09/03 – Belgium versus Sweden in the Enemy Territory Nations Cup XI. Two players are kicked, one from each side, at different points within the game for "Violation (GAMEHACK) #80332."
10/03 - "I never hacked and I never will hack, the day I start thinking about using hax or whatever will mean I have quit gaming =D" - one of the affected players publicly denies any wrong doing.
Conspiracy theories arise due to the players involved, one has a history for cheating, and the other an active LAN player, who was one of the "best players at CDC who has worked his way up the ranks."
People are already picking sides, defending the players based on the argument that this is a bug, and there may be malicious intent involved. Others speculate that both were involved in one of the new nC developments, codenamed 'Whitelight,' still in preproduction, and the experiment had obviously gone wrong.
11/03 – Punkbuster officially confirm that they believe the violations are legitimate, and the bans will not be removed, thus making a ClanBase ban inevitable.
12/03 – A community member comes forward with earlier evidence (dated 11/11/07), highlighting that it's in fact possible to submit false violations about innocent players to PunkBuster's master server due to the method's used in the anti-cheat software.
13/03 – One of the players affected argues with the head supervisor of ET (of ClanBase), during another Nations Cup game (versus Poland).
14/03 – Both players are handed one year bans by ClanBase, less than a week after the match was played. Less than one day after the argument with the ClanBase supervisor. Many feel the ban process was accelerated, as a consequence of the argument the night before, the game supervisor (involved in the argument) confirmed the ban on ClanBase.
The Belgian player involved publicly "retires", but is obviously still reeling from the ban handed out; "The only way out of this of course is if the guy(s) that fucked me come out for what they have done but I guess they are pussies so I can't see that happening and so I will never be able to clarify what happened, I don't even know myself :DDD."
Team EDiT (the team he plays for - received a direct invite to Eurocup) and Team Belgium (scheduled to play Finland in the Nations Cup semi-final), forfeited their invite and match as a consequence of the ban.
19/03 – An infamous cheater claims responsibility for the banning of both players, stating: "Your anticheat fails. Tommorow will be a lot of fun, don't miss the ETTV games. And the day after will be the public humiliation of PB." An admin from netCoders distances himself from the player, though the announcement has people speculating further.
22/03 – Players are beginning to be kicked for the same violation, during both ETTV matches and on public servers. The range of players kicked goes right up to seasoned LAN players who've won QuakeCons and Eurocups.
23/03 – It's discovered that netCoders have undermined the way PunkBuster actively searches for hacks. Though not a bug, as initially thought, an even more fundamental issue has been brought into light. The "false positive" whereby PunkBuster kicks a client when a certain "string" (in the initial instance, it was a "aimbot1.menu" from the rsHook hack) is found running, despite no traces whatsoever of cheats running on the local machine.
Hundreds of players are kicked because they're running IRC or instant messaging programs whilst playing, and having the string spammed across public and private channels, and messages.
The Enemy Territory supervisor for ClanBase admits "if it's true nC discovered a flaw at PB, obviously we will review the latest 'gamehack' bans."
24/04 – An admin from netCoders publicly admits that they were behind the 'attacks' and deliberately targeted particular players in order to generate the most attention, and undermine the integrity and capability of PunkBuster.
25/03 – Evenbalance, the company behind PunkBuster eventually concede publicly that "it is clear that many of the demonstrators are cheat-supporters willingly participating in the demonstration, but there is evidence that some innocent players had PunkBuster violations triggered during the past few days by the hackers who sent specific text patterns into the chat programs that were open during gameplay."
26/03 – Both players remain unbanned, and a countless number of players continue to be kicked from PunkBuster-enabled servers...
What is wrong with this scenario, and is it an isolated incident?
The answer is, unfortunately, no. Once you chop the head off the snake the body dies. You take down one system, the rest will follow. This 'attack' highlights how fragile the world of online gaming remains. Even in the seasoned LAN games such as Counter Strike 1.6 or Warcraft III, it's almost a guarantee that if a player was caught cheating online, irrespective of proven skill, his contract would be terminated automatically. No one is safe.
How is the current 'system' so inefficient? Well, where do we get started!
Developers and publishers are under an increasingly strained moral obligation to provide a basic anti-cheat solution with all new multiplayer games, common sense says that their main priority is still profit. Call of Duty 2 being released with PunkBuster support is an obvious indication that the publisher put money ahead of the players' basic demands.
Though the example presented today is at best laughable, if it were carried out to full effect, every PunkBuster-supported game could essentially be crippled. Imagine, thousands upon thousands of Call of Duty 4 keys being falsely black listed, because of an incompetent and fundamental error in the way the anti-cheat operates. I wouldn't be happy if I couldn't play CoD4, would you?
This is where the trouble lays. The likes of ClanBase and Electronic Sports League (ESL) have unwavering support for the likes of PunkBuster, Valve Anti-Cheat (VAC), and Aequitas. When cheat developers go on the offensive, as I've just proven, they can undermine and manipulate the existing systems in order to show how inefficient they're. The leagues have full faith in the anti-cheating software, yet the software is incompetent on a basic level. This is before even mentioning if it's actually good at catching cheaters, either public or private level (it isn't).
Then you've to consider the leagues policy itself; ESL has an automatic ban period of two years. This can be handed out freely, without 'formal' evidence. ClanBase, on the other hand, you can be assured that if a ban is given, it's an indication of cheating, or affiliation with the person who cheated (cases with family members cheating or sharing the same IP is realistically ungovernable), so long as the anti-cheat evidence remains legitimate.
We need a global policy that can be implemented to effectively prevent and tackle cheating (pre and post) on every level. There's little reason why the leagues and competitions can't work together, to promote and introduce a 'justice system'. Players can't escape on technicalities (whereby he may be banned in one competition, but since another has a different set of rules, he escapes and can continue to play unhindered) and you introduce a human aspect to the punishment.
As for cheat detection itself, it's obvious there's a basic conflict of interest. Developers want to make money, gamers want cheat-free games, and you've the likes of PunkBuster stuck in the middle, fighting with limited resources against an enemy they can't ever win against. We either need to introduce a new pricing system to realistically combat cheating, or just plain accept that cheating will get worse.
Those who can, will cheat. There's relatively little that can be done to prevent a determined cheater, though that's not to say they won't ever slip up. Fighting a technical battle will result in higher and higher development costs which are only ever going to end up being paid by legitimate players, earlier and earlier in the development stage.
The fight against cheating doesn't even have to enter the server, we target the people who cheat and we solve the issue.
As for PunkBuster, it's either going to have find a compromise with itself and its own standards (not to charge end users, not to contribute or pay for private hacks to improve its own prevention) or it will eventually lose its reputation, and customers. One thing is inevitable though, and not only for PunkBuster. Deeper and more intrusive forms of cheat prevention (scanning) will be implemented, resulting in higher system requirements, more restrictive and buggier software.
Do we really need anti-cheating software as standard? That's debatable.
Nice writeup btw.
Cheats are also fun like drugs.
Anti cheat is as needed as drug tests are in normal sports.
These strings arent ET exclusive either, there are strings which can get you banned from any PB supported game. They'd be better off just removing PunkbusterB altogether.
Reply intended for Sui
If you're an ET player, you'll know of sock, and I'll gladly steal a quote from him!
'For the greater good, but not enough to shell out $30 to bust myriad hackers. Creators of lightweight programs, which use up 50% of your cpu. Beware of people who paint things in black and white, they rarely have nothing to hide.'
cant be stoped ever!
only if there comes a SUPPA ANTI CHEAT
or we make a huge lan center were 4 million gamers can play together and live there!
there wont be much hacking then
...Which is why anti cheats such as Aequitas shouldn't exist for the top leagues (ESL EM, ESL ENC, NGL ONE [for CS 1.6]), since no one cheats there anyways. Good example is NGL ONE which never had any anti cheat but ran four seasons of CS 1.6 without any problems, as only top teams participated. At the same time multiple teams (including us) had to replay matches in ESL EM due to problems with Aequitas, even though the other team didn't think we cheated.
I'm pretty sure if someone really wants to cheat, he'll be able to do that no matter how many anti cheats you put on a server, the only effect they have is making shots register worse.
Didn't natu cheat while he was in 4Kings, in some CB ladder match? I know the point still stands, and it's less of an issue with the 'top games' (and players), but should good players be given free reign to cheat as much as they want online, just because they're good off line? Shouldn't we try to create 'laws' applicable to everyone?
If you can't play every single match off line, then you need to have some sort of cheating policy, even if that's just not to use anything like a lot of people do in Warsow/Q3 CPMA.
No.
Does his skill make any difference? Does the competition he cheated in make a difference? It shouldn't, the law is objective, and should try its best to remain objective.
If there is NO anticheat, then the likelihood of some lesser teams taking the risk is much greater
The main benefit of anticheat is deterrent
as I said in my last comment, anticheat is a deterrent, it's not perfect, it never can be, just like *nothing* ever can be perfect
without some anticheat you have 0 chance of getting caught (other than demo review, which I think is pretty lame), that is infinitely less chance than with anticheat
a less sucky analogy - you're a lot less likely to do something illegal with a cop nearby
Won't make much sense unless you know ET!
;)