Introduction
This research will look deeper into cheating in online video games through a qualitative and quantitative analysis of available academic and non-academic resources. Research will focus on how players cheat, how cheating can harm online video games, and how to combat cheating. This review will support the hypothesis that effectively combating cheating in online multi-player video games is extremely important to a game’s success.
Background
To better understand cheating in video games, we must first understand what it means to play a game and what elements make up a game that can be manipulated and exploited by a cheater. In the book The Grasshopper: Games, Life and Utopia, Bernard Suits develops the concept of what it is to play a game and the four elements that make up a game. In Suits’ initial definition, he states that “to play a game is to engage in activity directed towards bringing about a specific state of affairs, using only means permitted by rules, where the rules prohibit more efficient in favour of less efficient means, and where such rules are accepted just because they make possible such activity” (Suits, 2005, pp. 48–49). Suits further breaks down this statement into four key elements of game playing: the goal, the means of achieving the goal, the rules, and the lusory attitude (Suits, 2005, pp. 49–50). [The lusory attitude is the mentality a player brings to the game and the willingness to accept the rules of the game (Suits, 2005, p. 54).] These four elements provide a foundation to which we can associate cheating activities. However, we need first to establish Suits’ final definition, “To play a game is to attempt to achieve a specific state of affairs [prelusory goal], using only means permitted by rules [lusory means], where the rules prohibit use of more efficient in favor of less efficient means [constitutive rules], and where the rules are accepted just because they make possible such activity [lusory attitude]” (Suits, 2005, pp. 54–55). Simplified: “playing a game is the voluntary attempt to overcome unnecessary obstacles” (Suits, 2005, p. 55).
Now that we have a foundation for what it means to play a game, we need to label those who intend to play a game counter to its four elements. Suits utilizes three categories to group these players: triflers, cheats, and spoilsports (Suits, 2005, p. 60). Triflers “recognize rules but not goals,” according to Suits, and are the players who follow the rules but create their own goals, such as instead of working with my team to capture the flag, I’m going to run around and collect flowers (Suits, 2005, p. 60). Cheats are the players who look for ways to gain an advantage and accomplish the game’s goals through exploits, hacking, or other technical manipulation. They are described by Suits as players who “recognize goals but not rules” (Suits, 2005, p. 60). Finally, the spoilsports are the players who “recognize neither rules nor goals” and will utilize cheats and exploits to accomplish their own personal goals rather than the game’s defined goals (Suits, 2005, p. 60). While cheats and spoilsports are detrimental to a game’s community, spoilsports are the most toxic and damaging. For example, a spoilsport may utilize a hack to instantly kill players across the map and then utilize that hack to ensure the entire enemy team dies the moment they spawn. On the other hand, players follow the rules to achieve the goal and “acknowledge the claims of both the game and its institution, triflers and cheats acknowledge only institutional claims, and spoilsports acknowledge neither” (Suits, 2005, p. 60). Now that we understand the different types of counter-game players, let us explore their motivations, impact on the ludic culture of the game, and potential impact on the business that developed the game.
Throughout this examination of cheating, the focus will be on cheats and spoilsports, lumped together as cheaters, and the methods employed by cheaters, which are counter to the lusory means and constitutive rules of an online multiplayer video game. I will not examine the prelusory goal or lusory attitude except when such analysis would support a better understanding of cheaters and anti-cheat solutions.
Literature Review
There is limited academic research within the subfield of anti-cheating solutions for video games. Many papers lead back to the extensive research conducted by Mia Consalvo and published in the book Cheating: Gaining Advantage in Videogames. This book represents a compilation of multiple articles or chapters she wrote for other publications covering cheating methods, how players gain advantage in video games, and the study of games and ethics (Consalvo, 2007, p. vii). She establishes that cheating has always been a part of gaming culture, especially when professional-level gaming is involved (Consalvo, 2007). There is also existing research into esports gambling and its associated corruption, which is outside the scope of this paper (Kowert & Quandt, 2021, p. 73). There is extensive, non-academic content related to both sides of the dyad of cheat/anti-cheat. This non-academic content covers the ever-evolving field of study where players develop new cheats for video games, and video game companies work to develop new anti-cheat solutions. This research incorporates academic and non-academic resources to provide a more complete and current field analysis.
Methodology
My analysis of cheaters, cheat methods, and anti-cheat methods will be a combination of qualitative and quantitative analysis. Qualitative analysis will be utilized to answer the questions: in what ways do players cheat in online video games? and is cheating in online video games harmful?. A quantitative analysis will help answer the question: what methods exist to combat cheating in video games?. Applying quantitative analysis for this last question will help identify the more popular and effective solutions. Answering these questions this way will help support the hypothesis and contribute to the field.
In what ways do players cheat in online video games?
Each of the four elements Suits defined can be a pathway for cheating. Within online multiplayer video games, cheats often target the lusory means and constitutive rules elements. These often focus on software modifications and specially designed apps or tricks the player can incorporate to gain an advantage outside the defined ludic elements. These cheats commonly include aimbots, wallhacks, lag switching, and movement scripts/autonomous bots (Spijkerman & Ehlers, 2020, pp. 87–88) (Edwards, 2023, p. 1).
One form of cheating involves a tool called an aimbot which is an autotargeting app that automatically aims the player’s weapon at the targeted character’s head, enabling the cheater never to miss a perfect shot. An aimbot is often coupled with a maximum-damage, long-range weapon, resulting in an instant kill. “Think how annoying it would be if you were playing a first-person shooter (FPS) online game and a player used an aimbot, able to get a headshot on you instantly with no chance of fighting back” (Edwards, 2023, p. 2).
Another form of cheating is wallhacks, “which provide the user with visual information they would not usually have … includes enemy players’ position, health, and equipment” (Spijkerman & Ehlers, 2020, p. 87). The most common form of a wallhack will highlight or place boxes around enemy players, irrespective of what obstacles may exist in the field of view, granting the cheating player the ability to know the location of every player. This advantage allows the cheat to anticipate enemy movements and be fully prepared to kill them. In more complex implementations, the wallhack can allow shooting through obstacles that should have been protecting the opposing player.
A third common form of cheating is lag switching. With this form of cheating, players are “deliberately cutting off supply to the internet at coordinated intervals that benefit them” (Edwards, 2023, p. 2). Such actions can trigger a delay in an online video game when the client stops sending data to the server, causing the server to use predictive algorithms to guess where the player’s character should be and transmit that location to nearby players. The cheating player then reconnects the internet connection after moving in a different direction. As the other players begin shooting at the predicted location, the player’s location data syncs with the server, and suddenly the cheating player’s character moves, making it impossible to hit them.
The final forms of cheating I will review are movement scripts and autonomous bots. These “allow a user to abuse game mechanics that increase player movement” or even allow the cheater to completely automate their character (Spijkerman & Ehlers, 2020, p. 88). I have coupled these two forms of cheating together due to the nature of fully autonomous bots being an evolved form of movement scripts, in my opinion. The simplest form of movement scripts are macros, which trigger rapid keystrokes or button combinations. These can enable the player to move and execute attacks faster than would normally be possible by non-cheating players. The evolution of movement scripts is to combine them with aiming and interaction scripts to fully automate a character’s interaction with the ludic elements. This allows the cheating player to level up their character or collect resources without being physically present.
Is cheating in online video games harmful?
Jeffery Grant, in his paper Video Game Anti-Cheat Software and Its Importance to a Game’s Success, examined video games that leveraged effective anti-cheat software and those that did not. His research determined that anti-cheat and anti-hacking software will “at some point in some way affect how the game will maintain an ability to grow or succeed” (Grant, 2022, p. 9). While it is possible for a game developer to create his/her own solutions for addressing these cheats and hacks, it requires considerable knowledge, experience, and time to keep up, and “as the ability to produce better technologies continues to grow, so does the power of the systems and software designed to alter or sabotage those systems” (Grant, 2022, p. 1). Instead, there is an ever-growing industry of third-party solutions whose primary business is to develop ways of identifying and addressing cheaters. Grant’s research examined the growth of the ludic community of two popular video games: Counter Strike: Global Offensive (CS:GO) and Valorant. Grant determined that “GS:GO was losing players long before Valorant had stepped on the scene due to their toxic cheating culture” due to a weaker anti-cheat system than what Valorant chose to implement (Grant, 2022, p. 8). According to Grant’s research, “a game can’t grow properly without a constantly growing and evolving player base that plays the game in a varied way…and gains players consistently to fund or fuel any relevant changes” (Grant, 2022, p. 9). Anti-cheat software reduces the negative influence cheaters bring to a ludic community, allowing the community to grow and the game to flourish.
What methods exist to combat cheating in online video games?
There are various options available to game developers and designers that can be implemented to address cheats and hacks both at the player’s end and at the online game’s hosted servers. Video game designers and developers need to consider the variety of ways a cheater can attack the ludic elements of their game and the various solutions available. These solutions vary in complexity and features provided and can be off-the-shelf third-party solutions or custom code written by the game developer.
Individual developers can write custom code into games to protect variables stored in memory, detect file tampering, detect speed hacks and time cheating, and encrypt data transmissions over the internet. Following industry best practices for secure software develop can help. Developers should familiarize themselves with the OWASP Top Ten, OWASP Cheat Sheet Series, OWASP SAMM, and the OWASP Web Security Testing Guide which provide detailed guidance on securing the components that enable online game communications between the client and the server (web applications) (OWASP, 2023). Various companies and independent developers have also published guidance or tools to help document secure software development practices or provide in-game protections:
Secure Software Development Lifecycle Resources
- National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF) https://csrc.nist.gov/Projects/ssdf
- Unity SSDLC https://github.com/UnityTech/unity-ssdlc
- Microsoft Security Development Lifecycle (SDL) https://www.microsoft.com/en-us/securityengineering/sdl/practices
Secure software development tools and platform-specific addons
- Microsoft Security Engineering Resource List https://www.microsoft.com/en-us/securityengineering/sdl/resources
- SCUE4 Anti-Cheat Solution – Unreal Engine Asset Store https://www.unrealengine.com/marketplace/en-US/product/scue4-anti-cheat-solution
- Anti-Cheat Toolkit 2023 – Unity Asset Store https://assetstore.unity.com/packages/tools/utilities/anti-cheat-toolkit-2023-202695
These solutions provide the developers and designers with solid software development practices and quick-to-implement solutions. Ultimately, while necessary foundational practices, these DIY solutions do not hold up to the cheat-stopping power of professional anti-cheat software.
Professional anti-cheat software is predominately available in server-side and kernel-level solutions, with both working towards the same goal: “to prevent cheats from being used in a game” (Edwards, 2023, p. 1). The most effective form, and the most controversial, is kernel-level anti-cheat software. This software “runs at the core of a computer’s operating system and can detect if a player is using an unauthorized process to give them an unfair advantage in a video game” (Pilipovic, 2023b, p. 1). However, running at this level on a computer also grants the anti-cheat software an unrestricted view of the activities that occur on the computer, which may have nothing to do with cheating.
In the article The Cost of Fair Play: Advancing Anti-Cheat Technology in Online Video Games Raises Data Privacy Concerns, law student Alex D’Aloisio explains that “developers have great incentive to keep the details of their anti-cheat methods a secret,” which results in a lack of visibility into how invasive anti-cheat software may be and can lead to opportunities for consumer privacy violations (D’Aloisio, 2021, p. 1). He explained that one challenge is applying data privacy laws like the European Union’s General Data Protection Regulation (GDPR) to anti-cheat software, which relies on having access to private consumer data (D’Aloisio, 2021, p. 2). Another concern with kernel-level anti-cheat software is that software operating at this level within a computer can result in a crash, “an error in the kernel brings downs down the whole system, usually in the ubiquitous Blue Screen of Death” (Menegus, 2022, p. 1). A third concern with kernel-level drivers relates to the potential for exploitation by hackers who would gain unrestricted access to a computer system if a vulnerability in the anti-cheat software could be exploited at the kernel-level (Pilipovic, 2023a, p. 1). Despite these concerns, kernel-level anti-cheat software remains the go-to solution due to effective cheat detection capable of protecting the ludic integrity of a game (Grant, 2022).
Figure 1
Kernel-level anti-cheat software implementations by game count.
(Pilipovic, 2023b, p. 3)
Top anti-cheat solutions available for use by game developers/designers:
- Easy Anti-Cheat, Epic Games, free for games utilizing Epic Game Services, https://www.easy.ac/, operates at kernel-level and is the most utilized solution world-wide (Epic Games, 2023a)(Epic Games, 2023b).
- Valve Anti-Cheat (VAC), Valve Corporation, free for games published on Steam (part of Steamworks), Valve Anti-Cheat (VAC) and Game Bans (Steamworks Documentation) (steamgames.com), does not operate at kernel-level, used by 500+ games (Steam, 2023a)(Steam, 2023b).
- XIGNCODE3, Wellbia, paid, https://wellbia.com/, utilized by Korean game studios (Wellbia.com, 2023).
- BattlEye, BattlEye Innovations, paid, https://www.battleye.com/, independent of any game studio (BattlEye Innovations, 2023).
- PunkBuster, Even Balance Inc., paid, http://punkbuster.com/, possibly abandoned (Even Balance, 2023).
- nProtect GameGuard, INCA Internet Corp., paid ($30,000 per game per year), https://gameguard.nprotect.com/en/index.html, utilized by Korean game studios (INCA Internet Corporation, 2023).
(Pilipovic, 2023b)(SteamDB, 2023)(AreWeAntiCheatYet, 2023)
Multiple free and paid solutions are available to meet the anti-cheat needs of game designers and developers. The top solutions are free to implement at the cost of utilizing their respective platforms or distribution solutions. While this may be viewed as limiting market reach, a game designer needs to weigh that limitation against the potential gains.
Results / Discussion
Based on the research, players will always be working to find ways to cheat in online video games. It is also equally clear that game designers and developers will struggle to keep up without implementing professional anti-cheat solutions. While individual developers can and should include secure software development practices in the software development lifecycle, such activities will not be enough. Incorporating a quality anti-cheat software solution that is actively maintained is critical to the growth of an online video game’s ludic community.
Conclusion
Given the results of this research, it is clear that the cheat/anti-cheat research subject will require ongoing research efforts at the academic level. The players developing and using novel cheat methods will continue to grow, necessitating an equally strong response from game designers and developers to ensure the possibility of prosperity in the online ludic community. Anti-cheat software developers and game designers should seek cybersecurity best practices for additional methods to block and address cheating. It is also necessary to closely monitor the new developments in generative AI and the potential impact on cheat and anti-cheat software development.
References
AreWeAntiCheatYet. (2023). AreWeAntiCheatYet. Retrieved December 4, 2023, from https://areweanticheatyet.com/
BattlEye Innovations. (2023). BattlEye. BattlEye. Retrieved December 5, 2023, from https://www.battleye.com/
Consalvo, M. (2007). Cheating: Gaining advantage in videogames (Annotated ed.). The MIT Press.
D’Aloisio, A. (2021, October 4). The cost of fair play: Advancing anti-cheat technology in online video games raises data privacy concerns. Journal of High Technology Law at Suffolk University Law School. Retrieved December 4, 2023, from https://sites.suffolk.edu/jhtl/2021/10/04/the-cost-of-fair-play-advancing-anti-cheat-technology-in-online-video-games-raises-data-privacy-concerns/
Edwards, B. R. (2023, June 17). What is anti-cheat software, and how does it work? MakeUseOf. Retrieved November 30, 2023, from https://www.makeuseof.com/what-is-anti-cheat-software/
Epic Games. (2023a). Anti-cheat interfaces. Epic Games ONLINE SERVICES. Retrieved November 7, 2023, from https://dev.epicgames.com/docs/game-services/anti-cheat/anti-cheat-interfaces
Epic Games. (2023b). Easy ANTI-CHEAT. Easy ANTI-CHEAT. Retrieved November 7, 2023, from https://www.easy.ac/en-us/
Even Balance. (2023). PunkBuster. PunkBuster. Retrieved November 20, 2023, from https://www.evenbalance.com/index.php
Grant, J. (2022). Video game anti-cheat software and its importance to a game’s success. ADMI 2022: The Symposium of Computing at Minority Institutions. Retrieved November 8, 2023, from https://par.nsf.gov/biblio/10344948-video-game-anti-cheat-software-its-importance-game-success
INCA Internet Corporation. (2023). nProtect GameGuard. nProtect. Retrieved November 22, 2023, from https://gameguard.nprotect.com/en/index.html
Kowert, R., & Quandt, T. (2021). The video game debate 2. Routledge. https://doi.org/10.4324/9780429351815
Lukas, M., Tomicic, I., & Bernik, A. (2022). Anticheat system based on reinforcement learning agents in unity. Information, 13(4), 173. https://doi.org/10.3390/info13040173
Menegus, B. (2022, January 30). What’s the deal with anti-cheat software in online games? WIRED. Retrieved November 7, 2023, from https://www.wired.com/story/kernel-anti-cheat-online-gaming-vulnerabilities/
Merriam-Webster. (n.d.). Ludic. Merriam-Webster.com dictionary. Retrieved November 29, 2023, from https://www.merriam-webster.com/dictionary/ludic
OWASP. (2023). OWASP Projects. Retrieved November 29, 2023, from https://owasp.org/projects/
Pilipovic, S. (2023a, March 24). What kernel-level anti-cheat is and why you should care. Levvvel. Retrieved November 30, 2023, from https://levvvel.com/what-is-kernel-level-anti-cheat-software/
Pilipovic, S. (2023b, August 9). Every game with kernel-level anti-cheat software. LEVVVEL. Retrieved November 7, 2023, from https://levvvel.com/games-with-kernel-level-anti-cheat-software/
Spijkerman, R., & Ehlers, E. M. (2020). Cheat detection in a multiplayer first-person shooter using artificial intelligence. CIIS ’20: Proceedings of the 2020 3rd International Conference on Computational Intelligence and Intelligent Systems, 87–92. https://doi.org/10.1145/3440840.3440857
Steam. (2023a). Steam game search filtered by Valve Anti-Cheat enabled. Retrieved December 6, 2023, from https://store.steampowered.com/search/?sort_by=Released_DESC&category2=8
Steam. (2023b). Valve Anti-Cheat (VAC) System. Retrieved November 7, 2023, from https://help.steampowered.com/en/faqs/view/571A-97DA-70E9-FF74
SteamDB. (2023). What are games built with and what technologies do they use? Retrieved November 24, 2023, from https://steamdb.info/tech/
Suits, B. (2005). The grasshopper: Games, life and utopia. Broadview Press.
Wellbia.com. (2023). Wellbia XIGNCODE3. Wellbia. Retrieved November 22, 2023, from https://www.wellbia.com/
Douglas Evans
Lindenwood University
CAH 51000
Dr. Jeremy Painter
December 8, 2023