LANDodger: Re-thinking Anti-Cheats

BY Andrew Miesner / January 30, 2009

Mike “LANDodger” Luxion is back this week to discuss his thoughts on anti-cheats.

(This article is an editorial.  It does not necessarily represent the views of compLexity Gaming or its parent company.)

Rethinking Anti-Cheat

Back in the day there were no AC clients for online gaming in the US. If you loved Counter-Strike, you played in CAL and there was a very specific set of steps to take in the event that somebody was really, really fishy. First there would be forum controversy. The aggrieved team would post nasty rumors, perhaps a warning to other teams, along with all the accusations. The defending team would come to their teammate’s rescue, proclaiming LAN success and profusely touting that person’s trustworthiness. Then somebody would release a hack video (or two), and often the suspected hacker would gradually be socially blackballed before eventually being banned.

The process is a lot different now, but I’m not sure we’re all that much better off.

The biggest change has obviously been the AC clients, which (sometimes) provide hard evidence when people are cheating. I think we all consider them a blessing on our house, but I also think we’ve paid a price we weren’t prepared for. And I’m not just talking about the dearth of good hack movies, whose comedy and outrageousness I sorely miss.

No, I think we’ve gotten accustomed to using the clients as a crutch and a scapegoat. If a person hasn’t been caught by the client, they haven’t been cheating. If the demo is cleared by the client, the person is cleared. Even though plenty of people wouldn’t agree with those statements, I think a growing amount of people do. Worse, practically speaking I think those are the assumptions leagues are starting to operate on.

It’s okay if you don’t believe me, but let’s look at the situation from a different angle. Here are two interesting questions, in my mind:

A) If somebody was disputed five times, had all five demos cleared, but was still banned on an admin review of the demos, how would you feel about the decision?

B) Could you ever imagine a league banning somebody after five of their demos cleared their own anti-cheat client?

In the first question, I think it’s a totally different situation without the client. If somebody was disputed five times and then banned, I think we’d all say something like “IT’S ABOUT TIME.” But when the demos are cleared, even knowing that the AC client isn’t perfect and without knowing specifics about the player or situation, I think we’re a little more hesitant in passing judgment. Shouldn’t we still trust the admin’s decision considering that no program is un-hackable?

For the second one, imagine if Glockateer was banned in CEVO next season under the circumstances of part B (I’m only using his name and CEVO because it’s a familiar situation). People have been suspicious of him recently, but wouldn’t a ban send two messages?

Yes, in this hypothetical situation CEVO caught a cheater through due diligence … but he also was cleared and officially considered clean for this long. In other words, any ban that doesn’t come through the CMN is practically a PR nightmare waiting to happen. It raises all kinds of questions about how effective the clients actually are, and I don’t think any online league wants that discussion. Part of the reason AC clients are so attractive is as a deterrent. If people had living proof that they actually aren’t that hard to get around, isn’t that a huge blow to an online league’s image?

Anyway. This isn’t meant as a rant against AC clients or any specific league. On the whole both of those things are very good. But I think it’s high-time we look at the other side of the equation, the human review process, and see if there are ideas that make sense for two important reasons.

The first is that AC clients are fallible. Period. Being cleared by one simply doesn’t mean the person wasn’t hacking.

The second idea is that, personally, I think online leagues are going to play a more important part in the future of competitive gaming. They’re easier to organize and cheaper to run than LANs, which are both very important things in this economy. And technology continues to improve while pings continue to fall. Isn’t that pretty much the perfect recipe for bigger online tournaments? Even there’s more money and prestige on LAN, it’s not hard to imagine an online competition with a first-place prize of ten grand. That’s a lot of incentive to cheat.

In any event, relying on a client simply isn’t enough. There are too many ways to get around it, and no matter how secure you make it, somebody will find a weakness.

With that in mind, here are some crazy ideas to improve the admin review portion of the anti-cheat process that have been floating around in my head. In the interest of full disclosure, I will now willingly admit that I am not an anti-cheat expert. Some of these might not be practical. Some of them might be ridiculous. In fact, I’m sure that the ideas lean that way.

Still, I think improvements are always worth discussing, and while I don’t think these are perfect ideas or that they’d be easy to implement, at the very least I hope to start that discussion. Let’s do this.

Review Multiple Demos in One Dispute

I’ve always thought that when an admin reviews a demo, at the most basic level he/she is looking for abnormal, unjustified behavior – a pre-fire, the perfect peek, a perfectly timed nade/flash, or things of that nature. Obviously, getting five headshots in five bullets while snapping your aim around wildly would also be a bit abnormal.

The problem then becomes defining abnormal.

A specific nade might be common practice for one person and totally unexpected to another. Players get hunches, they get lucky, or any number of things might happen over the course of one demo that can explain away suspicious behavior.

But if you’re watching a player over the course of, say, five demos, things you initially thought were isolated incidents might look more like patterns. The disputed player always makes the right decision about whether to flash when the other team is faking at his site. Or he always peeks at the right time on pistol rounds/clutch rounds, but acts like a dufus at any other point in the match.

Basically, the more information an admin has at his disposal, the more informed his opinion becomes, and the more he is able to differentiate between luck, instinct, and things that have a pattern of happening because the player knows something he shouldn’t.

Obviously, the difficulty here is that some unlucky admin now has to watch three demos instead of one. Which brings us to …

Have a Tiered Review Process

This is a two-parter, but to sum it up I’ve never understood why the process is essentially the same no matter how many times a player is disputed, or the circumstances surrounding the dispute.

I mean, can’t we all agree that a player disputed ten times in the span of a season is a little more suspicious than a guy who plays on a mediocre team disputed once in the middle of the season? Or that a player disputed three times at the Invite/Professional level is more suspicious than one disputed three times at the Open level? Not all disputes are created equal, right?

A tiered review process would certainly make the previous idea more tenable – you don’t want an admin reviewing five demos every time somebody is disputed. That’s a totally unrealistic workload.

Anyway. The basic idea is that people who keep popping up in the dispute queue would get more attention than a first-timer, and that people accused of cheating by guys like clowN, fRoD, zid, n0thing, or any other professional-level player, would get a little more attention as well, which is probably warranted considering the source and the fact that the top-level guys are playing for the biggest prizes.

Make Voice Recordings Mandatory

Of all the ideas, I think this one makes the most sense in terms of workload vs. benefit.

One of the things I hate the most about watching competitive CS is that it’s too hard to tell when somebody had an amazing bout of intuition, or when they were just following a call from a teammate.

Basically, when you’re watching a match you’re trying to keep tabs on ten people at the same time. You miss some things. Then somebody makes an amazing prefire in the ninth round seemingly out of the blue. Did he do that because the same guy has been in the same spot at the same time for the previous eight rounds? Was it a lucky guess? Was his rotation that good because of something his teammates said?

Without hearing what the players are saying, there’s a lot of missing information. This is true even if you’re just watching one person – perhaps moreso because you don’t see anything his teammates are doing. I think we all see the implications that would have on the demo review process, right?

Having players use ingame communication, or barring that requiring a ventrilo recording with the demo, fills in a lot of potential blanks. You’re one step closer to having all the information the player has at his disposal during the match, and I think that means you’re also one step closer to finding out whether a prefire was justified.

All these thoughts come down to this: imagine you’re in the Finals of an online league. The team you’re facing has been disputed twice already in the playoffs, and you dispute them after losing a close match. Do you want the admin reviewing one demo with no voice chat? Or do you want him reviewing all the demos from every dispute while hearing everything his teammates told him during the match?

I know which one I’d pick. I just hope the resources are available to make it happen or take a step in that direction.

Is there anything you’ve always wanted included in the AC process?