Forums » Suggestions
1) Yes, hacking the game is possible. Hacking any client/server game is possible, if the client is ever trusted to do anything. Otherwise, the server has to do all simulations in lock-step to check against the client. This is not scalable, for us, or anyone else, so basically the concept of the real-time MMO would stop being "a thing".
2) I knew this back in the 90s, when we started, and I approached it from the point of "mitigation" rather than expecting perfection. We do bounds-checking. That means we do some limited simulations, but not everything, all the time. It does mean some cheating might be possible, within bounds, but we're limiting the potential and keeping an eye out for people who might be doing it.
3) Unfortunately, the bounds-checking stuff was having problems until recently. There was an obscure bug, buried deep in the server, that kept causing us to get false-positives on mass hacking. If we had believed our data, we probably would have banned all of you. We debugged it a couple of times, but it was a weird case, and we could never reproduce it artificially. We fixed the problem recently, but we don't have a lot of historical information.
4) Even with this, there are no absolutes. I cannot absolutely prevent cheating, especially when it comes to memory-hacks. Yoda is simultaneously asking why we aren't penalizing people for mass-hacks, while at the same claiming I can believe the client when it reports its mass ("Anyone who launched with a ship that was mass +<10 = cheating.") But, anyone who can hack the simulation mass in memory, can also hack the client to report the non-cheating mass, so it would be naive to believe the client. It can say "Yeah, my mass is totally 20!" and then proceed to send a bunch of trajectory data that would be impossible with a mass of 20.
5) Which is WHY WE DON'T DO THAT. Instead, we do bounds-checking simulations, on the server. But they aren't perfect, and they never will be. We also aren't looking at the server logs every second. People don't know the degree to which we're bounds checking, or if we're doing a high-accuracy check more often on certain people who may be suspected cheaters, etc. What they do know, is that I take a pretty dim view of cheating, so they're risking their accounts by their actions.
6) Blizzard has gone down the rabbit hole of insanity with their own anti-virus scale anti-cheat software. I don't have the budget for that, and the success is limited at best anyway.. because anything in memory can be edited. The only certainty is to simulate on the server, and because none of us have the horsepower to simulate everything all the time, we have to pick and choose what we do.
-----------------
Yoda, I wasn't complaining about computational resources with searching through logs, I was complaining about HUMAN resources. You know, the people making the game. Yes, it takes a lot of time to write all the scripts that are combining data from different logs in different ways to find different problems.
Some of you guys need to dial down your sense of injured self-righteous indignation. Some of you don't understand the problem well enough to be critical of what we're doing, but are still excited to light torches. Others are just grumpy and pissed at me for some reason. Chill out?
If there is a genuine concern about some particular individual mass-hacking at a particular time, the best course of action is just to submit a Support Ticket and tell us about it, quietly. Let us look into and monitor the issue. We do care about preventing cheating, but it can be a technically knotty problem to resolve, when you get into memory-editing.
Also, keep in mind that we get tickets every week from someone claiming that someone else did them wrong.. where the injured party turns out to be totally and empirically incorrect. I'm not saying people haven't mass-hacked, I believe it, I'm just saying.. assumptions are not the same thing as reality.
If we have a game where your chance of meeting someone who is cheating is near-zero, then we're probably doing pretty well? I would bet money that that is likely the case, right this second. And instead of bitching about the possibility of a non-zero state, people could just.. play the game.
2) I knew this back in the 90s, when we started, and I approached it from the point of "mitigation" rather than expecting perfection. We do bounds-checking. That means we do some limited simulations, but not everything, all the time. It does mean some cheating might be possible, within bounds, but we're limiting the potential and keeping an eye out for people who might be doing it.
3) Unfortunately, the bounds-checking stuff was having problems until recently. There was an obscure bug, buried deep in the server, that kept causing us to get false-positives on mass hacking. If we had believed our data, we probably would have banned all of you. We debugged it a couple of times, but it was a weird case, and we could never reproduce it artificially. We fixed the problem recently, but we don't have a lot of historical information.
4) Even with this, there are no absolutes. I cannot absolutely prevent cheating, especially when it comes to memory-hacks. Yoda is simultaneously asking why we aren't penalizing people for mass-hacks, while at the same claiming I can believe the client when it reports its mass ("Anyone who launched with a ship that was mass +<10 = cheating.") But, anyone who can hack the simulation mass in memory, can also hack the client to report the non-cheating mass, so it would be naive to believe the client. It can say "Yeah, my mass is totally 20!" and then proceed to send a bunch of trajectory data that would be impossible with a mass of 20.
5) Which is WHY WE DON'T DO THAT. Instead, we do bounds-checking simulations, on the server. But they aren't perfect, and they never will be. We also aren't looking at the server logs every second. People don't know the degree to which we're bounds checking, or if we're doing a high-accuracy check more often on certain people who may be suspected cheaters, etc. What they do know, is that I take a pretty dim view of cheating, so they're risking their accounts by their actions.
6) Blizzard has gone down the rabbit hole of insanity with their own anti-virus scale anti-cheat software. I don't have the budget for that, and the success is limited at best anyway.. because anything in memory can be edited. The only certainty is to simulate on the server, and because none of us have the horsepower to simulate everything all the time, we have to pick and choose what we do.
-----------------
Yoda, I wasn't complaining about computational resources with searching through logs, I was complaining about HUMAN resources. You know, the people making the game. Yes, it takes a lot of time to write all the scripts that are combining data from different logs in different ways to find different problems.
Some of you guys need to dial down your sense of injured self-righteous indignation. Some of you don't understand the problem well enough to be critical of what we're doing, but are still excited to light torches. Others are just grumpy and pissed at me for some reason. Chill out?
If there is a genuine concern about some particular individual mass-hacking at a particular time, the best course of action is just to submit a Support Ticket and tell us about it, quietly. Let us look into and monitor the issue. We do care about preventing cheating, but it can be a technically knotty problem to resolve, when you get into memory-editing.
Also, keep in mind that we get tickets every week from someone claiming that someone else did them wrong.. where the injured party turns out to be totally and empirically incorrect. I'm not saying people haven't mass-hacked, I believe it, I'm just saying.. assumptions are not the same thing as reality.
If we have a game where your chance of meeting someone who is cheating is near-zero, then we're probably doing pretty well? I would bet money that that is likely the case, right this second. And instead of bitching about the possibility of a non-zero state, people could just.. play the game.
Lock this damn thread already before I drive down there and kick your ass for feeding the trolls
I've actually got quite a bit of respect for a developer that can make even the trolliest of suggestion-trolls look like a princess..
Heh, ok.