Cheating in Counter-Strike has always been a topic of controversy and discussion in the online Counter-Strike community. This article sheds some light on what's possible, what's not, and what is being done, either through careful analysis or first-hand experience. This article does not cover Counter-Strike: Source, but results can be assumed to be the same.
Cheating also happens to be an exciting example of applied computer science and software engineering. Since its hype and subsequent downfall due to excessive cheating, Counter-Strike is often used as an example and a warning of what cheats can do to an online videogame (which does client-side calculations), and how little game-server administrators and game designers can do to enforce the integrity of the game.
Background information
Main article: Counter-Strike
Counter-Strike (CS) is a popular team-based mod of Valve Software's first-person shooter Half-Life. The game pits a team of counter-terrorists against a team of terrorists in rounds of competition won by completing an objective or eliminating the opposing team. The latest incarnation of the game, Counter Strike: Source (CS:S), is based on the Source engine developed for Half-Life 2.
What is cheating in Counter-Strike?
Unfortunately, most people decide on a case-to-case basis on whether something is a cheat or not, and the subject is not easy to resolve. Most commonly, a cheat is an executable file that either replaces or complements the regular Counter-Strike installation, or the replacement of a data file, such as player models. Some people insist that even certain changes to the configuration file can give someone an unfair advantage big enough to be considered a cheat.
Examples of executable cheats
- ESP (Wallhacks) — Extrasensory Perception, or Expanded Perception, allows the cheater to see through walls, can give the names and status of other players, or make them more audible.
- Aimbots — Uses the computer's accurate knowledge of the enemy's figure and aligns, and/or shoots automatically. Usually at the head, but some hacks have ajustable vectors to aim at different parts of the enemy body.
- Timehack — Change's the computer's perception of time and lets the cheater act extraordinarily swift. Commonly referred to as a Speedhack. Most of the time only found in combination with other cheats, with high time rates to clean out maps within split seconds, or with very slightly increased to subtly improve performance of an aimbot.
Examples of configuration "cheats"
- ex_interp — Halflife's netcode interpolates the movement of the last N (default:100) milliseconds, thus the actual movement of an enemy player is seen N miliseconds later than when it actually arrives at the server. The result is that immobile players often get the impression of being shot before they even see the shooter running around the corner. Changing the "ex_interp" variable changes the interpolation time. This is usually only considered a cheat by people who are not very familiar with the engine of Counter-Strike. Many people argue that nothing in the configuration file could be considered a cheat, since it is all part of the game engine.
Examples of datafile cheats
- Spikedmodels — Long 'spikes', visible through walls, announce the presence of another player on the computer of a cheater.
What is not cheating
Many of the tactics and strategies that are employed in Counter-Strike are considered "lame" and not legitimate in clan wars and even public servers . Usually this applies to taking advantage of map bugs or certain changes to configuration files, which are forbidden by convention and enforced by anti-cheating tools, but can also be the exploitation of imbalances in the game itself. Examples include using the AWP, deagle or riot shield excessively.
Others involve joining the enemy team and starting to team-kill, or simply doing it for the disruption of the gameplay. However, anti-cheat software (or more generally "server administration tools"), and the game engine itself (to a more limited extent) usually seek to prevent this type of disruptive gameplay just as much as cheating, and sanction it similiarly (e.g. through kicking or banning the offender from the game).
In summary, most non-cheats are either exploits or simple abuse of the game mechanics.
History of cheating in counterstrike
1999 - 2000
The beginning: protohacks
When Counter-Strike hit the scene, it was an almost immediate success. However, cheating appeared to be a problem from the start. Both Half-Life deathmatch, Team Fortress Classic and Action Halflife were popular mods at the time, and primitive proto-hacks were ported from these mods.
Altered versions of a particular file, client.dll, allowed so-called headshot scripts and gave players norecoil (a basic type of aiming help intended to reduce or negate the recoil that made aiming with most guns in Counter-Strike so tricky). Because similiar hacks had been appearing for Team Fortress Classic and Action Halflife, Valve updated server software so Half-Life servers verified the client.dll file of the players, hindering such hacks. Included with other updates, functionality of many variables that allowed an unfair advantage like lambert (which could be used to reduce the effect of a flashbang), were removed or toned down.
At this time, cheats weren't deemed too big of a problem, as they either lacked the necessary power to make them useful (compare a headshot script attempt, to contemporary multihacks with zero recoil and fully automatic headshots), or were easily detected. Stealth was not considered at this time: a wallhacker would just stand behind a closed door and gun down everything he or she could see. Cheating at this point was not a way to damage competitive gameplay, but more of a new way disruptive players could harm the gaming experience of others.
XQZ
XQZ was a true milestone in Counter-Strike hacking. Not only did it include a highly lethal aimbot, and a relatively simple to use interface, but it featured wallhacks, and if desired, almost complete stealth. Initially XQZ was a private hack, but eventually it was released to the public. It relied on replacing (and in later versions, hooking) the OpenGL DLL file for Windows systems (opengl.dll) instead of replacing the client.dll and for that reason, went undetected for a long time.
This combination of an aimbot and stealth made XQZ truly lethal for its time. It could be configured to not give any indication of the presence of a hack on the screen, and the aimbot could be turned on and off through subtle keyboard commands. Thus, it could be used, like what it was designed for, at a LAN party, without anyone suspecting the cheating player to be anymore than 'a good shot'.
Up to today, the legacy of XQZ, its various rewrites, extensions and rip-offs dominate cheating on LAN-parties.
Tamm
Competitive play in Counter-Strike began as early as late 1999. With the release of the XQZ hack and various other, more powerful wallhacks in 2000 and the surprisingly little attention given to it by the community (just another headshot script), this German clan realized its potential to consistently win various competitions.
While they were accused of cheating by nearly everyone who defeated them, they simply did what is (up to today) the standard tactic for professional Counter-Strike cheaters everywhere: insult the one who called them "cheater" as a "n00b." Tamm were hailed as new superstars by most people who did not know the nature of their talent at that time. However, they were suspected as cheaters by the players who actually played against them.
2001 - 2002
The first anti-cheat tools
When gameplay became more and more unbearable on public servers, the outcry was loud enough to create a long succession of anti-cheat tools.
First there was PunkBuster, which used variable checking and process validation while authorising with the server. Then came server-based 'TSC' which was the first anti-cheat tool able to detect OGC (see below), but was quickly rendered useless as an anti-cheat mechanism by OGC's very fast developement cycle . CSGuard by OLO, another server based plugin, could utilize a script to check on variables and filenames. CSGuard was the first anti-cheat mechanism which could stop early versions of OGC, along with hundreds of cheats and violations, as it was script based, and its scripts could be updated as soon as a new cheat was discovered.
OGC
In 2001, a new public cheat appeared in the scene: OGC for Counter-Strike. OGC, short for "Online Game Cheats", became synonymous with easily-installed, powerful, multifunctional hacks that supplied the cheater with everything, from a strong aimbot to a built-in MP3 player.
Cheaters before OGC were easily identified due to clumsy wallhack tactics, or more rarely, claiming to be professional players where, due to their mundane tactics and simplistic play, it was obvious that they were amateurs. Thus Counter-Strike remained relatively cheat-free in the beginning of 2001. However, with the arrival of OGC, everyone now had the opportunity to completely annihilate an entire team of experienced players swiftly, or more subtly, to just use an aimbot with a low-key configuration, to enhance their score.
Paradigm Shift
Tamm's impression on want-to-be professional clans quickly spread, and with the newfound knowledge of publicly available cheats, many clans realized that the only way to defeat a clan that cheats (and knows how to hide it), is to cheat yourself.
By mid-2001 most German clans had adapted, and by the end of 2001, most clans in the online leagues were replaced by these "new school" clans. Finally, in the spring of 2002 the repeated, huge defeats of the X3 clan indicated the paradigm shift of clan cheating had completed in the USA. In LAN play, as much as in online games, the head start that Germany had on cheating professionally quickly disappeared, and cheating at LAN parties became an untold standard.
Cheating-Death
Cheating-Death is still used today and is thought by many as the best anti-cheat mechanism available. Its strategy is not to detect a cheat but to prevent its working in the first place. Anti-cheats like CSGuard merely checked for the presence of an already-known cheat, which required constant updating. This made such tools completely ineffective against private hacks. Cheating-Death (C-D), on the other hand, made it harder to develop working cheats.
VAC
In 2002, Valve Software released Counter-Strike update 1.4, which included VAC. VAC was Valve's answer to many player's prayers, as VAC (a client-side implementation integrated into the Half-Life engine) could be enforced by the server and didn't require any special work from the players. Forcing the players to install a separate program and keep it up to date was what kept many server admins from implementing other, less integrated client-based anti-cheat tools like the failing PunkBuster or the more successful Cheating-Death .
VAC however, had another advantage. It could ban an offender from accessing any secured server ever again. While the more resourceful, professional cheaters may have been able to acquire new WON IDs, a large percentage of the regular, disruptive gamers were eventually removed from accessing VAC-secured servers and had to resort to servers which did not utilize VAC. Thus cheating in the game (or more specifically, on VAC-secured servers) became much less of a nuisance.
2003 - Today
Counter-Strike 1.6
Valve Software released Counter-Strike 1.6 in 2003. While it was delivered on Steam, there were not many changes to the engine and many hacks for Counter-Strike 1.5 continued to work, though only partially. Valve turned off WON in mid 2004 to force people to "upgrade" to Steam. In late 2004, Counter-Strike: Source was released. The Source engine (the engine Counter-Strike: Source uses) is a lot different from the original Half-life engine, so it has yet to be tested against the ploys of cheaters, hackers, and mischievous players to the extent that the original engine was.
Cheating today
Cheating nowadays usually means "getting one's hands on a private cheat", since both VAC and Cheating-Death tend to detect a public cheat within few hours. Non-public (private) cheats remain the bane of the game, since there are dozens of hacks written specifically for one person or one clan, but never released to the broader public for the necessary analysis of anti-cheat developers. Underground trading of hacks is a side-business for many Counter-Strike clans.
Analysis
This section aims to analyze the (still ongoing) battle between cheaters and anticheaters specifically in Counter-Strike. Refer to Cheating in online games for a more general description of the cheating phenomenon.
Vocabulary
This brief section tries to explain some of the expressions used in the article.
Server-side vs client-side anti-cheat
- A client side anticheat mechanism usually consists of a program that authenticates itself to the server and tries to enforce purity of the client.
- Client side anticheats often have to be kept up to date by the player, which is tedious and makes players avoid servers that require the usage of such an anticheat.
- A server-side anticheat does not require any additional programs or actions from the players to play on the server, as only the server admin has to take care of the anti-cheat mechanism.
- Server-side anticheats are usually less effective (producing more false negatives than client side anticheats.
Casual vs Professional Cheater
- Professional Cheaters almost always play in a clan. Often, cheats are a clan business and the individual players are supplied nonpublic hacks by the clan. Some clans have their own cheat coder.
- Professional Cheaters play for prizes, and cheats are required as much as training to defeat other pros.
- Casual cheaters tend to be of low to middling skill and usually use publicly available hacks.
- While some casual cheaters merely cheat in order not to be completely pwnd by more skilled (or more likely, cheating) players, some do it merely to disrupt gameplay and emptying a server.
- The difference is mostly that professional cheaters play in clanwars and usually do not attend public servers, while casual cheaters restrict their cheating attitude to public servers only and don't attend clanwars or tournaments.
Public vs private hack
- Public hacks are hacks that are freely downloadable from a website, sometimes even advertised by the cheat in-game with or without the cheater noticing it.
- These public hacks can be found by cheaters as much as anticheaters, a brief analysis of the cheat and an update to the anticheat mechanisms is often required to stop new proof cheats.
- Private hacks are normally privately enhanced public cheats, maintained to keep their proofness, and rarely leaking through to the public (and thus, the authors of anti cheats)
- Some hacks that are technically released to public but receive so little attention that they slip by the radar of anti-cheat authors. If public access is limited and brief, it is effectively a private cheat.
- Professional cheaters use private hacks exclusively since the risk of eventual detection is too great. Casual cheaters rarely get their hands on private cheats, although with determination and the right friends it is not so hard a feat.
Stealthy vs blatant cheating — hacking vs cheating
- Blatant cheating usually is just cheat-enhanced disruptive gameplay, and often termed hacking rather than cheating
- Stealthy cheating is designed to make it look like the player merely was a very skillful one.
- Blatant cheating is sometimes done by novice players (or novice cheaters) that do not know how to properly camouflage the fact that they are cheating.
- All types of cheats can essentially be used for both ways. Wallhacks can be used to stealthily enhance the reaction time of a cheater to another player running around the corner, or blatantly by sitting behind a wall and distributing headshots to everyone.
Methods of cheating
First, we are going to explain how cheats in Counter-Strike work in detail and how they are being stopped.
Replacing client.dll and datafiles
- One of the first type of cheats that appeared for Counter-Strike were the so called headshot scripts. They utilized an altered client.dll that offered additional functions to scripts, therefore a script written in extended CS script replaced the more common mouse/keyboard bindings for attacks.
- Similiarly, datafile cheats exchanged data like soundfiles, but mostly models for variations that imposed some sort of drawback for the enemies of the cheater, like, louder silenced weapons or player models that were visible through walls and doors due to spikes, or in the dark due to luminous / brightly colored textures.
- Neither of the two types of cheats are considered effective at this time. Regular aimbots prove to be far more powerful than headshot scripts, and client.dll, like player models / sound file changes are restricted as servers are provided checksums by clients and can choose to disconnect them if they differ from the checksum values on the server.
Hooks
- Client Hooks make use of a facility in the Win32 API that allows them to easily intercept, redirect, manipulate and alter DLL calls.
- The reason why Counter-Strike is considered to be vulnerable to this attack is, because the mod is itself a separate entity from the Half-Life engine, and the two parties communicate to each other with easily-intercepted DLL calls. Most people consider this a special weakness of the Counter-Strike architecture that is not directly applicable to all games. However, few contemporary games are one monolithic executable, and almost all of them are utilizing DLL calls for various purposes - if not just driver calls.
- The source of the loaddll library, written by the author of the original OGC was eventually released into open source, and lead to a multitude of OGC-like cheats that utilized the same facility to wedge itself between the game's engine and the mod's game logic.
- The same thing may also have lead to the relative hook-proofness of current anti-cheats. VAC appears, and C-D even claims to be able to detect client hooks reliably, although there has been a history of hooks which managed to work without being detected either one or both.
- Amongst the first aimbots were color based aimbots, known to exist only for relatively early versions of Counter-Strike. They colored either team in its distinctive color (e.g. bright green or bright red) and would automatically fire on any pixel with this color. Since they could sometimes been foiled by using multi-colored logos, they did not have much success. A key was pressed to switch from auto-aiming at one team to the other.
Driver manipulations
- Beginning with XQZ, Counter-Strike has had a long tradition of being susceptive to altered drivers. As any modern computer game, Counter-Strike makes heavy use of Win32 infrastructure - Windows API, DirectX for input, networking and sound, and the ability to use either DirectX or OpenGL for the graphics. Theoretically, each one of these components could be manipulated to gain an unfair advantage. Although almost all drivers could be used, in practice, almost exclusively OpenGL and DirectX infrastructure, and more rarely, mouse drivers are manipulated.
- Both VAC and C-D appear to detect replaced OpenGL drivers, with VAC at one time even banning users with a certain ASUS graphics card because the drivers replaced the normal DLL supplied with Windows during installation. Coincidentally, certain ASUS drivers at some point also allowed for wallhacks without requiring any additional drivers. Such False positives have seriously harmed the efforts of the ban-them-all proponents.
- Driver manipulations are especially nasty to detect, as basically every file on the computer could be part of a legitimate driver or a cheat. Therefore it is essentially impossible for both a Lan-Party admin or an anti-cheat tool to detect such a cheat, even when being freely available to search the suspected cheater's computer.
Proxies
- There are no known public cheats that utilize proxies, and thus are never detected. But some high end clans like mTw appear to be using proxy-like cheats, in order to increase their stealthiness against both visual detection on a lan-party, and known client- and server-side anti cheat mechanisms.
- Proxies are exclusively aimbots and are giving themselves away by not having the crosshair correlate to the position of the actual impact. With small FOVs however, these cheats can be both extremely stealthy and effective even in lan play, as hits can easily be attributed to Counter-Strike's relatively inaccurate weapons, so called lucking.
Anti-Cheat Mechanisms
This section tries to elaborate about how the anti-cheat-movement has tried to reduce cheating in Counter-Strike and other Half-Life mods
Punkbuster: Prototype of client-side cheat prevention
- Punkbuster was the first attempt at a client-side cheat prevention. It appeared in mid-2000 and was able to detect some protohacks of the time, but found little use as most players did not want to put up with running yet another program in the background while playing online, and was finally put out of business by OGC's fast developement cycle.
- It authenticated to the server's Punkbuster plugin.
- OGC particularly impressed by its circumvention of Punkbuster's screenshot function: when the server admin requested a screenshot of the Punkbuster client, an alarm sound would ring, and for the instant the screenshot was taken, all traces of the cheat's presence were removed. This function of Punkbuster however had some limited success against cheaters who used bugs (Or features, depending on the point of view) in their drivers to utilize as an effective wallhack.
CSGuard: Server-side file and variable checking
- CSGuard was later renamed to HLGuard, as it was redesigned to protect other Half-Life mods, not just Counter-Strike.
- Favored by many server admins, because it would not require any special programs running on the client's computer, a requirement that usually reduced the number of players on a server.
- An interpreter for its own script language that utilized a facility of the Half-Life protocol: the ability of the server to execute console commands on the client. It would simply check for existence of certain variable names and files, that were exactly defined in the plugin's config file. Because of the extendable script, cheats with known filenames and variables could quickly be added without requiring the server to restart.
- This approach is completely ineffective against modern multihacks, which usually store no information in (predictable) cvars, nor have their files within the Half-Life directory structure. CSGuard always has, and always will be, completely ineffective against private hacks.
- Still it is in widespread use on many servers today, as it has few drawbacks and can detect many older cheats quite reliably
VAC: Valve's Anti Cheat
- Essentially a client side anti-cheat mechanism that is integrated in the Half-Life engine and automatically kept up to date, it combines the ease of use of server-side anticheats with the detection rate of a client-side anticheat.
- A few months after introduction of VAC, Valve began banning detected cheaters from all servers that are secured with VAC. To today, this is arguably the most effective way to keep public servers safe - While a cheat may not be detected immediately, a cheater is likely going to use a different cheat now and then, at last with a new version of Counter-Strike - a positive hit of VAC will remove the cheater's ability to play on secure servers for a long time however.
- The number of valid CD keys, which are required to play on both WON and Steam, is limited and not computable. Because of the availability of huge lists of valid CD keys, there have been rumors about hacking incidents where CD keys were extracted from WON, but it is much more likely that the majority of such freely available CD keys originate from cheat software which transmits the CD key to the author. Valve also invalidate CD keys which they find through the various channels on the internet, so the new lists stopped being made available. It can be safely assumed that at least some cheat authors have a near unlimited supply of valid CD keys.
- Valve has also been accused, especially by the cheater community, that they were only banning CD keys to force players to buy a new copy of Counter-Strike or Half-Life.
- While still mostly based around detection of known cheats, and thus mostly ineffective against private hacks and professional cheaters VAC has managed to allow a mostly cheat-free game on most secured public servers, unlike C-D servers - where the detection / prevention rate of cheats may be much higher, but all cheaters are forced to play on after they were banned from VAC-secured servers, and they can simply try again if one cheat is detected/prevented.
Cheating-Death: Prevention instead of detection
- Cheating-Death is praised for its ability to prevent whole classes of cheats, rather than detect single instances of such a class. It tries not to punish a cheater but instead either prevents his connection to a C-D secured server for as long as a detected cheat is active, or tries to render cheats useless.
- It attempts to render cheats useless by wedging itself between the mod and the engine, and giving the mod (where presumably a cheat hooks) false information about positions to confuse aimbots. In case of wallhacks, it draws players behind walls in the wrong position (usually several hundred meters above their actual position).
- Not banning anyone permanently, and not allowing the server admins to know why a certain player disconnected, hampers the effectivity of C-D as a means to keep a server 'pure'. A cheater may simply test through various cheats until he finds one, or once 'caught', wait for an update from the cheat's author
- While trying to disable whole classes of cheats rather than detecting single instances, there were repeatedly cheats C-D proof despite using exactly a mechanism C-D was supposed to prevent. Cheat authors seem to be able to create single instances which appear to be able to circumvent C-D with relative ease, thus the true effectivity of C-D is highly disputed. There are presumably hundreds of different, private cheats which all are able to circumvent C-D. And if someone is caught, there is no punishment - one can go and simply find a new, C-D proof cheat.
- Still, it remains the premier option of anti-cheat means for server admins which prefer not use VAC to secure their server for one reason or another, for example NOWON servers. But because of the listed problems, and because cheaters detected by VAC are forced to play on C-D or insecure servers, the cheater rate of many public C-D servers is estimated as high as 40% (2004)
Cheating detection
- Cheating detection describes detection of the actual cheating, rather than the detection of the hacks. Theoretically in Counter-Strike, hacking approaches undetectability, but any experienced player himself can manually detect the cheating in effect to a high probability. Cheating detection thus means the automated search and identification for the effects of cheating.
- The first working effect detection was present in CSGuard, which allowed the server to continously track the movements of the player's crosshair and tried to detect suspicious, repeated sudden lock-on headshots.
- CSGuard's aimbot detection was miserable, as the alarm rate was almost the same with a well trained player and a player using an aimbot set up for stealth. It was hardly ever used, and the function has supposedly been removed from HLGuard, CSGuard's successor.
- HackCam, which is rumored to become a supplemental anti-cheat mechanism to VAC2 , Valve's anticheat for the Source engine, uses a wide range of elaborate detection methods to discover both ESP and aimbots, and awards points for suspicious actions.
- One disadvantage of such elaborate cheating detection is the greatly increased ressource consumption on the server, as the software continously analyzes all behaviors that a player exhibits for suspicious actions.
- The other problem is the realistic possibility of false positives and false negatives, and the relative arbitrariness of what may be considered a cheat-indicating behavior or just luck. The creators of hackcam claim that all CAL-I players remained below a 70 points mark, where as more than 65 points would mean 'suspicious' and more than 85 points would indicate a very high probability of cheating. However it is questionable if that is means the method is not producing false positives, or if it produces false negatives on the CAL-I players.
Weaknesses specific to Counter-Strike
This section discusses why Counter-Strike may be more susceptible to cheating than other, similiar online first-person shooters.
Mod/Engine design
- Counter-Strike was designed as a mod for Half-Life - essentially the game consists of a single DLL and a series of media files (models, sounds). Half-Life, attempting to be mod-able with ease is itself designed to have many elements changed and replaced on the client's computer.
- This also leads to the comfortable facility of the client-hook vulnerability that is used by so many cheats
- Half-Life itself was already a heavily hacked game before Counter-Strike came into existence. Many cheat authors could have gathered experience with Half-Life deathmatch or Team Fortress Classic. A cheat for Counter-Strike could easily be adapted to work for the various other Half-Life mods.
- Half-Life and Counter-Strike both have been around for a very long time now, only recently with serious changes to the engine. The longer a game is being played by more people, the higher the probability someone writes a hack for it. So partially the mere popularity of both games, both Half-Life and Counter-Strike may have increased its cheat volume.
- Counter-Strike is often humorously described as being a "hack itself" (on the Half-Life engine) and thus "ask" for being hacked.
Game physics
- Counter-Strike equipment is dominated by very accurate, high-powered hitscan type weapons, an ideal setup for aimbots. If e.g. bullets travelled at a realistic, limited speed, the effects and lethality of aimbots may be much less dramatic.
- Similiarly, turning speed is unlimited. A cheat is thus basically only limited to the FPS rate and the weapon performance in terms of killing speed.
- The tactical gameplay, which favors stealthiness and using everything as cover make wallhacks very powerful. Additionally, they allow a great reduction in reaction time needed to shoot a player coming around a corner dead in his tracks.
- Playing Counter-Strike, especially dying can make players very anxious or raging with fury. Death comes very swift and often surprising, and is penalized by not being able to do anything for the time of the round. The players are kept from immediately venting the anger of the moment "of death" and have to watch, rendered completely impotent. This trait, while arguably existing in all first-person shooters, or all computer games even, is very extreme in Counter-Strike, noticable especially at Lan parties: The only ones who shout loud enough to be heard from the entire lan party are the Counter-Strike players. As death is so much more unfavorable than in other games, the desire to "survive" in the virtual world may become real enough to be a strong argument for cheating.
Immature players
- Some (Mainly Quake players, and to a lesser degree Unreal Tournament players) argue that the semi-realism (realistic guns, models, objective) would attract a different, more immature type of player. But most veteran Counter-Strike players disagree.
- Counter-Strike received a surprising and very powerful hype in when it went retail in 2000, compared to its initial underdog state as "just another Half-Life mod." Features and articles in gaming magazines and online sites began to spring up, attracting a new brand of newer, younger players who had little experience with online FPS. They clashed upon the veterans who often had played Counter-Strike for over a year, and even before CS had been engaged in other online FPS, like Half-Life Deathmatch or the Quake series of multiplayer FPS. Some believe that coming to terms with not being able to hold a candle to this sort of veteran player for many months or years, may faciliate the decision of many such n00bs to turn to cheating and/or hacking.
- However, Counter-Strike players are often synonymous with badly behaving players in other games, because Counter-Strike has a reputation for attracting 13 year old ADD sufferers that are cheating and flaming, pay little respect for the game or generally don't show good manners.
Theoretical limits to purity
Two essential hacks are in the way of being able to making a server pure: Aimbots and Wallhacks.
The client software cannot be trusted, and the only way to be absolutely sure no excessive information reaches the client (and thus, a potential hack) is to render both picture and sound on the server and sending it to the client, who merely displays the pre-rendered picture and plays the pre-mixed sound. This is of course not possible with contemporary server hardware, but it means that it is theoretically possible to defeat a wallhack or any type of ESP for that matter. Partially this approach is already being used by Half-Life, as csguard, Cheating-Death, VAC and even recent servers themselves do no longer give the player the accurate position of an enemy player - they are shifted vertically. This is because not giving the client the information of players around the corner would result in missing sounds. Counter-Strike lacks a sound-info part in its protocol where an approximate 3d information of sound without any reference to its source is being transmitted. Future games will hopefully be aware of such fundamental design flaws that jeopardize purity.
An aimbot on the other hand can be considered a piece of AI, and it is theoretically always possible to create an AI that can play the game in place of the player (or even just partially in place, in the case of the Aimbot). However, aimbots in Counter-Strike do not require optical recognition like the human player does, nor do they require to shove a possibly inaccurate mouse around. The cheats in Counter-Strike receive the exact XYZ coordinates of the enemy player, and can calculate a trajectory and fire the weapon within the end of a frame . Theoretically it could be possible to create a model-free game engine where the client's computer would have no conception on what is what, unless it did actually start using virtual optical recognition. This goes into the same direction as the ESP preventing approach - the client's computer is given too much information by telling it (the client) to draw an enemy there rather than something. In Counter-Strike, the enemy players are always from a set of predictable models, and when a model is drawn, the client and the cheat both know not just where it is, but also what it is and can therefore shoot at it.
Finally, for lan-party administrators there is an easy way to secure a tournament: forcing them to play on secured machines that are offered by the lan-party. As long as the provided computers are sufficiently able to be both secure and and playable, there's nothing that can enable potential cheaters to gain an uncompetitive advantage over another. This simple solution is probably the only reason why most professional cheaters still spend a lot of their training time practising 'pure', although usually only clan-internally.
How the community deals with cheats
Not surprisingly, within the CS community there are most different views on the the problem of cheating.
Officially, almost all players deny cheating or having ever cheated. Only small numbers of players, most notable the myg0t clan, readily admit that they are cheating and that their sole aim is disruption of the gameplay and making other players' days miserable. While almost everyone agrees that on public servers, cheating is a serious problem, all professional cheaters insist that competitive playing in tournaments would be miraculously free of cheating, arguing that the high skilled players simply would not do that, or that their skills so far exceed what cheats can offer they effectively would play worse, or that the anti-cheat mechanisms that are so helpless fighting casual cheating on public server would miraculously prevent determined, professional players with a lot to lose from cheating.
Modern, LAN-proof aimbots
Especially popular is the argument of the professional cheaters that it would be impossible to cheat on lan parties since everyone could easily look over their shoulders. The first real aimbot, XQZ however was specifically designed to work on lan parties with other players looking over the shoulders, and did well so. A modern, professional cheat is a highly sophisticated tool, easily employed undetectedly at a lan party and makes what most casual cheaters and anti cheaters know as cheats, especially OGC, absolutely look like crap. A stealthy aimbot employs 'charging', where only a subtle key combination (e.g. shift + the key to buy ammo, or strafe left and right at the same time) would load the aimbot for a brief time and only for a few bullets, thus rendering even a tournament admin replacing the cheater for a short time to check for an aimbot during the tournament unable to squeeze anything suspicious out of the software, as they do not know the subtle key to charge the aimbot. A series of occurances of people using their timeleft key to charge their bot have eventually made observers dub this type of aimbot Timeleft cheat.
Furthermore, a stealthy aimbot is configured to use only a small FOV, forcing the cheater to actually move his mouse to slope the crosshair sufficiently close to the position of the enemy. This requires fast reflexes, but since the rush to the mouse may still be fairly inaccurate compared legitimate play, it can be trained to be done very quickly. Professional cheaters thus train reflexes over skill - the ability to hit with such clumsy movement is repaired by the aimbot's dead-on accuracy. Alternatively an aimbot can obviously be configured to be charged for auto-aim and auto-fire in dire situations demand. Furthermore, well made stealthy aimbots don't slave, they are aimed and fired the instant the mouse button is pressed, and do not do any more movement until the mouse is pressed a second time. Thus, even an experienced observer trying to verify if mouse and screen movements correlate, is not able to see anything out of the ordinary except for a player with very high reflexes and an incredible accuracy.
A few exclusive and private aimbots work with a proxy-type lucking technique rather than actual aiming to make the screen's movement even less visible — The mouse is dragged near the enemy, and upon pressing the fire button the bullet magically hits the head of the target despite the crosshair not being directly on top of it. While this would be very obvious with large FOVs, it is almost impossible to notice with sufficiently small FOVs due to Counter-Strike's often inaccurate weapons and inexplicable hits/misses, which do not make such hits seem impossible, except for their extreme frequency.
Potentially just as a rumor or a confusion / FUD tactic, it has been claimed that it was possible to reprogram certain computer mice to hold a (small) hack in their memory, which would be executed upon pluggin it into the USB connector of a machine running Windows, exploiting a buffer overflow in Window's USB device detection routine and loading the cheat completely stealthy on a previously secured machine. The aim of this is to allow cheaters to cheat even in situations where they may use nothing but their own keyboard and mouse on a machine that is secured and guarded by the tournament administrators. It has thus been suggested for tournament administrators which make secured computers available to the participants to disallow USB gear to be plugged in, as all mice can be run through the PS2 connector as well and it would not make sense to give way to another, albeit probably only theoretical way to cheat.
Reasons for cheating
A lot of speculation is going on what would incline a player, or a clan, to start cheating in a computer game that is presumably fun to play. One of the most often heard assumptions is that cheaters do it as a type of compensation for low self esteem, in immature CS talk often described as having a small penis. Over time, this interpretation has been turned around to the point where it is now often jokingly claimed that cheating would actually reduce the size of the genital of the predominantly male population, a parallel to Victorian era propaganda about masturbation. In fact most anti-cheaters conceive cheating on public servers as a masturbatory excercise.
For professional clans that play in tournament, nowadays the inclination to cheat has more to do with pragmatism: the acknowledgement of the fact that whether or not they would cheat themselves, their opponent would certainly be cheating. Or even more so, if one clan can cheat, the other certainly can too, and there is no reason for an award winning, well known clan like Schroet Kommando to let themselves be defeated and publicly humiliated by some mediocre province clan, just because they decided to play pure despite being able to cheat. Cheating in professional Counter-Strike is thus merely a necessity to maintain the status quo. If both parties cheat, sportsmanship is almost restored as the better trained clan may win just like a clan with a better (or simply more aggressive) cheat.
Low awareness
Despite all of these factors, the loud-mouthed professional cheaters still claim it would be impossible or highly unlikely to cheat in a competitive environment. The reasons for this are numerous:
- Cheating is forbidden. If a clan would claim it was easily able to cheat even at a lan party or despite anti-cheat-measures, they would have to answer a lot of questions.
- Cheating harms Counter-Strike and competitive computer gaming in general as a respectable sport for the 21st century. If professional cheaters would admit everyone cheats, a lot of sponsors would pull out.
- In fact, a lot of sponsors have contracts with their clans that explicitely state that they are forbidden to cheat.
- Pride. Even though cheats are in the game, many professional cheaters take great pride in what they do and how they are better than regular players. And when everyone in competitive play is cheating, its still the best who wins. Not the best player but the best cheater, but still. Taking away this lift to one's self-esteem is what most individual pr0's are afraid of.
- Anti-Cheaters would have to admit they failed at their task, and Valve would have to admit the ineffectivity of VAC.
- Sometimes, although rarely in the recent times, clans that had quit the game started to speak freely over the cheating issue that the professional area has, and are as a result displayed as black sheeps and few bad apples by the community, and claims that their opponents have cheated as well are agressively refuted and are made to look like skill had beaten cheats again.
Cheater-screaming
Screaming 'cheater' has become synonymous with playing Counter-Strike on a public server. Its frequency appears to have reduced though over time, possibly because many of the non-cheaters have left the game. While it almost always results in heated arguments and flamewars, especially on secured servers it often results in the accused to desmurf (or start faking ) and start suggesting that being member of a well known clan would somehow make them less likely to be a cheater.
In fact, it has become a joke that in Counter-Strike, cheaters and noncheaters have a weird little bowdlerization of the terminology going on. Non-Cheaters are being called n00bs, while cheaters are being called pr0s. The reason for this is the different vocabulary that cheaters and noncheaters use. For non-cheaters, there is pure or legit players, and cheaters, and they consider n00b as a type of general insult. Cheaters on the other hand would call non-cheating players as n00bs and cheaters as pr0s where as cheater would equal to a general insult. So a legit player calls a pr0 a cheater, to him an insult, and gets called a legit player by the cheater: n00b which in turn is again an insult to the non-cheating player. Obviously, the result is excessive flaming.
Tips on how to detect a cheater on a public server
- Wallhackers give themselves away by their behavior which seems often illogical if not observed through a wallhack. Aimbot users are very hard to detect, as aimbots can set up their aiming to only subtly improve already existing natural skill, making it virtually indistinguishable from the aiming of a very good player.
- Subtle aimbot users however give themselves away if enough time is spent to observe them - A cheater doesn't get tired, since he can pwn with half a brain and one eye, where as a pure player would require all his concentration. A killing spree, a phase in which even a mediocre player exhibits near godlike skill and dominates the entire server, usually leads to mental exhaustion within 5-15 minutes, depending on the amount of training of the player. Playing Counter-Strike is a lot like running. You can run extremely fast for just a few seconds to minutes, but no one can keep up that sort of speed run for half an hour, an hour, or even more. Experienced players learn how to manage their energies, and can play slow, relaxed, and successful for very long durations. While this seems to have been forgotten in the scene over the years of cheating, a better player doesn't always kill faster; instead, he can fight more relaxedly and thus play blunder-free for a longer time, and keep max pressure up for a longer time than a mediocre player. Training is vital not just because skill gets better, but because long term performance (over hours) improves greatly. Headshots, accurate aiming in general, is very exhaustive, and some experienced players in fact aim worse but shoot better, simply because of the way they position themselves (not to be confused with camping). A player that goes on a 2 hour killing spree, not by playing very relaxed on a complete newb server but instead dishing out constant headshots and other generally mouse-heavy activities can be safely considered a cheater.
- Tactics vs Skill: Basically, any chump with a merely primitive understanding from the game can utilize a stealthy cheat to become the dominating player on a cheat-free server. But that does not make them any less chumps – look for typical signs of noobie-ness. The movement of an advanced player is a work of art, where newbies often appear clumsy and ineffective as they trust the ability of the aimbot/wallhack to protect them.
- Knowing your own skill, knowing how humans work. Dying is very frustrating in Counter-Strike. If you can make a suspected cheater die repeatedly in especially frustrating ways (e.g. apruptely at the beginning of the round) and his aiming and his temper does not seem to change, it is likely a cheater, as this method is a surefire way of breaking the killing spree of a player and turn it into a losing spree. Cheaters however are not affected by this at all, it often makes them use their cheats more agressively.
- Behavior: If the suspect either claims to be a pro gamer, or claims to have had sex with your mother, it is probably a cheater.
- If you still don't know if the person is a cheater, he probably is. Get on with your life.
See also
External links and references
