EmilioEstevezPapaSmurf323are you dense?
you need to have proprietary software to have a good anticheat
Hiding what you're doing is one of the worst ways to write secure software. You are just hoping your software is secure/doing what you intend because people don't know how it does it, rather than it actually being well written.
http://en.wikipedia.org/wiki/Security_through_obscurity
There's an entire wikipedia page on it, but you tried.
[quote=EmilioEstevez][quote=PapaSmurf323]are you dense?
you need to have proprietary software to have a good anticheat[/quote]
Hiding what you're doing is one of the worst ways to write secure software. You are just hoping your software is secure/doing what you intend because people don't know how it does it, rather than it actually being well written.[/quote]
http://en.wikipedia.org/wiki/Security_through_obscurity
There's an entire wikipedia page on it, but you tried.
DrIcePhDEmilioEstevezPapaSmurf323are you dense?
you need to have proprietary software to have a good anticheat
Hiding what you're doing is one of the worst ways to write secure software. You are just hoping your software is secure/doing what you intend because people don't know how it does it, rather than it actually being well written.
http://en.wikipedia.org/wiki/Security_through_obscurity
There's an entire wikipedia page on it, but you tried.
Did you read the article? It supports his statement.
The United States National Institute of Standards and Technology (NIST) specifically recommends against security through obscurity in more than one document. Quoting from one, "System security should not depend on the secrecy of the implementation or its components."
[quote=DrIcePhD][quote=EmilioEstevez][quote=PapaSmurf323]are you dense?
you need to have proprietary software to have a good anticheat[/quote]
Hiding what you're doing is one of the worst ways to write secure software. You are just hoping your software is secure/doing what you intend because people don't know how it does it, rather than it actually being well written.[/quote]
http://en.wikipedia.org/wiki/Security_through_obscurity
There's an entire wikipedia page on it, but you tried.[/quote]
Did you read the article? It supports his statement.
[quote]The United States National Institute of Standards and Technology (NIST) specifically recommends against security through obscurity in more than one document. Quoting from one, "System security should not depend on the secrecy of the implementation or its components."[/quote]
Security through obscurity doesn't really apply to anti-cheat clients the way you're talking about. That's more something that comes into play when dealing with user security(storing passwords, managing permissions and things). To some extent any anti-cheat client has to be obscured in some way because seeing exactly what the client is doing makes it much more easy to circumvent whatever controls it has in place.
The main issue is that any client-side anti-cheating device is fundamentally flawed; it can't provide a guarantee of non-cheating, it can only help. As long as people maintain control over their own pcs they will always be able to circumvent anti-cheating tools (in theory if not in practice purely because the methods the anti-cheat client uses are not obvious).
Security through obscurity doesn't really apply to anti-cheat clients the way you're talking about. That's more something that comes into play when dealing with user security(storing passwords, managing permissions and things). To some extent any anti-cheat client has to be obscured in some way because seeing exactly what the client is doing makes it much more easy to circumvent whatever controls it has in place.
The main issue is that any client-side anti-cheating device is fundamentally flawed; it can't provide a guarantee of non-cheating, it can only help. As long as people maintain control over their own pcs they will always be able to circumvent anti-cheating tools (in theory if not in practice purely because the methods the anti-cheat client uses are not obvious).
If you know exactly what it does you have a much easier time avoiding it, security through obscurity would still apply. I'm not assuming that this is the only security feature, security is layered and this should typically be one of them.
That statement supports it, it says not to depend upon it. You're supposed to use it to supplement other security features.
But this isn't really the point of this thread so I'll be quiet now :P
If you know exactly what it does you have a much easier time avoiding it, security through obscurity would still apply. I'm not assuming that this is the only security feature, security is layered and this should typically be one of them.
That statement supports it, it says not to depend upon it. You're supposed to use it to supplement other security features.
But this isn't really the point of this thread so I'll be quiet now :P
mansfield7To some extent any anti-cheat client has to be obscured in some way because seeing exactly what the client is doing makes it much more easy to circumvent whatever controls it has in place.
Surely if it is trivial to circumvent their anti-cheating measures then they are not fit for purpose?
[quote=mansfield7]To some extent any anti-cheat client has to be obscured in some way because seeing exactly what the client is doing makes it much more easy to circumvent whatever controls it has in place.[/quote]
Surely if it is trivial to circumvent their anti-cheating measures then they are not fit for purpose?
EmilioEstevezmansfield7To some extent any anti-cheat client has to be obscured in some way because seeing exactly what the client is doing makes it much more easy to circumvent whatever controls it has in place.
Surely if it is trivial to circumvent their anti-cheating measures then they are not fit for purpose?
That's a little bit of a misunderstanding of the problem. Anti cheat software is like welding the door of a car shut. Your average person just won't use the door, but someone with a welder will just open it up.
As long as people own their own computers they'll always be able to edit the memory manually to change the appearance or behavior of a game on the client side. The only (relatively) foolproof anti-cheating controls have to run on the server, but that only helps with certain kinds of cheating.
Also, it's not necessarily trivial to circumvent anti-cheating software. It's just possible.
[quote=EmilioEstevez][quote=mansfield7]To some extent any anti-cheat client has to be obscured in some way because seeing exactly what the client is doing makes it much more easy to circumvent whatever controls it has in place.[/quote]
Surely if it is trivial to circumvent their anti-cheating measures then they are not fit for purpose?[/quote]
That's a little bit of a misunderstanding of the problem. Anti cheat software is like welding the door of a car shut. Your average person just won't use the door, but someone with a welder will just open it up.
As long as people own their own computers they'll always be able to edit the memory manually to change the appearance or behavior of a game on the client side. The only (relatively) foolproof anti-cheating controls have to run on the server, but that only helps with certain kinds of cheating.
Also, it's not necessarily [b]trivial[/b] to circumvent anti-cheating software. It's just [b]possible[/b].
[img]http://i.imgur.com/nl5dA1H.jpg[/img]
I just sent this email to Torbull:
Hello Craig,
You may not remember me. I attended ESEA LAN in S8 as on-site coverage for the ill-conceived MyGamingEdge.com. In addition, I produced the TF2 stream on ESEA_Orange for multiple LAN finals. I have also been a player since Season 3.
I've been reserving judgement on the bitcoin incident until the courts made a verdict. Now that I've read the court documents and seen how lpkane has handled the situation, I can no longer in good conscience participate in ESEA. I hold you in very high regard, Craig, but I have no respect or trust for lpkane.
I realize that some of the current controversy surrounding the client is due to people not understanding the kinds of things that an anticheat client has to do to be an effective tool, but that's not my issue. Lpkane's dismissive and abrasive attitude towards his customers it not something that makes me want to continue supporting him. It feels like he views the TF2 community as nothing more than a frustratingly small revenue stream that he couldn't care less if he lost. He seems detached from the community, and appears to have no interest in gaming outside of the business aspect of it.
I want to like and support ESEA. I think it can offer more to us than any other organization right now. However, it's simply not worth putting up with lpkane. My team will be fully abandoning ESEA in favor of CEVO next season, and we are convincing other teams to do the same.
I realize that lpkane is co-owner of ESEA, and that him being 'fired' or stepping down is highly unlikely. This is especially true considering how small of a portion TF2 is to your overall revenue stream. The only thing I can say is that if you reach out to us in the right way, we will put everything we have behind you. I've spent the last 6 years learning how to program, edit videos, do commentary, and produce livestreams just because I love this game. I'm passionate about it and want to see it grow, and there are more people like me in TF2.
I hope that one day we can work together again. For now though, I'm going to try my luck elsewhere.
Alex "Lange" Van Camp
I just sent this email to Torbull:
[quote]Hello Craig,
You may not remember me. I attended ESEA LAN in S8 as on-site coverage for the ill-conceived MyGamingEdge.com. In addition, I produced the TF2 stream on ESEA_Orange for multiple LAN finals. I have also been a player since Season 3.
I've been reserving judgement on the bitcoin incident until the courts made a verdict. Now that I've read the court documents and seen how lpkane has handled the situation, I can no longer in good conscience participate in ESEA. I hold you in very high regard, Craig, but I have no respect or trust for lpkane.
I realize that some of the current controversy surrounding the client is due to people not understanding the kinds of things that an anticheat client has to do to be an effective tool, but that's not my issue. Lpkane's dismissive and abrasive attitude towards his customers it not something that makes me want to continue supporting him. It feels like he views the TF2 community as nothing more than a frustratingly small revenue stream that he couldn't care less if he lost. He seems detached from the community, and appears to have no interest in gaming outside of the business aspect of it.
I want to like and support ESEA. I think it can offer more to us than any other organization right now. However, it's simply not worth putting up with lpkane. My team will be fully abandoning ESEA in favor of CEVO next season, and we are convincing other teams to do the same.
I realize that lpkane is co-owner of ESEA, and that him being 'fired' or stepping down is highly unlikely. This is especially true considering how small of a portion TF2 is to your overall revenue stream. The only thing I can say is that if you reach out to us in the right way, we will put everything we have behind you. I've spent the last 6 years learning how to program, edit videos, do commentary, and produce livestreams just because I love this game. I'm passionate about it and want to see it grow, and there are more people like me in TF2.
I hope that one day we can work together again. For now though, I'm going to try my luck elsewhere.
Alex "Lange" Van Camp[/quote]
Very well written Lange. It was to the point and had a sincerity to it. I agree and I am impressed by this direct move. *respect*
Very well written Lange. It was to the point and had a sincerity to it. I agree and I am impressed by this direct move. *respect*
great email Lange. I'm interested if Torbull will say anything in response but I kind of doubt it.
great email Lange. I'm interested if Torbull will say anything in response but I kind of doubt it.