There has been a lot of talk about PunkBuster these days.
For those who don't know what PunkBuster is, here a short description from the
PunkBuster website:
"PunkBuster is a client/server software system that is designed to
provide an online countermeasures system against cheating at multiplayer online
games - specifically, games and mods based on the Half-Life engine by VALVe
software."
PunkBuster has caught a lot of attention - especially in the last few days
- as a countermeasure to address cheating in general, and the rapidly spreading
"speed cheat" in particular. A number of pub servers are using PunkBuster
already and we can expect these numbers rising during the next days/weeks. Some
leagues are already using PunkBuster on a voluntary basis (TFL),
others are considering to make PB mandatory or have already announced to do
so soon (STA).
Yet a large part of the community still doesn't what Punkbuster exactly is,
what it does and how it works, nor do people know if it can be trusted. PunkBuster
is very controversial due to its approach and technical implementation.
Tony Ray (aka Kiwwa) from the PunkBuster
team graciously agreed to answer a number of question which will hopefully shed
a bit more light onto this project.
PlanetFortress: For starters, what is PunkBuster?
Tony Ray: Punkbuster is a 2 part program (client/server). Players run
the client while they play and Admins monitor the Game overall with the server.
The PunkBuster client looks over the player's machine to make sure it is"clean"
(no cheats) and sends signals to the appropriate PunkBuster Server so the player
can be authenticated.
PlanetFortress: What lead to the PunkBuster-Project
and when did it start?
Tony Ray: I was an admin for a prominent league and dealt with the cheating
issue first hand. Also, I became very frustrated playing against cheaters in
clan matches and not being able to "prove" they were cheating. It
was just one person's word against another's with perhaps a demo taken which
almost never is useful to "prove" cheating was taking place.
PlanetFortress: How many people are working on
PunkBuster and what is your position in the team?
Tony Ray: We have 12 excellent staff members. I'm the founder and administrator
of the organization. And we have around 40,000 very helpful beta testers around
the world (and I get at least one email from each every day : ) )
PlanetFortress: When did the project start and
when did you release the first beta version?
Tony Ray: The project was started September 15th, 2000. We released
our first full beta (Server and Client) on November 30.
PlanetFortress: How
do you finance such an ambitious project?
Tony Ray: Right now, everything is volunteer based. Once we prove that
we have a system that makes a real, practical difference, we believe a funding
method will emerge.
PlanetFortress: Where do you get your information
about cheats from? Do you have sources in the cheat-scene?
Tony Ray: We have people on our side who have "alter-egos"
in the cheat community. Plus, there are at least 10 times more cheat websites
than sites for honest players.
PlanetFortress: So, can PunkBuster detect every
kind of cheat? How many cheats are covered by it at this time?
Tony Ray: Eventually, we will be enabling detection of every cheat.
Right now, the current release detects 8 "families" of cheats. The
full list is on the Support page of our website.
We've been adding a new family every few days to this list as we are mainly
working on fixing bugs and adding features so we can get past the beta phase.
PlanetFortress: How quickly will you be able
to react on new cheats? And how will updates be available for PB users?
Tony Ray: Once we have our foundation built, adding new cheat detection
routines will be almost immediately after a new cheat emerges. Updates for cheat
detections are sent out automatically over the Internet. We use the famous md5
algorithm (128bit digital signatures) by RSA Data Security, Inc. to ensure our
users are always using authentic PunkBuster software (no trojans, viruses, corruptions,
etc.)
PlanetFortress: How does PunkBuster detect somebody
using cheats?
Tony Ray: Once the Player's PB Client connects successfully to the PunkBuster
Server, the Server tells the client when to do "an authentication attempt".
The Client then runs it's *secret* procedures to look for all the cheats it
knows how to find and sends back signals to the Server so the Server can decide
if the machine is clean or not.
PlanetFortress: How does PunkBuster prevent somebody
starting a cheat program after joining a game?
Tony Ray: Two ways. First, the Server will re-authenticate at random
intervals. Second, the PunkBuster Client watches the list of running processes
for changes and tells the PunkBuster Server whenever a new program is started
so a new authentication can be initiated.
PlanetFortress: Will the PunkBuster-client in
any way affect gameplay? Will it increase lag or hamper the game in any other
way?
Tony Ray: It is designed to be as "lightweight" as possible.
Most users will never experience any difference in performance when PunkBuster
is running. Some 56k modem users do experience lag spikes during a 30-60 second
period when their PunkBuster is being auto-updated (which doesn't happen very
frequently). PunkBuster throttles itself to never use more than 2K/sec bandwidth.
PlanetFortress: Are there any cheats, which can't
be detected by PunkBuster?
Tony Ray: We haven't found any that can't be detected. There are some
for which we have not yet enabled detection.
PlanetFortress: PunkBuster is still in its beta-state.
How reliable is it at this time? When do you expect to finish beta-testing it?
Tony Ray: For most players and admins (I'd guess 90%), PunkBuster is
very usable and works as advertised. The other 10% have various issues that
we are
working on. Once we get the issues resolved and get our auto-update system working
perfectly, then we'll release a production version.
PlanetFortress: How will PunkBuster deal with
custom models/sounds?
Tony Ray: By giving the option to the Server Admins (and leagues). There
will be a "pure" mode where no customizations are allowed. There will
other modes
in between to allow Admins to be flexible. Detecting changes in models and sounds
will not be flagged as cheating the same way that finding an Aimbot is handled
for example. We will have a way for players to know ahead of time which servers
are in pure mode and which ones allow certain honest customizations.
PlanetFortress: So PunkBuster is scanning my
harddisks. How do I know that it only scans for cheats and not spies on me for
passwords or other confidential data?
Tony Ray: We have published our Privacy Policy on the Software Terms
page of our website. We openly invite
any 3rd party to audit the way our system works. Both in files accessed and
in packets sent over the Internet. With so many users, there is comfort in knowing
that so many people are watching the software closely.
PlanetFortress: People have pointed out that
PunkBuster is in a way acting like a trojan horse (Running in the background
and submitting data from the machine it's running on to the outside) and therefore
don't trust the program. Your comment on that?
Tony Ray: A trojan horse is a program that acts differently from the
manner in which you expect it to. On the contrary, PunkBuster acts exactly like
we advertise it does (except for those pesky bugs, and we're working on those).
Lots of programs submit data to the outside and many times users don't even
know it. All users trust software every time they download a program and run
it, you never really know what any program you run is doing to your computer
or with your private data. Why should PunkBuster be less trusted just because
we openly publish that we look for cheats and submit a short "cleanliness
report" to a connected PunkBuster server?
PlanetFortress: Is it right that cheaters have
already developed countermeasures to bypass PunkBuster? Are there any hacks
to the Punkbuster client yet? And how do you intend to counter such actions?
Tony Ray: Cheater/hacker punks have been claiming to have hacked PunkBuster
since even before it was released! I see this all the time. There are multiple
"supposed" hacks. I have yet to get any to work. Also, people I know
and trust can't find a working hack. The cheat community wants honest users
to think PB is easily hackable because it makes people think: "what's the
use?". Once we are out of beta, we'll be routinely changing PunkBuster's
network protocol which will destroy any hacks and expose the cheaters who are
trying to get around PunkBuster. I'm sure there will be a hack someday that
actually works. However, any clan cheater who uses it is risking getting caught
with the next PunkBuster update - and that will hurt his whole clan. I think
we have a valid deterrent which is what has been missing for so long.
PlanetFortress: How are the reactions to PunkBuster
so far?
Tony Ray: Mostly positive. Some people are frustrated because they are
in the minority of folks who can't get all PunkBuster features working fully
at this time. Others expected us to have a finished product already and don't
understand how difficult it is to develop a client/server, auto-updating system
that will be used all over the world by many thousands of users with tremendous
variation in computer setups.
PlanetFortress: How many servers are running
PunkBuster at this time (optional/required)? Are there any mods using PunkBuster
preferably?
Tony Ray: Currently over 200 game servers run PunkBuster full time.
Several others run PunkBuster off and on. Most of those are Counterstrike but
we are starting to see it catching on in the other mods. A little more than
half of the Servers are configured for Required compliance (meaning players
must run the PunkBuster Client or they'll be removed from the game).
PlanetFortress: Do you cooperate in any way with
Valve?
Tony Ray: As much as they let us : )
PlanetFortress: Are there any leagues using PunkBuster
already on a mandatory basis? Do you know of any leagues considering making
PunkBuster mandatory?
Tony Ray: In the last week, several top leagues have announced support
for PunkBuster in various ways. Most are using PunkBuster in optional mode with
the intent to transition into Required mode after we get more issues resolved.
Several new leagues and tournaments are starting up and requiring PunkBuster
from the very beginning.
PlanetFortress: What are the most common complaints
about PunkBuster?
Tony Ray: Mostly misunderstandings. I believe once we have our user
manual published, and people understand more of how the system works, most complaints
will disappear. Other than that, the most common complaint simply is that the
system is not perfect yet. Of course I'm completely ignoring the complaints
that are obviously coming from the cheaters.
PlanetFortress: Does PunkBuster detect the infamous
speed cheat?
Tony Ray: Yes. That is violation #119. We released this detection several
days ago. I have many variations and PunkBuster detects them all. The problem
is that if players are on a PunkBuster Optional server, the cheaters just don't
use PunkBuster and continue cheating. They don't really care if they get "caught",
they just keep cheating. That's why more and more players are flocking to the
Required PunkBuster servers where gameplay is more normal. Some cheaters have
figured out how to keep cheating (for now) on Required Servers, but I'd say
cheating is cut down at least 90-95% on PB Required Servers based on feedback
from our PB Admins.
PlanetFortress: In a way the speed cheat - as
being a cheat not based on a hack of the game itself but by affecting the computer
system- does work to your favour. Cheats like that are likely more difficult
to address by a game company while PunkBuster could at least detect it. Does
that prove your approach to establish an "outside" cheat detection?
And how do you feel about this cheat working into your hands?
Tony Ray: Well, as a long-time online gamer, I've seen many companies
try to address the cheating issue in their games and in the communities built
around their games. They all have failed miserably (in my humble opinion). Once
a game hits a certain popularity, the cheating snowball keeps getting bigger
and bigger rolling down the mountain and the Game Developers/Publishers can't
keep up. No matter what resources they throw in, they later witness an even
larger snowball than before - soon, it's
obvious that they wasted whatever resources they allocated toward the problem.
We haven't yet proven our approach (to my satisfaction), but I've seen enough
evidence to believe we will prove our approach very soon. We published on our
website a document describing cheats several months ago including Hardware Speed
Up Cheats. Most people thought we were crazy. Most honest players didn't want
to admit that cheating was so rampant. Now this crazy speed cheat is everywhere.
It works just like we described by changing certain hardware timings using a
software utility. I'm just glad it didn't show up 2 months ago, or the whole
Half-Life gaming scene could be gone already. At least now, PunkBuster used
properly can be effective at keeping it out of clan matches and hopefully public
servers as well.
PlanetFortress: What will be the next steps in
the development of PunkBuster?
Tony Ray: We will get the auto-update system working flawlessly. Then
we'll plug the few workarounds that some cheaters are using to still cheat on
PunkBuster servers. After that, we'll release a production version and concentrate
on detecting every single known cheat.
PlanetFortress: So far PunkBuster is working
with HL (and mods) only. But it could be used for other games as well? Any intention
to use it for other games in the near future?
Tony Ray: Once we prove the system works for Half-Life, we are hoping
that a funding source emerges to allow us to tackle all online games. There
simply has to be a market for an Anti-Cheat tool that actually works in letting
honest gamers have a level playing field on which to compete. We are developing
PunkBuster for Half-Life because we love the game and the community. We would
love to share that with other online communities but it will have to be as a
business venture at that point. We intend to never charge end users for the
product so we are hoping to develop relationships with game designers and publishers
so that their cost of integrating PunkBuster would be easily absorbed by increased
sales volume (or marginal unit price increase) due to market demand for cheat-free
online gaming. We even have ideas of how to boost sales for them by detecting
piracy as well as cheats - most Game Designers and Publishers should be very
interested in that.
PlanetFortress: Are there any talk/plans to join
forces with Valve to integrate PunkBuster into HL (or TF2)?
Tony Ray: All we want is for honest players to be able to compete fairly.
If Valve figures out how to do that without us, then more power to them. If
they can't (as they haven't to this point, just like all the other game developers),
then certainly we would hope that they see the immense value in working with
us more formally. To Valve's credit, they seem to at least try much harder than
other Game Companies to address cheating issues. In a perfect world, the geniuses
at Valve could spend 100% effort making great games and let us grunts take care
of the punks. Only time will tell ...
PlanetFortress: Thank you for this interview
(January 31st, 2001)
Links:
Punkbuster Website
Punkbuster FAQ
Punkbuster
Cheatdescriptions - A listing of known cheats for HL
Tony
Ray on the STA Board
Tony
Ray on the Catacombs Forum
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
|
Tony Ray On 
News
