Urban Terror Forums: [4.2] The Auth System - Urban Terror Forums

I just found that post by Barbatos: http://www.urbanterr...052#entry330052

Quote

Good to know.

Todd, on 01 August 2012 - 01:26 PM, said:

It's a nice idea, but people would have to exercise caution as a ban is only as good as the admins who have put it on. People can find it hard to recognise a wallhack and may jump to conclusions when it is a case of sound (ie headphones) or good map knowledge. So you could ban someone based on someone else's irrational decision, and over time this is going to frustrate the good players and drive them out of UrT.

On the other hand if you are satisfied that the admins of some group know what they are doing you can subscribe to their banlist, and you won't even have to worry about them getting on your server in the first place. Many people were doing this with 4.1 already - I guess the difference with 4.2 is the ban might have more chance of being effective.

Garreth, on 01 August 2012 - 12:12 PM, said:

Not really. Virtualization makes changing your hardware profile a few clicks away. You cannot rely on any type of hardware fingerprinting when creating a new account is free because creating new hardware profiles is also quick, easy and also free.

Driller, on 01 August 2012 - 12:43 PM, said:

Having the auth name shown is useless not the contrary, if im playing with an alias its because i dont want to be seen by everyone with my real nick , admins can check auth , and should be able to turn off the auth name .

Divinity, on 01 August 2012 - 02:12 PM, said:

Can you successfully hide motherboard fingerprint using virtualization? I don't think that it is so easy. Also I believe that you can detect that program is running in virtual enviroment

CANT WAIT!!!!!!!!!!! :D

@Garreth -- by definition, a virtualized computer can't and doesn't know anything about the bare metal underneath. It is 100% impossible to write any kind of software that can form any kind of fingerprint on the physical hardware underneath a virtual layer unless there's a security bug of some sort. Such a bug wouldn't live forever.

@Frankie -- There's two problems both of which I think require different solutions. The first is the most annoying and that's the drive-by hacker/griefer. They have one goal -- to cause mayhem and disrupt people having fun. These are the folks that would be the most motivated to generate new accounts to try to evade a ban as quickly as possible. For them, I think adding a waiting period for accounts of at least a few hours would be most effective.

The other problem is the well practiced hacker that knows how to hide it and might be using some of the most difficult to pinpoint hacks that give them an edge. These are the ones that I think do the most long term damage because if they are ever outed, it can cause people to doubt pretty much everyone. For these folks, destroying everything they work for and taking away their identity can have a big impact. AC software might help catch them.

One way to create a real penalty for cheating is to add stats. If a player can see their current overall ranking, see how many headshots and other fun stats, you can bet that the opportunity cost for cheating will be raised. Interestingly, this will also create an incentive to cheat for some.

Here's where I'm going to suggest something that you guys usually don't entertain and I understand why -- place a fee on being able to see all stats. Maybe make one or two free, but for all the bragging rights and self-edification, you have to pay. The cost shouldn't need to be big -- maybe $5 per year. But now you've put monetary value on an identity that isn't required to play. It could help pay for infrastructure.

Well, I believe that the problem is anonymity. Change IP, nickname and guid and you are totally different person in UrT. People that are known from name, surname, sometimes even address are less eager to cheat. Also money is kind of added value which can prevent you from cheating.

However you cant force people to pay or to give their facebook accounts. The only thing you can do, is to take away their game permanently. So the best thing you really could do, is to make the game so awesome, that it would be pity to loose it:)

//EDIT:

Divinity, adding statistics makes it more tempting to cheat:) Better movement would be some kind of achievement system.

This post has been edited by Garreth: 01 August 2012 - 05:30 PM

Getting some fairly left-wing ideas here, ha.

Adding value to a free-to-play game isn't a small step. It's risky. I'm sure existing players wouldn't have a problem forking out some bucks, but for new players - regardless of how low the cost is - adding a price tag means many new players would move on before they even got a chance to get hooked.
So you can see the drive in many f2p games to charge for 'extras' to get the best of both worlds: whether it be something along the lines of what you're thinking, or VIP clothing, gold-plated weapons etc. Thus offering both the draw of a free game as well as value. In reality though it would probably be ineffective and cheapen the game. Not to mention it's difficult for technical reasons; player stats have invariably been server unique and have nothing to do with UrT Auth.

Even large-budget game producers have much difficulty controlling hacking, even with regular updates. A perfect AC is impossible here, how I see it for 4.2 is simply finding the right balance between inconveniencing the hacker, and inconveniencing the player. Admittedly I may have spent too much time on the administration side of things and gotten a bit biased towards the former...

Edit: forgot to ask - a) is the 4.2 exe compatible with your garden-variety 4.1 hacks? And if not, b) how difficult is it push a small patch occasionally using your new fancy autoupdate system to counteract these hacks?

This post has been edited by Todd: 01 August 2012 - 05:38 PM