Server anti-cheat: Panacea or vestige?

In the modern world, almost every online game suffers from the cheaters: hackers find new holes for every closed one by developers. In the presence of a server, calculations developed protection mechanisms that allow you to find the cheaters based on the data available to the backend. This system is called "server anti-cheat" and is considered a real panacea. It would seem that it's a developer's dream, you no longer need to modify the client anti-cheat. The server will do everything for us! But in practice, everything turns out to be more complicated.

We will consider an example of anti speed hack for an MMORPG game to demonstrate the problems of implementing a server anti chat. The implementation problems associated not only with the actions of intruders but also with the natural development and complication of the project are underlined. The necessity of making compromise decisions is shown, especially in those cases when the protection system design occurs after the actual release of the game.

The purpose of the talk is to determine the place of server-side anti-cheat in the anti-hacking system and provide an overview of the anti-chat practices.

This talk is not related to a specific programming language. The description of algorithms is presented at the level of implementation of ideas for the development of server protection without using code. In addition to the features of anti-chat, other protection methods will be briefly presented, such as the use of game design and game statistics.

The target audience is developers (programmers, QA specialists, game designers) of multiplayer games, product managers, and people who are simply interested in games.