Some things are harder, but for starters a few ideas:
Either check that the reported positions of players, their movement speed, etc are consistent to what the game would allow you to do (don’t fly, don’t go faster, don’t go through walls,…) or only accept player input, process it server side and then send positions etc back to the client. (You can do some local interpolation, but the server wins, when there’s a miss match). That should get rid of flying, no clip, teleportation, evasion of projectiles, … You can also analyze the inputs for abnormal behavior like the precision with which you aim for the (center of) the head, aiming through walls, etc.
Do all hitscan and projectiles etc. server side. Never let clients report that they’re hitting other players. This is calculated on the server.
Do only report other player positions when they’re on screen or almost on screen. If the client doesn’t know where the enemies are, wallhacks are impossible or harder (note that some information may be transferred to the client for the sake of spatial audio etc!)
And so on. Do not, never ever, rely on client side data or validation. If a cheat program can alter the client, it can alter the data it sends. How do you ensure, that the client is actually official and “your code”, when it can tell you anything it wants to tell you? You can only make it harder for others to impersonate your client, but never impossible. Especially on PC, when you can execute just about any code you want?
All of those things are already computed on server. The purpouse of anti cheat is to not let computer to game for you. To not precisely click heads, step out of danger within 1ms of seeing it or reliably hit timings and combos. Such things can be hard to detect, and it is an ongoing battle between detectors and cheats. And ordinary people are on the loosing side, as they face forced kernel rootkits, false cheat detections and grace periods during which cheaters are still allowed to play.
Which is what server side AC solves, they don’t want to do it because of money and expertise required vs here have a rootkit.
VACnet has always been like this, trained on all the games played. It’s had its problems sure, but I have never had to install a rootkit to play their video games. That’s the baseline any other game should be achieving.
Some things are harder, but for starters a few ideas:
Either check that the reported positions of players, their movement speed, etc are consistent to what the game would allow you to do (don’t fly, don’t go faster, don’t go through walls,…) or only accept player input, process it server side and then send positions etc back to the client. (You can do some local interpolation, but the server wins, when there’s a miss match). That should get rid of flying, no clip, teleportation, evasion of projectiles, … You can also analyze the inputs for abnormal behavior like the precision with which you aim for the (center of) the head, aiming through walls, etc.
Do all hitscan and projectiles etc. server side. Never let clients report that they’re hitting other players. This is calculated on the server.
Do only report other player positions when they’re on screen or almost on screen. If the client doesn’t know where the enemies are, wallhacks are impossible or harder (note that some information may be transferred to the client for the sake of spatial audio etc!)
And so on. Do not, never ever, rely on client side data or validation. If a cheat program can alter the client, it can alter the data it sends. How do you ensure, that the client is actually official and “your code”, when it can tell you anything it wants to tell you? You can only make it harder for others to impersonate your client, but never impossible. Especially on PC, when you can execute just about any code you want?
All of those things are already computed on server. The purpouse of anti cheat is to not let computer to game for you. To not precisely click heads, step out of danger within 1ms of seeing it or reliably hit timings and combos. Such things can be hard to detect, and it is an ongoing battle between detectors and cheats. And ordinary people are on the loosing side, as they face forced kernel rootkits, false cheat detections and grace periods during which cheaters are still allowed to play.
Which is what server side AC solves, they don’t want to do it because of money and expertise required vs here have a rootkit.
VACnet has always been like this, trained on all the games played. It’s had its problems sure, but I have never had to install a rootkit to play their video games. That’s the baseline any other game should be achieving.
So, nothing that can defeat a good aimbot or limited wall-hack then, and a lot that would interfere with lag compensation.
I mean yeah, all that can be done server side should be, but there’s a lot that can’t be.