Sign in with
Sign up | Sign in

Valve Says Its Anti-cheat System Doesn't Spy on Users

By - Source: Valve Software | B 30 comments

Gabe Newell defends Valve's anti-cheat system on Reddit.

Valve Software bossman Gabe Newell recently jumped on Reddit to dispel rumors that the company is spying on Steam users through the anti-cheat system (VAC). A Counter-Strike: Global Offensive thread claims that Valve recently changed the way the VAC worked, allowing it to read all domains that the player visits and then send that info back to Valve's servers.

"We don't usually talk about VAC (our counter-hacking hacks), because it creates more opportunities for cheaters to attack the system (through writing code or social engineering)," Newell writes. "This time is going to be an exception."

Newell explains that cheat developers create DRM and anti-cheat code for their kernel-level cheats because they have a hard time getting money from players. These DRM-laced cheats "phone home" to a DRM server that confirms if the player has indeed purchased the cheat. VAC checks for the presence of these cheats.

"If they were detected VAC then checked to see which cheat DRM server was being contacted," Newell writes. "This second check was done by looking for a partial match to those (non-web) cheat DRM servers in the DNS cache. If found, then hashes of the matching DNS entries were sent to the VAC servers. The match was double checked on our servers and then that client was marked for a future ban. Less than a tenth of one percent of clients triggered the second check. 570 cheaters are being banned as a result."

He says that the whole cheat vs trust scenario is much like a cat and mouse game. The specific cheat and anti-cheat solution that brought on the recent spying rumor was effective for 13 days. The VAC's solution is now no longer active because the cheat providers have found a way around it: manipulating the DNS cache on the customers' client machines.

"Kernel-level cheats are expensive to create, and they are expensive to detect. Our goal is to make them more expensive for cheaters and cheat creators than the economic benefits they can reasonably expect to gain," Newell writes.

He says that VAC is "a scary-looking piece of software" because it is trying to be obscure, sneaky, and going after code that is trying to attack it. Thus, one way to get around this scary software and generate revenue is for cheat makers to jump on social sites and create a cloud of distrust. That means Reddit users will likely see more comments about the VAC system.

Newell goes on to state that Valve does not collect a user's browser history, Valve does not care about what porn sites the user visits, and Valve is not using the success of Steam to go evil. "You have to make the call if we are trustworthy. We try really hard to earn and keep your trust," Newell concludes.

Display 30 Comments.
This thread is closed for comments
Top Comments
  • 25 Hide
    back_by_demand , February 18, 2014 4:52 PM
    I don't care who knows about my donkey porn, but I do care if some asshat cheats in CS:S
Other Comments
  • 15 Hide
    spartanmk2 , February 18, 2014 3:52 PM
    Still have respect for this guy not selling out to EA.
  • 9 Hide
    dalethepcman , February 18, 2014 3:57 PM
    "Valve does not collect a user's browser history, Valve does not care about what porn sites the user visits, and Valve is not using the success of Steam to go evil."

    Seriously though, if your cheating in an online game and worried about steam seeing the porn your browsing on the internet or whats in your DNS cache you should probably get out of the garage/attic/basement a bit more.

    Google already knows everything your doing and you don't see the NSA/DHS knocking on your door for downloading midget clown bestiality pron...

    "Who watches the watchmen?" /TinFoilHat.....
  • 25 Hide
    back_by_demand , February 18, 2014 4:52 PM
    I don't care who knows about my donkey porn, but I do care if some asshat cheats in CS:S
  • -7 Hide
    Memnarchon , February 18, 2014 5:04 PM
    "Valve Says Its Anti-cheat System Doesn't Spy on Users" Yeah, NSA agrees with us...
  • 3 Hide
    edogawa , February 18, 2014 5:39 PM
    Quote:
    I don't care who knows about my donkey porn, but I do care if some asshat cheats in CS:S


    That is a delayed system in terms of months.
    Cheaters learn, and adapt, they probably use separate accounts.
    Those games are always dirt cheap, so you can make 5 accounts for the price of 1.
    It does not function good in short or long term.
    Active admins are most effective.
  • 9 Hide
    goodguy713 , February 18, 2014 5:40 PM
    Quote:
    "Valve Says Its Anti-cheat System Doesn't Spy on Users" Yeah, NSA agrees with us...
    If the NSA wanted to spy on you it wouldnt need to do so through valve or a video game. lol
  • 0 Hide
    Memnarchon , February 18, 2014 6:54 PM
    Quote:
    Quote:
    "Valve Says Its Anti-cheat System Doesn't Spy on Users" Yeah, NSA agrees with us...
    If the NSA wanted to spy on you it wouldnt need to do so through valve or a video game. lol

    Oh really?
    NSA Has Secret Agents Planted Inside World of Warcraft
  • -1 Hide
    Maxor127 , February 18, 2014 8:50 PM
    Its anti-cheat system also doesn't stop cheaters because any game I've played that uses VAC has the worst cheating I've seen.
  • 3 Hide
    SpadeM , February 18, 2014 9:19 PM
    Biggest problem with VAC is not the delayed banning or checking for DNS cache entries that shouldn't belong. It's the fact that even for really old spin hacks, autoaims, wall hacks, the system does nothing. It doesn't ban the user automatically for hacks that have already been exposed.I'm all for sneakiness and what not, but when someone goes on a server with a 5 year old hack and blasts away at the opponents then ... 570 banned player out of millions isn't even scratching the surface.
  • 1 Hide
    razor512 , February 18, 2014 11:00 PM
    The issue is that VAC does not work with the community.If they wante d to, they can implement a spam free support system by creating a vac screen recorder, and a report system for users with a paid game. False reports can be further be reduced by adding a warning system and ultimate account ban for false reports.This way, if there is a user who is clearly cheating, it can be recorded, then sent to valve. They can the monitor that user more closely to determine which Cheat is being used, then ban everyone using it.That would e better than their current me this that only focuses on cheats that their staff stumbles on.
  • 3 Hide
    cTs Corvette , February 18, 2014 11:43 PM
    Quote:
    Biggest problem with VAC is not the delayed banning or checking for DNS cache entries that shouldn't belong. It's the fact that even for really old spin hacks, autoaims, wall hacks, the system does nothing. It doesn't ban the user automatically for hacks that have already been exposed.I'm all for sneakiness and what not, but when someone goes on a server with a 5 year old hack and blasts away at the opponents then ... 570 banned player out of millions isn't even scratching the surface.
    I've been a server admin for a very long time, and I actually don't mind those sorts of hacks. By that I mean that they are blatantly obvious, which makes my life easy. Yeah, it's silly that a 5 year old spin hack still works, but I'd much rather that Valve concentrate on the sneaky new stuff than worry about the stuff that anyone who's played for more than a day can easily spot.
  • -9 Hide
    AndrewJacksonZA , February 19, 2014 2:38 AM
    Wait wait wait. So you're telling me that in order not to get banned by this automated tool, a user - a client of yours! - MUST ABSOLUTELY NOT have visited or contacted certain IP addresses on the internet? So in other words, exchange part of your freedom to use your machine that you own how you want to for the privileged of playing our game?

    Yes, granted, the possibility of a client of yours that isn't cheating who visits or contacts those servers is very, very low, but it's the principle that I'm questioning. Slippery slope*? Yep, I think so, especially when I stop and take a look at how rights have been steadily more and more eroded in the United States and elsewhere.

    NOTE: I'm not comparing Valve to the NSA, I'm saying that if Valve continues to use a practice of restricting where their clients can go in order to use their software, what's to stop others from following their lead? Already I can't have e.g. SysInternal's ProcessExplorer running while playing certain games due to DRM, never mind the fact that it's my own machine and I should be able to run whatever I please on it because it's _MY_ machine.

    *https://en.wikipedia.org/wiki/Slippery_slope
  • -8 Hide
    neiroatopelcc , February 19, 2014 3:26 AM
    Since I cheat whereever possible I generally don't play VAC enabled games. But luckily they're few to begin with and mostly limited to fps which isn't my boat anyway. From my point of view, if I purchase a game and want to cheat in it, I don't see why anyone else should be allowed to stop me. It's different for mmo style games ofc, but they're not as susceptible to cheats anyway.In any event, if I find Deus Ex or Sim City being too hard, I want to be allowed to add more money or whatever it is that I need. Once I purchase a license to a game, I purchase the right to play it the way I wish ; at least that's my point of view.
  • 5 Hide
    ddpruitt , February 19, 2014 4:29 AM
    Quote:
    MUST ABSOLUTELY NOT have visited or contacted certain IP addresses on the internet? So in other words, exchange part of your freedom to use your machine that you own how you want to for the privileged of playing our game?
    No that's not what he's saying at all. Before you get on your soap box you should gain some basic comprehension skills. Besides like others said, I don't mind Valve spying on my midget porn if it keeps bans cheater's who ruin games. On a similar note learn to have some fun and play the game without cheats.
  • -1 Hide
    neiroatopelcc , February 19, 2014 4:38 AM
    Quote:
    Quote:
    Besides like others said, I don't mind Valve spying on my midget porn if it keeps bans cheater's who ruin games. On a similar note learn to have some fun and play the game without cheats.
    Quote:


    That is exceptionally narrowminded. Because you enjoy playing a game in a certain way, you assume that is the only way to play the game and have fun? I obviously do not agree with that assessment. Some people enjoy restoring cars, some enjoy racing them, some love modifying them and others enjoy just looking at them. All of those are legit reasons to be involved with cars.
    The same should apply to electronic entertainment, and in this specific case gaming.

    Besides, you imply that cheating ruins a game. Again this is incredibly narrowminded and suits only the simplest of minds. It CAN ruin a game, but it could also improve it. Cheating in Gnomoria makes the game more fun for example. Modding Flatout 2, and thus cheating, makes the game even better in multiplayer than it already was.
  • 1 Hide
    onebrokendownhorse , February 19, 2014 5:44 AM
    Cheating online is a plague to non cheaters and to find yourself being owned by cheater is enraging good for Value for what they are doing. I will trust the company until proven otherwise and thank you Valve for posting.
  • 0 Hide
    AndrewJacksonZA , February 19, 2014 6:49 AM
    Quote:
    No that's not what he's saying at all. Before you get on your soap box you should gain some basic comprehension skills. Besides like others said, I don't mind Valve spying on my midget porn if it keeps bans cheater's who ruin games. On a similar note learn to have some fun and play the game without cheats.

    Thanks for your input ddpruitt. This is the part that I'm referring to:
    Quote:
    check was done by looking for a partial match to those (non-web) cheat DRM servers in the DNS cache.


    I'll say it again: "Yes, granted, the possibility of a client of yours that isn't cheating who visits or contacts those servers is very, very low, but it's the principle that I'm questioning." If the VAC detects whatever it thinks is dodgy code, and then check the DNS cache and finds entries matching cheat servers, then I would imagine that the probability that the person is cheating is near 100%. Great. Nail the cheaters. They spoil it for everyone else.

    Don't get me wrong, I'm not against not finding the people who ruin experiences for everyone else. It's the principle of forcing on your clients the restriction of what they can and can't do on the hardware /that they own and probably built themselves/ just so that they can run the software that they paid for that I'm questioning. Unless they change their purchase contract to "pay us x amount of money, don't run y programs and don't contact z servers and then we'll let you play our game" I think that's pretty dodgy.

    Do we need ways of preventing people from ruining the online experiences of others? Yes.
    Should we do that by taking away the freedom of use that people have over their own hardware? That's debatable, but in my opinion, no.

    And for the record, I create non-free, propriety non-open source software as a job.
  • -1 Hide
    AndrewJacksonZA , February 19, 2014 6:53 AM
    .
  • 0 Hide
    joshuajtf@1375677444 , February 19, 2014 7:05 AM
    Quote:
    Wait wait wait. So you're telling me that in order not to get banned by this automated tool, a user - a client of yours! - MUST ABSOLUTELY NOT have visited or contacted certain IP addresses on the internet?
    Quote:
    There is a large difference between a website and a domain/IP address. The addresses they choose are not consumer web sites, but basically web facing bot net servers. It's somebody's personal website that serves as a control/reporting point for their illicit software.This is not about where you can and can not go at all.
    Quote:
    That is exceptionally narrowminded. Because you enjoy playing a game in a certain way, you assume that is the only way to play the game and have fun? I obviously do not agree with that assessment. Some people enjoy restoring cars, some enjoy racing them, some love modifying them and others enjoy just looking at them. All of those are legit reasons to be involved with cars. The same should apply to electronic entertainment, and in this specific case gaming. Besides, you imply that cheating ruins a game. Again this is incredibly narrowminded and suits only the simplest of minds. It CAN ruin a game, but it could also improve it. Cheating in Gnomoria makes the game more fun for example. Modding Flatout 2, and thus cheating, makes the game even better in multiplayer than it already was.
    1) Steam and VAC are not anti modding in the slightest, in fact in 2012/13 they released an entire platform for modding and custom content for steam games and have become a HUGE force for increasing mod participation.... clearly cheating is not modding.2)VAC is not purely anti-cheating, it's a multiplayer / server protection tool. VAC does not run every time you start up steam but instead when you join a VAC protected server. The purpose being to provide some kind of attempted standard to make standard multi player servers available and enjoyable for everybody.Hell, even then, if you want to cheat online you can start your own server and un-check the VAC box and allow cheating. So far you are 0/0 on talking points. Clearly you have no idea of anything you are talking about. I appreciate you taking the time out of your day to call us all narrow-minded simpletons, your highness. Your judgement is much appreciated.
  • -1 Hide
    bloodroses75 , February 19, 2014 7:15 AM
    Honestly, I don't care what Valve does, as long as it does indeed stop the cheaters/hackers. You wouldn't believe how many games I've quit due to hackers. Plus their policy is a lot better than Aeria games who just mass bans everyone in a room if even 1 person hacks. Me and a friend of mine took a screen shot of someone hacking in Wolfteam and sent it to Aeria to handle it. They ended up banning everyone in the room, including us. Valve is definitely not as bad as that.
Display more comments