To ban or not to ban: Comparing server- and client-side anti-cheat solutions

anti-cheat FairFight i3d
14 March 2024

This article looks at the critical question of how to handle cheating in games. It analyzes the two types of anti-cheat solutions and their various approaches not countering the problem.

Table of Contents

The difference between client-side and server-side anti-cheats

There are two types of anti-cheat solutions: client-side and server-side. They differ inherently in how they detect and act upon unfair play.

Client-side anti-cheat solutions

Client-side anti-cheat digs into RAM and looks for things that have been installed. Because anything that the client has access to can be manipulated, even if it’s encrypted, this is a time-consuming process. What the cheat developers do is that they, in the beginning, will pay a lot of attention to your game. By reverse-engineering the game and breaking down its code, they can find the game’s signatures or the specific parts of the code that can be exploited. The anti-cheat software looks for the cheat signatures on the client’s machine and bans them if they are found.

Server-side anti-cheats

Server-side anti-cheats work by using real-time in-game player information for statistical analyses. They do not scan the player’s files, or require any software installed on the client’s side. They collect player data based on actions in the game. Based on the normal distribution of kills, deaths or whatever parameter is chosen, server-side anti-cheats create alerts and execute pre-set actions when a player’s in-game performance is significantly better than the determined average player performance or their own past performance with little to no false positives. The only downside of a server-side anti-cheat is the time needed initially to gather enough player data to determine the normal distribution of player performance.

How do cheat developers work around anti-cheat solutions?

To work around client-side anti-cheats, cheat developers pay attention to banning reports. Once they notice that players with a specific cheat signature are getting banned, they will turn the cheat off, rewrite it within a day or two to make it undetectable and the cheat continues to live on. It is essentially a game of cat and mouse, where cheat developers are always in the lead and anti-cheat providers are always looking for updates in the cheat market, updating their databases when new cheats are identified. This reactionary approach is naturally not ideal. A more proactive strategy such as deploying server-side anti-cheat solutions can take game developers ahead of the curve and counter cheating at the source.

Server-side solutions make cheating harder

It is significantly more difficult to work around server-side anti-cheats, as it does not rely on “finding” the cheats on the player’s computer but rather looks for anomalies in gameplay. When new cheats are identified, anti-cheat developers require authorization from the game’s producer to get the “new” gameplay event to protect it. This is one of the advantages of server-side anti-cheats, which can be adjusted to new cheats without tampering with the software’s code. In addition, game developers can adjust the level of “HackPoints” based on new inputs from the game (e.g., if there’s a new gun that allows for headshots when spraying bullets). The HackPoint system can be adjusted to the new “normal distribution” levels to flag new unwanted behaviors. These system updates are done on a weekly basis or more frequently as per the needs of the game studio.

How do cheats really work?

Server authority is king

For a game studio, this means that the critical decision of how to handle cheats all starts at server authority. Where do developers want to verify all gameplay events? Is it more feasible and pragmatic to do so on the server or allow for the events to be verified on the client side?

This choice also determines the amount of resources you will need and how you will approach the issue of cheating in general. As more authority is put on the game server, more processing power is needed to process all the events, ultimately leading to a higher spend on resources. More server authority also means possibly reduced performance, through slower tick rates, for example. Usually, this boils down to mixing the event verification, that is, some of the events are verified on the server, while others are verified on the client’s side. The lack of a good mix can become too resource intensive.

Client-side anti-cheats tend to miss things

It’s also impossible to verify every single event, therefore there’s always room for cheaters to put their foot in the door. If the event is not verified by a server, it leaves room for cheats to be utilized. If the game studio is verifying a bunch of gameplay events on the server, there’s not a lot the cheats can do. But it takes just a few unverified events to be tampered with for exploits to be found.

Developing effective anti-cheat solutions

Compared to client-side solutions, the story is a bit different for server-side anti-cheats. The biggest challenge there is the false positives, ensuring legit (skilled) players aren’t penalized without reason. Lawyers often require 100% proof that the person is cheating, otherwise, there are potential legal issues the title will face after “wrongfully” banning players even though the vast majority of cheating triggers are pointing toward cheating behaviors.

Collecting data is key

That is why the server-side anti-cheat provider must understand which events the studio wants to look at and use as the “cheating variables” to determine whether a player is cheating. Once enough data has been collected by the anti-cheat system, the game studio needs to confirm that this event produced by a player is indeed an outlier in the gameplay events, followed by the choice of outcome (punishment) for the actions of the player — for example, in a racing game, teleport them back to the start if their car’s speed is higher than XYZ km/h. The anti-cheat recommends the appropriate software actions for the gameplay anomalies, but at the end of the day, it’s the game studio that decides the fate of the cheater.

Avoiding false positives

There are a few ways to avoid false positives. Increasing server authority and verifying all possible gameplay events or combining both client-side and server-side anti-cheats to protect your gameplay from all possible angles is the best strategy.

Acting on reports from the gaming community

Player reports are valuable, as it’s the gaming community that’s at the forefront of experiencing unfair gameplay. Reports help in tracking and monitoring suspicious players more effectively. For a server-side anti-cheat, once a player is flagged as a cheater, player reports will just add to the case proving that that player is indeed cheating. For client-side anti-cheats that’s not entirely the case, because they only look for signatures, which means the community can complain as much as they want, but if the client-side anti-cheat cannot pick up the signatures on the player’s machine, there’s so much it can do.

Moving away from arbitrary bans

For the longest time, the most common method to counter has been banning, but there are more advanced and more creative ways to punish cheaters. There are numerous cases of game studios completely killing their player base by banning players left and right without any resolution, because cheaters keep coming back with better cheats and new accounts, and the player base continues to suffer.

More creative measures like teleporting players or tuning down their weapons are preferable because they counter the cheats and maintain player experience while acting on legitimate reports from the most important component of any game — the community. This approach deters cheating without outright banning, keeping the player base intact and reducing negative feedback. On the other hand, it’s much easier said than done, the majority of publishers do not want to change the status quo of cheating — banning. It’s what they have grown up on, and on the surface, it seems like a no-tolerance policy, though it does little to counter the root problem. There are major opportunities here in terms of maintaining your player base intact while keeping the playing field level for everyone. It also allows game studios to avoid any legal issues due to not removing the access of the player to the title.

The FairFight way

FairFight, as one of the leading server-side anti-cheat providers, has discovered that letting people know that the system knows that they are cheating is the best deterrence you can find. It’s like seeing children secretly do something that was not allowed by their parents and then watching them panic when they are found out. Another option is to annoy cheaters into not using cheats —  kick them every time their aimbot is in action, or increase their latency the moment their speed is higher than normal.

Unfortunately, game studios are reluctant to work with tools to irritate the cheaters into playing a fair game and find a long-lasting solution to a perennial problem. It is time to change commonly-accepted perspectives on this issue and work on a new path forward.

Main Take-Aways

This article compares server-side and client-side anti-cheat solutions and highlights the values both bring to prevent cheaters from harming the in-game experience of players. 

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.