A cheat can be defined as someone who acts dishonestly or unfairly in order to gain an advantage.
We know that at best cheating can annoy other gamers, but at worst the behavior can adversely affect other people's experience and cause conflict and distress -- the fact is that while cheats are always a tiny minority they tend to spoil gameplay for everybody, and so it's important to have a strategy to combat their actions.
In this piece, we'll focus on how My Games has learnt to recognise, call out and tackle the problem of cheating. We look at telltale signs and how we monitor our online gaming communities through both AI and community management, and how our experiences lead us to create our in-house anti-cheat software, called MRAC (Mail.ru Anti Cheat).
We've developed this strategy over many years of learning -- but we share this in the hope that the principles highlighted below will help any developer looking to learn more about the best systems to deal with anti-cheating and players who spoil it for others.
Part 1: Define the problem -- What are the most obvious signs of cheating?
There are numerous telltale signs that a player could be cheating as they usually break a game's core mechanics. We see things like moving unthinkably fast, teleporting around the map, clipping through walls, shooting through walls, pulling a one-shot from a "slingshot", or doing any number of impossible things specific to that particular game.
We also have to consider the possibility that a bug is being exploited without using cheats, and in this case it is not quite as clear whether a player should be labelled a cheater with the consequences that follow. Bugs -- as with cheating -- are rare and as developers we try to patch such in-game loop-holes as soon as possible no matter what their cause.
Of course, if a rival player headshots you as soon as you peak from behind the corner the entire match, they could be a cheater, but it is possible they are simply very good at the game! If you look at the statistics of this player and see that they have been playing the game for a long time and have good battle statistics, then most likely this is just an experienced player.
On one hand, experienced players are often mistakenly labelled as cheaters. On the other hand, if a cheater is careful and uses unknown cheats, they may not be noticed for a very long time.
Ergo, this isn't a black-and-white issue.
Part 2: How to recognise that you have a problem and what are the pitfalls of cheating?
To put it simply -- if a gaming community complains a lot about cheaters, then you have a cheating problem. If you are not sure you have a cheating problem, then you probably don't have it but you can quickly see that cheating will affect the game and player experience to everyone's detriment if it occurs.
If the problem is left to snowball it could affect the reputation of the game, and ultimately revenue
The fact is that cheaters are a bummer for everyone else. Instead of enjoying their time and results in the game other players get annoyed and many lose interest in the game and even leave.
Moreover, frustrated players then go to forums, social networks, YouTube and talk about their negative experiences. If the game's cheating problem is really big, then other players also join the discussion. This can lead to other players becoming interested in cheats, seeing that they can achieve results way easier. If the problem is left to snowball it could affect the reputation of the game, and ultimately revenue.
Part 3: Methodology for solving the problem
- Monitoring (AI/algorithmic/manual)
Cheat monitoring can be divided into two groups: public and private cheats.
- Public cheats are sold openly (or almost openly) online on many platforms. You have to regularly monitor all these platforms, buy cheats (pretending to be a cheater), review them, and update the anti-cheat software.
- With private cheats, it's much more complicated -- they are distributed in closed groups and generally you don't even know about their existence. In this case you have to start looking for cheaters in the game.
As noted above, it is not an easy task to identify a cheater with certainty by their actions and statistics in the game. And if they can't be identified with certainty, then they can't be banned, because there is a risk of banning an innocent person. We assume that we can only ban for using cheats when it was actually detected by the anti-cheat -- that a specific prohibited software was used, or unmistakable traces of cheats that unambiguously indicate its use.
Automatic analysis of player behavior can be used to identify suspicious players, [but] we rely more on the player-led in-game cheating complaint system
Despite that, automatic analysis of player behavior and statistics can be used to identify suspicious players. For example, if 99% of player shots are headshots at the end of a match or battle statistics have suddenly significantly improved, then something is probably wrong here.
However, we rely more on the player-led in-game cheating complaint system. Of course, there are many false complaints about seasoned players, but if we select players with the biggest number of complaints, then we can see they are all cheaters to a high degree of accuracy. If during the review the complaint is confirmed and a cheater is banned, the players who filed the complaint receive a message about it. To us this approach seems more effective and simple than automatic analysis of player actions and stats.
Selected suspicious players are then closely monitored -- special research and experimental anti-cheat features are turned on to find out the details about the cheat in question. This does not always or immediately lead to success. Ultimately, we work on anti-cheats and catch the rest of the cheaters using the same or similar cheats.
- Community management
The community needs to be prepared for the fact that cheaters can never be completely eliminated because it is technically impossible. At the same time, you should make it clear that you are doing everything possible (and actually do it) to reduce this problem.
The community's understanding that any cheater will be punished if they continue to use cheats -- if not now, then later -- is an important factor in improving the situation. Understanding that the punishment is inevitable is vital to keep cheaters at bay and put regular players at ease.
The community's understanding that any cheater will be punished is an important factor in improving the situation
- Analysis of new programmes and scripts
Disassembler, reverse engineering, and that's it. Advanced cheats use machine code obfuscation to make it difficult to analyze them. You have to look into it and develop your own de-obfuscation tools. All this is complicated and takes a long time.
- Our advanced steps
Advanced cheat developers will always find a way to bypass any anti-cheat and create a working cheat. This is a given. As long as the game client is running on the player's computer (e.g. not in the cloud), there is no reliable way to prevent interference with the client.
This led us to the following conclusions:
- It is impossible to develop effective anti-cheats and relax. You need to keep going non-stop to stay efficient -- research current cheats and refine anti-cheats against them.
- No anti-cheat will ever solve the problem of cheating. Anti-cheats can reduce the problem's severity, and even then, only if you keep at it, as said above
The only reliable way to combat cheating is to close vulnerabilities in the game -- providing only the minimum necessary information from the server to the game client and validating all game client actions on the game server.
You can't rely on anti-cheats if you can't close the vulnerabilities in the game
Unfortunately, sometimes this is technically impossible or very difficult. For example, clients reproduce recoil after a shot or the stun grenade effect and servers can't verify that these effects have not been disabled in the client. Servers can't check aimbots and autoshots either.
Nevertheless, closing the in-game vulnerability should be your prime target because you can't rely on anti-cheats if you can't close the vulnerabilities in the game. For example, servers can verify speedhacks, teleports, and shooting through walls. However technically servers can't send information about opponents outside the client's view (e.g. behind the wall), or in cases where this is theoretically possible it's also technically very difficult and requires some compromises.
We had experienced using third-party anti-cheats, and this has worked to a certain extent. The problem is that a third-party anti-cheat team can't respond as quickly to your specific issues as you can yourselves.
These services are really useful in doing the legwork to root our cheats in your game but they can't be as agile and do not know your in-game community as well as you know it yourself. For example, they are unlikely to understand exactly how a particular cheat works and thus it's trickier for them to advise you how you can close the in-game vulnerability.
The more difficult it is to make a cheat, the fewer cheats there are, the more expensive cheats get, the fewer cheaters there are
We started developing our own solution as a complement to using third party anti-cheats, learning and adapting to the problems we were seeing in our games and which often changed every month or even week. Development and future maintenance of our own anti-cheat -- which became MRAC -- was a lengthy, organic process and required a huge investment in terms of time and money -- but it was based on two founding principles.
Any anti-cheat can be divided into two groups:
- Passive protection: a set of features preventing cheats from working -- limiting access to process memory of the game client, limiting loading untrusted modules into the game client process, limiting keyboard injection and mouse clicks, etc.
- Active protection: a set of features that allows detecting operating cheats -- searching the game client memory and OS kernel for the code of known cheats, reviewing the integrity of the game client's source files, checking running applications in the system, etc.
Some anti-cheats focus primarily on passive defense. This has a point: the more difficult it is to make a cheat, the fewer cheats there are, the more expensive cheats get, the fewer cheaters there are. However, passive defense will not be able to stop advanced cheats as noted above.
In due time we realised that we can't afford to leave any cheater unchallenged for an indefinitely long period. Even a small group of cheaters with an advanced private cheat that realizes their impunity very quickly infuriates the entire community.
After we'd established MRAC it was our Warface players who were among the first to see the benefits. MRAC also joined its efforts with the Kaspersky Anti-Cheat team to study the technical aspects of cheating, its market, and malicious software, as well as to inform players about threats related to the use of cheats. These studies will help us to further improve our anti-cheat solutions in gaming and cybersport in the future.
We've learnt that there is always a rare handful of players determined to be disruptive and spoil the game for others, but that any cheater can and will be detected and banned. It has taken us years to develop our strategy for anti-cheating but ultimately we decided to focus our in-house anti-cheat strategy on active defense (detecting a working cheat) and only resort to passive defense (preventing the cheat from working) where necessary.
While it is necessary to develop both passive and active defense at the same time, in reality it was setting active defense as the priority that has worked for My Games, and we hope by sharing our experience we can help other developers to root out the rare bad apple and make games fun and fair for all.
Victor Punegov has 20 years of experience in the field of application protection. Since 2001, he has been developing DRM for games and applications. Since 2015, he has been developing an anti-cheat system at My Games.