User:Jeg3cd/sandbox

The Start Of Anti-Cheats
Before online gaming, games were usually played in local or single-player settings with completely different rule sets. At the beginning, cheating was obvious or harmed no one except npc’s, as cheating before online gaming simply meant looking at another screen or forcibly unlocking items early, or unlocking impossible items. Back in those days cheating manuals were all the rage because they were simply there to add spice to a players gaming experience. However, with the advent of online games allowing people to connect with others they didn’t know to play games, Companies felt the need to begin making sure that everyone would be playing the same game, rather than one player having cheats and others not. This desire was heightened with the introduction of MMO type games where one player could interact with hundreds to millions of players as time went on. This is not to mention that cheaters would be cheating companies out of money as MMO type games profit a lot through people paying for extra services that they wouldn’t need if they can simply type a code or do a special move and receive everything for free. With that understanding, both the study of being able to cheat in online games, and how to stop cheating in online games, has been a constant race since they began, and most likely will always be competing.

Basic Anti-Cheats
The normal variant of anti cheat is a combination of checks originating from the server, the client installation, and their interactions. The server will usually hold the most incorruptible data, and the client will check its files against the server to see if anything has been modified from the expected. Depending on the creator of the anti cheat system, how they work might vary slightly.

Punk Buster
One of the first Anti cheat programs was Punk buster, and it worked very simply. After being installed along with the game, Punk buster would check the files of the game for any known exploits. Theses exploits included checks for modifications of game files that aligned with known exploiting methods, as well as searching for known cheat engines and files. When an exploit was found, the admins who added Punk buster to their game would have settings allowing them to usually ban the player and send a notice of banning. This system has many reasons that it is good to use. Pros include, but aren’t limited to, the fact that it can quickly determine if there is indeed an exploit, because it has all the known patterns and therefore doesn’t have to look too deeply into files. Punk buster also allows easy access to a large amount of data including screenshots and data profiles at the time of someone being banned. However, there are also cons that can’t be ignored. The first con is that the database has to  be constantly updated with any new exploits found for each game. Because it is looking for exact matches against what is held in its database, there is little flexibility. Connected to this point is the fact that Punk buster is very strict. If a file that is associated with a cheat is found on the system, there is no question of use or location or reason, its existence qualifies a ban. This means any program that can be used as a cheat engine, but is not exclusively a cheat engine, will still get someone banned whether it has any interaction with the game whatsoever. Punk buster is the most baseline of Anti Cheat programs, and even seemingly inspired the next Anti Cheat program.

Valve Anti Cheat(VAC)
Valves Anti Cheat program, or VAC, is another program targeting cheaters, While the VAC has basically all of the same functionality of Punk buster, there is one big difference. Because this is made to work in valve’s steam, there are extra consequences that can be enforced. Rather than simply banning an account from a game, the VAC can go beyond and also keep the game from being shared to or from an account that has been VAC banned. It is also interesting to not that VAC bans are enforced per secure server and game, meaning that in spite of the bans coming from the same company, one would have to get banned from every game in order to make their account useless, which can only be done one at a time. Also, unlike Punk buster that allowed admins to control handing out bans, VAC bans have to be triggered by the automatic VAC system to be a VAC ban, otherwise there are other things the admins can do to ban people. However, beyond this, VAC works very similarly to Punk buster, using known signatures, files, and known data edits to find when someone is cheating. The final example of a default Anti Cheat program works both similarly, and differently to the others.

Warden
Warden is the Anti Cheat program created by Blizzard for its online games. While Warden does a similar job to the others, namely checking for matching files for known cheats, there is one big difference. While the others just check for known files and data edits that signal a cheat, Warden goes one step further. Warden works by checking what is running while the game is running and sending it to the blizzard servers as a hash that checks for a match with known exploits. Since this one actually checks to see if it is running when the game is, merely having exploit files is not enough to get you banned. This compliments blizzards games where most exploits that they have run into require something to run alongside their games in order to edit files as the game goes, or at least to require the game be running to edit files. What this means is that cheating has to be very active, and very hard to disprove compared to others. However, there are a few exploits that don’t require running while the game is that could slip by Warden if it were to be used in other games, which is why it is only used for blizzard. While Warden is the most fair of the mentioned programs, there are also cases where it wouldn’t work in other games, systems, or companies, and this is where the fight is today. How can Anti cheat programs be used safely anywhere, and the current answer that companies are looking at, is using kernel level access programs to be able to have more ability to understand the systems being used to cheat.

What Is The Kernel
The kernel is the absolute core of a computer. If a computer were to have all code removed except the kernel it would still function, and because of this it is the first thing turned on, and the last thing turned off. Anything in the kernel will always be running without prompt, and is usually very safe from any kind of deletion or editing.

What Does Kernel Access Do
With kernel level access being given to an anti-cheat program, it would be given unparalleled ability to modify anything it believes to be an exploit. Since it is always on, and normally untouchable, it can be guaranteed that it will know any time that an exploit is attempted, and along with kernel access is kernel privileges, meaning that it can also turn off or undo exploits that it detects. If this was all there was to having kernel access, it would be a dream come true for everyone who doesn’t want cheaters in their game, however, there are some very notable concerns with allowing these Anti Cheat programs to have kernel access.

Cons Of Kernel Access
The first con of kernel access is that it can make certain programs that have nothing to do with exploits unusable due to similarities or accidents. Because the program has kernel privileges, it would be nearly impossible to undo the damage done if a program that is critical for operation were to be made unusable. Many games have run into the problem that things not having to do with their game have been deactivated, or made unusable, for seemingly no reason. Many times, the only option is to fully purge the game with the kernel level access Anti cheat from your system or resign yourself to not using certain programs, as many of these wrongful deactivation can not or will not be solved. While this in and of itself is a notable con, there is actually a bigger one. While the kernel is usually safe, Anti Cheat programs are not always as safe. Because of this, many programs that use kernel level access to provide defense against cheaters, open the door for hackers. Because the Anti cheat program is easier than it usually is to get into the kernel, having a kernel level Anti cheat becomes a security vulnerability. In a way, any game that uses this level of Anti Cheat is trading the security of the game for the security of its users, which many people do not believe is worth it at all. There have been many reports of people having their computer exploited just from having these kernel level anti cheat programs, and as the arms race continues there will be only more and more. However, as far as Anti cheat programs go, this works the best out of all examples, but not many people outside of game companies believe that it is worth it.

Overview
While there are pros and cons to each of the above solutions to cheaters in online games, there is one major difference. This major difference is that while the three default anti cheat programs do better or worse with their ban efficiency, only the kernel level access program has cons that reach outside of gameplay and banning. Because the Kernel level access program not only is a new source of high risk vulnerability, but is also able to greatly affect a computer in ways that are not only unintentional, but sometimes unfixable, it is the worst for the client. While its ability to stop cheaters is the best, there are very few people that would trade cheaters for all the data on their computer.