this post was submitted on 02 May 2026
199 points (97.6% liked)

Linux

13504 readers
418 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
199
Anti-cheat incompatibility on Linux is unacceptable from game developers and publishers — and Rocket League just proved why (www.techradar.com)
submitted 1 day ago by cm0002@lemy.lol to c/linux@programming.dev
44 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] vagrancyand@sh.itjust.works 4 points 22 hours ago (1 children)

No, Heuristic Analysis is deciding what data is likely, what data is unlikely, and what data is impossible, and then deciding, on that scale, the where the data the player is generating resides.

In short: Humans have natural variations in everything they do, even the top 0.0001% of players. So let's say you want to tackle aimbots in an FPS.

The first thought would be track the number of headshots, and then if a player gets 100% headshots they're labeled a cheater -- but that isn't accurate because of players like the streamer Shroud. So let's be smarter. Let's analyze the median player based on data from every player -- not their headshots, not where they shoot, but how they move the cursor to the opponent to shoot.

An aimbot will do a simple mathematical formula to decide how to aim at the target; i.e. if we imagine a 2d grid (centered at 0,0; squared limits of 100) on the screen and the player's crosshair is at 0,0 and there's an enemy at 50,50; then a bot would do something like (complete pseudocode:)

While CrosshairPosition(y) does not equal EnemyPosition(y):
    Move mouse up (i.e. +y) by 1
    While CrosshairPosition(x) does not equal EnemyPosition(x):
        Move mouse right (i.e. +x) by 1
Fire()

This results in a predictable and perfectly diagonal move towards the enemy. Now actual humans cannot do this. It doesn't matter how fine of motor skills they have, period. It is impossible for a human to even accidentally move like this. So we place this in the 'impossible' end of the spectrum.

If a player does too many unlikely or impossible actions, flag them for review, and ban them that way. Or, just ban the ones doing objectively mathematically impossible things.

Heuristic Data Analysis requires actual humans actually thinking about what is and isn't possible in a game, understanding how cheats AND the game actually work, and then defining the spectrum, and then implementing and constantly tweaking it to minimize false positives while maximizing those that tweak their bots to get around the analysis.

Because of this it's expensive, relatively speaking, than paying a (statistically Israeli) anti cheat company to install spyware on their behalf.

[–] paraphrand@lemmy.world 3 points 22 hours ago* (last edited 22 hours ago) (1 children)

Ah I see. That all makes sense, but yeah, these are products and they do a cost benefit analysis, and deem this stuff to expensive. And I think sometimes they deem it too brittle.

There’s also the problem of ban evasion not being solved either. So even with good ban actions, people just return. I’ve seen this first hand in a platform I hang out in.

It’s always an ongoing problem, and some people are really dismissive of how difficult it really is when you consider all the angles.

I appreciate the discussion and input.

Are you aware of any platforms or games who do it “right”? And if not, is it just because of the time commitment, like you already stated?

[–] vagrancyand@sh.itjust.works 2 points 21 hours ago

World of Warcraft (yes it still has a bot problem, turns out it's even more complicated of an analysis with hundreds of thousands of people playing the game wrong) unironically is the biggest game to do this and report on it. They track player movement, skill usage, cursor position on screen and likely a thousand more data points to determine if a real player could possibly do the things being done and auto flag and auto ban based on that.

I believe VAC also has heuristic capability for FPSs if you enable it as a developer, as CS2 (at least, I think CS Source had a similar system) can detect unrealistic movements, perfectly timed clicks and all manner of movement scripts based solely on timing and not memory editing or other executable interference.

But yes most games really don't want to have an active cybersecurity team dedicated solely to studying game mechanics and deciding what is or isn't realistic, and while heuristic analysis of memory (i.e. catching injected cheats) is also a thing, that also requires a security team capable of that; and as someone who once tried to get into the cybersecurity field all of that is expensive. You're not getting a single person, much less a team, for less than 6 figures a year, and the amount of work generated that cannot be automated necessitates a fairly large team. CS2 gets around this a bit by having trusted players review iffy VAC detections which then feed into VACnet (which was released fairly recently) to have AI auto-review the heuristic detections based on known good reviews; but still the sheer volume of detections in a heuristic system (even well tuned ones) requires constant moderation.