The state of PC gaming in a security perspective
A few days ago I wanted to give DayZ a go. DayZ is a military simulator with a zombie apocalypse.
I played the DayZ Mod for Arma 2 a lot. But after a while, the experience got worse because of hackers and cheaters.
Some people describe DayZ as a walking simulator, and there is a lot of walking in DayZ, it's nothing like Battlefield or Call of
Duty series, where you just jump into action, die and re-spawn.
In DayZ you start without any weapons, or only a pistol with one magazine. Then you have to scavenge the cities for supplies. You need both food and weapons to survive.
And the map is huge. It literally takes hours to walk from one side to the other side of the map. And if you get killed, you lose everything. So zombies and other players become very scary.
I especially liked when in the beta version, you couldn’t shake zombies off, and there where a lot of them. You had to crouch and stay hidden to avoid being seen by zombies or other players.
If a zombie saw you, he would follow you until you killed him. You could run, but you could not hide! Ohh, and if you fired your gun, nearby zombies would hear you, and you would have to kill them too.
If you had nine bullets in your magazine, and you had ten zombies after you, it pretty much meant you would die, unless you found more ammo, or was helped by another player.
Ohh, and the zombies sprinted, and even zigzagged to avoid being hit. And if you ran out of food and water, you died.
So you had to constantly come back into cities filled with zombies to find food and other supplies.
Hackers & Cheaters
One of the things that ended up killing the experience was players that hacked or cheated. There where hacks like, spawn in any weapon or vehicle, drop bombs, or running around with rainbows and "godmode" singing "trolololol".
Then there where combat loggers. If they where about to get killed by another player or zombie, they just disconnected, and went into another server, flanked, went back to the original server,
no longer had any zombies chasing, and shot the other player in the back.
In the early days of DayZ though, when there wasn't enough servers and you would have to wait, sometimes up to an hour, just to get into a server, this wasn't possible.
So an easy fix would be to have a 30 minute timer between disconnecting and logging in again. Or have a waiting queue and limit the amount of player slots.
Installing DayZ on Windows
First you need to have Steam, with is an online service for buying and downloading games, where you have a client installed on your PC. The steam client connects to a lot of servers. Some servers are just web servers, some are for displaying "ads", and some are needed to download games, and it's hard to know which one does what.
The reason I take this up as an "issue" is that if you are serious with security, you should be running a firewall, and need to white-list all of these servers.
After downloading the game you need to install it ... First the windows installer wants to call home. Then the C++ redistribute wants to call home. Then the game itself wants to call home. You can block those though.
With "call home", I mean "call home" (open a connection to a remote server), and say (send) "I was successfully installed", and probably also send some info about your system,
or maybe make sure you payed for the game.
Although very unlikely they could also send any personal information, like family pictures, and private documents. So programs that "call home"
are a huge security issue, unless you know exactly what they send.
If it's an "installer", it's probably running as root, with means it has access to your whole system.
Battleye
When starting the game, it wants to install something called Battleye which is a anti-cheat system that basically runs as root and reports home any suspicious content it finds in your memory or hard drives. If I understand correctly, it runs as a kernel and bypass all security. The program is closed source and updates itself, so it's hard to check what it does, which means you can't trust it.
I don't trust game developers enough to run something like that. So I uninstalled the game.
Server/Client and multiplayer
I've got some experience on dealing with cheaters in multiplayer games after developing Visual Utopia. It's a strategy military game in medival/fantasy settings.
I learned very quickly that you can never trust the client!
As visual utopia is a web based game, you can just right click and select "view source" to see the source code of the game client.
So unless everything is calculated on the server side, cheating becomes pretty simple.
But the thing is, if you are a software developer; debugging binaries, inspecting memory, injecting stuff into the memory etc,
is pretty easy. So just because the game client is closed source and written in C++ doesn't mean you can't cheat.
But many game developers seems to think so, because most games pretty much broadcast everything to the clients,
even if you can't see the enemy on the screen, he's still in the computer's memory, and you get the position data sent to you,
which makes it possible to implement for example "Xray" vision as a cheat/hack.
So instead of rendering everything on server side, most PC games use something like Battleye to find cheaters, And this is sadly the state of PC gaming today.
Secure gaming and the future
If you have optic fiber internet connection, your "ping"; the time it takes for a data packet to travel from your computer, to a server, even several miles away, would be less then a millisecond.
You can compare this with how long time it takes a screen to refresh, which can take up to 20ms, or the response time for when you start to get a "laggy" experience, around 40ms.
This makes it possible to have a central server, like one in each big city, that renders everything and streams it to the clients.
This in turn makes it possible to have a very "thin" and lightweight client, for example a virtual reality headset, because the heavy calculating CPU's, which requires noisy fans could be located in a dedicated
server room. And with bandwidth of 100+ Mbit/s you could just stream the game "as is" in 60 fps, and the client is just a monitor, speakers and a input device (mouse and keyboard).
Written by Johan Zetterberg June 25, 2016.
