Editing Cheating in online games (section)

==Anti-cheating methods and limitations==
<!--"anticheat" and "anticheats" redirect here-->
[[File:Strinova prohibited software and hardware.png|thumb|Most competitive multiplayer games prohibit third-party software that can give an unfair advantage, such as [[Macro (computer science)#Keyboard and mouse macros|macro]] software.]]
There are many facets of cheating in online games which make the creation of a system to stop cheating very difficult; however, game developers and third-party software developers have created or are developing<ref>{{cite web |url=http://www.theinquirer.net/inquirer/news/1041400/intel-plays-tattle-tale |archive-url=https://web.archive.org/web/20131203003900/http://www.theinquirer.net/inquirer/news/1041400/intel-plays-tattle-tale |url-status=unfit |archive-date=December 3, 2013 |title=Intel plays tattle-tale |date=June 22, 2007 |author=Wily Ferret |publisher=The Inquirer |access-date=2012-12-15 }}</ref><ref>{{cite web |url=http://www.theinquirer.net/inquirer/news/1023279/more-on-intel-anti-cheat-technology-revealed |archive-url=https://web.archive.org/web/20110408030805/http://www.theinquirer.net/inquirer/news/1023279/more-on-intel-anti-cheat-technology-revealed |url-status=unfit |archive-date=April 8, 2011 |title=More on Intel anti-cheat technology revealed |date=June 24, 2007 |author=Charlie Demerjian |publisher=the Inquirer |access-date=2012-12-15 }}</ref> technologies that attempt to prevent cheating. Such countermeasures are commonly used in video games, with notable anti-cheat software being [[BattlEye]], [[GameGuard]], [[PunkBuster]], [[Valve Anti-Cheat]] (specifically used on games on the [[Steam (service)|Steam]] platform),{{citation needed|date=June 2017}} and EasyAntiCheat.<ref>{{Cite web|url=https://gamerant.com/watch-dogs-2-cheat-multiplayer/|title=Watch Dogs 2 Anti-Cheat System Preventing Users from Playing Online|website=gamerant.com|date=30 November 2016|access-date=2019-12-25}}</ref>

Exploits of bugs are usually resolved/removed via a patch to the game; however, not all companies force the patches/updates on users, leaving the actual resolution to individual users.

===Authoritative and mirrored server design===
Generally, the better the server is at enforcing the rules, the less of a problem cheating will be in the game.<ref>{{cite web|url=https://udn.epicgames.com/Three/NetworkingOverview.html|author=Tim Sweeney|title=The Server is the Man|access-date=2015-07-06}}</ref> In this approach all client functionality either runs purely on the game server or alternatively the game server mirrors the client gameplay and continuously validates the game state. In many mobile games, it is a common practice to run the client game sessions synchronously on the server, using exactly the same user input. The client session is reset when the game sessions become unsynced, thereby preventing cheating.

Server-side game code makes a trade-off between calculating and sending results for display on a just-in-time basis or trusting the client to calculate and display the results in appropriate sequence as a player progresses. It can do this by sending the parts of the world state needed for immediate display, which can result in client ''lag'' under bandwidth constraints, or sending the player the entire world state, which results in faster display for the player under the same bandwidth constraints, but exposes that data to interception or manipulation—a trade-off between security and efficiency.

When [[Online game|game servers]] were restricted by limited available resources such as storage, memory, internal bandwidth, and computational capacity due to the technologies available and the cost of the hardware, coupled with internet connections that were slow, it was believed to be necessary to compromise on security for optimization to minimize the impact on the end-user. Today however, with the increased speed and power of multi-core computers, lower-priced hardware, and the increased availability of broadband internet, this has become less of an issue.{{cn|date=April 2022}}

===Software obfuscation===
Additionally to storing data in non-standard formats, some games also utilize runtime protection through software protectors. The key target is to keep attackers from directly inspecting or modifying compiled software. Protectors utilize any of three methods to protect software.

Encryption solutions will encrypt the code instructions and typically use a multi–layered defense mechanism against any reversing or tampering attempts that target the decryption code directly. Most protection systems in this category encrypt the code and then decrypt it at the application's startup or during runtime. This is the moment at which an attacker will breakpoint, reverse, and inject custom code. Runtime decryption may also add significant processing overhead and lower the game's framerate. Alternatively, some solutions focus on obfuscating the code by inserting jump statements and seemingly random instruction paths. The final and strongest alternative is virtualization.<ref>{{cite web|url=http://www.oreans.com/themida.php|date=2015-06-22|access-date=2015-07-06|author=Oreans Technologies|title=Themida technology introduction}}</ref> In this approach the encrypted code runs on a virtual CPU that can be markedly different from generic x86 and x64 CPUs as the command set can be unique for each protected file.

The shared weakness of protectors and virtualizers is that they impact performance, either by requiring decryption or by introducing unnecessary CPU instructions. To reduce the overhead code virtualizers are often only used to secure the critical parts of the code base, such as those interfacing with the game state and rendering.

===Player supervision===
Spectator functionality can allow server administrators to monitor individual players and thereby determine whether or not a cheat is in place. One risk of the spectator mode is that in competitive matches the spectator could abuse the mode for spying on specific players and communicating player positions and tactics to the opposing team. Some games get around this limitation by not allowing spectator mode at all, or by delaying the video feed.<ref>{{cite web|url=http://www.gamespot.com/articles/halo-5-spectator-mode-included-in-beta-but-it-won-/1100-6424219/|title=Halo spectator mode|date=2014-12-15|author=Eddie Makuch|access-date=2015-07-06}}</ref>

Some games have systemized player supervision by allowing the community to review reports of disruptive behavior, determine whether those reports are valid, and apply temporary bans if appropriate. Reports can include data such as screenshots, videos, and chatlogs.

===Anomaly detection===
Anomalies in player behavior can be detected by statistically analyzing game events sent by the client to the server. The benefit is that this anti–cheat method is non–intrusive to the player's privacy and guaranteed to work on all end–user system configurations. The restriction of this method is that it cannot always be clear whether or not a player is cheating. Highly skilled players can for example develop such a map sense that they may end up being flagged for the use of a wallhack and/or aimbot. On the other hand, players may also cheat in a way that is under the detection thresholds and remain uncaught.

To reduce the amount of false positives, statistical detection systems are often combined with a supervision system that either is community driven or managed by a professional administrator team. In such implementations unusual player behavior can trigger a client-side component to create and upload reports for review.

===Pattern detection===
Pattern detection systems scan the player's hard drives and system memory for known cheat code or programs. Compared to statistical detection the key advantage is that also the subtle cheaters are detected. Other than this, a pure pattern detection approach generally has few advantages. Experience has shown that keeping detection-based systems up to date is relatively slow and labor-intensive as one needs to constantly track down cheats and update detection patterns. End–users may also be concerned with privacy issues, such as has been the case with VAC (Valve Anti-Cheat) accessing browsing history.<ref>{{cite journal |url=http://www.pcgamesn.com/counterstrike/gabe-takes-reddit-clear-valve-anti-cheat-rumours-do-we-send-your-browsing-history-valve-no |title=Gabe takes to Reddit to clear up Valve Anti-Cheat rumours; "Do we send your browsing history to Valve? No." |date=19 February 2014 |access-date=6 July 2015 |first=Jeremy |last=Peel |journal=[[PCGamesN]]}}</ref>

===Sandboxing===
[[Sandbox (computer security)|Sandboxing]] a software process can protect against potentially malicious actions such as code injection and memory modifications that would otherwise tamper with the game.<ref>{{cite web |url=http://robocraftgame.com/easyanticheat-0-7-872-heavy-anti-hack-and-anti-cheat/ |title=RoboShield description |date=5 November 2014 |access-date=6 July 2015 |archive-url=https://web.archive.org/web/20161130120242/http://robocraftgame.com/easyanticheat-0-7-872-heavy-anti-hack-and-anti-cheat/ |archive-date=30 November 2016 |work=[[Robocraft]] |url-status=dead }}</ref> One of the key benefits of sandboxing is that it can effectively prevent the underlying cheat mechanisms from working, and thereby can avoid the need for banning game community members as cheats simply do not work. Additionally, strong prevention mechanisms can stop many game hackers from targeting the game because of elevated skill requirements. Compared to pattern detection systems, sandboxing is generally not privacy invasive, as the approach requires no data to be uploaded to foreign back-end systems.

===System incompatibility===
Anti-cheat software commonly use low-level system interfaces not intended by the OS vendor for public use. As a result, they are a common source of incompatibilities with newer versions of [[operating system]]s and security measures as well as alternative OS API implementations such as [[Wine (software)|Wine]].<ref>{{cite web |title=An update on Easy Anti-Cheat support for Wine and Proton |url=https://www.gamingonlinux.com/2020/06/an-update-on-easy-anti-cheat-support-for-wine-and-proton |website=GamingOnLinux |date=20 June 2020 |language=en}}</ref> For example, Windows enables Hypervisor-protected Code Integrity (HVCI) by default in every market except Chinese and Korean installations due to anti-cheat compatibility issues.<ref>{{cite web |title=Hypervisor-protected Code Integrity enablement |url=https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-hvci-enablement |website=docs.microsoft.com |date=7 April 2023 |language=en-us}}</ref>

=== Third-party hardware detection ===
With the additional scrutiny directed towards the rising popularity of the third-party peripherals being used to gain unfair advantages in competitive games, game developers such as [[Bungie]] and [[Activision]] started cracking down on the users of these peripherals, with Activision updating its RICOCHET cheat detection software to detect such devices,<ref>{{Cite web |title='Call of Duty' can detect and ban XIM-style cheat hardware |url=https://www.engadget.com/call-of-duty-can-detect-and-ban-xim-style-cheat-hardware-100314416.html |access-date=2023-04-15 |website=Engadget |date=5 April 2023 |language=en-US}}</ref><ref>{{Cite web |last=Warren |first=Tom |date=2023-04-04 |title=Call of Duty is the latest to detect and ban XIM cheaters |url=https://www.theverge.com/2023/4/4/23669939/call-of-duty-warzone-xim-ban-suspension-warning |access-date=2023-04-15 |website=The Verge |language=en-US}}</ref> while Bungie has just announced that while they are fine with using peripherals for the sake of genuine [[accessibility]], they are ready to take countermeasures if they detect players using these devices to gain unfair advantages.<ref name=":2" /> <ref>{{Cite web |title=This Week at Bungie - 4/13/2023 |url=https://www.bungie.net/7/en/News/article/twab-04-13-2023-best-dressed |access-date=2023-04-15 |website=www.bungie.net}}</ref>