PhormTheGenie

Vixen. Genie. Vixdjinn!

Hi! I'm Phorm, and I'm a Vixdjinn!

A Friendly Vixdjinn Says Hello!

I'm a genie girl, who really likes being a genie, and really likes everything about genies (really)! I'm a bit confused, lost, and trying to find my way, but I always enjoy interacting with folks here. (Trans🏳️‍⚧️, occasionally NSFW, Be 18+ or please be gone.)

A Genie Bottle, With A Rising Wisp of Pink Smoke In The Shape Of a Heart

See here for the Genie Lore Index!

Profile Art credit to CinnamonSpots!

Avatar by DVixie
Banner image by BlackShirtBoy



I've gone on about this at length before, but I was hoping I might be able to throw this question out to the general CoHostaverse to see what people's feelings are.

These days, a lot of software (particularly games of many stripe) are supported by and require Anticheat software. Anticheat can take many shapes, but usually is it some manner of software that is granted very high privileges, and is allowed to operate in obfuscation without user intervention or visibility. There are a lot of different opinions on such software, in either direction.

My question for you all: Is anticheat software a vulnerability? Is anticheat software fundamentally unsafe?

Do you trust anticheat software? If your favorite game suddenly demanded it, would you install it? Or drop the game entirely?


You must log in to comment.

in reply to @PhormTheGenie's post:

That's been my policy for a long while now, myself. Usually anticheat engines tend to hate that I run certain power tool applications, like Process Explorer. And I hate the overhead.

These days, though, it feels a little like I'm only spiting myself. So many social experiences tend to require some manner of anticheat, and it's really hard to explain why I'm so against it and won't participate. I wonder if I'm being unreasonable.

I remember hearing stuff about Valorant having an anti-cheat which had some of the same problems as the infamous root-kits that came with games and CDs.

I understand the need for robust anti-cheat (see how broken Call of Duty has gotten when it's lacking) but it's very intrusive and an actual drain on performance in many games. :(

Yeah, Valorant was the most egregious example in recent memory for sure. And scary, to say the least, given the behavior.

I do also understand the need, in certain situations and for certain software. I'm still totally perplexed by, for example, EasyAntiCheat being added to VRChat. I haven't touched it since :(

I haven't played in that space, but I did hear about that. I wonder what prompted the switch. As far as I knew, being able to change your model on the fly was part of the deal. Maybe it's their attempt to lock-down stuff you buy in VR Chat or for proprietary use? Either way, ick.

As a competitor and tournament organizer, my experience is that all anti-cheat software necessarily creates false positives, and makes software less performant and more dangerous. It also can't actually solve the problem, because cheating isn't any one technology or software but a social behavior enabled by everything from software to hardware to social engineering.

The most effective tool for detecting the most common forms of cheating is to provide good tools for moderating who's allowed to join a server, tournament, or game, and allow human beings to audit a player's inputs and behavior on replay. Cheating is a social behavior no different than bad behavior in chat, and it has social solutions that are enhanced by software BUT automated solutions tend to suck for all the same reasons that automated chat moderation tends to suck. Since the means of detecting cheating is usually client-side instead of server-side, it tends to suck even more than usual.

What you say makes a LOT of sense regarding the more efficient ways to moderate and regulate spaces to avoid people using cheats. Automation never solved a social problem it didn't make worse... And I completely agree that said software doesn't actually address the issue it was designed to address, but instead just makes the end user's system run worse, and more vulnerable!!

Thanks much for your input and your perspective on this! I do appreciate it.

Thanks for listenin'!

I wish I had a better answer because I feel like if I presented this to the director of a pvp game with 10k+ DAU they're going to be like: "you are suggesting that as long as the service is running, we perpetually throw money and labor at this problem, when EAC is a license purchase and an engineer's afternoon".

Avoiding invasive anti-cheat stuff is a good excuse to never play competitive shooters, but really I just don't like the emotional state they induce. If I had a good reason to, I might tolerate an anticheat program, but - also, my gaming PC is effectively secondary to my laptop and phone, where I do all my social communication. It has Discord, but only so I can stream stuff from there...

I could leave competitive shooters in the bin where they belong, but when EAC is a requirement to use the best VR software available, and I miss out on that, it starts to feel pretty bad to me.

I'm not sure I'm in a place where I could tolerate such an invasive piece of software, yet, but I look at what I have up almost a year ago and it still stings.

i'm one of those people who just doesn't give a rat's behind about this stuff. i have heard of zero cases of actual exploitation of anticheat software, though i could be underinformed here.

but it feels a bit like the hubbub about anti piracy stuff like denuvo. i support piracy absolutely but most of the antidenuvo stuff seems to be on principal rather than any practical effects on paying customers. like, it certainly has effects on PC performance but at the end of the day that feels like a really small fry thing.

so that's my view. on principal, the anticheat stuff is crappy. but in my reality at least it has caused zero problems and i feel like the issue is significantly overblown.

ymmv of course! this is generally not the kind of thing that causes me any anxiety in the first place, so that informs my opinions first.

I mean, honestly this is what I was wondering most of all.

My main hangup right now is that VRChat, which is arguably the best and ONLY thing to do with VR hardware, requires EasyAntiCheat installed and running. And like, part of what gets to me are the security issues inherent in letting a program like that run whenever it wants at elevated privileges.

But, I look around, and like... I'm obviously weird for having that concern? Because there are a ton of people who play VRChat without so much as a mote of hesitation. And other games, beyond that!

I'm really trying to gauge how much of my aversion to this stuff is practical and merited, and how much of it is just my being unreasonable.

I mean, there are clearly a lot of people who haven't had a problem, and it's causing them no harm...

you gotta have a line somewhere! i'm willing to do something because for me the reward outweighs the costs. but if it was more concerning or anxiety inducing to me, then it would be different or harder.

i tend to not want to deny myself something purely on principle since my suffering helps nobody. but there are certain principles that are strong enough (cough AI cough) that i will refuse to cross that line. (plus a bunch of ethical concerns, etc)

so yeah, i just want folks to consider that balance for themselves so they can land where they are happiest!

considering it behaves exactly like malware does, I consider anticheat software to be fundamentally unsafe. there are server-side ways of keeping players honest. and plenty of potential and incentive for ~AAA~ companies to abuse these privileges.

It's a hell of a difficult decision, isn't it? The best VR chat software paired with the crummiest anticheat software.

The expensive solution would be to put in a separate VR-only OS install that is the OS and the game and whatever's required to run it (Steam, etc) - or to have VR running off a different box entirely. If it's demanding the right to sniff around in your computer, maybe the best solution is to ensure there's nothing in the box to find.

But that's a pain in the best case scenario. So I dunno. I tend to avoid games that use anti-cheat, but you seem to really love VR (and I can't blame you, everything you've posted about it sounds lovely.)

Honestly, you're not wrong. It's just so utterly challenging and difficult to execute - Duplicate hardware is the safest approach, but also the most costly and cumbersome.

And the decision is Super difficult. There are a ton of people who have zero issue with EasyAntiCheat, who are actively participating in VRChat as we speak, who don't care or mind or lose any sleep about this subject. And they seem fine! But then, I'm not sure if this is an 'ignorance is bliss' thing - In which case, the correct option is being safe.

I'm making a lot of noise about it because I recently discovered (without ever entering the game) a trans public world that looks like it could be an excellent place to hang out - Basically the exact opposite of most places in the game. And like, this might be a way to actually find a sense of place and belonging within a trans community, even if it's only virtual. So this could be a potential solution to some of the previous issues I've struggle with in there. And yeah, getting back into 'my' body is... I really miss that. And even more practically, I have all this VR hardware just sitting here, unused!!

At the end of the day, though, I should just realize I'd flub even this. That I wouldn't have the time to invest, nor the social skills or social capital. And that, as cool as VR is, well, it's mostly just a passing fad.

"Is anticheat software a vulnerability?"
Yes, objectively. Your computer is more vulnerable to threats that more people know about and are incentivized to use. So if a brand of anti-cheat software has a vulnerability, and hackers know about it, then everyone out there using that anti-cheat software is a potential victim. The more popular the games become, the greater the vulnerability. And you're at the mercy of gaming companies. 😬 And they made you agree to an EULA that says they're not responsible for damage to your computer.
Companies regularly lie about their root-kit technology and rarely, if ever, face repercussions. https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

"Do I trust anticheat software?"
Trust isn't binary. How much do you trust your software? Do you trust Apple, Microsoft, Sony, EA, and Tencent all at the same level?
That said, I can barely keep my computer running when it's got the right software on it, let alone a rootkit that, by definition, is reducing performance. It's enough to make you want to get a gaming rig.

Everything you say is, of course, very true. I remember the Sony Rootkit thing.

Hell, I remember when SecuROM and Starforce were actively destroying computer hardware. I'm still pretty sure that a long time ago, Denuvo thrashed one of my harddrives into failing. And looking at the AntiCheat solutions that are required for modern gaming? I'm just waiting for the other shoe to drop, and the headline to break that says "Gamers compromised in massive numbers thanks to EAC".

You're right that trust isn't binary, that's a very good point. It's just that I am shit at threat analysis. And I wonder if my decision on this matter isn't hurting me, and me alone.

I think the thing for me at this point is that it sucks, and is bad, but it’s genuinely hard to draw a line between it and all other modern software for me.

If you use chrome or a chromium based browser? It spies on you. Do you use a search engine? It spies on you. Do you use a cellphone? It spies on you. Do you go to a website? It spies on you. Game console? Spies on you.

At this point if you have a TV more than ten years old it spies on you! Hell, some fridges do.

Any piece of software that connects to the internet, which is all of it, could have a security exploit.

So unless I live in a concrete box and never go on the internet and use a landline (something that technically doesn’t even exist anymore, because landlines just connect to the internet somewhere down the pike), something is collecting data on me somewhere.

This sucks! But the only way it’ll change is systemic action.

So if all that is happening anyway, it doesn’t seem like that big of a cost to have one more thing that might collect my data, and might expose me to the to vulnerabilities, for the feeling of being embodied as a blue tigress in a room of friends all over the world.

And thus, I sigh, and hope someday I will get my shot at helping to make systemic change. But it ain’t there yet and I can’t afford a plane ticket to see my boyfriend every week but I sure can hop into VR.