There has been a lot of talk about PunkBuster these days.

For those who don't know what PunkBuster is, here a short description from the PunkBuster website:

"PunkBuster is a client/server software system that is designed to provide an online countermeasures system against cheating at multiplayer online games - specifically, games and mods based on the Half-Life engine by VALVe software."

PunkBuster has caught a lot of attention - especially in the last few days - as a countermeasure to address cheating in general, and the rapidly spreading "speed cheat" in particular. A number of pub servers are using PunkBuster already and we can expect these numbers rising during the next days/weeks. Some leagues are already using PunkBuster on a voluntary basis (TFL), others are considering to make PB mandatory or have already announced to do so soon (STA).

Yet a large part of the community still doesn't what Punkbuster exactly is, what it does and how it works, nor do people know if it can be trusted. PunkBuster is very controversial due to its approach and technical implementation.

Tony Ray (aka Kiwwa) from the PunkBuster team graciously agreed to answer a number of question which will hopefully shed a bit more light onto this project.

PlanetFortress: For starters, what is PunkBuster?

Tony Ray: Punkbuster is a 2 part program (client/server). Players run the client while they play and Admins monitor the Game overall with the server. The PunkBuster client looks over the player's machine to make sure it is"clean" (no cheats) and sends signals to the appropriate PunkBuster Server so the player can be authenticated.

PlanetFortress: What lead to the PunkBuster-Project and when did it start?

Tony Ray: I was an admin for a prominent league and dealt with the cheating issue first hand. Also, I became very frustrated playing against cheaters in clan matches and not being able to "prove" they were cheating. It was just one person's word against another's with perhaps a demo taken which almost never is useful to "prove" cheating was taking place.

PlanetFortress: How many people are working on PunkBuster and what is your position in the team?

Tony Ray: We have 12 excellent staff members. I'm the founder and administrator of the organization. And we have around 40,000 very helpful beta testers around the world (and I get at least one email from each every day : ) )

PlanetFortress: When did the project start and when did you release the first beta version?

Tony Ray: The project was started September 15th, 2000. We released our first full beta (Server and Client) on November 30.

PlanetFortress: How do you finance such an ambitious project?

Tony Ray: Right now, everything is volunteer based. Once we prove that we have a system that makes a real, practical difference, we believe a funding method will emerge.

PlanetFortress: Where do you get your information about cheats from? Do you have sources in the cheat-scene?

Tony Ray: We have people on our side who have "alter-egos" in the cheat community. Plus, there are at least 10 times more cheat websites than sites for honest players.

PlanetFortress: So, can PunkBuster detect every kind of cheat? How many cheats are covered by it at this time?

Tony Ray: Eventually, we will be enabling detection of every cheat. Right now, the current release detects 8 "families" of cheats. The full list is on the Support page of our website. We've been adding a new family every few days to this list as we are mainly working on fixing bugs and adding features so we can get past the beta phase.

PlanetFortress: How quickly will you be able to react on new cheats? And how will updates be available for PB users?

Tony Ray: Once we have our foundation built, adding new cheat detection routines will be almost immediately after a new cheat emerges. Updates for cheat detections are sent out automatically over the Internet. We use the famous md5 algorithm (128bit digital signatures) by RSA Data Security, Inc. to ensure our users are always using authentic PunkBuster software (no trojans, viruses, corruptions, etc.)

PlanetFortress: How does PunkBuster detect somebody using cheats?

Tony Ray: Once the Player's PB Client connects successfully to the PunkBuster Server, the Server tells the client when to do "an authentication attempt". The Client then runs it's *secret* procedures to look for all the cheats it knows how to find and sends back signals to the Server so the Server can decide if the machine is clean or not.

PlanetFortress: How does PunkBuster prevent somebody starting a cheat program after joining a game?

Tony Ray: Two ways. First, the Server will re-authenticate at random intervals. Second, the PunkBuster Client watches the list of running processes for changes and tells the PunkBuster Server whenever a new program is started so a new authentication can be initiated.

PlanetFortress: Will the PunkBuster-client in any way affect gameplay? Will it increase lag or hamper the game in any other way?

Tony Ray: It is designed to be as "lightweight" as possible. Most users will never experience any difference in performance when PunkBuster is running. Some 56k modem users do experience lag spikes during a 30-60 second period when their PunkBuster is being auto-updated (which doesn't happen very frequently). PunkBuster throttles itself to never use more than 2K/sec bandwidth.

PlanetFortress: Are there any cheats, which can't be detected by PunkBuster?

Tony Ray: We haven't found any that can't be detected. There are some for which we have not yet enabled detection.

PlanetFortress: PunkBuster is still in its beta-state. How reliable is it at this time? When do you expect to finish beta-testing it?

Tony Ray: For most players and admins (I'd guess 90%), PunkBuster is very usable and works as advertised. The other 10% have various issues that we are
working on. Once we get the issues resolved and get our auto-update system working perfectly, then we'll release a production version.

PlanetFortress: How will PunkBuster deal with custom models/sounds?

Tony Ray: By giving the option to the Server Admins (and leagues). There will be a "pure" mode where no customizations are allowed. There will other modes
in between to allow Admins to be flexible. Detecting changes in models and sounds will not be flagged as cheating the same way that finding an Aimbot is handled for example. We will have a way for players to know ahead of time which servers are in pure mode and which ones allow certain honest customizations.

PlanetFortress: So PunkBuster is scanning my harddisks. How do I know that it only scans for cheats and not spies on me for passwords or other confidential data?

Tony Ray: We have published our Privacy Policy on the Software Terms page of our website. We openly invite any 3rd party to audit the way our system works. Both in files accessed and in packets sent over the Internet. With so many users, there is comfort in knowing that so many people are watching the software closely.

PlanetFortress: People have pointed out that PunkBuster is in a way acting like a trojan horse (Running in the background and submitting data from the machine it's running on to the outside) and therefore don't trust the program. Your comment on that?

Tony Ray: A trojan horse is a program that acts differently from the manner in which you expect it to. On the contrary, PunkBuster acts exactly like we advertise it does (except for those pesky bugs, and we're working on those). Lots of programs submit data to the outside and many times users don't even know it. All users trust software every time they download a program and run it, you never really know what any program you run is doing to your computer or with your private data. Why should PunkBuster be less trusted just because we openly publish that we look for cheats and submit a short "cleanliness report" to a connected PunkBuster server?

PlanetFortress: Is it right that cheaters have already developed countermeasures to bypass PunkBuster? Are there any hacks to the Punkbuster client yet? And how do you intend to counter such actions?

Tony Ray: Cheater/hacker punks have been claiming to have hacked PunkBuster since even before it was released! I see this all the time. There are multiple "supposed" hacks. I have yet to get any to work. Also, people I know and trust can't find a working hack. The cheat community wants honest users to think PB is easily hackable because it makes people think: "what's the use?". Once we are out of beta, we'll be routinely changing PunkBuster's network protocol which will destroy any hacks and expose the cheaters who are trying to get around PunkBuster. I'm sure there will be a hack someday that actually works. However, any clan cheater who uses it is risking getting caught with the next PunkBuster update - and that will hurt his whole clan. I think we have a valid deterrent which is what has been missing for so long.

PlanetFortress: How are the reactions to PunkBuster so far?

Tony Ray: Mostly positive. Some people are frustrated because they are in the minority of folks who can't get all PunkBuster features working fully at this time. Others expected us to have a finished product already and don't understand how difficult it is to develop a client/server, auto-updating system that will be used all over the world by many thousands of users with tremendous variation in computer setups.

PlanetFortress: How many servers are running PunkBuster at this time (optional/required)? Are there any mods using PunkBuster preferably?

Tony Ray: Currently over 200 game servers run PunkBuster full time. Several others run PunkBuster off and on. Most of those are Counterstrike but we are starting to see it catching on in the other mods. A little more than half of the Servers are configured for Required compliance (meaning players must run the PunkBuster Client or they'll be removed from the game).

PlanetFortress: Do you cooperate in any way with Valve?

Tony Ray: As much as they let us : )

PlanetFortress: Are there any leagues using PunkBuster already on a mandatory basis? Do you know of any leagues considering making PunkBuster mandatory?

Tony Ray: In the last week, several top leagues have announced support for PunkBuster in various ways. Most are using PunkBuster in optional mode with the intent to transition into Required mode after we get more issues resolved. Several new leagues and tournaments are starting up and requiring PunkBuster from the very beginning.

PlanetFortress: What are the most common complaints about PunkBuster?

Tony Ray: Mostly misunderstandings. I believe once we have our user manual published, and people understand more of how the system works, most complaints will disappear. Other than that, the most common complaint simply is that the system is not perfect yet. Of course I'm completely ignoring the complaints that are obviously coming from the cheaters.

PlanetFortress: Does PunkBuster detect the infamous speed cheat?

Tony Ray: Yes. That is violation #119. We released this detection several days ago. I have many variations and PunkBuster detects them all. The problem is that if players are on a PunkBuster Optional server, the cheaters just don't use PunkBuster and continue cheating. They don't really care if they get "caught", they just keep cheating. That's why more and more players are flocking to the Required PunkBuster servers where gameplay is more normal. Some cheaters have figured out how to keep cheating (for now) on Required Servers, but I'd say cheating is cut down at least 90-95% on PB Required Servers based on feedback from our PB Admins.

PlanetFortress: In a way the speed cheat - as being a cheat not based on a hack of the game itself but by affecting the computer system- does work to your favour. Cheats like that are likely more difficult to address by a game company while PunkBuster could at least detect it. Does that prove your approach to establish an "outside" cheat detection? And how do you feel about this cheat working into your hands?

Tony Ray: Well, as a long-time online gamer, I've seen many companies try to address the cheating issue in their games and in the communities built around their games. They all have failed miserably (in my humble opinion). Once a game hits a certain popularity, the cheating snowball keeps getting bigger and bigger rolling down the mountain and the Game Developers/Publishers can't keep up. No matter what resources they throw in, they later witness an even larger snowball than before - soon, it's
obvious that they wasted whatever resources they allocated toward the problem. We haven't yet proven our approach (to my satisfaction), but I've seen enough evidence to believe we will prove our approach very soon. We published on our website a document describing cheats several months ago including Hardware Speed Up Cheats. Most people thought we were crazy. Most honest players didn't want to admit that cheating was so rampant. Now this crazy speed cheat is everywhere. It works just like we described by changing certain hardware timings using a software utility. I'm just glad it didn't show up 2 months ago, or the whole Half-Life gaming scene could be gone already. At least now, PunkBuster used properly can be effective at keeping it out of clan matches and hopefully public servers as well.

PlanetFortress: What will be the next steps in the development of PunkBuster?

Tony Ray: We will get the auto-update system working flawlessly. Then we'll plug the few workarounds that some cheaters are using to still cheat on PunkBuster servers. After that, we'll release a production version and concentrate on detecting every single known cheat.

PlanetFortress: So far PunkBuster is working with HL (and mods) only. But it could be used for other games as well? Any intention to use it for other games in the near future?

Tony Ray: Once we prove the system works for Half-Life, we are hoping that a funding source emerges to allow us to tackle all online games. There simply has to be a market for an Anti-Cheat tool that actually works in letting honest gamers have a level playing field on which to compete. We are developing PunkBuster for Half-Life because we love the game and the community. We would love to share that with other online communities but it will have to be as a business venture at that point. We intend to never charge end users for the product so we are hoping to develop relationships with game designers and publishers so that their cost of integrating PunkBuster would be easily absorbed by increased sales volume (or marginal unit price increase) due to market demand for cheat-free online gaming. We even have ideas of how to boost sales for them by detecting piracy as well as cheats - most Game Designers and Publishers should be very interested in that.

PlanetFortress: Are there any talk/plans to join forces with Valve to integrate PunkBuster into HL (or TF2)?

Tony Ray: All we want is for honest players to be able to compete fairly. If Valve figures out how to do that without us, then more power to them. If they can't (as they haven't to this point, just like all the other game developers), then certainly we would hope that they see the immense value in working with us more formally. To Valve's credit, they seem to at least try much harder than other Game Companies to address cheating issues. In a perfect world, the geniuses at Valve could spend 100% effort making great games and let us grunts take care of the punks. Only time will tell ...

PlanetFortress: Thank you for this interview

(January 31st, 2001)

Links:

Punkbuster Website

Punkbuster FAQ

Punkbuster Cheatdescriptions - A listing of known cheats for HL

Tony Ray on the STA Board

Tony Ray on the Catacombs Forum