Managed to get through work, a further reminder that freezing wind and plenty of rain don’t mix very nicely, my hands were almost numb by the time I got inside :-/.
Spent most of my day thinking over the changes for Stargellas input system, but for the most part was thinking about the client/server aspects of the engine, resource loading, and the issue of dealing with cheaters. After taking a very detailed line of thinking about methods to prevent cheating: I’ve decided that it is impossible to crate a PC game that forbids cheating, or it must take the next Albert Einstein to figure out.
Obviously the moment any thing leaves the trusted server, it becomes untrusted information: no data from the client can be trusted what so ever. Most of the more “Industrial” advice about cheat prevention is a totally load of bullshit; more often then not, worse then bullshit. The only way you can stop a cheater, is to close the system down: run your own hosting servers and the clients, in LAN fashion. Then put up the `eyes in the sky` like a casino to make sure no one jacks your hardware. Anything less then that, is basically a lost cause lol. You can raise the ante but you can’t mark all the cards. As soon as tools to disassemble the code or view/change the programs memory enter the picture, the battle is lost: so absolutely nothing on the clients computer can be trusted, even the operating system. Of course, one could easily state in the ELUA that any unauthorized software assisted means of interacting with the software is illegal, which rules out everything save butterflies, but there’s no enforceable method to deal with that. Even attempting to abort program if cracker program X is running or installed, is a wasted endevour: you’d be on the wrong side of the arms race. Whether the game itself is open source or closed source makes no real difference, because obfuscation doesn’t work outside of movies.
Because it’s impossible to prevent cheating outside of your own private arcade (at best), the only viable solution to preventing cheating in an online game, is to give the community the tools to deal with them.
Requiring an authenticated account and having the servers verify this with your own systems before allowing the player to join—and implementing the means for admins to properly ban that account from their servers. Like wise, a global blacklist for any account banned from more then X servers is a good idea, hehe. That being said, of course there is no reliable way to keep the person from coming back: even if they needed another account name, e-mail address, IP address, and computer hardware. It does however, “Level the playing field” by giving the community the means to regulate itself.
The downside of course being, unless your companies game supports a generic peer to peer (unauthenticated) multiplayer mode, the game becomes a paper weight as soon as you shut down the servers. If those login servers and such are not going to remain in steady operation for at least 10-15 years or so, you’re cheating the customers. (Especially those that coughed up $50 on day one and a pre order.) Even worse are games like Battlefield 2, where you can’t do squat unless you login, because once the server is shutdown, it’s unplayable without hacks. At best, you could hope the company puts all the important server addresses in config files instead of the game exe/dll files, as it makes switching to a community provided replacement a bit less complicated for granny.
In the case of my games, well there’s none of that. The only anti cheat measures to be taken, are those that raise the `barrier to cheating` to knowing how to cheat. Unless I become the next Mark Shuttleworth or something. But then again, my games are being developed for my own enjoyment: allowing others to play them, will just be a side effect of (some day) finishing the projects.