Many many years ago I remember walking into a local store with the only interest being that I get a game that had good multiplayer to it. I was in luck that day because when I asked the guy behind the counter what he had in terms of multiplayer online shooters he come back with two boxes. In one hand he held Counter Strike and in the other he had Unreal Tournament. I asked him of the two what was better and he said he liked them both. So after spending over $100 dollars I walked out of the store with both games.
I still remember being at a friends place and putting Counter Strike onto his machine so I could give it a test since I was gonna be there for a few hours and wanted to see the game. I remember going to the game browser and finding the first game listed and joining in. From the first view of the weapons to the first head shot I got I was hooked on this game.
As time went on I spent tons of time in Counter Strike. I would load Unreal tournament up once in a while and that to was a awesome game but for some reason Counter Strike is what had my attention the most.
After playing Counter Strike a fair bit it was only a matter of time before I would run into cheaters and there were loads of times I thought I died by some guy who was cheating. Once i started to investigate how badly the cheating was in Counter Strike i was shocked. It looked to me like it had to be one of the most hacked games around. This made sense in a way since for years it had been the most popular First Person Shooter around.
As time went on and I played more and more online games, you could see that any multiplayer game that was popular wouldn’t stay cheat free for long and soon enough you would see cheats showing up online. It gets to the point now that when I die now the first thing out of my mouth is hacker and then a few other words follow shortly after. :)
I think what makes all this a real problem is how do you even begin to know you have cheaters in your game when your playing online? In some games you might see a speed hack in motion or something but you don’t have any idea if someone is using some sort of AIM bot or not.
I think this is one of the big problems with online multiplayer games today is that you assume anyone who kills you has to be cheating. The fact there seems to be a lot of cheaters and web sites to support them only makes you more convinced your being killed by loads of cheaters.
I seen a lot of players stop playing Counter Strike because they thought the cheating was out of control. The question is were they right in thinking that the cheating was that bad or were they simply getting killed by good players? On more then one occasion while playing Counter Strike I had people telling me I was cheating and I was just a average player that wasn’t cheating and would some times get lucky. I looked at the fact they said I was cheating as a compliment more then anything else.
Today we have even more First Person Shooters then ever before and unlike times past now you also see companies showing up that will do the cheat busting for you. But even with cheat detection programs Like PunkBuster and Valves Anti Cheat are we any safer from the cheaters then we would be without these cheat detection programs?
I know For certain I have seen people cheating in Call of Duty 2 and also Battlefield 2142. Both times I seen this both games were up to date in terms of game patches and also Punk Buster updates. In the case of Call Of Duty 2 after I seen the cheating going on there I simply never bothered to load the game back up. This is a shame to because I though its multiplayer was done rather well in terms of game play and the look of the maps.
So this leads me to the Interview I have here. I decided I would see if anyone from PunkBuster would answer some of my questions. This Interview got me to think a bit more about how hard of a job the PunkBuster guys really have on their hands. It reminds me of the Virus and Anti Virus stuff where the Virus writers always seem to be one step ahead of the Anti Virus guys.
It should be noted I did send a Interview Request to Valve hoping to ask them some questions about their Valve Anti Cheat but they declined to do the Interview.
So onto the PunkBuster Interview..
WolfManz611..: Before we get into the questions could you please tell the readers of wolfmanzbytes who you are what position you hold at Even Balance and how long you have worked for Even Balance?
Tony Ray..: Hello, I’m Tony Ray, founder of the PunkBuster project and President of Even Balance, Inc. I’ve been involved in fighting cheating since the late nineties and with PunkBuster since initial development began in September of 2000.
WolfManz611..: When the guys at PunkBuster get word of a game hack or exploit how long does it take roughly before you guys update the PunkBuster client to detect that hack or exploit?
Tony Ray..: Well just to clarify, our research team needs to actually have the hack or a memory image of the hack running in memory. Hearing that a hack supposedly exists does not allow us to develop a detection. Our system is designed to obtain a positive match on a known hack which generates a cheat violation. In some cases, we use restriction kicking (as opposed to cheat violations) for cases where we do not have a positive match of a known cheat but where the player’s system has been compromised (could be a hack or could be a virus for example). Once we have an actual working hack, we usually have detection working and tested within 24-48 hours. Kicking for the hack will be turned on at some point after that, it could be a few hours or a few days depending on the circumstances. In some cases, we silently detect known cheats over time to catch a larger group of hackers for a more effective long-term ban or stat-wipe situation.
WolfManz611..: Users don’t pay for the PunkBuster client so how much does a game company have to pay before they can use PunkBuster or is it free for them to use?
Tony Ray..: We have remained committed from day one to not charge our users for anti-cheat tools in PunkBuster supported titles. We have always believed a measure of security should be included in the price a player pays for a multiplayer game. Who would buy a car without an ignition key or locks on the doors? PunkBuster support is not free to game developers/publishers but it is very reasonably priced (for example, several years of our support usually costs less than the cost of packaging the game).
WolfManz611..: Is there anything either the game manufacturer or PunkBuster can do about web sites that are charging to get access to the latest cheats? For example is there any legal way to shut these sites down?
Tony Ray..: In general, I do not believe cheating/making cheats is against the law (unfortunately). Consider the case of radar detectors as an analogy. Everyone knows a radar detector is mainly used to allow people to break the law (by driving above the speed limit with almost no fear of getting a ticket). However, the manufacturers of these devices are allowed to continue making them year after year and selling their products in public department stores with impunity. The authorities can only improve their equipment to be undetectable by the latest devices in an effort to keep up. I believe there have been a few cases where cheat sites were shut down but they always just resurface from a different host where they prove to be hardened against subsequent shut down attempts. From our standpoint, that approach is a waste of energy and is primarily used by developers and publishers who just want to say they are fighting cheating when they really have no intention of putting any real resources into the effort.
WolfManz611..: How much improvement can you make on the current PunkBuster technology? For example a lot of hacks for various games seem to be bypassing PunkBuster in shorter and shorter periods of time. Are you working on anything new that could put an end to how fast cheats / hacks can bypass PunkBuster?
Tony Ray..: Actually from our viewpoint, it is the other way around. Our system detects the bypasses quicker and quicker. The only thing that prevents quick detection is restricting access to a cheat so that it takes longer for our research team to actually acquire it for detection development. And of course in that case, the honest players still win because by default this approach means less punks have access to a cheat than otherwise. But to specifically answer your question, yes, we are always updating to improve PunkBuster both from a standpoint of being harder to bypass and being better at detecting advanced hacks. More and more of our code runs in kernel mode as a device driver. Successful bypassing will eventually pretty much require cheaters to run dangerous rootkits in order to hope for a few extra days of undetected status for their cheats. Many of the most well-known private cheats are very unstable at this point. Some regularly crash to desktop or disconnect the cheaters at random due to their code attempting to bypass detection. We expect this situation to continue escalating in our favor.
Back to the original point of this question, the primary issue here is perception. As far as I am concerned, without exception every commercial cheat site is fundamentally a scam. Every one of them claims their hacks are PunkBuster proof or undetected or however they want to phrase it. And in not one case is that true unless it is a new, tiny enterprise that hasn’t gotten anyone’s attention yet. They use cheap tactics (just what a thinking person would expect) to trick punks into sending them money to cheat and rarely or never provide what they advertise especially when they say the hacks are undetectable.
The worse case is a popular commercial cheat site that claims to have over 100,000 members (actual paid subscribers is more like a few thousand at most). There is virtually nothing truthful on the public web page, it is designed solely to make money for the punks who run it. The forums that are not available to the public are filled with confused, angry and unhappy customers who paid money but who do not get a working cheat or who are detected often by PunkBuster. To protect themselves, the site owners have even gone to the point of explicitly selling access to their private forums and claiming that the hacks are free if you buy access to the forum. That way when they can’t provide what they promise (which is pretty much all the time, some games for which they advertise cheats have not even been released and others have never had a working hack), then they can say oh well, you bought forum access, the hacks are free so tough luck.
Obviously, such a lame attempt at claiming the hacks are free (i.e. you can’t get the hacks if you don’t pay for forum access) would never hold up in court, but the point is they use that to justify not being able to provide what they advertise once they have the money. From our standpoint, this whole commercial cheat thing is just punks giving money to other punks. We’ve always viewed forcing punks to go private as a win for honest gamers. It greatly reduces the number of people who are willing to cheat (due to the cost) plus we still often catch the punks who think they are safe with their private cheats.
WolfManz611..: Do you ever see a day where a online multiplayer game will be 100% cheat free?
Tony Ray..: Yes, the same day that society is 100% crime free. The children of darkness will always be willing to break rules in selfishness in hopes of getting away with it (at least until judgment day). Whether that involves committing crimes or less severe offenses against others such as multiplayer online cheating, both are born from the same spiritual depravity and utter selfishness (I’m sure you didn’t expect such an answer ). The point is, the best anyone can expect is to attach a real cost to getting caught cheating. That is the same thing traffic cops do, they attach a real cost to getting caught speeding. Try to imagine the problem we’d have on our streets and highways if we didn’t have traffic cops.
WolfManz611..: Do you think using a hardware hash to ban computers is a better idea then banning a cheater by IP. Also if you do think that’s a better way are there any plans to implement something like that in the future?
Tony Ray..: Banning by IP address is not something that we do because it is very inexact for several reasons. But we provide a means for PunkBuster enabled server admins to ban by IP address on their own servers. It really is a last resort for a punk who has proven to join only for the goal of causing trouble and grief and who is willing to keep buying or stealing cdkeys/accounts in order to be a griefer. We have been banning hardware, when we believe it necessary, for several years in order to enforce our license agreement. When a hack is detected that interferes with PunkBuster’s normal operation, we reserve the right to terminate our license at that point. Unfortunately, this can affect innocent players (i.e. banning a computer where the child cheats during the day means for example that the father who never cheated can’t play on PB servers when he gets home from work). However, the greater good is served. Honest players who are able to keep their computers cheat-free deserve a place to play as devoid of punks as possible. As with real life, sometimes otherwise innocent people are guilty by association and suffer the consequences of that association.
WolfManz611..: With the cheats and hacks getting more advanced is there ever going to be a point where PunkBuster has to do so much it would make a users machine very unstable while playing a game that uses PunkBuster?
Tony Ray..: We are devoted to keeping PunkBuster as stable as possible. There have been cases where PunkBuster conflicts with certain other programs or debugging applications. In those cases, the user will just have to choose which to run at any given point in time. It will always be that way. In fact, what we see happening is PunkBuster getting more and more stable having less conflicts with other legitimate apps with each update and cheats/hacks getting less stable with the tricks they have to use trying to stay undetected. It is a rare cheater who does not have to deal with reboots, lock ups and occasional or regular hard drive reformatting due to using cheats. Add to that the fact that a large percentage of cheats send personal information to the cheat author (including the punk’s cdkeys, etc.).
WolfManz611..: How effected are big companies over cheating? Do big game companies really care about cheating at all or do they just stick in PunkBuster just so they can say they are being active against cheaters?
Tony Ray..: If we believed a client was using our name/product/service for such a purpose, then we would terminate the contract(s) with that client and stop supporting their games. We believe all of our current clients really care about the cheating issue because their players have told them how important it is to them. In most cases we’ve seen, cheating is the number one complaint from honest gaming customers that directs a new client to inquire about our product and services. All of our clients have been supportive of our efforts as they have changed over time and give us pretty much free reign to do what is necessary to fight cheating in their games.
WolfManz611..: How closely do you work with someone like EA when it comes to integration of PunkBuster into one of their games? Do both of you sit down and try to figure out new ways to stop cheating or do they leave that up to you guys?
Tony Ray..: We work closely with EA developers (a little more than with some clients and less than others, it is up to each client to decide how involved they want to be in the day to day cheat fighting effort) but all of the cheat analysis and detection work is provided by us. They provide several ways to support us in that effort for their games.
WolfManz611..: Some people think PunkBuster causes extra strain on their computers cpu. How much cpu does PunkBuster use when its looking for cheats?
Tony Ray..: Our goal is to use as small a footprint as possible both from a cpu usage and bandwidth standpoint. There is no single answer to your question because there is so much variance from computer to computer. For example, on computers with more than one cpu or with a dual/quad core cpu, PunkBuster may use as much as 50% of the total cpu power of the machine. But this rarely causes strain because modern games will never use more than 50% anyway in those cases. PunkBuster has quite a bit of code to cause it to scale as gracefully as possible based on running conditions during game play. There are a few isolated cases where we have seen PunkBuster negatively affect performance during game play but those are the rare cases. Plus we are always looking for ways to make PunkBuster more efficient and as conflict free as possible with other non-cheat apps and drivers.
WolfManz611..: What game that supports PunkBuster is the least hacked/exploited? and do you happen to know why its the least hacked/exploited game?
Tony Ray..: Over the years, popularity of a game has always determined the level of cheating. The more popular the game, the bigger the cheating problem. Punks who create game cheats and hacks generally do not waste their time if the game is not being played online by lots of people.
WolfManz611..: Do you guys go actively out onto the Internet looking for cheats so you can update your client with the newest cheats? or do you rely on the game users to report the exploit/hacks to you? Also if you are going out onto the net looking for cheats how many people do you have working for you that do this?
Tony Ray..: About one fourth of our staff actively searches for cheats that are available to the public. In the case of private and commercial hacks, we definitely rely primarily on the community. We never give money to punks, so for us to gain access to a commercial hack requires someone outside of our staff to send us either the hack or the login information so we can obtain the hack ourselves.
WolfManz611..: Is there anything the game makers can do to help stop or slow down cheating that they currently are not doing?
Tony Ray..: There are definitely areas in game design that affect the cheating problem. Unfortunately, due to constraints on today’s hardware and average player bandwidth, trade offs often occur during design and development that weaken a game engine with regard to exploit ability. None of our clients that I am aware of are consciously making their games easy to exploit unless they believe it is absolutely necessary to enhance the game play experience. The one area that could use the most improvement overall is in multiplayer authentication (i.e. cdkeys or accounts), but these days most game publishers outsource that to a third party and we just have to deal with the situation the best we can. From our standpoint, an ideal authentication design would require the end user to pay the publisher directly for a new account creation (even after buying the game) and account passwords would not be stored on the player’s hard drive. For example, the publisher would sell the multiplayer game with no copy protection for only the cost of manufacturing and distribution (say $10), then would charge an online fee (say $40) to create the online account during the installation process or by using a web browser. So a $50 game is still a $50 game. This way, it would be impossible for punks to generate fake cdkeys or steal cdkeys from Walmart, other innocent players, etc. This probably is not going to happen any time soon because so many players are under aged and would not have a credit card and thus the ability to open a multiplayer account. But this approach would definitely positively impact the cheating problem. So many games these days allow a cheater right back in the game at no cost with a different online identity and in some cases they can even keep their stats and leader board rank after getting caught cheating. Unfortunately, this greatly waters down the deterrent aspect of getting caught.
WolfManz611..: How will PunkBuster deal with Vista? You talk about the fact you’re getting down to the kernel level in terms of the detection and that the cheaters will have to start using rootkits. Is Windows Vista going to get in the way of your cheat detection at all with all the new protections it has in place? if so how do you plan on getting around that?
Tony Ray..: Currently we still require that games having PunkBuster enabled must run as an Administrator user, including under Vista. We are in transition to a new architecture that allows part of PunkBuster to run as services and kernel drivers so that the Administrator requirement can be removed. These are signed with a Verisign certificate using Microsoft’s authenticode system to play nice with Vista and meet the security requirements. Just to clarify, some cheaters have already begun using rootkits. That is why we have had to move part of PunkBuster into a kernel driver; otherwise, there would be no way to detect the more advanced hacks and cheats. New Vista-aware games released in the future will be able to install parts of PunkBuster to run as a service under Vista (as well as under XP/2K) so that the game itself can run under a limited user account to improve overall security. By using this approach, PunkBuster complies with Microsoft’s Vista-related design guidelines, etc. We are using Microsoft’s recommended tools and capabilities in this regard.
I would like to thank Tony Ray for taking the time to respond to my questions. As you can see from the Interview this is a complicated subject. It would be nice if PunkBuster could stomp out all the cheats and keep the games 100% cheat free. As stated above though this isn’t likely to happen any time soon.
The only advice I can give to players that have had it with cheating is to ignore it if you can. I know for example when I play Battlefield 2142 that at some point I will get killed by some cheater. I try not to let that bother me these days. What I try to picture is how loud the cheater squeals when he makes a mistake and I manage to kill him now that brings a smile to my face..