This is so funny because rust has one of the worst cheating situations and majority of their players are windows users, and theres lots of games that have anticheat that allows linux and have notably less significant cheating problems like marvel rivals. in reality rust doesn’t take cheating very seriously because if they did they would have more server side software that detects illegitimate behaviour like tons of other games do successfully… even most popular Minecraft servers have better functioning anti cheat that is completely server side than rust has while getting kernel access to your pc. its pathetic and lazy development tbh and this entire post from them reads like such extreme cope…
You must log in or # to comment.
Get your anticheat code off my fucking cpu and onto your servers where it belongs.
Garbage games do this, simple as.
Absolutely. You know where all the players are and what they have. Just check if something that the client is reporting is IMPOSSIBLE and kick the player who threw the request. If you have a player who is performing at over a certain level of realistic performance, have someone manually check them to verify they’re legitimately that skilled and if so, flag the account as “actually just that good”. It’s the only reliable solution.
I’m not a gaming dev, but a full-stack web dev; is it not common sense that data needs to be validated on the server side, not client? I don’t really get why client-side “anti-cheat” is a thing, but may be missing something.
Not a game dev either but my guess would be the main reason is server performance/compute cost.
Any checks that are done on the client run on the users’ hardware instead of the publisher having to pay for more/better servers and electricity.I think the disconnect with most other types of developers stems from the respective goal hierarchies. In most fields of computing, correctness isn’t just a high-value goal - it’s a non-negotiable prerequisite. With online multiplayer games, one of your chief concerns is latency and it can make sense to trade some cheating for a decrease in lag. Especially if you have other ways of reducing cheating that don’t cost you any server processing power.
Also, aren’t many of the client side anti-cheat solutions reused in several games? If you’re mainly checking that the player is running exactly the same client that you published, I imagine the development cost for anti-cheat is lower.
TLDR: Money. It’s always money.
I think you’re wrong about one thing - it’s not about compute cost, but about complexity of accounting for latency. You could check if the player can see the enemy they’re claiming to have shot, but you really need to check if they feasibly could’ve seen the enemy on their computer at the time they sent the packet, and with them also having outdated information about where the enemy was.
The issue gets more complex the more complex the game logic is. Throw physics simulation into the mix and the server and clients can quickly diverge from small differences.
Ultimately, compensating for lag is convoluted, can still cause visible desync for clients (see people complaining about seeing their shots connect in CS2 without doing damage), and opens up potential issues with fake lag.
More casual games will often simply trust the client, since it’s better for somebody to, say, fly around on an object that’s not there for other players, than for a laggy player to be spazzing out and rubberbanding on their screen, unable to control their character.
You can also just check 1 in every 10 or 100 player actions
Aimbots and esp is client side only.
hmmm I see; could not at least aimbots still be detected on the server side?
Not 100% no. And any evaluation method you do will either allow more cheaters or catch very good players. Not to say this isn’t done because it totally is just that it’s very far from perfect.
Hell I’ve heard of cases where some really good streamers had to be an a special list of people to not kick/ban from this kind of detection because they’ve repeatedly been falsely detected. If you aren’t a streamer you will have a lot harder of a time to get unbanned though not just because you aren’t famous but also because it’s harder to prove your innocence.
I remember Valve placing honeypots that would be impossible for a honest player to see or reach, and banning in mass the players who fall for it after some time to avoid the adaptation of the cheaters. And that is a cheap yet effect way to clean the player base.
Other interesting strategy is to limit the client information available, of the character is not looking with a scope, the client doesn’t need to know if there is another player far in that direction.
Probabilistic analysis is not the only way.
But I know that some strategies would demand major reworks or good planning from the development phase.
Honeypots are not an easy solution either though unless you only really do it as a one off thing. And to be worth it you have to allow those cheaters to continue for some time before banning. You shouldn’t underestimate how adaptable cheats developers are.
Limiting information is easier said than done especially for circumstances that matters the most. And don’t forget people can still hear others through walls.
Hello game, yes, I am indeed actually on the other side of the wall, now inside the enemy’s base.
What performance threshold should that be? 10%? So 140,000 manual checks of CS:GO players? 1% is still 14,000. How are you going to check those people - go to their houses? If they don’t let you in just ban them? What about people who install cheats that allow them to perform as well as someone in the top 2% but not top 1%? They have a free ride?
It’s not possible to catch all cheats, but pure server-side cheat detection is basically worthless.
Doesn’t CS do it by using volunteers, showing clips to players waiting for matches or something where they can vote if the player was using cheats? I could be remembering wrong though, my CS knowledge comes entirely from watching klicksphilip :P
No, they don’t do that anymore. It ended with CS:GO.
CS has VAC which can issue VAC bans - unless something’s changed. They may also get volunteers to assess stuff idk.
Just look how well this went for Valve & CS2… It’s riddled with cheaters, despite having multiple updates to VAC over the year. This method only works for games like World of Tanks, where most things are server sided.
So many games that work flawlessly on Linux, so I just skip those that don’t:]
This is the way.
And let people run their own dedicated servers again.
There are community rust servers with EAC disabled (mainly for linux players). I don’t know what the fuss is about.
How many of them competitive multiplayer?
many. Marvel rivals, a bunch of the battlefield games, arma 3, dayz, dead by daylight, halo, hunt showdown, team fortress, war thunder, csgo, deadlock, vail vr most of these games manage to have less rampant cheating than rust while supporting linux at the same time, meanwhile rust claims that only 0.01 percent of players, only 14 people, were linux players and somehow thats causing a serious cheating problem that they cant resolve? anyone can tell how dumb that sounds…
Very obviously many. But I gotta say my reaction to your reply is just “eeew, I’m so glad I’m not one of those people” (who only play those kinds of games).
Server side anti-cheat should be the focus of every game company with an MMO game in their catalog. Relying on kernel access is madness.
Let’s do some math here, they said:
More cheaters using Linux than legit users (…) .01% of all players base
Let’s do a quick math. The maximum peak users for Rust was 259,646 concurrent users according to https://steamcharts.com/app/252490 . Let’s assume 60% (more than half) of all the .01% users were cheaters, congratulations, you got rid of all those 16 cheaters… I haven’t played much Rust, but I’m fairly confident that there’s a bit more than 16 cheaters there.
And that’s without getting into the whole client side anti-cheat doesn’t work.
You dont understand linux users have black magic hacks that ruined the game for every player on every server, their power cant be understated… Theyre a whole bunch of dangerous hardened criminals
I feel like some people think Linux is only for hackers and cybersecurity professionals
And genuine hackers and cybersecurity professionals have got way better things to do than cheat in Rust.
The cheaters are all obnoxious 12-year-olds who couldn’t land a single hit without the cheats, that’s why all the compilation videos of cheaters falling foul to fake cheat software are so funny. They’ll spend 10 minutes trying to go through a doorway without it ever occurring to them that something must be wrong.
🤣 beware the Linux users
“Do not tangle with the type of people who decide to put Linux on their PlayStations. Trust me, you are wasting your time.”
- Extra Credits host guy, like a decade ago.
every single one is a l44t hack3r bro
It was the elite hacker 4chan, they hacked all their servers and stole all their ram.
If Valve’s expanding hardware lineup helps increase SteamOS adoption, they’ll change their tune.
I doubt that they will, given the fact that Linux is misrepresented a lot. They use Linux servers, so why not support Linux already?
Not a chance.
Overhaul your entire game stack || Blame Linux for being too small
Why would they need to overhaul their game stack? Rust would run just fine on Linux if they didn’t block it intentionally.
When I say they’re gamestack, I’m talking about their client and their backend services and their associated middleware.
Moving a game that is mostly client authoritative to server authoritative is a hell of a lot of work and requires serious rewrites to both the client and the server.
It also requires a lot more compute to handle the back end.
When you go from calculating everything on the front end and just sending the data back to the back end to sending actual controls to the back end and doing simulations, you need to rewrite a significant portion of everything.
It’s way cheaper and way faster just to write it in the client, and require the kernel/secured OS to police risky actions to the application.
The last couple of projects I looked at were probably 50% more man hours to make it server authoritative out of the box. Trying to come back and do it after the fact, It’s much, much higher.
I would bet that the claim of more than half of Linux players cheating is false positives due to shitty anti cheat. Like the anti cheat relying on some windows process or trying to initiate some process and linux is structured differently so it fails.
THE INTEGRITY OF YOUR DEVICE COULD NOT BE VERIFIED
If your cheat detection runs on the client side only, you don’t have cheat protection.
Well, there only so much in gaming that reasonably can be done server side.
Sure, the server could identify that a player shouldn’t be visible and not transit that location to a client, addressing seeing through walls, in theory.
But once a player is hypothetically visible, aimbot can happen. If you are crawling in a ghillie suit in the grass, but the other player has a client that skips rendering grass and replaces the ghillie suit model with a suit made of traffic cones…
Now intrusive anti cheat isn’t worth it, but it is an unavoidable reality that it is up to the client to preserve the integrity.
Closest you get would be streamed gameplay, where the rendering even is server side. Also not worth it. But even then I could see cheating machine vision and faked controls to get an edge unfairly.
replaces the ghillie suit model with a suit made of traffic cones
lol
Developer of game ‘Rust’ talks about
anticheatrootkits on LinuxThis whole anticheat thing is so stupid. Remember when Sony got sued bigtime for including rootkits on their audio CDs? Why are game developers getting away with it no problem? Society is regressing and it’s frustrating to watch.
People are never interested in learning from history, they’d rather run face first into that wall.
The abusers typically.did read histor, saw what worked well, what didn’t, learned from that to become even better abusers.
This doesn’t only apply to games, it applies to politics, celebrities, religious clerks,you name it
People are never interested in learning from history, they’d rather run face first into that wall.
Just saw a comment in a topic about steam machines about “why do we even need to care about the past, its in the past, it doesnt matter anymore”
humanity is devolving to a state dumber than the chimp that scratches its ass, sniffs its finger, and falls off the log in shock at the smell.
So Linux users were 0.01% - one in 10,000 players - and also the main cheating problem?
Some odd math there.
No, he said he saw more cheat users using Linux than legitimate users using Linux. He also said Linux is another vector to cheats, not that its the main one.
He said he saw more cheaters than legitimate players on Linux after they stopped support. I mean, no shit?
He said when they stopped. That could mean at the moment of the stop or starting from the point they stopped the support. Both are a possibility, yet only one makes more sense than the other.
They dropped Linux before proton was invented. Go on any cheat website and the requirements will always say to have windows. Maybe proton is exploited by some cheaters, news to me. You should just ban windows, no more cheaters.
It’s not proton that is exploited. It’s the kernel itself that cannot be monitored by anti-cheats, meaning cheaters could install a modified kernel to mess with the anti-cheat
as if the cheaters can’t already evade anti-cheats even on windows.
Exactly. There are two methods that bypass kernel-level anticheat fairly easily, and there isn’t really any way around them.
You can run the game in a virtual machine, with cheats running at the hypervisor level. This level is more privileged than the virtual machine’s kernel, and can thus read or modify the active program without detection.
The other way is to load the hack into the bootloader, so the cheat loads before the kernel and, again, can thus be in a more privileged permissions state.
The only effective solution is to detect cheating server side, or change the game engine so cheats don’t work (like loading all models with no line of sight behind the player, so wall hacks and modified game models don’t matter.
There’s another whole category that also doesn’t care about what the game is running on the kernel: seperate device cheats. They act as a man in the middle for the input and output signals, and can auto shoot when you’ll hit or adjust your aim if you’re close but not quite there. Or just play for you entirely if it’s that good at processing the output.
And blocking that isn’t likely possible without killing streaming for the game or convincing all users to get input devices with encrypted connections or they can’t play your game.
I’d respond to the original comment that anyone who doesn’t have server side cheat detection isn’t serious about stopping cheaters. In any case, I just removed that game from my wishlist. Not that I needed another survival builder game anyways, though they do tend to catch my eye.
Good point. I remember seeing one about a monitor that can give edge-of-screen glow to indicate proximity of enemies in LoL or DOTA2 based on minimap information.
They probably gave up on preventing cheat entirely, and are just trying to reduce the amount of cheaters by making cheating as annoying as possible.
I do actually believe them when they say that cheating on Linux can be made significantly easier and more comfortable than on Windows. I think it’s a real fundamental issue for Linux, multiplayer games with toxic playerbases can be unplayable due to users being able to do what they want. They would have to make systems to allow for playing in smaller human-moderated servers, or rely purely server-side solutions
And that it self is measurable. Never understood the attempt to have total control on byod setups. Its never going to happen lol
That .01% number is out of line with the overall share of Steam users in 2018 by literally an order of magnitude. I can understand some deviation within a particular game, but that figure is so far off that I kind of suspect he just made it up on the spot.
I think he refers to the amount of Linux users playing their game.
Yes, but it’s still weird that their audience is so far outside the average proportions
Is it? Major FPS game sounds like the least likely game Linux users would be playing on Linux.
Why?
I play a fair amount of multiplayer FPS and I pretty much just assume I have to boot into my Windows partition for them because of anti-cheat. The fact there are some FPS games that actually support Linux is surprising news for me, hopefully more devs start adding support.
Because they historically didn’t work on Linux. Looking at shooters from 2018:
- CoD BLOPS 4 - didn’t work on Linux; it started working in 2022
- Battlefield V - doesn’t work on Linux
- Far Cry 5 - unreliable according to ProtonDB
But taking it further, they’re the gamer-iest games, so if you’re playing one of these titles there’s a high chance you’re playing a lot of games, probably with friends, and each one your friend group picks up is another chance for Linux support to be poor, meaning that you’re going to miss out. Obviously that doesn’t apply to everyone, but it’s absolutely going to reduce the number of people using Linux to play. With the Steam Deck now, this trend won’t be as prevalent, especially for stuff played with controllers, but I bet you’ll still see the phenomenon with AAA, multiplayer titles design for KB+M.
There was a native Linux build up until 2019. I also wouldn’t really class Rust as an FPS, but that’s beside the point.
Right but a Rust player is probably playing these other shooters.
I mean, Linux player base is only .01%, even if they are all cheaters, they will literally have no impact… You can’t say “Linux user base is too small”, and “if you support Linux you want cheaters” at the same time if you want to make sense.
Yeah, but saying “Our codebase is so terrible Linux keep showing us new bugs we won’t fix” or “We can’t sell your personal data with Proton” is worse PR…
When we stopped support for Linux, we saw more cheat users exploiting Linux, than actual legitimate users.
Am I reading this wrong? Or is this guy really trying to say the very predictable rise in exploit users on the platform after they stopped patching the exploits is proof that the platform is full of cheaters?
Yes. It sounds like they removed anti cheat from linux for a spell and watched an uptick in cheater switching platforms. So they weren’t willing to support the anticheat, removed it from the game and watched cheaters flock to the platform. I don’t think they are saying linux users are cheaters, just that cheater will use linux if vulnerable.
Maybe he meant at the point they stopped support, not after. But its not very clear from the way he worded it.
Curious take, Rust has about 137k users online (24h peak via steam charts rn atleast). Dev claims 0.01% of users play on Linux. That’s 13-14 players. If even a single person decides to cheat or run Linux to cheat the amount of “cheaters on Linux” would indeed “dramatically increase”. But that’s a really bad way to tell the narrative.
I don’t really care, i haven’t played rust in years and as others mentioned there’s way to much games i can play instead. Ive been playing a lot of The Finals recently and I’ve had a blast. They have Proton support and anti-cheat and atleast publicly say that they do want to continue supporting Linux.
If not supporting Linux is a business/economical decision just say so. This is a really bad way to discuss the situation and an attempt to frame linux players as cheaters. If you have 14 players total on Linux out of a total 100k then they most likely aren’t the problem.
I gave up Rust when I moved to Linux.
They are changing the game from building a cozy PvP Minecraft, to a clan based wargame.
Cozy players, don’t cheat, clans do (Not all, of course).
Changing? Zergs have run servers since the first day I played almost 10 years ago. Small monuments are war zones the first few days of wipe. I don’t think that’s changed much since. Rust has never been cozy on any server with a population.
Rust PVE on community servers is pretty cozy.
Yeah I should’ve specified vanilla pvp servers. It’s always been a KoS hellhole. If anything, recent changes have made pvp less punishing.
I’d imagine people on Linux who want to play Rust would be more than happy to shell out $15 and go through the little effort it is to download DLC so they can play on a Premium server when the other option is to shell out $140 for a Windows 11 license and go through the effort of installing that spyware trash to their PC.
On the other hand, Alistair clearly doesn’t want your money so maybe stop trying to give it to him.
i didnt plan to anyway lol and i dont think people should bother, rust is not a game worth the extra money or even worth the time in general… and its damn well not worth a windows install, and i say that as someone who alrdy has one just in case on my system, i wouldnt even choose to boot up windows to play rust…
