Re: Open Source Games and Cheating - a paradoxum?
On Tue, Jan 21, 2003 at 04:40:15PM -0800, noskill wrote:
> You can not, and will not, ever, stop online cheating.
Because people *want* to cheat. That's why. Machine cannot beat human
> Closed source is no more secure than open-source to someone who can read
> assembly faster than C. All you can do is hope that your game sucks and
> won't attract hackers. By the way, the code for the bot I wrote and
> described in this email can be found at http://ogc.ath.cx, so you can
> see for yourself just how easy it is to beat any kind of anti-cheat
The kind of anti-cheat system you describe is fundamentally flawed, in
that they rely upon a hacked client sending a "bad" checksum, or some
other sort of verification data, to the server. But by definition, a
hacked client has been altered---possibly including in any verification
code you may have put in---and therefore cannot be trusted. And since it
cannot be trusted, any checksum or verification data you receive cannot be
trusted either, so the scheme breaks down. It doesn't matter how complex
the scheme is, it doesn't matter how "foolproof" the checksumming
mechanism is. The fact that a real client, on the user's machine, is able
to send the correct answer to the server, means that anyone, given enough
effort, is able to replicate the same answer.
There is no way around it---don't trust the client, or expect cheaters to
But back to the original question, which was that cheating spoils the game
for others: as somebody has already said, the essence of the problem is
social, not technical. Either only play against your friends, or live with
cheaters (possibly alleviate the problem somewhat by finding a social, not
technical ('cos there isn't one), solution to cope with the cheaters).
Two American lawyers went for a picnic at a lake resort. Seeing a canoe
rental, one asked the other, "Roe, or Wade?"