Nobody left server side cheat detection. Client side is a complement to it.
Server side detection simply won’t do the job by itself to the degree the bigger games need (which is effectively replicating a locked down console environment). The only real alternative is running the entire game server side. If you’re ok with cloud gaming (or at least with running nothing but the renderer and the controller input client-side) then maybe it can be done, although it probably would require some type of subscription service to compensate for the skyrocketing server costs. Otherwise I don’t think so.
at least with running nothing but the renderer and the controller input client-side
Nearly all competitive multiplayer games run this way. The client is an untrusted rendering service, while the overall state of the game world is tracked server side.
It really depends on the game. For things that are fundamentally PvP with a bunch of players, sure. 1v1 games sometimes use a bunch of other solutions and if there are big PvE components things may get complicated.
And that’s why I said “maybe” up there and why I went with cloud gaming as the default. Rendering on client means you can still do all sorts of crap in terms of wallhacks, spoofing inputs and so on. I really wonder how safe even cloud gaming would be. Could you do effective autoaim with just a rendered frame fast enough? I bet somebody would try.
Hell, in some cases the cheating isn’t even on software these days. CS had a big argument about some keyboard behaviors recently, as did fighting games about leverless sticks enabling certain shortcuts. I genuinely don’t know the current state of affairs around those these days.
Rendering on client means you can still do all sorts of crap in terms of wallhacks, spoofing inputs and so on.
The solution for this that’s now in vogue is server-side occlusion checking. Basically, map what objects/characters that player has line-of-sight on server-side, and send the client only data for those which are visible.
Could you do effective autoaim with just a rendered frame fast enough? I bet somebody would try.
This exists - it’s usually done with a microcontroller that intercepts the monitor feed, scans nearby the player’s cursor or center-of-screen for probable targets, and softly fuzzes mouse movements towards that target.
Hell, in some cases the cheating isn’t even on software these days. CS had a big argument about some keyboard behaviors recently, as did fighting games about leverless sticks enabling certain shortcuts.
Yep, 100%. That’s why root-level AC is a bad option: cheaters are just switching over to these out-of-band techniques.
Companies prefer root-level AC because it gives non-technical stakeholders the impression that a game is “cheat-proof”, and therefore, that they don’t need to fund customer support to monitor and review reports of cheating. They’re not using root-level, client-side AC because it’s more effective than alternative options.
