Announcement

Collapse
No announcement yet.

Urban Terror HD: Going Away From Open-Source

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    Originally posted by Nexu View Post
    -Thread revival-

    Opensource and gaming is not a happy marriage. It makes protecting the anti-cheat even harder than it already is.

    I've been an opensource software fan and adopter for over a decade. But one should see that opensource is not the solution to every software purpose.
    I've seen far more cheating on commercial closed source games than open sourced. Maybe that is because of popularity, maybe it's due to the crowds attracted.

    Bottom line is, anticheat rarely works for very long. The best way to deal with cheaters is, and always has been to implement a vote/kickban solution.

    Comment


    • #47
      Originally posted by crazycheese View Post
      Your closed source crappy method is working the same way AV is working and is giving you that SWEET FALSE FEEL of security. Especially after you payed that bribe-money. It is very well known by Urt programmers to be very inefficient and they do not use it.
      Nice! That sure helped debunk another "closed-source is better" myth.

      BTW, I always suspected windows anti-virus programs don't really do much. How else would my pc become infected even with all the care I had when I used windows? Oh, and I did run it with a non-admin account, but that also didn't help much.

      Comment


      • #48
        Originally posted by crazycheese View Post
        For your information.

        I have been helping Urban Terror Anti Cheat Project (UAA, UrtAdmins) for over a decade and it has been proven the best anti-cheat protection.
        "helping UAA for over a decade" is a false statement:
        • UrbanTerror is only 10 years old (Aug-2000)
        • I have been briefly an UAA admin when UAA was founded by Hippie back in 2007.
        Unless you're the smartest dog i have ever conversed with. You couldn't have been contributing to UAA "for over a decade".

        "best anti-cheat protection":
        UAA does not provide detection nor prevention (other than IP based). And human based demo judgement is not infallible, even by seasoned veteran players in top tier UrbanTerror competition. But than again, you are right that software based solution alone is not sufficient either.
        UAA solution is primary aimed toward public play. UAA solution does very little to competitive oriented games, such as: "scrims", pcw/cw.
        It has been quite common scenario in scrims/pcw where the player utilizing cheats will refuse to provide demo of themselves, and putting a spectator to record will simply result into them leaving the server.
        Even some that was bold enough to provide a demo of themselves, there are times where it is extremely challenging to make an undisputed decision that it was a cheat and not luck (or visa versa); with that i'm not talking about demo from public players but from top tier players in "scrims"/pcw that knows and practiced into hiding their wallhack & aimbot toggles. Not to mention in competitive scene it's extremely hard to prove the use of radar-hack consider it's easily dismissed as "voice communication" while offering a large deal of advantage (intelligence about your opponents whereabouts and movements).

        "The best anti-cheat protection" also could not prevent or detect players cheating in the most recent ClanBase NationsCup matches by some players in Team Turkey and Team Columbia. Or in any other leagues for that matter: Clanbase OpenCup, Urban-Zone CTF/TS League, FTWGL.
        To this day, there are players active on those above mentioned competition due to lack of undisputed evidence by demo reviewing means.

        But don't get me wrong tho. UAA's effort is needed for the public play part of UrbanTerror.

        Originally posted by crazycheese View Post
        Mechanical protection does not help, regardless how obfuscated it is.
        There is always a path. A lot of cheaters PAY for cheats.
        Both anticheat and cheat are PAYED.
        Both are same in terms of closed source crap.

        However, 1) if a person registers itself and his IP adress, very possible with money. And this person is stored in some database that some servers are using.

        And when 2) this person is suspected in cheating, a demo of this person is created. Believe me, it is VERY EFFICIENT to get information on either this demo is with cheats or not.

        3) Dedicated people watch with person demo, both with empty walls and see how he behaves. If it is cheat he is VERY EASILY spotted. He is banned on ALL servers that use the list - on official servers.

        The only difference from this rather EFFICIENT method is the hacked getting another IP, which will be VERY HARD with new "pass" method.
        ---

        However if you obfuscate you get same virus-like software inside that is AGAINST the current user. This is stupid, inefficient and dangerous. And 50% of the time it is letting cheaters play, 30% of time banning not cheating people, 20% of time people using real well known, old, obvious and NOT PRIVATE cheats are really detected.

        Your closed source crappy method is working the same way AV is working and is giving you that SWEET FALSE FEEL of security. Especially after you payed that bribe-money. It is very well known by Urt programmers to be very inefficient and they do not use it.

        There is no method to really detect either the current closed source software is REALLY not malicious. Your only way is to trust. And trust is a weakness. I was already got infected this method with original developer discovering his software has been misused for hidden agent after HALF YEAR. Every update to that software introduced updated malware with original developer had no clue.

        Software should be downloaded from original resource. This software should be as opensource as crystal glass. And the developer should be payed enough money for hard work on maintaining this software. This is all.
        IP based bans and identification is always bound to fail for so many obvious reasons. UAA has more than often experienced this. The coming AC software and FS Passport will thus also benefits UAA in their efforts.

        While the AC software is simply another tool to detect cheats. The FS Passport is there to identify players. Demo based review will still be needed at times, even with AC software in place. Both AC and FS Passport will be optional (AFAIK).
        Having a working AC in place will simply stop the most common type of cheaters: the google-able public cheats.

        I also certainly never said or hinted anything of the sort that anti-cheat software alone will be the solution and make UAA obsolete. But than again, consider you have no insiders information or data regarding how FrozenSand intends to implement their AC software. Everything you have said or speculated is what it is: mere speculations, not evidence.
        Even more so that AC is only part of the solution, the other part of the solution is FS Passport as I mentioned before.

        I have been a league admin over here in Europe in one of the most active competition for 4 years, having won and participated in CB NationsCup, having played in Europe's top tiers team. And i can tell you that UAA alone is not "the best anti-cheat protection". AC software and FS Passport is needed to fill in the gaps UAA alone is incapable of.

        Comment


        • #49
          Originally posted by Irritant View Post
          I've seen far more cheating on commercial closed source games than open sourced. Maybe that is because of popularity, maybe it's due to the crowds attracted.

          Bottom line is, anticheat rarely works for very long. The best way to deal with cheaters is, and always has been to implement a vote/kickban solution.
          Very few opensource games are popular competitive wise. Competitive gaming is often an incentive to create cheats for them; to win prestige by "winning on the internet".

          And yes, given enough time and resources. Many AC can be 'cracked'. Hence FS is planning on including a update mechanism for the AC as well the game itself. Just as computer security, you cannot be 100% secure. But you can make it harder for them by putting up obstacles and make their older 'products' obsolete. It's a never ending cat & mouse game.

          Vote kick/ban has it's drawback: the player you are accusing might be actually a legit player "on fire" and "lucky streak".

          Comment


          • #50
            Originally posted by Irritant View Post
            I've seen far more cheating on commercial closed source games than open sourced. Maybe that is because of popularity, maybe it's due to the crowds attracted.
            99,9999% of Urban Terror cheaters were playing on Windows version. The closed source OS.
            95% from that amount have got used from other games(95% of which have had some sort of anti-cheat protection) to "cheating" as normal habbit.

            Originally posted by Nexu View Post
            Very few opensource games are popular competitive wise. Competitive gaming is often an incentive to create cheats for them; to win prestige by "winning on the internet".
            There aint much opensource games at all.
            So, if there are 3 opensource games as opposed to 3,000 closed source, from what 1 is competitive as opposed to 200 closed source, statistic gives you 33% competitive-ness on opensource vs 7% closed source.

            If you want a competitive game, take casino example - 24/7 video surveilance in every corner, on every player, at every move(should I mention it is done by humans and not robots, that only assist and not take decisions?); own tracked-down equipment(you are not "holding" your "equipment" by providing it to everyone for "inspection"); huge running costs; limited amount of players; per passport access; black and whitelists... huge running costs..

            Originally posted by Irritant View Post
            And yes, given enough time and resources. Many AC can be 'cracked'. Hence FS is planning on including a update mechanism for the AC as well the game itself. Just as computer security, you cannot be 100% secure. But you can make it harder for them by putting up obstacles and make their older 'products' obsolete.
            How many "decades" ago did punkbuster introduced it and how "successful" was it? Aint you reinventing the wheel?
            VAC is still being cracked with success.

            Originally posted by Irritant View Post
            It's a never ending cat & mouse game.
            I have put an end to it by using opensource OS and software. I get informed when vulnerabilities are detected and I just perform an update. I do not update any antivirus - I update the original software. The software is getting better by this process, not the bogyguard.

            Originally posted by Irritant View Post
            Vote kick/ban has it's drawback: the player you are accusing might be actually a legit player "on fire" and "lucky streak".
            Yes, I already had such streak, fraging four players in a row with SR8 on blue respawn of ut4_abbey and then, when just jumping away direction monument(one of the bomb location) fifths jumps out of the corner - right into the center of my screen, I reflectively press fire and get accused on walling, yet said "Do you believe in luck?" and all set with me starting to die as usual on next rounds.
            Now imagine same on VAC. I would be all my games - LESS. And nobody will care. Or you think Valve has anything except getting more money in heads? Its just automated and 100% working we assure you. At least BEFORE you purchase.

            Originally posted by Nexu View Post
            "helping UAA for over a decade" is a false statement:
            • UrbanTerror is only 10 years old (Aug-2000)
            • I have been briefly an UAA admin when UAA was founded by Hippie back in 2007.
            Unless you're the smartest dog i have ever conversed with. You couldn't have been contributing to UAA "for over a decade".
            I'm sorry, english is not my native. I've mistaken season for decade - 10 years it is. Still I've been following Urt since early releases as qt3 mod(uptown). Hope this will not affect the messege I want to deliver to you - "you are seeking on the wrong end".

            Originally posted by Nexu View Post
            UAA does not provide detection nor prevention (other than IP based). And human based demo judgement is not infallible, even by seasoned veteran players in top tier UrbanTerror competition. But than again, you are right that software based solution alone is not sufficient either.
            UAA does provide detection(reliable to big extend, "with coming near and seeing it live in realtime" being the only best possible) and protection... you didnt extent this area beside external IP and GUID.

            You have human player with (possible) cheating intent in the mind and following attack vectors:
            - distrusted hardware(input included)
            - distrusted software(non yours)
            - distrusted urt client
            - distrusted hands
            - distrusted eyes(monitor signal rerouted?)
            ... and your "protection" should be as scalable as possible.

            And out of the sudden you pick your client as most important attack point. But you should be really dealing with the "source" - the humans.

            By introducing DRM(and it is a DRM as in backdoor+keylogger+obfuscator - rather favourite combination amount modern malware) you get HUGE ban from linux community(running virus-like,although hopefully nicely behaving, remotely managed software is serious issue). You also get some attention from AV companies as in "backdoor". You forget opensource support. And you still have as many hackers as before. Keep it up! Fight fire with fire. But lets continue.

            The most advanced cheat I know dates 8 years before and it is a "hub" device, that tracks in real-time the informations that normal player sees - nothing more. It analyses it and uses for its decisions. The user input is gathered and sent as a background salt with machine sending valid input commands right via USB device - totally autonome from the PC. How are you going to track this down? And when the chinese make the whole module at size of 32nm?

            The only possible effect that a cheater is expecting is advantage.
            If cheater is dying like anyone else - there is no point in cheating.

            Humans are pretty good at being suspecious when someone is performing better than they.
            If you mulitply this by anti-cheating fair-play "corporate"(in-game) culture, they will be happy to kick hacker out of the server, inform the administrator and record the proof. This scales pretty well.

            I should not mention than no server is capable running totally administration-less with real, alive, *fun* humans. Unless ZAX or Skynet powered(Im not sure about Skynet though ).

            Refusing to play(spect-play switches, disconnects etc) when someone starts to watch without mentioning is very worth recording!
            Actually people (and good players are) HAPPY AND PROUD when someone goes spect cause they start to think they ARE THAT GOOD as if they were cheating.

            There are so many advantages to direct eye demo check compared to any form of useless automation:
            typical reaction times, precision, logical thinking and behavour(knowledge of map, weaponry, teamplay behaviour), grip on controls, favorite maps, behavior with no wall textures - to enemies which he is not supposed to see or hear. History of above.

            And if he mentions "gaming" hardware, there is "cheating" and there is "gaming" hardwares - this is important point.
            Possibly you know night/IR-vision, heartbeat sensors, bionic ears - from real warfare. This are legit and true battle-(/meat-)field "cheating" devices. If you arent supposed to hear a sound - you arent supposed to hear it. Include a method for people to calibrate sound intensity in game, just as people calibrate monitor darkness. Run it on first start.

            No professional player needs or wants cheats. At least to the point when the win is more than disadvantage of discovery times some years. This should also be noted. Tournament? Get and validate as much player contact data as possible.

            And cheaters really prefer to do it secret closed source way, you cannot hide in building made of 100% high quality grade glass - ie open source. Your ONLY protection is to make the mentioned attack vectors as open as possible.
            Let you know his name, his location, time when he plays(let him inform himself about time he logs on), hardware (not necessary IDs), IP-to-Provider bindings, regular reflex lags etc. Maintain yourself open as well. Provide the option for those who do not accept this to their own risk.

            And running costs for UAA? Set money on new accounts. Cheaters get banned UAA get money.
            Not using register-only official servers/partner servers? Play to your own risk.
            Partner server goes rogue - so many nice real life data on people that were running it.

            I mean, trust is gained by humanly open deeds, not buy introducing a home-brewn windows-only patented copyrighted (..) trojan.

            Comment


            • #51
              Originally posted by Irritant View Post
              The best way to deal with cheaters is, and always has been to implement a vote/kickban solution.
              4 cheaters or mobsters join the server with less than 4 players.
              They vote kick/ban other players one-per-one. Already happened twice in UrT.

              YET, the SG Clan has a ... site and IRC, which is advertised upon join.
              Went straight there, explained the situation, they all got banned.

              Again, this is not something which can be automated. Unless with ZAX.

              Comment


              • #52
                Originally posted by Irritant View Post
                The best way to deal with cheaters is, and always has been to implement a vote/kickban solution.
                Which simply does not work when the person "cheating" is using a lagger. The only thing saving the open source games from those types of things is the lack of interest.

                Comment


                • #53
                  Originally posted by yogi_berra View Post
                  Which simply does not work when the person "cheating" is using a lagger. The only thing saving the open source games from those types of things is the lack of interest.
                  Does not apply, if you mean "lagger" as in huge lag. Most games, Urt and even OpenArena included, have applicable by admin ping requirements - instant or after some time ingame.

                  And opensource games have as much interest as non-opensource has. Many people play Urt instead of CS and OpenArena instead of QuakeLive. Many people cheat, although more windows users - more probability for a cheater X average amount of users. QuakeLive was nonplayable for me a year ago because there was huge amount of them and ID did not care. And you cannot do something on your own, unlike what is possible with Urt.

                  Comment


                  • #54
                    Originally posted by crazycheese View Post
                    Does not apply, if you mean "lagger" as in huge lag. Most games, Urt and even OpenArena included, have applicable by admin ping requirements - instant or after some time ingame.
                    All based on Q3A which has the same protections (and Punkbuster) but still had lag bots, aim bots, etc.

                    And opensource games have as much interest as non-opensource has. Many people play Urt instead of CS and OpenArena instead of QuakeLive.
                    Yeah, sure, ok. Count the number of players on OpenArena's and Urban Terror servers on any given weekend, then open Quake 3 and count them. More people play Quake 3. Hell, more people play Quake 4 which is practically dead.

                    Many people cheat, although more windows users - more probability for a cheater X average amount of users. QuakeLive was nonplayable for me a year ago because there was huge amount of them and ID did not care. And you cannot do something on your own, unlike what is possible with Urt.
                    I'd wager the people you think are cheating, are just really good at an 11 year old game.

                    Comment


                    • #55
                      Originally posted by yogi_berra View Post
                      All based on Q3A which has the same protections (and Punkbuster) but still had lag bots, aim bots, etc.
                      Without "etc", aimbot is not lag and there is no such thing as lagbot. I can easily detect aimbot, wh or speedhack. But when a person lags, it lags the whole time or at sporadic periods which equal chances to miss the target instead to hit it in the lag period. Be sure, humans are very efficient at detecting cheats. And when cheats are so covered that there is no difference to play with them or without them - they are useless.

                      Originally posted by yogi_berra View Post
                      Yeah, sure, ok. Count the number of players on OpenArena's and Urban Terror servers on any given weekend, then open Quake 3 and count them. More people play Quake 3. Hell, more people play Quake 4 which is practically dead.
                      I second that, especially urban terror. It is very popular. And people still play openarena, even after quake live is launched. Because with quake live you have no control and they only care about money, not about gameplay. Look how much people play cs 1.6, it is still very popular because of gameplay.

                      Originally posted by yogi_berra View Post
                      I'd wager the people you think are cheating, are just really good at an 11 year old game.
                      It depends on how they behave. If they hear somebody and cross their target near them over great distance they are wallling. If they target at immense speeds, but without thinking and without matching coordination they are aimbotting. And then there are players that know the maps so good, they know exactly the most common camping locations and head straight. They react very fast and think over choosing the correct weapon even before contact as in "knowing they come from there and at THAT distance" - yes I can distiguish them. And they are never aggressive if accused and very often just leave if they see skill missmatch.

                      Because the point of cheater is to provide huge favorable disbalance - they just cry from joy at annihilating opponents when bot does all for them and they laugh at clueless others seeing them with WH glass walls.

                      The point of true skilled player on the opposite is CHALLENGE, not win. They hunt for competition and GG is only when there was huge challenge!

                      There is also situation when skilled player uses cheats. It will be difficult to find out, but in the end it will be found out. And any anti-cheat will FAIL anyway(process name? Injection points? Hackable obfuscation? Oh please). Example: http://www.youtube.com/watch?v=p38X-HeD_og

                      And for your information, I never meet ANY linux people cheating. 99,999999999% of cheaters are windows users.

                      Comment


                      • #56
                        Originally posted by crazycheese View Post
                        Without "etc", aimbot is not lag and there is no such thing as lagbot.
                        On the contrary, there are "lag bots" I've seen at least one written for Doom 3 pre-1.3 before iD introduced PunkBuster. It specifically flooded specific clients, allowing the "cheater" to literally run circles around the "lagged" person.

                        It was quite fun to be on the receiving end of it and impossible to vote the douche off.

                        Comment

                        Working...
                        X