This is so funny because rust has one of the worst cheating situations and majority of their players are windows users, and theres lots of games that have anticheat that allows linux and have notably less significant cheating problems like marvel rivals. in reality rust doesn’t take cheating very seriously because if they did they would have more server side software that detects illegitimate behaviour like tons of other games do successfully… even most popular Minecraft servers have better functioning anti cheat that is completely server side than rust has while getting kernel access to your pc. its pathetic and lazy development tbh and this entire post from them reads like such extreme cope…
mentioning EA games like Apex Legends removing support is laughable. Sure Alistair, ALL those EA games ALL decided around fall of 2024 to ditch support for Linux/Proton. All at the Same time. Not because EA has a deal with Microsoft/Game Pass and NOT because a few months later Microsoft announced their own Handheld with Asus. Just like Riot.
So Alistair how long until Rust is announced for Gamepass with all DLC included?
I would bet that the claim of more than half of Linux players cheating is false positives due to shitty anti cheat. Like the anti cheat relying on some windows process or trying to initiate some process and linux is structured differently so it fails.
THE INTEGRITY OF YOUR DEVICE COULD NOT BE VALIDATED
If Valve’s expanding hardware lineup helps increase SteamOS adoption, they’ll change their tune.
I doubt that they will, given the fact that Linux is misrepresented a lot. They use Linux servers, so why not support Linux already?
Not a chance.
Overhaul your entire game stack || Blame Linux for being too small
Why would they need to overhaul their game stack? Rust would run just fine on Linux if they didn’t block it intentionally.
When I say they’re gamestack, I’m talking about their client and their backend services and their associated middleware.
Moving a game that is mostly client authoritative to server authoritative is a hell of a lot of work and requires serious rewrites to both the client and the server.
It also requires a lot more compute to handle the back end.
When you go from calculating everything on the front end and just sending the data back to the back end to sending actual controls to the back end and doing simulations, you need to rewrite a significant portion of everything.
It’s way cheaper and way faster just to write it in the client, and require the kernel/secured OS to police risky actions to the application.
The last couple of projects I looked at were probably 50% more man hours to make it server authoritative out of the box. Trying to come back and do it after the fact, It’s much, much higher.
This guy is from the UK and former military. I think there must be some kind of weird haywire thing where the military experience made him irrationally upset about people who do not follow rigid rules and structure or something.
No doubt he spends most nights stalking cheater forums and dreaming about the day he finally wins his war lol
i think its moreso the people most likely to go into military already tend to be more narcissistic people willing to kill others or easily convinced of extreme things like that for ego. Though the service can only really worsen those issues for most people. I also dont think he stays up at night like that lol i think he just hardly really gives a fuck cuz hes convinced he couldnt be going about it wrong despite him openly admitting other groups manage to and he just convinces himself its impossible with his team when every large server has their own moderation staff and can make use of tools if given them. His whole comment is so silly.
Stereotypes are so edgy.
But often true
Referencing my comment in the other thread, Facepunch employees keep being disingenuous about this claim. Even if it is true, due to how unplayable Facepunch made the Linux build a short while before they axed it for “a rampant cheating problem”, this claim does not have enough evidence. The linked comment goes into some more detail, but it is insane how much the developers keep doubling down on their disinformation.
I have literally never played a game and encountered an obvious cheater and if I did, I think I’d just change servers. Is this really such a huge problem and if so, what are its consequences beyond maybe being annoyed for 5 minutes?
Some games, like Tarkov, are plagued with cheaters, but Linux plays no part in any of it.
First time I went into labs I encountered a cheater, that’s when I learned to not play tarkov. Especially solo good lord
I’ve come across many, is it annoying? Sure. Is it the end of the world? No. You just leave the lobby/server and go in a fresh one.
No cheating is bad enough to justify a rootkit.
I’ve also been called a cheater a lot and they always sound very convinced even though they have no idea at all. I imagine these are the same people constantly complaining about cheating.
Some people take their game worlds entirely too seriously. I find far too many in the competitive gaming scene treat video game accomplishments/loot/losses on the same level as real-world ones.
Hundreds of hours in Marvel Rivals and I’ve also never encountered anyone I was sure was a cheater. Nor have any of the friends I play with, and I’ve never had anyone on voice tell me about encountering a cheater.
I’ve definitely had a handful of matches cancel with an alert that a cheater was detected though.
Maybe I’m lucky. Maybe kernel-level anti-cheat is a farce.
It’s almost like client side anti cheat doesn’t work and if proper server side anti cheat is made it wouldn’t matter what platform the client is on.
“never trust the client” is pretty much a motto of infosec, idk what the hell game devs expect
It’s not a motto. It’s a given must design. (I have work context)
The Problem is that that would increase the load on the server as well as make latency-mitigation much harder.
As with everything, it‘s always a tradeoff.
And this naïve understanding of infosec somehow makes people forget that this is not infosec, and there is more to anti-cheats than ignoring a client which says its travelling at warp speed.
See, the wild thing is that I used to run with some actual hackers in GMod… and… I learned from the exploits that they did, how you actually design at least a game mode script that can’t be fucked, can’t be poked proded or queried directly.
Of course, if the actual exploit is lower level than what I’m writing at, well then I’m still fucked…
I can remember at least one GMod originated, lower level exploit, caused by Garry leaving some direct, unsanitized interface to Steam itself directly exposed via lua… which caused Steam/Valve themselves to step in and rewrite a part of all of Steam, because Garry is s fucking moron, and more or less allowed a virus/malware to propogate through Steam itself, independent of Garry’s Mod…
Never did figure out if any of the goobers I knew had any direct ties to that or not.
But anyway, fucking yes, literally never trust the client with anything beyond their own GUI, and barely trust them with that, don’t just let them click on anything in their screen space to see if its an item they can put in their inventory, do an actual server side vector ray trace, from the item to the playet, make sure the thing they clicked on is actually near them, put that all into a buffer that locks up if they’re calling it at inhuman rates…
It was so easy to item dupe and stat boost and even hijack other players accounts in so many gamemodes I saw.
Fucking one of them had the user set and enter a login password to ‘access’ their various characters, pick one to spawn as.
Problem?
… That gamemode was actually doing the id check via SteamID, duh.
The username/password thing was a fucking phishing scam, that game mode had a forum, everyone used the same user names, a bunch of people got their hotmails or whatever fucked, by the dev of that gamemode.
… Anyway… yeah, I learned all this infosec type shit first hand, in an earlier ‘FacePunch Studios’ production.
Fuck Garry, fuck FacePunch, these people are idiot clowns.
Roblox exists now, the GMod roleplay communities independently invented their own ways of monetizing their gamemodes via syncing to their sites and forums with payoal widgets, ya’ll missed the boat on that one, no one is going to play S&ndbox in anything close to GMod in its heyday numbers.
Garry leaving some direct, unsanitized interface to Steam itself directly exposed via lua… which caused Steam/Valve themselves to step in and rewrite a part of all of Steam, because Garry is s fucking moron, and more or less allowed a virus/malware to propogate through Steam itself, independent of Garry’s Mod…
That sounds entirely on Steam. The game is the client in this context, and Steam as the server shouldn’t be trusting anything from the client.
This was like, over a decade back, I don’t remember it in accurate detail, and also, Garry deleted all the old Facepunch forums, which I do remember having a lot of discussion about this…
But, best I can recall, it was something like a buffer overflow/memory space exploit, because Garry exposed a core Steam function, that normally is only called by other Steam functions, in c++…
Well, Garry decided to give basically a lua api / reference method of accessing it directly, allowing doing arbitrary code injection into it.
So I mean yeah, you can say Valve should not have trusted Garry with low level access to Source and Steam, that that’s their bad, they should have expected he would create a serious security exploit out of naivette/hubris, like the proverbial junior sql db admin who just does ‘DROP ALL’ on prod, as an ‘experiment’.
Uh yep, I would agree with that.
I’m still confused why any game having a way to upload a worm into Steam is good and why it was uniquely a GMod problem. It sounds like a case of a problem waiting to happen and the first place it happened to happen was GMod.
sir, this is a wendy’s
Fuck you, take my order, stupid hallucinating AI drive thru working off an 18 year old microphone!
Oh Wait!
You’re closing half your locations after trying to push realtime adjusting prices.
Nah I’m good, I’m gonna be posted up at the abandoned Wendy’s, screaming at it all day long.
Get those pigtails in a hairnet, and my fries in a bag, thanks very much.
They’re totally different scenarios. How is the server supposed to know if a player has (e.g.) walls disabled and knows where the enemies are?
Because the client has to know where the enemies are while still hiding it from the player.
People who have no idea how things work and go off on quotes they see online is why these discussions are useless.
Because the client has to know where the enemies are while still hiding it from the player.
Why? :3 If a player shouldn’t be able to see someone, just don’t send their location.
But if they’re not rendered, what about their sound effects like walking, or something like their bullets?
This is actually an issue in War Thunder, where if the server thinks you shouldn’t be able to see a tank, it won’t render it, but this also causes it fairly frequently to not play noises from the tank like the engine or shots, and to not render projectiles from them either. So a teammate can die right next to you and you won’t know how because the shot wasn’t rendered on your screen even though you were looking in the direction of the enemy when they fired it. Or a tank with an engine louder than a semi truck will sneak up and kill you because the game simply decided that you shouldn’t be able to hear them.
Just send sounds too
So send their location then, since sounds have to be played from the player’s location in order to project from the right spot.
There’s been an increase in games that don’t give the client full knowledge of enemies. That data doesn’t actually need to be sent to the client if you can do checks on the server to know if they’re visible. Yeah, it needs to be simplified from a full raytraced solution from the camera, but it can be good enough that it isn’t much of a issue, depending on the game.
IIRC, some game (it may be Counter Strike, but idk) only gives your client player data for the “room” you’re in, and adjacent ones, or something like that. You can still see through walls near you, but you can’t see people on the other side of the map.
Yes, there’s always going to be a point where there’s nothing more you can do and you just have to hope for the best, and mitigate what you can on the client. Still, the naive “the client has to know where the enemies are” isn’t accurate. A well designed anti-cheat solution will try to come up with a solution for this. Sometimes it isn’t possible, but often there’s some amount of information that doesn’t need to be sent to players that can be hidden.
Depends on the game but largely enemies don’t need to appear in the client until they’re becoming visible to the player
Easy to say but if you use Unreal Engine it’s very hard to do that. Unreal doesn’t have a built in way to not replicate something not seen and the inbuilt networking is built on any action a player makes is tied to the player. So if you want to hear that player walking or shooting that player will exist on the client.
So the server has to compute whether a single pixel of the enemy’s body or shadow is visible to every client? How does the client play spatialised audio for enemy footsteps if it doesn’t know where they are - does the server calculate that as well?
I mean, if the client is thin, with everything computed server-side, this works, but that’s not what games are.
That’s the neat part: you don’t. If their idea of anti cheat means taking over my machine to scan everything that runs on it, it’s a lost battle. Either find a way to do it server side based on behavioral heuristics, or don’t bother.
Oh, so the only options are rootkits and server-side. Weird, I didn’t know the calculator app was one of those.
Finally someone who seems to have some sense of how things actually work and if course they get down voted…
Sure I get why people don’t like kernel anti cheat but they should at least understand the difficulties from not having it.
I don’t pay multiplayer. That said, what if there is no anticheat? Would that level the playing field? Let everyone aimbot if they want to.
It will ruin the experience for anyone playing competitively in a ranked mode, which means invalidating that mode entirely. This drives players away from competitive games like CS, Valorant, etc. which is why those games all use anti-cheats.
Similarly if there is a persistent world or some state that the game relies on to make the game fun for everyone, e.g. extraction shooter, MMORPG, etc then if the game state’s integrity is compromised it loses meaning entirely. Imagine playing chess but your opponent can move the pieces any way they like; it stops being a game.
I do agree that games where everyone agrees on cheating should allow it.
If your objection to client-side anti-cheat is that it “doesn’t work” what till you see what server-side anti-cheat fails to accomplish!
There’s no way with a pure server-side implementation to even try to work out whether the client is using an aimbot or wallhack. No solution is perfect, which is why the best solutions try to combine methods.
These people are delusional, don’t listen to them. Their cognitive dissonance drives them to jump through the biggest hoops to defend something that is simply flat-out wrong. You can’t beat most cheaters with a server side anti cheat only, unless you do what World of Tanks does and have everything server-sided which isn’t feasible for all games. Take CS2 or CS:GO for example. The game is riddled with cheaters, despite getting multiple VAC updates this year.
I don’t think it’s cognitive dissonance driving them, I think it’s hatred of rootkit anti-cheat that bleeds into other client-side anti-cheat.
People aren’t very good at separating different but related things, it seems.
Why would you even send the location of players behind walls? You can just do the visibility check on the server first. But hey that’s extra CPU cycles that they don’t want to be spending on helping you.
Visibility check of what?
- The player and their shadow and all visible effects on the game world -> congratulations, now the server needs a GPU per player.
- The player’s geometry? -> shadows pop into existence when the player’s arm appears around the corner, and the server is still way more expensive than it would be
- A volume around the player? -> Still allows a significant advantage, still requires significantly more horsepower, and the client still can’t do spatial audio
This amounts to making players use thin clients and putting all visual and audio rendering on the server if you want it to work and not suck. Will you be happy to save £1000 on your PC at the cost of having games cost £150 a pop? Thought not. Or did you think the “extra CPU cycles” were just free?
@FishFace @x00z my small thought -> i think today no solution can prevent “cheaters” because you can’t differ “cheaters” from users anymore if they want to.
Here is why ->
One PC is running the game -> a second PC emulates Keyboard and mouse inputs using a CAM (Capture Card) / Sound (microphon / digital capture) and an on the Game trained AI.So what does any “cheat protection” offer if they don’t protect against serious cheating ?
PS: “The only still working protection is lan play with control over hardware / software and players like done on real events”
Yes, there is no way to prevent all cheats. However, to prevent as many as possible, you need to use all available methods. It’s quite reasonable that kernel-level anti-cheat should not be available, as it it’s an overreach and a security risk. However, client-side anti-cheat is not that.
It’s a very hard thing to check for though especially with how complex the world can be in games today. Even if it was feasible you don’t know where a client will be in a few frames so you basically need to do a “what players can be seen from this general location” check. The higher movement speed the bigger of a volume is your possible viewpoint.
This is also ignoring all the things you need replicated even when you can’t see the player such as footsteps or them shooting or interacting with something.
You use both server and client side anti cheat.
Using only one will not work the way it should.
That, or cloud gaming needs to replace it.
Server side anti-cheat should be the focus of every game company with an MMO game in their catalog. Relying on kernel access is madness.
What a clown ahahha
Get your anticheat code off my fucking cpu and onto your servers where it belongs.
Garbage games do this, simple as.
Just look how well this went for Valve & CS2… It’s riddled with cheaters, despite having multiple updates to VAC over the year. This method only works for games like World of Tanks, where most things are server sided.
Absolutely. You know where all the players are and what they have. Just check if something that the client is reporting is IMPOSSIBLE and kick the player who threw the request. If you have a player who is performing at over a certain level of realistic performance, have someone manually check them to verify they’re legitimately that skilled and if so, flag the account as “actually just that good”. It’s the only reliable solution.
I’m not a gaming dev, but a full-stack web dev; is it not common sense that data needs to be validated on the server side, not client? I don’t really get why client-side “anti-cheat” is a thing, but may be missing something.
Not a game dev either but my guess would be the main reason is server performance/compute cost.
Any checks that are done on the client run on the users’ hardware instead of the publisher having to pay for more/better servers and electricity.I think the disconnect with most other types of developers stems from the respective goal hierarchies. In most fields of computing, correctness isn’t just a high-value goal - it’s a non-negotiable prerequisite. With online multiplayer games, one of your chief concerns is latency and it can make sense to trade some cheating for a decrease in lag. Especially if you have other ways of reducing cheating that don’t cost you any server processing power.
Also, aren’t many of the client side anti-cheat solutions reused in several games? If you’re mainly checking that the player is running exactly the same client that you published, I imagine the development cost for anti-cheat is lower.
TLDR: Money. It’s always money.
You can also just check 1 in every 10 or 100 player actions
I think you’re wrong about one thing - it’s not about compute cost, but about complexity of accounting for latency. You could check if the player can see the enemy they’re claiming to have shot, but you really need to check if they feasibly could’ve seen the enemy on their computer at the time they sent the packet, and with them also having outdated information about where the enemy was.
The issue gets more complex the more complex the game logic is. Throw physics simulation into the mix and the server and clients can quickly diverge from small differences.
Ultimately, compensating for lag is convoluted, can still cause visible desync for clients (see people complaining about seeing their shots connect in CS2 without doing damage), and opens up potential issues with fake lag.
More casual games will often simply trust the client, since it’s better for somebody to, say, fly around on an object that’s not there for other players, than for a laggy player to be spazzing out and rubberbanding on their screen, unable to control their character.
Aimbots and esp is client side only.
hmmm I see; could not at least aimbots still be detected on the server side?
Not 100% no. And any evaluation method you do will either allow more cheaters or catch very good players. Not to say this isn’t done because it totally is just that it’s very far from perfect.
Hell I’ve heard of cases where some really good streamers HD to be an a special list of people to not kick/ban from this kind of detection because they’ve repeatedly been falsely detected. If you aren’t a streamer you will have a lot harder of a time to get unbanned though not just because you aren’t famous but also because it’s harder to prove your innocence.
I remember Valve placing honeypots that would be impossible for a honest player to see or reach, and banning in mass the players who fall for it after some time to avoid the adaptation of the cheaters. And that is a cheap yet effect way to clean the player base.
Other interesting strategy is to limit the client information available, of the character is not looking with a scope, the client doesn’t need to know if there is another player far in that direction.
Probabilistic analysis is not the only way.
But I know that some strategies would demand major reworks or good planning from the development phase.
Honeypots are not an easy solution either though unless you only really do it as a one off thing. And to be worth it you have to allow those cheaters to continue for some time before banning. You shouldn’t underestimate how adaptable cheats developers are.
Limiting information is easier said than done especially for circumstances that matters the most. And don’t forget people can still hear others through walls.
What performance threshold should that be? 10%? So 140,000 manual checks of CS:GO players? 1% is still 14,000. How are you going to check those people - go to their houses? If they don’t let you in just ban them? What about people who install cheats that allow them to perform as well as someone in the top 2% but not top 1%? They have a free ride?
It’s not possible to catch all cheats, but pure server-side cheat detection is basically worthless.
Doesn’t CS do it by using volunteers, showing clips to players waiting for matches or something where they can vote if the player was using cheats? I could be remembering wrong though, my CS knowledge comes entirely from watching klicksphilip :P
No, they don’t do that anymore. It ended with CS:GO.
CS has VAC which can issue VAC bans - unless something’s changed. They may also get volunteers to assess stuff idk.
These are comments are a real Dunning-Kruger festival.
In fashit, or here?
explain
Peoples understanding of game development, especially competitive gaming, seem to be lacking with Linux users.
Probably because none of them are able to play them because of anti-cheat.
From the POV of most ppl here they should either spend a significant amount of money on server side anticheat and accept that lag will significantly increase or just allow Linux to play without anticheat because “there are so many cheaters why even bother”
Image Text:
From linux_gaming community on Reddit
Posted by: Alistair_Mc
There are no plans to support Proton or Linux. It’s a vector for cheat developers, and one that would be poorly maintained by both us and EAC due to the low user base. When we stopped support for Linux, we saw more cheat users exploiting Linux, than actual legitimate users.
When monitoring cheats for Rust, we keep a close eye on wider cheat communities across several major games. We look at what cheat developers are doing, and how other studios are responding.
From that experience, I’m very comfortable saying that if a game supports Proton or Linux, they’re not serious about anti-cheat. The only exception would be if they have a fully mature, dedicated in-house anti-cheat team, even then, I’m not seeing anyone handle Proton and Linux well.
Apex Legends also dropped Proton support in October 2024 for the same reasons as we did several years ago.
Could we limit Proton to Premium servers? yes, but I think it’s total bullshit asking Proton users to buy the game and then $15 worth of DLC. I’d be pissed if I were forced to do that.
When we stopped supporting Linux, users made up less than .01% of the total player base, even if that number has doubled, or tripled, it’s not worth it.
I know that every time I post something like this, some Proton and Linux users call us lazy or dismissive. The reality is that fighting cheaters on one front (Windows), is already a never-ending battle. Adding more fronts multiplies that challenge without adding meaningful benefit to the wider player base.
That .01% number is out of line with the overall share of Steam users in 2018 by literally an order of magnitude. I can understand some deviation within a particular game, but that figure is so far off that I kind of suspect he just made it up on the spot.
I think he refers to the amount of Linux users playing their game.
Yes, but it’s still weird that their audience is so far outside the average proportions
Is it? Major FPS game sounds like the least likely game Linux users would be playing on Linux.
Why?
Because they historically didn’t work on Linux. Looking at shooters from 2018:
- CoD BLOPS 4 - didn’t work on Linux; it started working in 2022
- Battlefield V - doesn’t work on Linux
- Far Cry 5 - unreliable according to ProtonDB
But taking it further, they’re the gamer-iest games, so if you’re playing one of these titles there’s a high chance you’re playing a lot of games, probably with friends, and each one your friend group picks up is another chance for Linux support to be poor, meaning that you’re going to miss out. Obviously that doesn’t apply to everyone, but it’s absolutely going to reduce the number of people using Linux to play. With the Steam Deck now, this trend won’t be as prevalent, especially for stuff played with controllers, but I bet you’ll still see the phenomenon with AAA, multiplayer titles design for KB+M.
There was a native Linux build up until 2019. I also wouldn’t really class Rust as an FPS, but that’s beside the point.
Right but a Rust player is probably playing these other shooters.
When we stopped support for Linux, we saw more cheat users exploiting Linux, than actual legitimate users.
Am I reading this wrong? Or is this guy really trying to say the very predictable rise in exploit users on the platform after they stopped patching the exploits is proof that the platform is full of cheaters?
Yes. It sounds like they removed anti cheat from linux for a spell and watched an uptick in cheater switching platforms. So they weren’t willing to support the anticheat, removed it from the game and watched cheaters flock to the platform. I don’t think they are saying linux users are cheaters, just that cheater will use linux if vulnerable.
Maybe he meant at the point they stopped support, not after. But its not very clear from the way he worded it.
Curious take, Rust has about 137k users online (24h peak via steam charts rn atleast). Dev claims 0.01% of users play on Linux. That’s 13-14 players. If even a single person decides to cheat or run Linux to cheat the amount of “cheaters on Linux” would indeed “dramatically increase”. But that’s a really bad way to tell the narrative.
I don’t really care, i haven’t played rust in years and as others mentioned there’s way to much games i can play instead. Ive been playing a lot of The Finals recently and I’ve had a blast. They have Proton support and anti-cheat and atleast publicly say that they do want to continue supporting Linux.
If not supporting Linux is a business/economical decision just say so. This is a really bad way to discuss the situation and an attempt to frame linux players as cheaters. If you have 14 players total on Linux out of a total 100k then they most likely aren’t the problem.
If Linux gamers are not worth his time as we are so few then maybe this singular person’s comments are not worth ours time over and over.
I hope for more than merely support for a freer OS. I want the whole video games industry to move away from a proprietary model to software freedom - where demand for support is not dependant on the original dev.
well yea idc i wasnt gonna play rust anyway i just posted since i saw it was being talked about and thought it might have some fun reactions about how stupid it is
I’m gonna make my own Rust, blackjack and h-… A better blackjack.
