Valve Anti-Cheat

From Infogalactic: the planetary knowledge core
Jump to: navigation, search
Valve Anti-Cheat
File:Vac.jpg
Developer(s) Valve Corporation
Initial release 2002
Development status Active
Operating system Windows, OS X, Linux
Platform Windows, Linux
Type Anti-cheat software
License Proprietary
Website {{#property:P856}}

Valve Anti-Cheat, abbreviated as VAC, is an anti-cheat software developed by Valve Corporation as a component of the Steam platform, first released with Counter-Strike in 2002. During one week of November 2006, the system detected over 10,000 cheating attempts.[1] As of July 2014, it is estimated that over 2.2 million Steam accounts have been banned by the system.[2][3]

When the software detects a cheat on a player's system, it will ban them in the future, possibly days or weeks after the original detection.[4] It may kick players from the game if it detects errors in their system's memory or hardware. No information such as date of detection or type of cheat detected is disclosed to the player. After the player is notified, access to online "VAC protected" servers of the game the player cheated in is permanently revoked and additional restrictions are applied to the player's Steam account.

History

In 2001, Even Balance Inc, the developers of the anti-cheat software PunkBuster designed for Counter-Strike and Half-Life mod stopped supporting the games as they had no support from Valve. Valve had also rejected business offers of integrating the technology directly into their games.[5][6]

Valve started working on a 'long-term solution' for cheating in 2001.[7] VAC was first released with Counter-Strike in 2002, during its initial release, it only banned players for 24 hours.[8] The duration of the ban was increased over time, players were banned for 1 year and 5 years, until 2005 with the release of VAC2, any new bans became permanent.[9] VAC2 was announced in February 2005,[10] and began beta testing the following month.[11] On November 17, 2006 they announced that "new [VAC] technology" had caught "over 10,000" cheating attempts in the preceding week alone.[1]

During the early testing phase in 2002, some information was revealed about the program via the Half-Life Dedicated Server mailing lists. It can detect versions of "OGC's OpenGl Hack", OpenGL cheats, and also detects CD key changers as cheats. Information on detected cheaters is sent to the ban list server on IP address 205.158.143.67 on port 27013,[12] which was later changed to 27011.[13] There is also a 'master ban list' server.[14] RAM/hardware errors detected by VAC may kick the player from the server, but not ban them.[15][16]

Eric Smith and Nick Shaffner[17] were the original contacts for game administrators. In February 2010, the VAC Team consisted of Steam's lead engineer John Cook and his team of 16 engineers.

In July 2010, several players who successfully used information leaked from Valve to increase their chances of finding a rare Team Fortress 2 weapon/tool called the Golden Wrench found themselves banned by VAC.[18][19]

As of July 2014, unofficial sources estimate that over 2.1 million Steam accounts have been banned by VAC.[2][3]

In February 2014, rumors spread that the system was monitoring websites users had visited by accessing their DNS cache. Gabe Newell responded via Reddit, clarifying that the purpose of the check was to act as a secondary counter-measure to detect kernel level cheats, and that it affected one tenth of one percent of clients checked which resulted in 570 bans.[20][21][22]

Design

Valve rarely discusses the software, as it may help cheaters write new code or conduct social engineering.[20]

The software sends client challenges to the machine, if the appropriate response is not received, it is flagged as a possible violation. It uses heuristics to detect possible cheats when scanning the computer's memory and processes, an incident report is created whenever an anomaly is detected, it is then compared to a database of banned applications and/or analyzed by Valve's engineers. The engineers may inspect the code and run it on their own copies of the game. If the code is confirmed as a new cheat, it is added to the database of cheat codes.[23][24]

According to Steam's lead engineer John Cook, to stop the anti-cheat software itself from being exploited, "The software is constantly updated and sent down in small portions for the servers as needed, so hackers only get to see small portions of it running at any particular time. So while they may be able to work around pieces of it, they can never hack everything."[24]

Valve also accepts submissions of cheat programs and cheat websites from players through the official Steam Forums. Players may also report players they suspect of cheating through their Steam Community profile, although players are not banned from these reports alone.[25]

If a cheat is found, the player's Steam account will be flagged as cheating immediately, but the player will not receive any indication of the detection. It is only after a delay of "days or even weeks"[4] that the account is permanently banned from "VAC Secure" servers[25] for that game, possibly along with other games that use the same engine. (e.g. Valve's Source games, GoldSrc games, Unreal engine games). Valve never discloses which cheat was detected. Players have criticised the system for taking weeks to months to ban cheaters.[26]

Large numbers of flagged accounts may also be banned in "waves".[27][28]

Additional restrictions

Players that are banned face additional restrictions. Steam Family Sharing allows users to share their video game library with another Steam user to download and play, but games that the player is VAC banned from cannot be shared. If a user shares their games with another user, then cheats or fraud are detected on the recipients account, the original owner of the games being shared may be VAC banned and the sharing function revoked.[29][30] Banned users can also not contribute to the Steam Translation Server project, that allows users to contribute new translations of Steam and its games.[31] Users banned from a game are not allowed to refund it.[32]

Over 300 games support VAC, players that are banned from the following games face additional restrictions:[33]

<templatestyles src="Div col/styles.css"/>

Mods based on the games above may inherit VAC support from the host game.

dagger Denotes GoldSrc games, if a player is banned in one of these games they are banned from all of them.[25]
double-dagger Denotes Source engine games, if a player is banned in one of these games they are banned from all of them.[25]
Hash-tag Denotes games that have a stricter policy of having all servers VAC protected, and additionally bans players for editing of any game files except config files.[25]
Section-sign Denotes games that face digital goods restrictions if the player is VAC banned.[34]

Social impact

The users Steam profile is also marked with "ban(s) on record", which is publicly visible and cannot be hidden. An analysis of 43,465 users that had been banned between April 2011 and October 2011 showed that the more VAC banned players a user is friends with, the more likely they will also be VAC banned themselves in the future. After they were banned, they lost more friends, were more likely to increase their privacy settings and also had more VAC banned friends than non-banned players.[35] Banned players are also sometimes referred to as going on "VACation".[28][36]

Banned players are also excluded from competing in most electronic sports tournaments. In 2014, professional player Joel "Emilio" Mako was banned during a live stream,[37] he initially denied using a cheat, claiming it was caused by "a friend of his played on one of his smurf accounts which mail is linked to his main account"[38] Then in 2015, he admitted to using a cheat.[39] Hovik "KQLY" Tovmassian, Simon "smn" Beck and Gordon "SF" Giry were banned shortly before they were scheduled to play at DreamHack Winter 2014.[36][40] The ESEA League claimed the bans were a result of working with Valve directly.[41] Hovik "KQLY" Tovmassian admitted to using cheats.[42]

False-positive detections

There have been allegations that VAC has banned users for false positives.

  • There are seven recorded instances of incorrect detections, which were fixed and rescinded:
    1. VAC1: On its initial release, VAC would issue bans for faulty memory. Valve quickly updated VAC to only kick for faulty memory.[43]
    2. VAC1: Running a VAC-protected game through the Cedega software compatibility layer for Linux.[44]
    3. VAC1: An apparent server-side glitch on April 1, 2004.[45]
    4. VAC2: Over two weeks in July 2010, approximately 12,000 owners of Call of Duty: Modern Warfare 2 were banned when Steam updated a DLL file on-disk after it had been loaded into memory by the game. Those affected received a free copy of Left 4 Dead 2 or an extra copy to send as a gift.[46][47][48]
    5. VAC2: In January 2011, owners of Call of Duty: Modern Warfare 2 or Call of Duty: Black Ops were banned due to their computers being infected by the trojan Win32/Spyeye.H.[49]
    6. VAC2: In June 2011, an unknown false positive detection caused a handful of Team Fortress 2 owners to become banned.[50]
    7. VAC2: In February 2014, a number of Counter-Strike: Global Offensive players were falsely banned, the bans were eventually reversed.[51]
  • There are four recorded instances of game plugins that are not considered cheats triggering bans or kicks. These are:
    1. VAC1: HLamp, which allowed the user to control Winamp from the game's interface.[52]
    2. VAC2: The X-Spectate tool, which allowed server administrators to enable a translucent wallhack effect while spectating to help decide if another player was doing the same. Later downgraded to a kick from the server, but bans not rescinded.[53]
    3. VAC2: Some Half-Life modifications, such as Paranoia[54] and Half-Life FX which made changes to the engine's renderer that propagated to multiplayer games. This triggers a kick.
    4. VAC1 and VAC2: sXe Injected, an anti-cheat system for Counter-Strike.

See also

References

  1. 1.0 1.1 Lua error in package.lua at line 80: module 'strict' not found.
  2. 2.0 2.1 Lua error in package.lua at line 80: module 'strict' not found.
  3. 3.0 3.1 Lua error in package.lua at line 80: module 'strict' not found.
  4. 4.0 4.1 Lua error in package.lua at line 80: module 'strict' not found.
  5. Lua error in package.lua at line 80: module 'strict' not found.
  6. Lua error in package.lua at line 80: module 'strict' not found.
  7. Lua error in package.lua at line 80: module 'strict' not found.
  8. Lua error in package.lua at line 80: module 'strict' not found.
  9. Lua error in package.lua at line 80: module 'strict' not found.
  10. Lua error in package.lua at line 80: module 'strict' not found.
  11. Lua error in package.lua at line 80: module 'strict' not found.
  12. Lua error in package.lua at line 80: module 'strict' not found.
  13. Lua error in package.lua at line 80: module 'strict' not found.
  14. Lua error in package.lua at line 80: module 'strict' not found.
  15. Lua error in package.lua at line 80: module 'strict' not found.
  16. Lua error in package.lua at line 80: module 'strict' not found.
  17. Lua error in package.lua at line 80: module 'strict' not found.
  18. Lua error in package.lua at line 80: module 'strict' not found.
  19. Lua error in package.lua at line 80: module 'strict' not found.
  20. 20.0 20.1 Lua error in package.lua at line 80: module 'strict' not found.
  21. Lua error in package.lua at line 80: module 'strict' not found.
  22. Lua error in package.lua at line 80: module 'strict' not found.
  23. Autonomic and Trusted Computing: 4th International Conference, ATC 2007, Hong Kong, China, July 11–13, 2007. p125
  24. 24.0 24.1 Lua error in package.lua at line 80: module 'strict' not found.
  25. 25.0 25.1 25.2 25.3 25.4 Lua error in package.lua at line 80: module 'strict' not found.
  26. Lua error in package.lua at line 80: module 'strict' not found.
  27. Lua error in package.lua at line 80: module 'strict' not found.
  28. 28.0 28.1 Lua error in package.lua at line 80: module 'strict' not found.
  29. Lua error in package.lua at line 80: module 'strict' not found.
  30. Lua error in package.lua at line 80: module 'strict' not found.
  31. Lua error in package.lua at line 80: module 'strict' not found.
  32. Lua error in package.lua at line 80: module 'strict' not found.
  33. Lua error in package.lua at line 80: module 'strict' not found.
  34. Lua error in package.lua at line 80: module 'strict' not found.
  35. Lua error in package.lua at line 80: module 'strict' not found.
  36. 36.0 36.1 Lua error in package.lua at line 80: module 'strict' not found.
  37. Lua error in package.lua at line 80: module 'strict' not found.
  38. Lua error in package.lua at line 80: module 'strict' not found.
  39. http://esport.aftonbladet.se/csgo/emilio-admits-cheating-wants-to-compete-again/
  40. Lua error in package.lua at line 80: module 'strict' not found.
  41. Lua error in package.lua at line 80: module 'strict' not found.
  42. http://www.pcgamer.com/csgo-competitive-scene-embroiled-in-hacking-scandal-as-three-players-are-banned/
  43. Lua error in package.lua at line 80: module 'strict' not found.
  44. Lua error in package.lua at line 80: module 'strict' not found.
  45. Lua error in package.lua at line 80: module 'strict' not found.
  46. Lua error in package.lua at line 80: module 'strict' not found.
  47. Lua error in package.lua at line 80: module 'strict' not found.
  48. Lua error in package.lua at line 80: module 'strict' not found.
  49. Lua error in package.lua at line 80: module 'strict' not found.
  50. Lua error in package.lua at line 80: module 'strict' not found.
  51. Lua error in package.lua at line 80: module 'strict' not found.
  52. Lua error in package.lua at line 80: module 'strict' not found.
  53. Lua error in package.lua at line 80: module 'strict' not found.
  54. Lua error in package.lua at line 80: module 'strict' not found.

External links