Why is it not more common to implement anti-cheat on the server instead of the client? Is that not more secure? Couldn’t the server just check what vision a player should have and not provide any other information to prevent wallhacks or maphacks? Or check how fast it is possible to move to prevent speedhacks? Aimbot is a bit harder to detect I guess but what about the other ones?
Because the client side is the side where cheating happens.
Sure, but client side is also owned and run by the cheater. Do you really trust them to always run the anti-cheat honestly?
Anti-cheats are typically designed so that the user can’t actually modify them at all. They install themselves deep into your system, sometimes literally in the form of a rootkit which basically runs parts of it completely invisibly from your OS, entirely.
The problem is that these measures can be bypassed
https://guidedhacking.com/threads/how-to-bypass-anticheat-start-here-beginners-guide.9882/
The problem with the server only solution in that they can never detect the source of cheating, only the result of it.
And detecting the result is inaccurate as there are perfectly natural network latency and other issues that can generate the same result as a cheat, as that’s actually how many cheats are discovered and implemented, by noticing that network latency or weird traffic creates an exploitable condition.
You need to run it on the client side to see if the natural circumstances are happening or someone is using tools to cause the circumstances. The first isn’t cheating, the later is.
You can’t detect from the server side what the client side is doing without running anticheat on the client side.
But it is complicated enough that most people don’t bother with it.
So is cheating, yet we still have cheaters.
Of course, which is why all cheating has been eradicated forever. Certainly no game with a rootkit anti-cheat has ever had a problem with cheating.
You can’t check the source of cheating on the server side, as it is run on the client side.
You can’t reliably check the source client side either, because the client side self-reports, and is where the cheat runs.
That’s a statement in the same ballpark as “people who get vaccinated can still get COVID, so why get vaccinated at all”.
Seriously, where do you even come up with that level of daft argument.
One of the most basic security principles is literally “never trust the client side.”
Nobody is making new COVID versions to get around the vaccine. COVID vaccines don’t create a backdoor into your immune system that make you weaker against other viruses. The COVID vaccine actually works. That is a stupid analogy.
More invasive anti-cheats cause a brief dip in cheating, and then cheaters spread around a way to get around the new anti-cheat and everything immediately goes back to how it was. As long as the anti-cheat is being run on the cheater’s computer, it will be bypassed and made irrelevant. People’s desire to see something, anything done about a problem no matter how terrible the solution sometimes just makes things worse without even helping the problem, and I’m not okay with that.
Nature itself is literally making new covid versions.
And our immune system detects and fights most of them similar to how virus scanners can detect a virus it doesn’t know. By detecting similarities.
If a new variant comes along that is so different from the OG virus that your immune system doesn’t know what to do with it, they develop a new vaccine, which you have “install on the client side” by getting the vaccine, to protect you from getting sick from it.
If new methods are developed to cheat, the cheat engine gets updated to detect those too.
As for “brief dip”, that’s the only thing needed for a product launch.
If a game is rife with cheating day one, it’ll fail.
If it only gets rife with cheating when people are already invested in it, the cheating is much lower priority.
That doesn’t change that fact that at the server side, you’re unable to detect most prevalent forms of cheating.
Wallhacks and aimbots are nigh impossible to detect on the server side.
Cool, keep taking your horse dewormer. I’ll be over here not installing rootkits made by companies with terrible security practices.