Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Gabe Newell Responds: Yes, We're Looking For Cheaters Via DNS

timothy posted about 6 months ago | from the but-maybe-you-were-just-visiting dept.

Games 511

dotarray writes "Valve has stepped up to answer allegations that the company's anti-cheat system was scanning users' internet history. Rather than a simple, sanitized press release or a refusal to comment on 'rumours and innuendo,' Valve CEO and gaming hero Gabe Newell has personally responded." Newell or not, not everyone will like the answer. The short version is that Yes, Valve is scanning DNS caches, with a two-tiered approach intended to find cheating users by looking for cheat servers in their histories. Says Newell: "Less than a tenth of one percent of clients triggered this second check, accessing the DNS cache. 570 cheaters are being banned due to DNS searches."

cancel ×

511 comments

Sorry! There are no comments related to the filter you selected.

Still abusive (5, Insightful)

i kan reed (749298) | about 6 months ago | (#46275563)

Sorry Gabe, you're not allowed to see my DNS history. You aren't allowed to see GabeNewellNatiliePortmanHotGritsFanFiciton.net in my history. That's not allowed.

Re:Still abusive (5, Informative)

PhrostyMcByte (589271) | about 6 months ago | (#46275619)

The app is comparing DNS records with a client-side database of cheat sites, and if it finds a match sending it to Valve's servers for verification & ban-hammer. It's not sending every site you visit, unless the only sites you visit were via DNS records used by cheat developers.

Whoosh (2)

wjousts (1529427) | about 6 months ago | (#46275637)

No need to check your DNS history to tell you haven't visited OhNowIGetTheJoke.net

Re:Still abusive (1, Interesting)

Anonymous Coward | about 6 months ago | (#46275667)

Part of my job involves me going to these kind of sites and seeing what's happening. Visiting does not imply guilt, and, in fact, I am not cheating at any games. Not that I even own multiplayer Steam games, but that just furthers my point. Why should I be considered at risk of being banned when I am not cheating?

Re:Still abusive (5, Informative)

ebrandsberg (75344) | about 6 months ago | (#46275693)

did you even read his response? They look for indications that the cheat is in play, THEN they check DNS as verification, and send a HASH of the dns name to their servers for comparison. This means they don't even see the actual dns name on their side, they can just check against known hashes of the sites the DRM used for verification. That is why it is two staged. Simple existence of the names in your DNS cache won't trigger the ban hammer.

Re:Still abusive (0, Interesting)

Anonymous Coward | about 6 months ago | (#46275747)

So you can't be good at video game and curious about technologies at the same time?

Re:Still abusive (1, Interesting)

Cley Faye (1123605) | about 6 months ago | (#46275973)

If you manually visit the domain used internally by cheats for DRM checking, it's beyond curiosity.

Re:Still abusive (5, Informative)

Anubis IV (1279820) | about 6 months ago | (#46276051)

So you can't be good at video game and curious about technologies at the same time?

You can be, actually. As Gabe pointed out, the cheats these days have DRM installed to ensure that users of the cheat are actually paying for it. VAC, if it detects indications of the cheat, checks to see if the DRM's phone-home servers are in your DNS record, then sends back hashes of those servers for verification in Valve's system. It was made pretty clear that merely visiting the site for a cheat to check it out, whether intentional or accidental, would not result in getting flagged for the DNS check, let alone getting banned. Even purchasing the cheat would not get you banned, in and of itself.

Basically, the DNS check only kicks in after you've purchased a cheat and used it in a game, at which point you've crossed the line from mere curiosity into abuse, and even then, they weren't banning people immediately, but rather doing the DNS check for final confirmation of cheating activity. And even then, it's only looking for the phone-home servers, not the web servers, used for those cheats, so people who were merely good players and had looked at the servers for the cheat without ever installing and running it would be perfectly fine.

So...what's your gripe then?

Re:Still abusive (-1)

kbg (241421) | about 6 months ago | (#46275835)

So if spiteful people start to embed non functioning image URLs to these DRM servers in forums and other public web sites it means a lot of innocent users will be banned because they will have these sites in the their DNS cache even if they never visited them personally. Thanks Valve.

Re:Still abusive (1)

Anonymous Coward | about 6 months ago | (#46275905)

Not only did you fail to RTFA, you failed to read the fucking comment you replied to. Please stop posting.

Re:Still abusive (4, Insightful)

QuietLagoon (813062) | about 6 months ago | (#46276035)

did you even read his response? They look for indications that the cheat is in play, THEN they check DNS as verification...

Explaining something does not justify it. They should not go rummaging through my computer. Period.

Re:Still abusive (5, Informative)

Zembar (803935) | about 6 months ago | (#46275739)

He specifically says that it doesn't care about what web sites you are visiting, it's the adresses to the cheat DRM servers it looks for, to detect if a cheat has dialed home from that computer. It only checked this if the account was already suspected of using the cheat.

So, in an impressive turn of events, many cheats now include DRM and anti-cheat codes. These phone home to a DRM server that confirms whether or not a cheater has paid to use that particular cheat

Also, he says that since the cheats invented countermeasures to this in just 13 days, they already stopped doing it. The summary is quite misleading. (Not necessarily a big surprise on slashdot...)

Re: Visiting does not imply guilt (1)

DocSavage64109 (799754) | about 6 months ago | (#46275743)

Then it's a good thing that the DNS scan is only for verification purposes in the second stage of the anti-cheat process.

They are non-www servers, so it would be special i (4, Insightful)

Anonymous Coward | about 6 months ago | (#46275771)

They explain that these are non-www servers, so you can't visit them. They are used directly by the apps to find their license servers, it's not the servers where you can download the files.

And if you need to visit cheat sites for this, I would open them in some VM since these aren't the most trustworthy sites.

Re:Still abusive (1)

Andy Dodd (701) | about 6 months ago | (#46275673)

So what if someone puts a URL for a cheat site in a forum comment somewhere, disguised as something else?

Not really (1, Informative)

Anonymous Coward | about 6 months ago | (#46275703)

Not cheat sites. Specific non-web servers that the cheat software "phoned home" for authentication, since cheats are paid software and therefore have their own DRM. Valve was never even made aware of anyone just browsing a cheat site.

It should also be noted that VAC no longer does this check, as devs of cheat software have figured out how to manipulate their clients' DNS cache.

Re:Still abusive (4, Insightful)

Bob9113 (14996) | about 6 months ago | (#46275917)

The app is comparing DNS records with a client-side database of cheat sites, and if it finds a match sending it to Valve's servers for verification & ban-hammer. It's not sending every site you visit, unless the only sites you visit were via DNS records used by cheat developers.

Compare: We record images using your laptop's webcam, but we only look at them if our software algorithm thinks the images show you doing something that violates our ToS.

Re:Still abusive (5, Insightful)

wagnerrp (1305589) | about 6 months ago | (#46275983)

It's more like an anti-theft service that when it thinks the laptop may have been stolen, it then turns on the camera to see who is using the laptop. Access to the DNS cache is only triggered by some other first-tier behavior.

Re:Still abusive (0)

jittles (1613415) | about 6 months ago | (#46275921)

The app is comparing DNS records with a client-side database of cheat sites, and if it finds a match sending it to Valve's servers for verification & ban-hammer. It's not sending every site you visit, unless the only sites you visit were via DNS records used by cheat developers.

I don't care what it is sending or not sending to Valve. It's still an unnecessary invasion of privacy. In fact, its so easy to circumvent that I have a hard time believing that he is even being honest about why they are looking at the DNS records to begin with. How hard is it to clear my history, browse in Incognito mode, or do all of my cheating on a separate machine or in a VM? Trivial. And in fact, it may incorrectly flag me as a potential cheater anyway. I have looked up exploit information for games. I did not look in order to cheat at the game, but because I kept running into people who were not being busted for cheating and I wanted to know how they were exploiting the game. I was looking for a better way to tell when someone was cheating, not to actually cheat myself. The fact that so many companies are doing anything they can to get your GPS, browsing history, and other metrics from everyone's phones and personal computers is something that needs to be addressed. It's just not reasonable to expect the end user to know what is going on with their private data. It's too easy for an application to steal that info without the user having any idea.

Re:Still abusive (5, Informative)

wagnerrp (1305589) | about 6 months ago | (#46276053)

I don't care what it is sending or not sending to Valve. It's still an unnecessary invasion of privacy. In fact, its so easy to circumvent that I have a hard time believing that he is even being honest about why they are looking at the DNS records to begin with. How hard is it to clear my history, browse in Incognito mode, or do all of my cheating on a separate machine or in a VM? Trivial.

It's not your web browser accessing cheat websites, it's your cheat software itself accessing its servers. Clearing your history or browsing in Incognito mode won't do anything. You cannot use a VM, since the cheat software must be run on the same machine as you are running the game (and VAC).

And in fact, it may incorrectly flag me as a potential cheater anyway. I have looked up exploit information for games. I did not look in order to cheat at the game, but because I kept running into people who were not being busted for cheating and I wanted to know how they were exploiting the game. I was looking for a better way to tell when someone was cheating, not to actually cheat myself.

Then it will not flag you as a potential cheater, since you were not running the cheat software to access the DNS entries in question. Further, it would never flag you as a potential anyway. This mechanism is only triggered after some other behavior has already flagged you as a potential cheater. This is a confirmation mechanism.

While the basic idea of a piece of software accessing and reporting this information, at least in Valve's public explanation of what they were doing, it was entirely in good faith.

Re:Still abusive (1)

AC-x (735297) | about 6 months ago | (#46276055)

Don't worry, all the DNS names were MD5 hashed, so Gabe will only know you visited b80747491a0922eeaf0d800983ddc886 :)

Is it in the TOS? (4, Interesting)

NotQuiteReal (608241) | about 6 months ago | (#46275569)

Is this search in the TOS, or is it an "unauthorized" search?

Re:Is it in the TOS? (0)

Anonymous Coward | about 6 months ago | (#46275701)

Is this search in the TOS, or is it an "unauthorized" search?

Uh, who's TOS? Valve, or your ISP?

Seems you might want to better understand who "owns" that data first, and how you've already authorized it's (ab)use via the agreement you've already inked with your ISP before making any claims of unauthorized activity. You would be surprised what's buried in paragraph 173, subsection ZZ-174, right under the area where they state they reserve the right to re-sell your dead pixels...

Re: Is it in the TOS? (0)

Anonymous Coward | about 6 months ago | (#46275833)

In the TOS or not, it's still likely against EU law. You cannot sign away your right to free speech, which includes receiving information without limitations.

Re:Is it in the TOS? (1)

interkin3tic (1469267) | about 6 months ago | (#46275895)

You ask that as if ANYONE has any idea what is in the TOS. I assume it's standard TOS stuff like you won't sue us for any reason ever, we own you and can do whatever we want, you own nothing, you pledge your soul to serve in our undead army against God in the end days... That probably covers these searches.

Re:Is it in the TOS? (2)

Raenex (947668) | about 6 months ago | (#46275961)

you pledge your soul to serve in our undead army against God in the end days...

Sorry Valve, that one has to be signed in blood.

How common is cheating with VAC? (1)

Galaga88 (148206) | about 6 months ago | (#46275581)

I know in the olden days, I just assume everybody else was cheating (they usually were) but how common is cheating now that VAC has been around for a while?

Re:How common is cheating with VAC? (1, Funny)

feedayeen (1322473) | about 6 months ago | (#46275639)

I think that this is a, 'we don't have any gays in Iran,' type of situation.

Re:How common is cheating with VAC? (-1)

Anonymous Coward | about 6 months ago | (#46275857)

I think that this is a, 'we don't have any gays in Iran,' type of situation.

Iran does not have any homosexuals, they have transgenders. And before you blame Iran for this, remember that Iranian are idiot Muslim that believe homosexual sex is sinful. Surgical mutilation and reconstruction is to them, a good way to work around all the bullshit of the Quran.

Before you hasty mod me down for denouncing Islam for what it is, notice that my post is pro homosexual and therefore progressive. Mod me up if you are NOT homophobic!

Re:How common is cheating with VAC? (0)

Anonymous Coward | about 6 months ago | (#46275881)

I think that this is a, 'we don't have any gays in Iran,' type of situation.

Uh, and now it's not. It's more like a '570 players out of millions' type of situation.

In other words, it's NOT a situation at all, unless somehow that 'one-tenth of one percent' is affecting the gameplay (and revenue) of millions.

Kinda doubt it.

Re:How common is cheating with VAC? (4, Interesting)

CastrTroy (595695) | about 6 months ago | (#46275645)

This is why I don't like the idea that games seemed to have moved away from hosting your own server. Online games were great when you knew the guy you were playing against. There wasn't as many problems with cheating, or perhaps you could agree on which cheats could be used, and the in-game chat was a lot more tolerable. Now that you're just playing against a random selection of people from the internet, I just don't get as much enjoyment out of it.

Not sending history to Valve (4, Informative)

pavon (30274) | about 6 months ago | (#46275587)

The biggest part of his announcement is that this checking is done client side; your DNS history is not sent to Valve. They also only record MD5 hashes that match the cheat sites they are looking for, not your entire DNS history. Finally, they claim to only check for DNS lookups of servers used by the cheat software itself, not just websites where you might read about and download cheats (although in some cases I imagine these could be the same), and use this as a second check after the client has already detected a cheat installed on you machine. So simply visiting cheat software websites without using them shouldn't get you banned.

Re:Not sending history to Valve (0, Troll)

Anonymous Coward | about 6 months ago | (#46275671)

Well, that's what they claim the software does. Without transparency (read open source), we just have to take their word on the matter.

Re:Not sending history to Valve (2)

CanHasDIY (1672858) | about 6 months ago | (#46275685)

Why couldn't they just MD5 the files for the actual game, to verify that they match with the official binaries? Seems a lot less intrusive, and less potential for abuse.

FWIW, it shouldn't matter what information I discover; what matters is what I do with it. Maybe I hack games, maybe I like to visit the sites that teach you how so I can understand what that means; either way, unless I'm using the knowledge I gained from game-hacking websites to.. er, well, hack Steam games, then IMO it's none of Gabe's fucking business what websites I visit, nor anyone elses.

Re:Not sending history to Valve (4, Interesting)

Anonymous Coward | about 6 months ago | (#46275753)

Cheats have evolved beyond file tampering. Most are done with code injection, and boy is that history a long one. I suspect the actual DNS being hunted for are the cheats' "DRM" servers that ensure you paid the guy who made the cheat money. CheatHappens.com or whatever they're calling themselves these days was one of the first to start doing this in a big way.

Re:Not sending history to Valve (1)

Cheburator-2 (260358) | about 6 months ago | (#46275825)

I suspect the actual DNS being hunted for are the cheats' "DRM" servers that ensure you paid the guy who made the cheat money.

Imagine, Newell said exactly this. Only DRM sites, not web sites. How did you guess it?

Re:Not sending history to Valve (2, Informative)

Anonymous Coward | about 6 months ago | (#46275795)

Why couldn't they just MD5 the files for the actual game, to verify that they match with the official binaries? Seems a lot less intrusive, and less potential for abuse.

A lot of anti-cheat systems already do things similar to that, but it only catches one category of cheats. It doesn't help so much for cheats that change the game after it is loaded into memory, ones that change behavior of the video card that make things easier to see without touching the game, and ones that help control inputs without editing the game.

maybe I like to visit the sites that teach you how so I can understand what that means;

Then this check won't flag you, because that is not what it is looking for. Various cheat programs these days have their own DRM system because the makers want to make money, yet know what type of crowd they are dealing with. The anti-cheat software is said to be checking for connections to the DRM validation servers for known cheats, not to websites by or about the cheats.

Re:Not sending history to Valve (2)

szap (201293) | about 6 months ago | (#46275809)

Don't need to change the actual files to patch it. See DLL Injection: http://en.wikipedia.org/wiki/D... [wikipedia.org]

Re:Not sending history to Valve (1)

dave562 (969951) | about 6 months ago | (#46275873)

Often times they are not modifying the binaries themselves. The cheats are separate DLLs that are injected into the process at run time.

Re:Not sending history to Valve (0)

Anonymous Coward | about 6 months ago | (#46275903)

DRM already check signature of executable. Cheat software are network tool that modify the packets (like a firewall that intercept, modify and reroute), as they are sent to the server.

Re:Not sending history to Valve (2)

frinsore (153020) | about 6 months ago | (#46275915)

Checking the MD5 hash is one of the oldest methods of anti-cheat. Nowadays file hashes are signed by a private key and verified locally with the corresponding public key, if the hashes don't match then it's an invalid file. But like I said, this is one of the oldest methods and has been worked around for years. The simplest method is to modify system dlls that the executable depends upon to inject code into the running game. This then leads to signing everything that the executable could depend upon. The next easiest method is to launch the executable, pause execution, overwrite some data/functions, and then resume. This has been combated by having the executable live at a random offset. Instead of the executable living at 0 in memory it could live at position 1024 or 756.

The problem is that all anti-cheat software is essentially DRM and running DRM on am open platform like a PC is inherently problematic.

Re:Not sending history to Valve (0)

Anonymous Coward | about 6 months ago | (#46275929)

< flame mode="high">
Jesus christ you fucking idiot, do you even code?
</flame>

Here's why: Because it's on the internet. Because most games communicate over UDP. Because encryption in a real time protocol slows it down. Because most games push a host "as far as the platform will let it" and crypto is an added layer of unecessary computationally expensive overhead. Because any sort of crypto keys in this system could be pulled out of memory anyway. No, you don't actually have tools good enough to prevent this -- I don't care what the marketer told you.

In short he can't /just/ md5 a binary -- because people not you actually understand how the internet works. For that matter, they understand how software works too.

Yes, there's abuse potential. As long as there's second hand validation after the fact, all this really does is red-flag people for further inspection. Yes, I agree it's none of Valve's damned business and find it objectionable without it being clearly laid out in the ToS. And I find it naive, because I learned years ago not to shit where I eat -- which is to say, you don't do your hacking or research on your home box.

But you can't just md5 the binaries, because I can and have rewritten packets that are coming in and going out over the wire. In fact, it's what pretty much every fucking firewall in existence does. Or did you forget about packet filters with that ultra cool course that taught you about MD5?

<flame mode="moderate">
So please take your simplistic, naive notion of how the internet works, shove it up your ass, and let the big boys that understand the network fix things. It's clear not only that you don't actually understand the problem, but that you also don't understand your naive proposed solution. An MD5... wtf. Do you even realize how often those used to get patched in-memory nearly a decade ago ?
</flame>

Really, people need to realize the world isn't as simple as they conceptualize it. Complexity doesn't excuse itself, but there's probably a damned good reason it evolved.

Re:Not sending history to Valve (0)

Anonymous Coward | about 6 months ago | (#46275979)

Why couldn't they just MD5 the files for the actual game, to verify that they match with the official binaries?

Because they are not dealing with script kiddies and people who think Ruby on Rails is a programming language.

Re:Not sending history to Valve (1)

blincoln (592401) | about 6 months ago | (#46276065)

Most cheating involves modifying processes in memory, not the files on disk.

I do agree that it's really heavy-handed of Valve to ban players over DNS entries, though. What's to stop me from posting a page on some heavily-trafficked site with embedded image tags pointing to those systems (they may not load, since who knows if the cheat servers are even running web server components, but visiting machines will still cache the DNS entries), trying to get anyone who visits it banned on Steam?

Re:Not sending history to Valve (0)

Bob9113 (14996) | about 6 months ago | (#46275815)

Sure, we put a camera in your bathroom, but it's OK, we don't look at the footage.

Retention... (0)

Anonymous Coward | about 6 months ago | (#46275591)

The issue is more what information they keep - what happens to it and who else has access to it - than anything else.

Valve vs NSA (2, Insightful)

Anonymous Coward | about 6 months ago | (#46275603)

I trust Valve more than the NSA.
The NSA doesn't protect me against hackers.

Neither does valve. (0)

Anonymous Coward | about 6 months ago | (#46275775)

What they WILL do is abuse you and claim it protects you.

Just like the NSA.

Re:Neither does valve. (0)

Anonymous Coward | about 6 months ago | (#46275805)

NSA claims to protect some people, not me. Valve doesn't claim anything, they just want the hackers to buy CS:GO for the fourth time.

Less Than 0.1% (0, Troll)

Anonymous Coward | about 6 months ago | (#46275605)

The Holocaust only killed 0.3% of the world population. Didn't make it right.

Re:Less Than 0.1% (0, Offtopic)

Anonymous Coward | about 6 months ago | (#46275655)

If the Jews bothered using aimbots history would be very, very different.

At least someone admits it (0)

Anonymous Coward | about 6 months ago | (#46275621)

It's in the Steam ToS, so you have already agreed to get scanned. Personally I'd be more angry at people so determined to cheat they got this countermeasure instituted in the first place.

Not good for their aspirations (0)

Anonymous Coward | about 6 months ago | (#46275629)

If Valve hopes to see linux, And particularly their brand of linux (SteamOS) become a real competitor or potentially a disruptive change of platforms then they cant be invasive like this. Just not going to work. They will ruin everything they are seeking to achieve.

Re:Not good for their aspirations (0)

Anonymous Coward | about 6 months ago | (#46275757)

Only half true. It's hard to get more restrictive and invasive than Apple's products, but idiots are back into buying that crap again.

The good news is that Apple is reverting back to their old tricks that nearly destroyed their company 20 years ago.

VAC has always been invasive and the general publi (0)

Anonymous Coward | about 6 months ago | (#46275817)

The average gamer yses gmail or hotmail and facebook, do you really think they care that much about a 2 step DNS check where info is only sent to Valve if you looked up some cheat dns name? They are not scanning for website dns names, but for control server dns names, so the chance that someone happens to "visit" that site without cheating is pretty damn remote.

Visiting a Site Isn't Cheating (0)

Luthair (847766) | about 6 months ago | (#46275661)

Are DNS entries really indicative of cheating? It doesn't necessarily follow that someone who has viewed a site about cheating is actually cheating. And now that it is known, it is virtually guaranteed that anyone actually cheating will simply use a secondary PC to surf the sites.

Surfing the sites won't trigger it (2, Insightful)

Anonymous Coward | about 6 months ago | (#46275697)

VAC looks for the DRM servers that ensure you're a paying user of the cheat. Check the Reddit post.

Re:Visiting a Site Isn't Cheating (0)

Anonymous Coward | about 6 months ago | (#46275727)

The code isn't just checking for any websites you've visited. A number of hacks need to be connected to a remote web server in order to function properly or to verify that you've actually purchased the hack. The code in question is supposed to look for these phone home servers in your dns cache after VAC has detected that you may already be cheating.

Re:Visiting a Site Isn't Cheating (1, Informative)

DarkFencer (260473) | about 6 months ago | (#46275729)

Assuming Gabe is being truthful when he states that this is a secondary check triggered by some other evidence for cheating, then just visiting these sites wouldn't be enough.

Its suspicious activity (reported by players? detected through other methods? not sure) that triggers the additional check(s).

Re:Visiting a Site Isn't Cheating (0)

Anonymous Coward | about 6 months ago | (#46275741)

The summary is actually wrong and if you read the article you'll notice that he points out that they specifically look for the non-web dns entries that point to the DRM servers in the cache. As such simply visiting the website wouldn't trigger anything. Also as he points out it is simple to modify the dns cache and this specific test is no longer effective.

Re:Visiting a Site Isn't Cheating (0)

Anonymous Coward | about 6 months ago | (#46275755)

To bad most cheats require a "subscription" which means the client logs into the service.

Re:Visiting a Site Isn't Cheating (4, Informative)

newcastlejon (1483695) | about 6 months ago | (#46275759)

It's not an issue of viewing cheating sites; Steam is looking for DNS lookups performed on DRM servers (not the Steam ones). Many cheats are paid-for so, in a cruel twist of fate some might say, they use DRM to check if the cheater has paid for the priviledge of doing so.

gaben himself has said that this tactic only lasted a matter of weeks anyway, until the cheatware started futzing around with the player's DNS cache to avoid these checks.

Re:Visiting a Site Isn't Cheating (1)

Somebody Is Using My (985418) | about 6 months ago | (#46275769)

Mind you, it's less checking if you visited a site and more if your computer accessed a proscribed host.

Many of the cheats VAC is checking for are not only sold, but protected by a form of DRM that checks an authorization server before they let you use the cheat. VAC is more often looking to see if your computer is connecting to the authorization server; e.g., they are more interested in seeing if you visit authorization.cheaters.com than forums.cheaters.com

Not that I think that is much better, and I imagine that - especially now that the method has become common knowledge - it will become far less effective. The hacks will probably start using some sort of commonly used proxy to redirect and obfuscate the authentication request; perhaps the next version of WallHack.exe will come bundled with a TOR client.

Of course, the best option would be to give customers a choice: play on sponsored, VAC protected servers - albeit at a cost to your privacy - or allow VAC to be turned off and play the game on player-hosted servers, where you may (or may not) encounter people using cheat tools.

Re:Visiting a Site Isn't Cheating (1)

idontgno (624372) | about 6 months ago | (#46276015)

Mind you, it's less checking if you visited a site and more if your computer accessed a proscribed host.

The use of the emphasized phrase with a straight face is exactly what's wrong with this methodology.

It's the Internet. Sane societies don't have "proscribed hosts".

Re:Visiting a Site Isn't Cheating (0)

Anonymous Coward | about 6 months ago | (#46275803)

Try RTFA.

Re:Visiting a Site Isn't Cheating (0)

Anonymous Coward | about 6 months ago | (#46275807)

Go read yesterday's thread, or just RTFA. This isn't meant to catch people who google 'how i aimhack conter strike.'

Re:Visiting a Site Isn't Cheating (0)

Anonymous Coward | about 6 months ago | (#46275811)

Its not that simple. The cheats were using a type of DRM which checked if the cheater has paid against cheat developer's billing server or whatever DMR they had in place. It is those lookups that Valve was matching against the DNS cache. To answer your question, yes, the DNS lookups were a clear indication that a cheat was checking whether they had paid for it.

Now the cheat developers are going to code their own DNS resolution rather then relaying on the host operating system and thus continues the game of cat and mouse.

Also cheating with single player is fine (1)

aepervius (535155) | about 6 months ago | (#46275893)

Despite that , you might get banned , because you visited and used a cheat for a single player, which will have the exact same symptom as cheating for , say, TF2 (primary and secondary DNS entries).

Re:Visiting a Site Isn't Cheating (0)

Anonymous Coward | about 6 months ago | (#46275947)

Would be amazing if any of you twats actually stopped and read the response.
It answers all your questions, quite satisfactorily

Re:Visiting a Site Isn't Cheating (1)

QuasiSteve (2042606) | about 6 months ago | (#46275957)

The point is that these aren't sites you would normally visit out on the interwebs. It's a bit like saying "oh but what if I somehow stumbled upon udashdiasd.dashbduiqidasdjkasd.dasbdaskd.hdasuida.something.com?" when the only known vector for ever hitting up udashdiasd.dashbduiqidasdjkasd.dasbdaskd.hdasuida.something.com is through a piece of malware, and complaining that your anti-malware package threw up a red flag.

More specifically, your comment's subject:

"So basically it wasn't pulling DNS for the entire machine but only looking for that one particular phone home call the cheat did? So merely looking at a cheat site won't get you banned?" - ava_ati

"Correct." - GabeNewellBellevue

- http://www.reddit.com/r/gaming... [reddit.com]

Add to that that this check only occurs if VAC has already detected something fishy going on. So even if you did deliberately hit up these DRM servers (for science / research / because you want to lower the SNR for VAC).. unless you're actually using the cheat, VAC doesn't much care.

At least, them's the claims.

Re:Visiting a Site Isn't Cheating (0)

Anonymous Coward | about 6 months ago | (#46276031)

Read. The. Article.

They clearly state that this check was effectively for only 13 days and is no longer effective.

Seriously, read the article.

It'd also be nice if moderators didn't up vote something "Insightful" when it's clear that the poster didn't read the article. There's nothing insightful about this...

Expect an exodus? (-1)

scottbomb (1290580) | about 6 months ago | (#46275663)

I was thinking about signing up. Not anymore.

Re:Expect an exodus? (0)

Anonymous Coward | about 6 months ago | (#46275705)

Nothing stopping you from rolling your own Linux, And installing steam on that with whatever walled off qualities you want. Which is looking like what im going to have to do.

Re:Expect an exodus? (1)

DocSavage64109 (799754) | about 6 months ago | (#46275783)

An exodus of cheaters wouldn't be a bad thing. Note that the DNS scan is only after the software detects a cheat.

Exploitable? (0)

OhPlz (168413) | about 6 months ago | (#46275679)

Sounds like a possible exploit to me. All you need is a web page claiming to have cheats or walkthroughs or something, then have that page send the browser to a bunch of the likely-to-be black-listed sites. Now you've just screwed anyone on Steam that happens to hit the page. Then what recourse do the players have? Any? Game software should not be spying on its user outside the realm of the game.

Re:Exploitable? (0)

Anonymous Coward | about 6 months ago | (#46275919)

not having the cheat-drm installed would help

Re:Exploitable? (1)

Ardyvee (2447206) | about 6 months ago | (#46276007)

It should only trigger the dns check if VAC believes you are cheating.

VAC checked for the presence of these cheats. If they were detected VAC then checked to see which cheat DRM server was being contacted. This second check was done by looking for a partial match to those (non-web) cheat DRM servers in the DNS cache. If found, then hashes of the matching DNS entries were sent to the VAC servers. The match was double checked on our servers and then that client was marked for a future ban.

Emphasis mine.

Read links, no answer (0)

Anonymous Coward | about 6 months ago | (#46275683)

So, this VAC thing that collates all DNS data and "doesn't" send it anywhere, is that just for the military themed hat simulators, or does it run anytime I play anything that is Steam-linked?

Misleading article... read the real post by Gabe (3, Informative)

Anonymous Coward | about 6 months ago | (#46275687)

They did not look at DNS histories of your browsing... there are cheats that have their own DRM that phone home to the cheat server to make sure you paid for the cheat (/irony). All Valve was looking for was the phone home to the cheat servers, not your bloody porn searches, or even visiting a cheat website.

Re:Misleading article... read the real post by Gab (1)

Cheburator-2 (260358) | about 6 months ago | (#46275847)

You seem the only person to actually go and read that article.

Why do we still allow this sort of overeach? (3, Insightful)

green1 (322787) | about 6 months ago | (#46275689)

The more I see stories about various programs accessing all sorts of stuff they aren't supposed to, the more I wonder why we still allow this? I use my browser for something, there shouldn't be any other program on the computer that knows about it. It's time we eliminate this idea that every app has access to every file on our computers. I really don't understand why sandboxing every app is not only not the default, but also very rarely even available on most operating systems.

It seems these days most apps are hostile to the users, it's time we treated them as such and stopped letting them have the run of our computers.

Re:Why do we still allow this sort of overeach? (4, Insightful)

dave562 (969951) | about 6 months ago | (#46275927)

We tolerate it because cheaters ruin games. If do not want to play the game, or do not want your privacy violated, then do not play games on Steam.

For those of us that do play games, and do play them honestly, this is another step in the right direction. Cheating simply kills these games. I am willing to give up a bit of privacy in exchange for fewer aimbots and wallhacks in the FPS games that I play. If you read the article, or the comments, you would realize that the DNS scanning is a second level of review that takes place when other indicators point towards a person who might be cheating.

Re:Why do we still allow this sort of overeach? (1)

Kardos (1348077) | about 6 months ago | (#46276009)

> It seems these days most apps are hostile to the users, it's time we treated them as such and stopped letting them have the run of our computers.

Well that the tradeoff when it comes to closed source software. You have to trust that the provider of the binary is Not Evil.

> It's time we eliminate this idea that every app has access to every file on our computers.

Mobile has made some progress here with "App Permissions", such that you can limit what an app can do. It's easy to do this when you build a new system, apps have to conform to it. With PCs, the "app can do whatever it wants" has been standard for years and it'll be hard to change it.

Re:Why do we still allow this sort of overeach? (1)

Ardyvee (2447206) | about 6 months ago | (#46276041)

Don't use VAC. AFAIK (correct me if I'm wrong), it should only be activated if you join VAC-enabled servers. VAC is specifically Valve's Anti-Cheat System and it does what it says on the tin. Although I guess I do agree on the whole sandboxing thing. But you still have the problems of cheating in online games.

Pssst... Shhhhh... Nobody please tell Gabe about i (0)

Anonymous Coward | about 6 months ago | (#46275725)

Because that'll force him to hire router proctologists and that would cost a lot and Valve might go out of business.

No Local Resolver (0)

Anonymous Coward | about 6 months ago | (#46275745)

Turn off your local resolver, and presto, no DNS cache to search. Web surfing may be slightly degraded but not much.

Banned from Battlecraft (1, Interesting)

Spiked_Three (626260) | about 6 months ago | (#46275767)

I recently got banned from battlecraft (or whatever it is called) for cheating. That includes, warcraft, diablo, starcraft, others?

But here is the thing; I have not even logged on to play any of those games in over 3 years.

The vendor has come to a flawed conclusion I cheated, and prevented me from playing games I have spent hundreds of dollars for.

Mr Newell, I suggest that some, if not most of your apparent cheaters, are due to YOUR companies lack of technical skill. Stop punishing the innocent for that.

Re:Banned from Battlecraft (0)

Anonymous Coward | about 6 months ago | (#46275851)

Perhaps whoever is using your account is cheating.

Re: Banned from Battlecraft (0)

Anonymous Coward | about 6 months ago | (#46275853)

Sue them. Only by demanding justice for wronged innocents can this behavior be stopped.

Re: Banned from Battlecraft (0)

Anonymous Coward | about 6 months ago | (#46275967)

>Sue them.

Valve forced users to accept a binding mandatory arbitration agreement a couple of years ago or else they lost access to all previously purchased games that they hadn't downloaded prior to the agreement being sent. Even if downloaded, those games lost all online access.

Suing them now means you are kissing the boots of whatever dark lord/"judge" valve pays for to tell you that you're wrong because money.

Re:Banned from Battlecraft (0)

Anonymous Coward | about 6 months ago | (#46275871)

What probably happened: Somebody ELSE tried to log into your account from somewhere else and your account has been flagged. You would have to contact them.

Re:Banned from Battlecraft (1)

dave562 (969951) | about 6 months ago | (#46275963)

Mr Newell, I suggest that some, if not most of your apparent cheaters, are due to YOUR companies lack of technical skill.

While you may suggest that, it is a load of crap and doing so makes you look ignorant.

Cheaters have nothing to do with Valve's lack of technical skill, and everything to do with the client/server based nature of the games. As long as the games are running on hardware that the company does not control, there will be cheaters. It is the age old adage that if the attacker (in this case the cheater) has physical access to the server (or in this case, game client), there is nothing that you can do to protect yourself.

As an added bonus (0)

Voyager529 (1363959) | about 6 months ago | (#46275777)

users for whom "activate.adobe.com" resolves to 127.0.0.1 will be placed under 'additional scrutiny'.

Also, Steam may find themselves with fewer users than Origin.

Not actual cheat websites being checked (3, Informative)

Pricetx (1986510) | about 6 months ago | (#46275781)

One point that I don't think a lot of the commenters aren't getting, is that it isn't the actual "cheat websites" that are getting detected by this system, the system doesn't even check for them.

As Gabe explained, most cheating software uses DRM, similar to that of games themselves, which "phones home" to the cheat software publishers to ensure that all of the users of the software are actually paying for it. These "DRM servers" will have their own domain names, and it's these domain names which VAC is looking for. This is to avoid flagging people for simply having visited the cheat website.

It's also worth pointing out that this check is only triggered *AFTER* VAC has already detected that the player is cheating through other means, it can be thought of as a second factor of cheat authentication. This means that players can't get "tricked" into being VAC banned by having malicious javascript on a website causing their PC to perform DNS lookups on these blacklisted domains, as they won't even be checked by VAC unless the player is detected as cheating through other means.

That being said, there's always the possibility of false positives, and if you combine that with malicious javascript mention above, you could just be incredibly unlucky and accidentally get VAC banned.

Steam hooks directly into the firefox.exe process (0)

Anonymous Coward | about 6 months ago | (#46275791)

You can test this by trying to delete firefox.exe on Windows and see the process that has a lock on it via Unlocker [archive.org]

Better than nothing (5, Insightful)

BlackPignouf (1017012) | about 6 months ago | (#46275797)

I don't like the answer, but it could be worse, and it's nice the director answered honestly.

RTFA (5, Informative)

Grantbridge (1377621) | about 6 months ago | (#46275831)

From the actual article: 1)This is no longer in operation, it was only running for a couple of weeks in the constant cat-and-mouse game with cheat developers 2)It was targeted at the DNS for DRM servers which cheat authors used to SELL cheats to PAYING customers. The system simply reported if the MD5 hash matched the DNS for the known cheat DRM servers, once the cheat had been detected during gameplay already. The DRM servers were not running a website.

Why ban? (4, Interesting)

MadCow42 (243108) | about 6 months ago | (#46275949)

Why not just shuffle anyone detected cheating into a separate game room? If they're paying customers, then they can all cheat together, and everyone wins.

proprietary license (0)

Anonymous Coward | about 6 months ago | (#46276021)

This is what happens when you use software that restricts user freedoms. You lose your control of your software.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>