Apparantly BattleEye anti-cheat had an exploit where hackers could permanently ban any player they wanted. BattleEye allowed anybody to log in as a "game server" so hackers simply booted up a fake server, told BattleEye that "player X has logged in and is doing a bunch of suspicious stuff" and then player X's account was no more...
That's scary. I have an old Steam account with tons of games and already got banned once due to a bug in anti-cheat software and for a while my whole account was marked with a cheater tag.
The bug was so widespread that developers eventually removed bans but I'm sure something similar could happen where problem goes undetected and it would be really hard to try to convince developers to lift a ban.
It's crazy that people allow this stuff to effectively run as root. One of these companies is going to have a vulnerability that lets other players run code on your machine in kernel mode.
It's kind of amusing to me how some PC gamers act superior to console gamers because PC gamers run their games on a flexible, customizable, general-purpose machine that the user controls rather than an appliance... and then immediately hand over control to half a dozen companies at a level that reduces "their" PC to a vendor-owned appliance anyway.
If you are a PC gamer and run anti-cheat software like this, you should probably think of your gaming PC as a much more powerful and much jankier console, and avoid running or storing anything on it other than your games.
You just dual boot. Windows is a joke itself even without the anticheat shenanigans so I use it like a toy. Any real work gets done in Luks encrypted Linux inaccessible to the Chinese company with a rootkit in my windows. Hopefully.
What makes you think the PC gamers who do the PC master race things are the same people as the ones playing games with invasive anticheat? Just because they both game on PCs? Your assumption tells more about yourself than those mythical “PC gamers”, whoever they are.
Maybe you skipped over the word "some" in your reading of my comment, or there's other ambiguity in the scope of a subordinate clause that you interpreted uncharitably, but I don't actually assert (or assume) that all or only PCMR types run games that require such rootkits.
A lot of people do! That's what makes it mainstream.
Even though it's not been part of my life for a long time, I would still prefer a world where people can participate in trendy multiplayer games without subjecting themselves to such corporate malware.
But I agree, many games are better and lack this, and a lot of games that rely on nasty anti-cheat software succeed more based on network effects than on intrinsic excellence.
If you game for games' sakes, it's not too painful to avoid games so encumbered, or to cut these from your gaming diet. If you game as a ritual to stay in touch with distant friends, you will probably experience more pressure towards the rootkit-encumbered slop.
Happens about as often as games ship UI middleware that uses html and has xss, leading to an rce when the game leaves itself running as admin after an update. So basically all the time.
Anyone who's attachment to gaming is low enough to let things like this effect their purchase decisions are already out. To the devs/pubs, those customers don't even exist in the category of potential customers. So they just worry about not pissing off the existing customerbase by changing the status quo too much or too fast.
This BattleEye exploit demonstrates a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted without proper authentication or verification.
It means you trust something with lower trustworthiness without (re)validating, or even trusting it at all if the validation isn't all but guaranteed. The boundary is when you switch between levels of trust.
Trusting something outside of your control is a good example. When your trusted game server trusts the untrusted game client when it says "trust me, it was a headshot" without validating this.
No, very few of them actually use kernel level anti cheat. Really the only game that use them is Riot's games and Counter Strike private league FACEIT (as far as I remember).
Both EAC and BattleEye are also kernel level anticheats nowadays. Only if you're running them under Linux do they run in userspace only. Other than that it's pretty much only VAC, Overwatch's anticheat and maybe some other obscure ones that run in userspace.
Forgive my ignorance, but why don’t game developers put more effort into limiting the amount of data accessible to the client (restricting it only to what’s reasonably necessary)? For example, couldn’t more movement physics be validated or handled server side? Cheats might still be able to read some data from the game process, but ideally, they’d be limited to issuing inputs like any other player, based only on the same visible output everyone sees. Is it cost? Does this model just not align with how the client/server split looks in games?
That's exactly what's being done, but you do not want everything server side over a network delay that is almost always more than the time between frames. Only server side physics would mean a lot of visual jank. It's now usually a model where the client and server make the calculation and the server "rolls back" the client of they do not match.
Data is being limited though, like not sending opponent location data unless the client can see them
> Data is being limited though, like not sending opponent location data unless the client can see them
So far as AAA games go this is pretty rare in practice. I guess there could be some problems to solve, e.g. you'd need to be conservative because a player could appear around a corner between server ticks, or the fact that RTS games usually operate by running a shared simulation[1].
Making sure that movement is validated on the server really is a reasonable requirement.
There are two main issues:
1) You typically want to let player's machines have a little knowledge the player doesn't, because if they peak around a wall, they should see an enemy, without having to wait for a round-trip before getting the information of the enemy they can see. Games often give out too much of this kind of information, but that's because it is computationally hard to figure out if a player can "almost" see an enemy.
2) Aimbots are basically impossible to check for on the server -- you can play a cat+mouse game (and games do) of seeing if players are consistently too accurate (or more likely, consistently too mechanical), but it's very hard, and player-side anti-cheat is part of trying to control this.
It's been a while and it never was my exact area so forgive the high level and any innacuracies! (hopefully someone smarter can chip in further!)
It begins to fall down when you think in terms of interpolation and movement, if the server had to confirm your every movement it'd end up very jittery and feel awful as you ping back and forth between where your client state thinks you are and the server state thinks you are.
Even the client is kind of guessing (visually) where it is a lot of the time, at least until the next physics or update tick comes in and all this means that the server is going to be doing a hell of a lot of guess work about the state of the clients.
Certainly though, I think in this day and age, for slower games you could probably do a better job of this on the server though -- and I'm sure people are working on it.
Validating input and physics is easy and is effective against some of the crazy cheats people ran on eg PUBG. But it’s much harder to “limit information”. For example in CS if someone is 95% hiding behind a smoke screen with just one foot sticking out, do you tell other players about this player or not? If you don’t, then you are depriving them of information they should have been able to see, if you do, then it still gives a cheater an edge because even if you do spot the foot you will probably have a hard time actually shooting at the player because his body is still hidden.
And even if you can 100% accurately decide when to hide or show information or if you are outright just streaming the game to the players there are still cheats that you cannot detect this way because they only enhance player capabilities within what is possible for an honest human player. For instance a simple cheat can detect if another player’s head is under your crosshair and fire automatically (with a randomized delay to game anticheat systems.) Realistically cheats these days are more complicated and do way more to emulate human input. It’s not easy to conclusively tell if a player is cheating thus way or not just looking at his inputs in one game. Maybe he is just fast, maybe he has lower latency, maybe he is just pre firing at spots he knows an enemy is likely to come from. You can’t know for sure unless you know what’s actually going on on his PC and his peripherals. And if you start banning people using just statistics you will likely end up with many false positives.
At the end of the day there is no silver bullet to cheating. Even if you fully control a player’s PC there are still ways to cheat in hardware [1]. You need to find the balance between annoying too many players with your anticheat and your game getting overrun by cheaters.
Games hardly eat up more than a megabit of bandwidth in practice, unless you start streaming. Even streaming games from the cloud to your computer will usually take less than 20-30mbps.
Latency is the real killer, though. A 10ms round trip + a few ms of simulation time at 144Hz will have physics objects "correct" their position after 4-5 frames have already been rendered. Bump that up to 30ms (still a perfectly common amount of latency) and you're reverting objects after 10 frames of animation.
The true killer is latency; the dominance of WiFi, and now the rise of home 5G internet.
People who play Counter-Strike with their wifi router 3 floors below them in the basement under a pile of laundry will go on a crusade to complain as loudly and relentlessly as possible for Valve to "fix the fucking hit reg".
People have -zero- technical knowledge and get incredibly angry that they died to someone they didn't even see.
Meanwhile Vanguard can't even stop crashing every game when you have a slightly non bog standard gaming system, e.g. with more than one adaptive sync monitor, Hyper-V or WSL installed ...
F2P creates this problem. If you're eating $20-60 per account every time your anti-cheat is burned it isn't much fun anymore. But if you can roll new accounts for free, there's nothing to lose.
This wouldn't work with CSGO either, as it's a play-to-earn game where you can win / gamble for items that some people are willing to spend a lot of money on. See also Diablo 3 when it first came out, there was a good story about a guy that would run two dozen bots just scanning the auction house, buying stuff for in-game money and selling it for real money. Every once in a while they did a round of bans, but the author just bought new copies of the game and continued.
Funny how the most advanced anti cheat just gives version info and executables in one nicely human friendly package. No need for gimmicks when you the work speaks for itself
fwiw I couldn't find the endpoint in question for vanguard, but I did find for all the riot games
I doubt they'll end kernel-level AC, though. At best, they'll get more stable kernel-level anti cheat because better APIs are available. Anti-cheat software would run as a hypervisor if it could, and even then it wouldn't have enough access to catch all cheaters.
Ehh, pretty sad there's almost no information on FACEIT anti-cheat. One of the most impactful out there. Wonder if it's just the invasiveness that separates it.
Valve can't replicate even part of it, while CS2 game modes are flooded with cheaters. Most people who chase competitiveness (which CS used to be all about – now it's also skins) just install FACEIT directly and ignore 90% of built-in game content.
Maybe Valve just doesn't want to make the game more difficult to install and sacrifice several % of their user base.
There's a number of good reasons not to make everyone run a kernel level anti-cheat. Linux (and therefore SteamOS) compatibility is a big one.
I think the status quo where anyone on any platform can access the vanilla game -- where cheaters may not even be a huge problem depending on one's skill rating -- and the most competitively-minded players have the choice to play on FACEIT, works pretty fine.
I do wonder what the 90% of built-in game content you're referring to actually is.
Valve's approach was to avoid the cat and mouse game knowing it doesn't lead anywhere. You can always cheat using DMA or reading the monitor with another computer that simulates a hardware mouse to get aimbot abilities.
They wanted a machine learning to detect, flag and ban suspicious behaviour.
This didn't work out and I'm not sure they are still trying but there's a few conferences talking about it.
They did try some stuff but got pushback from Reddit community for being too invasive. Not that it really matters for something already running on your pc.
To be fair in the specific case of CS2, the normal modes without FACEIT are really barely playable. Most games are just a massive loss or win, depending on who has the suspiciously good player with 100 hours in their team.
Most fps games when you get high enough rating are this :/
It also doesn't help most streamers have soft aim lock so that's everyone thinks is normal.
I swear fps games have been in the steroid baseball era for years and it'll be interesting if it ever comes out.
There's also a financial incentive to not reveal 25% of the player base is cheating both in the immediate loss of player base and the inability to simultaneously prove it's happening in all the competitors.
It seems some versions of proton have anti-cheat compatibility patches, for instance for WuWA (still don't really understand why they need some anti-cheats, I have some ideas, but all are not wroth an anti-cheat).
Very nice walk-through on the reverse engineering process.
Also, they linked this post that made my jaw drop: https://www.unknowncheats.me/forum/anti-cheat-bypass/667333-...
Apparantly BattleEye anti-cheat had an exploit where hackers could permanently ban any player they wanted. BattleEye allowed anybody to log in as a "game server" so hackers simply booted up a fake server, told BattleEye that "player X has logged in and is doing a bunch of suspicious stuff" and then player X's account was no more...
I'm sorry, why do we trust these guys again?
That's scary. I have an old Steam account with tons of games and already got banned once due to a bug in anti-cheat software and for a while my whole account was marked with a cheater tag.
The bug was so widespread that developers eventually removed bans but I'm sure something similar could happen where problem goes undetected and it would be really hard to try to convince developers to lift a ban.
It's crazy that people allow this stuff to effectively run as root. One of these companies is going to have a vulnerability that lets other players run code on your machine in kernel mode.
It's kind of amusing to me how some PC gamers act superior to console gamers because PC gamers run their games on a flexible, customizable, general-purpose machine that the user controls rather than an appliance... and then immediately hand over control to half a dozen companies at a level that reduces "their" PC to a vendor-owned appliance anyway.
If you are a PC gamer and run anti-cheat software like this, you should probably think of your gaming PC as a much more powerful and much jankier console, and avoid running or storing anything on it other than your games.
> and then immediately hand over control to half a dozen companies at a level that reduces "their" PC to a vendor-owned appliance anyway.
This was not always the case.
Also, the publishers lie about how invasive their software is - see the Sony rootkit fiasco.
> This was not always the case.
I know. :(
(Though, unfortunately, the SecuROM fiasco shows that this has sadly been going on a long time.)
I say it's amusing, but it's a bitter thing for me, too.
You just dual boot. Windows is a joke itself even without the anticheat shenanigans so I use it like a toy. Any real work gets done in Luks encrypted Linux inaccessible to the Chinese company with a rootkit in my windows. Hopefully.
Sony is Japanese
What makes you think the PC gamers who do the PC master race things are the same people as the ones playing games with invasive anticheat? Just because they both game on PCs? Your assumption tells more about yourself than those mythical “PC gamers”, whoever they are.
Maybe you skipped over the word "some" in your reading of my comment, or there's other ambiguity in the scope of a subordinate clause that you interpreted uncharitably, but I don't actually assert (or assume) that all or only PCMR types run games that require such rootkits.
> and then immediately hand over control to half a dozen companies at a level that reduces "their" PC to a vendor-owned appliance anyway.
Only when you want to play mainstream anticheat slop.
A lot of people do! That's what makes it mainstream.
Even though it's not been part of my life for a long time, I would still prefer a world where people can participate in trendy multiplayer games without subjecting themselves to such corporate malware.
But I agree, many games are better and lack this, and a lot of games that rely on nasty anti-cheat software succeed more based on network effects than on intrinsic excellence.
If you game for games' sakes, it's not too painful to avoid games so encumbered, or to cut these from your gaming diet. If you game as a ritual to stay in touch with distant friends, you will probably experience more pressure towards the rootkit-encumbered slop.
Happens about as often as games ship UI middleware that uses html and has xss, leading to an rce when the game leaves itself running as admin after an update. So basically all the time.
Because game companies force you to in order to play.
Play dumb games, win dumb prizes.
> I'm sorry, why do we trust these guys again?
Anyone who's attachment to gaming is low enough to let things like this effect their purchase decisions are already out. To the devs/pubs, those customers don't even exist in the category of potential customers. So they just worry about not pissing off the existing customerbase by changing the status quo too much or too fast.
[dead]
This BattleEye exploit demonstrates a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted without proper authentication or verification.
>a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted
Can you elaborate? I'm unsure what a trust boundary definition means in this context and how it relates to attestation.
It means you trust something with lower trustworthiness without (re)validating, or even trusting it at all if the validation isn't all but guaranteed. The boundary is when you switch between levels of trust.
Trusting something outside of your control is a good example. When your trusted game server trusts the untrusted game client when it says "trust me, it was a headshot" without validating this.
trust boundary basically means a spot in execution where the trust level of code changes (aka privilege level) and thus needs reverification
Fortunately they have a solution for trusting untrusted clients already! They just need to run an anti-cheat for their anti-cheat.
ESEA shipped their client and anti-cheat with a free bitcoin miner back in the day: https://en.wikipedia.org/wiki/ESEA_League#Bitcoin_mining_inc...
my friends got me in to valorent for a time, but I found the idea of a kernel level anticheat far too invasive
Most online Games require kernel Level anti Cheat.
No, very few of them actually use kernel level anti cheat. Really the only game that use them is Riot's games and Counter Strike private league FACEIT (as far as I remember).
Both EAC and BattleEye are also kernel level anticheats nowadays. Only if you're running them under Linux do they run in userspace only. Other than that it's pretty much only VAC, Overwatch's anticheat and maybe some other obscure ones that run in userspace.
No, very few of them actually use kernel level anti cheat.
What are the biggest vendors for anti-cheat that avoids that level of access?
Battleye and EAC are he biggest 3rd party AC and they've been in kernel for many years.
There’s also this little known title, I think I have this right—“Grand Theft Auto”.
Forgive my ignorance, but why don’t game developers put more effort into limiting the amount of data accessible to the client (restricting it only to what’s reasonably necessary)? For example, couldn’t more movement physics be validated or handled server side? Cheats might still be able to read some data from the game process, but ideally, they’d be limited to issuing inputs like any other player, based only on the same visible output everyone sees. Is it cost? Does this model just not align with how the client/server split looks in games?
That's exactly what's being done, but you do not want everything server side over a network delay that is almost always more than the time between frames. Only server side physics would mean a lot of visual jank. It's now usually a model where the client and server make the calculation and the server "rolls back" the client of they do not match.
Data is being limited though, like not sending opponent location data unless the client can see them
> Data is being limited though, like not sending opponent location data unless the client can see them
So far as AAA games go this is pretty rare in practice. I guess there could be some problems to solve, e.g. you'd need to be conservative because a player could appear around a corner between server ticks, or the fact that RTS games usually operate by running a shared simulation[1].
[1]: https://www.gamedeveloper.com/programming/1500-archers-on-a-...
Csgo and Valorant has done it for years, but they have fairly simple maps. Scum also did it and had the pop in problem.
Making sure that movement is validated on the server really is a reasonable requirement.
There are two main issues:
1) You typically want to let player's machines have a little knowledge the player doesn't, because if they peak around a wall, they should see an enemy, without having to wait for a round-trip before getting the information of the enemy they can see. Games often give out too much of this kind of information, but that's because it is computationally hard to figure out if a player can "almost" see an enemy.
2) Aimbots are basically impossible to check for on the server -- you can play a cat+mouse game (and games do) of seeing if players are consistently too accurate (or more likely, consistently too mechanical), but it's very hard, and player-side anti-cheat is part of trying to control this.
It's been a while and it never was my exact area so forgive the high level and any innacuracies! (hopefully someone smarter can chip in further!)
It begins to fall down when you think in terms of interpolation and movement, if the server had to confirm your every movement it'd end up very jittery and feel awful as you ping back and forth between where your client state thinks you are and the server state thinks you are.
Even the client is kind of guessing (visually) where it is a lot of the time, at least until the next physics or update tick comes in and all this means that the server is going to be doing a hell of a lot of guess work about the state of the clients.
This article helps with reasoning around what a game is doing per-frame: https://gameprogrammingpatterns.com/game-loop.html
Certainly though, I think in this day and age, for slower games you could probably do a better job of this on the server though -- and I'm sure people are working on it.
Validating input and physics is easy and is effective against some of the crazy cheats people ran on eg PUBG. But it’s much harder to “limit information”. For example in CS if someone is 95% hiding behind a smoke screen with just one foot sticking out, do you tell other players about this player or not? If you don’t, then you are depriving them of information they should have been able to see, if you do, then it still gives a cheater an edge because even if you do spot the foot you will probably have a hard time actually shooting at the player because his body is still hidden.
And even if you can 100% accurately decide when to hide or show information or if you are outright just streaming the game to the players there are still cheats that you cannot detect this way because they only enhance player capabilities within what is possible for an honest human player. For instance a simple cheat can detect if another player’s head is under your crosshair and fire automatically (with a randomized delay to game anticheat systems.) Realistically cheats these days are more complicated and do way more to emulate human input. It’s not easy to conclusively tell if a player is cheating thus way or not just looking at his inputs in one game. Maybe he is just fast, maybe he has lower latency, maybe he is just pre firing at spots he knows an enemy is likely to come from. You can’t know for sure unless you know what’s actually going on on his PC and his peripherals. And if you start banning people using just statistics you will likely end up with many false positives.
At the end of the day there is no silver bullet to cheating. Even if you fully control a player’s PC there are still ways to cheat in hardware [1]. You need to find the balance between annoying too many players with your anticheat and your game getting overrun by cheaters.
[1] https://www.counter-strike.net/newsentry/6500469346429600836
too much effort, since you also want to play sounds from hidden sources
Doesn't work because of the delay.
You don't want clients suffering a bad experience because they don't have gigabit internet
Games hardly eat up more than a megabit of bandwidth in practice, unless you start streaming. Even streaming games from the cloud to your computer will usually take less than 20-30mbps.
Latency is the real killer, though. A 10ms round trip + a few ms of simulation time at 144Hz will have physics objects "correct" their position after 4-5 frames have already been rendered. Bump that up to 30ms (still a perfectly common amount of latency) and you're reverting objects after 10 frames of animation.
The true killer is latency; the dominance of WiFi, and now the rise of home 5G internet.
People who play Counter-Strike with their wifi router 3 floors below them in the basement under a pile of laundry will go on a crusade to complain as loudly and relentlessly as possible for Valve to "fix the fucking hit reg".
People have -zero- technical knowledge and get incredibly angry that they died to someone they didn't even see.
Meanwhile Vanguard can't even stop crashing every game when you have a slightly non bog standard gaming system, e.g. with more than one adaptive sync monitor, Hyper-V or WSL installed ...
This was super interesting.
Unsurprisingly, I see he didn't have much to say about faceit and esea.
I think CSGO anti-cheats are a league above the rest (I'm not sure why, maybe because the scene is more competitive?)
I don’t have any inside info, but I’d comfortably bet $20 that it’s phone number verification.
F2P creates this problem. If you're eating $20-60 per account every time your anti-cheat is burned it isn't much fun anymore. But if you can roll new accounts for free, there's nothing to lose.
This wouldn't work with CSGO either, as it's a play-to-earn game where you can win / gamble for items that some people are willing to spend a lot of money on. See also Diablo 3 when it first came out, there was a good story about a guy that would run two dozen bots just scanning the auction house, buying stuff for in-game money and selling it for real money. Every once in a while they did a round of bans, but the author just bought new copies of the game and continued.
Is this sarcasm? CS is one of the worst when it comes to cheating.
Basically AC providers put more effort for the AC's resiliency than protecting the CDN. Does this count as Kerchoff's principle?
Funny how the most advanced anti cheat just gives version info and executables in one nicely human friendly package. No need for gimmicks when you the work speaks for itself
fwiw I couldn't find the endpoint in question for vanguard, but I did find for all the riot games
Isn't the age or kernel level anti-cheat tech coming to an end, thanks to Crowdstrike mishap a year ago?
MS is trying to limit kernel exposure: https://www.theverge.com/news/692637/microsoft-windows-kerne...
I doubt they'll end kernel-level AC, though. At best, they'll get more stable kernel-level anti cheat because better APIs are available. Anti-cheat software would run as a hypervisor if it could, and even then it wouldn't have enough access to catch all cheaters.
Slightly off topic, but I really like the design. I'll probably steal fonts.
off topic: What's the font this website uses for the code? The font ligatures seem nice, but I also would have to get used to reading code like that.
Inspector is telling me it's "ZedTextFtl", with "Jetbrains Mono" used for the monospace blocks.
Edit - More info on it here:
1) https://www.typotheque.com/fonts/zed-text 2) https://www.typotheque.com/blog/zed-a-sans-for-the-needs-of-...
Or just download and check the hash against older versions.
Ehh, pretty sad there's almost no information on FACEIT anti-cheat. One of the most impactful out there. Wonder if it's just the invasiveness that separates it.
Valve can't replicate even part of it, while CS2 game modes are flooded with cheaters. Most people who chase competitiveness (which CS used to be all about – now it's also skins) just install FACEIT directly and ignore 90% of built-in game content.
Maybe Valve just doesn't want to make the game more difficult to install and sacrifice several % of their user base.
There's a number of good reasons not to make everyone run a kernel level anti-cheat. Linux (and therefore SteamOS) compatibility is a big one.
I think the status quo where anyone on any platform can access the vanilla game -- where cheaters may not even be a huge problem depending on one's skill rating -- and the most competitively-minded players have the choice to play on FACEIT, works pretty fine.
I do wonder what the 90% of built-in game content you're referring to actually is.
Valve's approach was to avoid the cat and mouse game knowing it doesn't lead anywhere. You can always cheat using DMA or reading the monitor with another computer that simulates a hardware mouse to get aimbot abilities. They wanted a machine learning to detect, flag and ban suspicious behaviour. This didn't work out and I'm not sure they are still trying but there's a few conferences talking about it.
I think the killer is that even if you have an ML anti-cheat that is 97% accurate, that 3% collateral damage will be your undoing.
Valve's approach is to not care and let the money printer Steam do its thing.
Do not try and copy Valve. They have no financial incentive to actually care.
They did try some stuff but got pushback from Reddit community for being too invasive. Not that it really matters for something already running on your pc.
EAC supports Linux nowadays, but developers have to manually check the box to enable it.
EAC on Linux doesn't run in the kernel, it's all userspace. Which is part of the reason some developers choose not to accept EAC on Linux.
To be fair in the specific case of CS2, the normal modes without FACEIT are really barely playable. Most games are just a massive loss or win, depending on who has the suspiciously good player with 100 hours in their team.
Most fps games when you get high enough rating are this :/
It also doesn't help most streamers have soft aim lock so that's everyone thinks is normal.
I swear fps games have been in the steroid baseball era for years and it'll be interesting if it ever comes out.
There's also a financial incentive to not reveal 25% of the player base is cheating both in the immediate loss of player base and the inability to simultaneously prove it's happening in all the competitors.
It seems some versions of proton have anti-cheat compatibility patches, for instance for WuWA (still don't really understand why they need some anti-cheats, I have some ideas, but all are not wroth an anti-cheat).