i3D.net logo in blue
i3D.net logo in blue

Blog

To ban or not to ban: Comparing server- and client-side anti-cheat solutions

To ban or not to ban: Comparing server- and client-side anti-cheat solutions

anti-cheat FairFight i3d
Jaunius Satkauskas - Product Marketing Manager at i3D.net
Jaunius Satkauskas
Product Marketing Manager
Linkedin
14 March 2024

This article looks at the critical question of how to handle cheating in games. It analyzes the two types of anti-cheat solutions and their various approaches not countering the problem.

Table of Contents

The difference between client-side and server-side anti-cheats

There are two types of anti-cheat solutions: client-side and server-side. They differ inherently in how they detect and act upon unfair play.

Client-side anti-cheat solutions

Client-side anti-cheat digs into RAM and looks for things that have been installed. Because anything that the client has access to can be manipulated, even if it’s encrypted, this is a time-consuming process. What the cheat developers do is that they, in the beginning, will pay a lot of attention to your game. By reverse-engineering the game and breaking down its code, they can find the game’s signatures or the specific parts of the code that can be exploited. The anti-cheat software looks for the cheat signatures on the client’s machine and bans them if they are found.

Server-side anti-cheats

  • There is a catch: The user should not feel that a compromise is being made between quality and availability. Laggy streams or undependable services thus quickly see a loss in viewership and a decreasing permanent audience base.

Server-side anti-cheats work by using real-time in-game player information for statistical analyses. They do not scan the player’s files, or require any software installed on the client’s side. They collect player data based on actions in the game. Based on the normal distribution of kills, deaths or whatever parameter is chosen, server-side anti-cheats create alerts and execute pre-set actions when a player’s in-game performance is significantly better than the determined average player performance or their own past performance with little to no false positives. The only downside of a server-side anti-cheat is the time needed initially to gather enough player data to determine the normal distribution of player performance.

How do cheat developers work around anti-cheat solutions?

To work around client-side anti-cheats, cheat developers pay attention to banning reports. Once they notice that players with a specific cheat signature are getting banned, they will turn the cheat off, rewrite it within a day or two to make it undetectable and the cheat continues to live on. It is essentially a game of cat and mouse, where cheat developers are always in the lead and anti-cheat providers are always looking for updates in the cheat market, updating their databases when new cheats are identified. This reactionary approach is naturally not ideal. A more proactive strategy such as deploying server-side anti-cheat solutions can take game developers ahead of the curve and counter cheating at the source.

Server-side solutions make cheating harder

It is significantly more difficult to work around server-side anti-cheats, as it does not rely on “finding” the cheats on the player’s computer but rather looks for anomalies in gameplay. When new cheats are identified, anti-cheat developers require authorization from the game’s producer to get the “new” gameplay event to protect it. This is one of the advantages of server-side anti-cheats, which can be adjusted to new cheats without tampering with the software’s code. In addition, game developers can adjust the level of “HackPoints” based on new inputs from the game (e.g., if there’s a new gun that allows for headshots when spraying bullets). The HackPoint system can be adjusted to the new “normal distribution” levels to flag new unwanted behaviors. These system updates are done on a weekly basis or more frequently as per the needs of the game studio.

How do cheats really work?

  • Cheats exploit what is verified on the server versus what's left to the client, like player speed or certain interactions, which cheaters manipulate to their advantage. Cheats are coded as third-party applications that overlay the game, detecting signals and enabling unfair advantages. The creation involves coding client-side cheats that interact with the game.

Server authority is king

For a game studio, this means that the critical decision of how to handle cheats all starts at server authority. Where do developers want to verify all gameplay events? Is it more feasible and pragmatic to do so on the server or allow for the events to be verified on the client side?

This choice also determines the amount of resources you will need and how you will approach the issue of cheating in general. As more authority is put on the game server, more processing power is needed to process all the events, ultimately leading to a higher spend on resources. More server authority also means possibly reduced performance, through slower tick rates, for example. Usually, this boils down to mixing the event verification, that is, some of the events are verified on the server, while others are verified on the client’s side. The lack of a good mix can become too resource intensive.

Client-side anti-cheats tend to miss things

It’s also impossible to verify every single event, therefore there’s always room for cheaters to put their foot in the door. If the event is not verified by a server, it leaves room for cheats to be utilized. If the game studio is verifying a bunch of gameplay events on the server, there’s not a lot the cheats can do. But it takes just a few unverified events to be tampered with for exploits to be found.

  • Example: In first-person-shooters, you can verify the number of bullets shot from the gun, but if the shooting speed is not verified by the server, cheats can make bullets in your game fly faster.

Developing effective anti-cheat solutions

Compared to client-side solutions, the story is a bit different for server-side anti-cheats. The biggest challenge there is the false positives, ensuring legit (skilled) players aren’t penalized without reason. Lawyers often require 100% proof that the person is cheating, otherwise, there are potential legal issues the title will face after “wrongfully” banning players even though the vast majority of cheating triggers are pointing toward cheating behaviors.

Collecting data is key

That is why the server-side anti-cheat provider must understand which events the studio wants to look at and use as the “cheating variables” to determine whether a player is cheating. Once enough data has been collected by the anti-cheat system, the game studio needs to confirm that this event produced by a player is indeed an outlier in the gameplay events, followed by the choice of outcome (punishment) for the actions of the player — for example, in a racing game, teleport them back to the start if their car’s speed is higher than XYZ km/h. The anti-cheat recommends the appropriate software actions for the gameplay anomalies, but at the end of the day, it’s the game studio that decides the fate of the cheater.

Avoiding false positives

There are a few ways to avoid false positives. Increasing server authority and verifying all possible gameplay events or combining both client-side and server-side anti-cheats to protect your gameplay from all possible angles is the best strategy.

Acting on reports from the gaming community

Player reports are valuable, as it’s the gaming community that’s at the forefront of experiencing unfair gameplay. Reports help in tracking and monitoring suspicious players more effectively. For a server-side anti-cheat, once a player is flagged as a cheater, player reports will just add to the case proving that that player is indeed cheating. For client-side anti-cheats that’s not entirely the case, because they only look for signatures, which means the community can complain as much as they want, but if the client-side anti-cheat cannot pick up the signatures on the player’s machine, there’s so much it can do.

Moving away from arbitrary bans

For the longest time, the most common method to counter has been banning, but there are more advanced and more creative ways to punish cheaters. There are numerous cases of game studios completely killing their player base by banning players left and right without any resolution, because cheaters keep coming back with better cheats and new accounts, and the player base continues to suffer.

More creative measures like teleporting players or tuning down their weapons are preferable because they counter the cheats and maintain player experience while acting on legitimate reports from the most important component of any game — the community. This approach deters cheating without outright banning, keeping the player base intact and reducing negative feedback. On the other hand, it’s much easier said than done, the majority of publishers do not want to change the status quo of cheating — banning. It’s what they have grown up on, and on the surface, it seems like a no-tolerance policy, though it does little to counter the root problem. There are major opportunities here in terms of maintaining your player base intact while keeping the playing field level for everyone. It also allows game studios to avoid any legal issues due to not removing the access of the player to the title.

The FairFight way

FairFight, as one of the leading server-side anti-cheat providers, has discovered that letting people know that the system knows that they are cheating is the best deterrence you can find. It’s like seeing children secretly do something that was not allowed by their parents and then watching them panic when they are found out. Another option is to annoy cheaters into not using cheats —  kick them every time their aimbot is in action, or increase their latency the moment their speed is higher than normal.

Unfortunately, game studios are reluctant to work with tools to irritate the cheaters into playing a fair game and find a long-lasting solution to a perennial problem. It is time to change commonly-accepted perspectives on this issue and work on a new path forward.

Main Take-Aways

This article compares server-side and client-side anti-cheat solutions and highlights the values both bring to prevent cheaters from harming the in-game experience of players. 

Related Links
View all News

Need help from our Customer Support Team?

Get Support

Sales

USA flag round icon

1-800-482-6910

NL flag round icon small

+31 (0)10 890 00 70

Subscribe to our Newsletter and stay up to date with the latest from i3D.net

Subscribe

Features

Solutions

Products

Company

© i3D.net - A Ubisoft company | All rights reserved.

Twitter Linkedin Facebook-f Youtube Instagram