Steam store pages received a new Anti-cheat field. Disclosure is mandatory for kernel-level anti-cheat solutions. And recommended for other anti-cheat solutions (like server-side or non-kernel-level client-side).

The field discloses the anti-cheat product, whether it is a kernel-level installation, and whether it uninstalls with the product or requires manual removal to remove.

Screenshot of anti-cheat indications

  • filcuk@lemmy.zip
    link
    fedilink
    arrow-up
    3
    ·
    3 days ago

    Does anyone actually have a suggestion for a less intrusive alternative?
    Do you realise how difficult and ineffective server-side anti-cheat can be?
    Although it would be the only way to actually try and detect someone using a second machine for hacking/inputs.
    All of this will become an increasingly uphill battle for the devs.

    • Matt@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      3 days ago

      Write it in language that obfuscates code by default (Rust does that) and then it obfuscates again. Or do it the Valve way. Even though is very easy to crack their anticheat (the hacks and DLL injectors are basically for free both on Windows and Linux), they have other measures in place. E.g. Votekicking players, Overwatch and matchmaking against other hackers.

        • Matt@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          56 minutes ago

          If security analysts have issues decompiling Rust malware, then it’s obvious that it obfuscates the code. All they could get was an ugly Assembly. You can try it yourself by downloading Ghidra/Cutter/any other compiler.

    • pokexpert30@lemmy.pussthecat.org
      link
      fedilink
      arrow-up
      5
      ·
      3 days ago

      Server side AC is hard, yes, but it’s not less effective than client-side… As it’s security by obfuscation. If you can’t genuinely detect from server view the difference between an human and a cheater, that means a cheater can create a cheat controller (either hid spoof or even mechanicallly moving a mouse) that will spoof the client side too.

      NEVER TRUST USER INPUT.