anti-cheat is the herald of making the PC platform a lot more locked down. Up until now, TPM and Secure Boot's advantages were probably seen as mostly theoretical, and something the vast majority of PC users didn't need.
Now, it seems like at least among PC gamers, Secure Boot has a "killer app" in terms of games where the bar to cheat is much much higher. But by the same token, if other applications decided to lock features and functionality behind attestation, the ask is a lot easier.
EDIT: People might point to the Steam's hardware ecosystem as a possible escape route, but I feel like it's a lot more likely that Secure Boot starts to be used in Valve's hardware ecosystem than Steam's market-share causing gaming companies to rethink their anti-cheat strategy. After all, Linux does support Secure Boot beyond the boot shim, it's just rare to see such a setup in the wild.
To try and make it clear for you, creesch's point is not "we can't trust these companies so they are lying", it's "we can't know whether or not these companies are lying so we shouldn't blindly trust that they're not". The point is not "it's not proven true so it's false", it's "this doesn't prove it true and there's nothing to prove it false so we can't know, keep that in mind".
Yes I'm aware (and was aware already) that's creesch's argument.
My mistake, that didn't seem clear
This is not how the burden of proof works. Is there a provable scenario that could not be detected server-side? Is it truly impossible to figure out who's cheating without spyware embedded client-side? That claim requires evidence before everyone should accept it at face value.
Given we have a historical record of companies lying to the public and prioritizing profits over people, and technology being used maliciously in unintended ways. They better have some damn good evidence that it's actually necessary. Or be ok with some people not believing them.
If I'm missing something about the situation, feel free to correct my understanding:
Company claims that kernel-level, invasive, client-side anticheat is necessary. And server-side anticheat without it is not effective enough.
Skeptical users press X to doubt.
Company provides unlabeled graphs and vague claims about reducing cheater numbers.
Users continue to doubt, because the provided evidence is self-reported and either lazy or obfuscated. And companies have a vested interest in reducing costs by pushing as much client-side as possible.
How is that unreasonable?
You are asking for proof of non-existence. This is a really hard thing to prove, as this thread shows that observers can always interject and say "yeah but like did you really do it properly though".
One company did, yes, but the other company (Riot) posted graphs with labels. And made very clear claims. You can feel free to dispute the honesty of the claims, labels, and numbers though.
Self-reported, yes. Lazy, in the EA case, yes. In the Riot case, no. Obfuscated, that's up to you to decide, but it's impossible to prove that it's not obfuscated. If your position is that it is, then I'm not sure how anyone can convince you of the opposite of what you believe, as any evidence they show can be claimed to be incomplete.
Lastly, I want to address the burden of proof question. This is on the "server-side and non-invasive client-side is enough" to provide any evidence now. That is because Group A made a claim ("server-side and non-invasive client-side is all that is necessary"). Group B replied with "here's data that shows that after years of server-side and non-invasive client-side, we were able to get cheating down significantly by making our client-side detection more invasive". Group A disputes that the evidence proves it and maintains its original position. At this point, Group B has made a claim with some evidence whereas Group A has only made claims.
Literally only difference between kernel anticheat and malware is who owns it and what they're looking for.
If I were part of a secret three-letter agency, first item on the agenda would be issuing a secret subponea to access those clients.
… in your hypothetical example where a three-letter agency could insert code into any software under their purview… you’d take Chrome a hundred times before exploring these relatively niche clients. Probably Edge and VSCode, next.
Chrome you couldn't get away with running a bot attack network on. Would be too visible to corporate networks. But home networks are mostly ignorant.
Plus, if one tool is discovered and exploited, close it and have another.
Anti-cheats are some of the most audited software in the world. That's because they are under constant surveillance by cheat developers. 11 years ago, VAC came under scrutiny, because cheat developers found that Valve was checking users' DNS cache, and spread the word around. Cheat developers actively want to sow mistrust here.
How else will they convince other game devs to license their malware?
I recall early in the Switch's lifetime, Splatoon 2 was rife with hackers. As I recall, weapon properties were locally available. Players could just alter the files to create hacked weapons, no server side verification. Games are played P2P, the server just does the initial matchmaking, although by now they surely do more verification checks.
Which is to say, IT seems more particular about not trusting the client, games don't take it as seriously. The stakes are a bit lower after all. That doesn't make it less... Dumb.
I'm watching an indie PvP game develop, they're having to carefully balance between trusting the client and affording the server. It's always so disappointing to find a hacker. One guy was logging in every 1min 13sec to exploit the rounding on a 2min 24sec timer, though he thanked the dev for being banned as he was clearly addicted.
Vanguard also requires Secure Boot, and the various other security feature Battlefield mentioned. (Support article: https://support-valorant.riotgames.com/hc/en-us/articles/22291331362067-Vanguard-Restrictions)
Thanks for the correction! Edited my original post.