The ultimate thread about Arma 3 anti-cheat discussion

[eddieck 10]

A keylogger to steal an account is wholly different from some registry hack that pull out your CD-key.

A lot of people will probably use Steam's "remember me" function, so it could also be possible to get the credentials from there.

If stolen, Steam can lock the account and then return it to its rightful owner - I personally know of several success cases of this happening.

That is a good point. From Steam's POV this can't be too difficult either (password just changed from a new IP in a different region, user from the old IP is saying they didn't allow it). It wouldn't stop someone from using it for even a few hours and getting it banned, however.

[Iroquois Pliskin 0]

It wouldn't stop someone from using it for even a few hours and getting it banned, however.

Irrelevant. They may ban it, lock it, check the details, confirm them & reimburse it to the rightful owner.

Just now, I had to confirm my identity/login with an additional code sent to me by E-mail from Steam, since I haven't used my account there in years. Same thing happens if you login from a different IP or PC.

Edited February 26, 2013 by Iroquois Pliskin

[TSAndrey 1]

Unless there's some other issue, I can't see how the situation can be improved at all. Those programs would simply have to obtain the user's Steam credentials instead of a CD key. The end result would be similar.

They would also need to find out the email/email password of the user. If you have Steam Guard enabled, whenever you login from a different PC, Steam will ask for a code that is sent to your email.

[radar_owns 1]

the issue I have with this is the lower download speeds from steam. Updates would takes ages as steam tends to run (at least in my sense) at less the half the capable speed it can when updating with frequent breaks in connection. Battleye is a very unresponsive system at times and needs to be replaced so I guess steam is the lesser of two evils in this case.

[eddieck 10]

Irrelevant. They may ban it, lock it, check the details, confirm them & reimburse it to the rightful owner.

AFAIK Steam won't reverse VAC bans unless they are proven to be false (only happens occasionally, like with MW2 awhile back).

Just now, I had to confirm my identify/login with an additional code sent to me by E-mail from Steam, since I haven't used my account there in years. Same thing happens if you login from a different IP or PC.

You're right, this should improve the situation greatly. (Technically, with access to your machine anything can be done, including getting your email password to read that email, but it does add a bunch of steps for someone who wants to do this. And in the end, it's the user's responsibility to keep their computer secured, which would include running security software, taking the appropriate precautions, not executing files claiming to be hacks, etc.)

[$able 2]

Battleye is a very unresponsive system at times and needs to be replaced so I guess steam is the lesser of two evils in this case.

Could you please clarify what exactly you mean?

---------- Post added at 20:55 ---------- Previous post was at 20:53 ----------

Is there a better alternative? As far as preventing a single person from buying a dozen keys (or 17, for that matter... yeah), I can't see how any system could stop that.

I could see Steam providing some basic protection against the "download 'hack' that is actually a key stealer" scenario, but only if the user doesn't use Steam's "remember me" function. In that case I would expect their Steam credentials would be accessible by such programs, so that doesn't really change anything either.

Of course Steam will change a lot. There simply won't be rampant account theft. As others have pointed out it's much harder and stolen accounts can be recovered. What I'm talking about is that right now cheaters literally laugh about BE global bans since they have an unlimited supply of cheap stolen cd-keys, which renders BE pretty much useless.

Edited February 26, 2013 by $able

[Tonci87 163]

I got my Steam account hacked once (my own damn fault, someone from my friend list (hacked account) send me a link and I loged in on a false steam website)

I contacted the Steam support and the issue was resolved in an hour. Now I have Steam guard enabled, that will make sure that I´m the only one who can change the PW.

[Dwarden 1124]

the issue I have with this is the lower download speeds from steam. Updates would takes ages as steam tends to run (at least in my sense) at less the half the capable speed it can when updating with frequent breaks in connection. Battleye is a very unresponsive system at times and needs to be replaced so I guess steam is the lesser of two evils in this case.

explain : Unresponsive system ?

explain : needs to be replaced ?

note about bandwidth, BE uses so small fraction of your download that if you can't run it then nothing else either ...

[Ezcoo 47]

Having been an Arma server admin for over a year, it's great news that BE in A3 is going to be much stronger than in OA and because stealing/generating CD keys will be much harder task thanks to the Steam-exclusivity, the BE bans will be actually effective... I hope and believe that BE is going to be very effective AC in A3 :)

[elpresidente 1]

[...]stealing/generating CD keys will be much harder[...]

Stealing CD-keys (from already steam activated games) will be impossible. To play the game, you'll need to activate the key trought Steam and Steam only allows 1 account per key. So, if someone stole your CD-key (from your already activated game) he won't be able to do anything with it.

[Ezcoo 47]

Stealing CD-keys (from already steam activated games) will be impossible. To play the game, you'll need to activate the key trought steam and steam only allows 1 account per key. So, if someone stole your CD-key (from your already activated game) he won't be able to do anything with it.

That's more than nice to know! Darn, I was a Steam-hater before and wanted to jump out from the window and roll in the snow to ease the frustration when I read the news about the Steam-exclusivity of A3, but after reading about the features and pros of Steam that Dwarden mentioned in some of his posts and now this, I'm becoming Steam-lover :D

[vegeta897 13]

That's more than nice to know! Darn, I was a Steam-hater before and wanted to jump out from the window and roll in the snow to ease the frustration when I read the news about the Steam-exclusivity of A3, but after reading about the features and pros of Steam that Dwarden mentioned in some of his posts and now this, I'm becoming Steam-lover :D

Posts like these really warm my heart.

[G0lden 10]

Yeah I have had my bad moments with steam but they're always improving and I really have no complaints about it anymore, love it. As far as battleye goes isn't it effective at holding the bans by basing them off of players' guids? I figure as long as script kiddies and hackers are identified you can ban them based off of everything that links them to arma. Whether that be their cd key or IP address, both, or some other method. Let's face it, illegal copies are out there and a determined person will change their ip address/get another copy somehow but it just needs to be made very difficult for them to get through once identified. Detection, Protection, Maintenance, and Removal(of these ill-persons) is the key to all this I think. In arma 2 the biggest problems I've ever had is hackers/scripters and the unoptimized code(network transfer and graphics code) but you know what, it's still my most played game ever and my most favorite because the concept is so unique and awesome. I hope arma 3 is better at keeping people that like to destroy servers away but either way I will be playing it.

[falcon911 1]

Dwarden and Able,

While I know that you both have been working on these kind of situations and being somewhat successful on getting around most of these hacks and catching the perp red handed. It takes only one to produce the negative results on what should be an active Anti-hack. Dayz really brought out the limitations of ARMA + Battleye in a HUGE way and still does today.

While Arma itself is a forgiving software to the player base due to the uniqueness of the protocol used. When tied with Dayz it brought out all sorts of issues. Example would be the Battle eye bypass you see out there on the internet. Unless you can tell battle eye to look for certain signatures or check sum of files outside of ARMA in this case. (possible legality or big brother issue) You'll never get proper level of protection.

Please forgive me if I am treading on thin ice on this, but I think this needs proper discussion and serious thought on what BI will use for the future.

[Wolf85 1]

I got my Steam account hacked once (my own damn fault, someone from my friend list (hacked account) send me a link and I loged in on a false steam website)

I contacted the Steam support and the issue was resolved in an hour. Now I have Steam guard enabled, that will make sure that I´m the only one who can change the PW.

Most of the security by pass problems are user side. You can read at BE page that most of the key steal was cuz ppl was downloading "free hacks" that was nothing but key stealers. So for one side I laught at them, first cuz they where potential cheaters, and of course, not so funny the big problem that was.

[DirtyRain 1]

I enjoy the game, but can not encourage others and have actually discouraged others from spending any money on this game. 99% of online games have been ruined because of hackers! Battle Eye is a pathetic joke, will ARMA 3 be any different?

[Beagle 684]

Hacking is rare on dedicated servers that are well maintained and administered and have a good BE setup with script blacklists...just klicking "create new server" is not a good way of setup.

[DirtyRain 1]

I have never just clicked "create new server" and have only joined dedicated servers. I would be happy to try one that you suggest. Point is, the game is easily and constantly hacked.

[Nicholas 5]

I think BattlEye is doing a great job. I would suggest either playing on a private server or joining a group.

Hackers will always be present in every online game. If there's a will, there's a way.

[H4YW1R3 1]

Of course the skript kiddies are going to vote for Battleye, as using BE for the anti-cheat has given them free reign on the ARMA 2 game and it's mods and missions.

[DirtyRain 1]

If BattlEye was doing a great job there wouldn't be a need to join a private server or join a group. No other online games I have played are as infested as this! (never owned Counter Strike)

[igneous01 19]

There is no such thing as fool proof anti cheat. For those defending punk buster, watch some defcon talks of game hacking. They admit that Punk Buster is easy to bypass. The only reason there are so many hackers is because someone is selling their exploit to people who know nothing about hacking at all.

Any game that allows modding is more vulnerable than a game that doesn't. Best line of defense is proper administration of servers, with anti cheat as supplements to that defense. At the end of the day there needs to be a human being responsible for these things to be the most effective.

for those interested in the defcon talk, here it is:

[Beagle 684]

ArmA series has only private servers, there are no official servers for the series..all servers you see are privately run with a plethora of mods on it. Out of 100 servers there will be 1 that's administerd in a decent way and actually uses BE to the full potential. So go and blame the Server Admins not the game or BE.

[Nicholas 5]

ArmA series has only private servers, there are no official servers for the series..all servers you see are privately run with a plethora of mods on it. Out of 100 servers there will be 1 that's administerd in a decent way and actually uses BE to the full potential. So go and blame the Server Admins not the game or BE.

What I mean by private servers are servers that are locked. Servers that are unlocked are open to the public. The reason why ArmA hacking is so rampant is probably because the game is so open.

[metalcraze 290]

If BattlEye was doing a great job there wouldn't be a need to join a private server or join a group. No other online games I have played are as infested as this! (never owned Counter Strike)

No other online games are capable of even 1% of stuff that ArmA can do. It's easier to secure a game where all you do is respawn out of thin air on a 100m x 100m map with 64 players max where you can only run and shoot and nothing else.

Saying that I've played at unitedoperations.net servers and I've never seen any hacking take place. If it happened it surely was dealt with swiftly.

Of course their approach filters all the bad players right away - need to check for password on their forums and install TS3. But when playing ArmA with people - voice chat is a must. And yeah - the number of people playing there at once reaches 80 at times.

Private (password-protected) servers aren't there to make your life uncomfortable. They actually make people work together better. Once you try it you barely can go back to public mayhem.

Edited March 10, 2013 by metalcraze