Difference between revisions of "Valve Anti-Cheat"

Valve Anti-Cheat, abbreviated to VAC, is a proprietary anti-cheat solution developed and maintained by Valve corporation as a component of the Steam platform. Although predating Steam, VAC has been fully adapted to its network.

VAC was first released with Counter-Strike 1.4 in 2002, following Valve's decision to forego PunkBuster in preference of a proprietary system. The initial version, VAC1, saw success for a period, but in March or April 2004 updates ran dry as the Valve engineers maintaining it moved on to the production of its successor, VAC2. VAC1 swiftly became virtually useless during this period of development.

VAC2 has been implemented in GoldSrc, Source, and Unreal Engine 2 titles. It is included in the Steam SDK for licencees.

Advantages

• Total integration through Steam, including using the Steam framework for any update tasks
• Delayed bans deny cheat producers accurate and timely information
• As of VAC2, client-side updates are not always required to detect new cheats, again denying cheat producers information.

Disadvantages

• Delayed bans means that cheaters are free to play (and therefore disrupt play) until the ban takes effect some undisclosed (and possibly variable) time later.
  • This may entice others to cheat, taking an "if they can do it so can I" attitude.
  • The burden of banning individual cheaters (who have been detected by VAC but not yet banned) is placed on server administrators.
  • This also leads to the skewing of statistics and ranking systems, even if the cheaters' data is removed when they are banned.
• Cheats need to be individually found and added to the VAC database.
• VAC cannot detect 'material wallhacks', where texture transparency and color is manipulated by overwriting content files. In the Source engine the option to create "pure" servers that disallow custom materials was created to alleviate this.
• False-positive detections

Successes

On June 20, 2006, a prominent cheat distributing source "informed the top cheat distributing sites to mark all cheats as [VAC] detected until further notice", citing VAC's hash matching as the reason why cheat users were routinely and frequently receiving bans, even though the VAC code on client computers had not been altered for some months. There have been no publicly acknowledged breakthroughs in circumventing VAC's protection since, although private cheats still exist for the few who have access to them.

On November 17, 2006, Valve announced that "new [VAC] technology" had caught "over 10,000" cheating attempts in the preceding week alone, the first real indication of the scale of anti-cheat operations. It should be noted that not all of the accounts banned would have contained legitimate, purchased games, and also that there is no external audit on the figure.

Delayed bans, criticism & rationale

VAC2's motives are often called into question due to its 'delayed ban' system. When a user connects to a secure server their system memory is scanned (the precise manner in which cheats are detected is secret). If a cheat is found, the player's Steam account will be flagged as cheating, but the player will not be banned nor receive any indication that they have been detected. It is only after a certain, variable delay, roughly three days for the original VAC1 that the account is permanently banned from "VAC Secure" across a relevant set of games (e.g. Valve's Source engine games, GoldSrc games, Unreal engine games). Valve does not reveal the length of delays for VAC2 bans beyond that it may be days or weeks, indicating that there may be a dynamic element to bans and exacerbating criticisms of their rationale for the system. VAC1 originally banned for 24 hours, then five years and later one year. These bans were 'grandfathered' in and expired on their original date.

Valve's reasoning behind the system is that it makes it harder for cheaters to tell if the cheat is 'VAC-Proof' or not. They claim that in the time it takes from the cheat being detected to the first banning, many more cheaters will have been caught than had it banned the first person on the spot and allowed the alarm to be raised immediately. Critics claim however that this gives cheaters a counter-productive 'grace period' where they can freely cheat with no repercussions. Others charge the system (delayed bans or not) with existing to make Valve money on the basis that cheaters will buy another copy of the game in order to continue cheating rather than desist. While it is not unknown for cheaters to steal copies from shops in order to do this, the purchasing of new ones has only been reliably observed in those caught and reformed, mainly through their apologetic posts on the Steam User Forums. Another criticism of the system is that if bans were instantaneous, non-cheating players would have less exposure to cheaters, and would be less inclined to cheat. The system as it exists is therefore criticised for inciting people to cheat.

False-positive detections

Those that have been caught by the system also criticise it, usually with the claim that it has made a false positive. The only recorded instances of false positive have been under VAC1:

• Immediately after VAC's release, memory corruption (corruption of the physical memory used by the game modules caused by bad RAM or misbehaving processes) would lead to a VAC ban. When this problem came to light, VAC was altered so that corrupted memory would only lead to a drop from the server and all bans due to this were reversed.

• In 2002, joining secure servers while running under the WineX Windows emulator for Linux led to a VAC1 ban. The bans were shortly reversed and the issue reduced to WineX players merely being kicked from secure servers, but the incompatibility was only fully resolved — allowing Linux players to connect to VAC-protected servers — a year later.

• During the early stages of VAC1's life, detections were generic enough to allow non-cheat applications to trigger a ban if they behaved in similar ways to cheats or contained similar code. This led to bans triggered by acts other than cheating. In 2003 the problem came to light when players were banned for using HLamp, which allowed playing MP3s by integrating with Winamp. The mistake and its effects were reverted within five hours of the first HLamp users receiving their bans, and VAC's detection methods were made a lot less generic as a result. Furthermore, every existing VAC ban was removed in order to account for players banned due to other, unknown, non-cheat programs.

• An apparent server-side glitch on 1 April 2004 led to a glut of arbitrary VAC1 bans. All were reverted within an hour of the problem arising. However, because of the dubious nature of the date of this occurrence, it is possible it was simply a prank.

VAC2's presumed hash detection methods continue to make false positives such as these extremely probable, and slow the detection process by requiring cheats to be individually identified.

Hacks may also be hidden inside otherwise legitimate mod or skin downloads that are created to maliciously get innocent people permanently banned.

X-Spectate

In June 2006, VAC2 began banning players for the use of X-Spectate, an anti-cheat tool that gave users a wallhack effect when, and only when, spectating or watching a demo. Valve had never publicly endorsed X-Spectate, but conversely had refrained from adding it to VAC and VAC2's lists of cheat signatures in the two years since its release. In the few days after players started being banned for using the tool, Valve downgraded VAC2's response to merely kicking players from servers, rather than banning them. Players that had been banned for using X-Spectate had their bans reversed after submitting a Steam support ticket.

There is some debate as to whether this counts as a false positive detection or not, as the definition of a cheat contained in the Steam subscriber agreement does not cover tools such as X-Spectate. The program's author maintains that it is not a cheat as it does not give the "unfair competitive advantage" required by Valve's definition.

See also

• Steam