Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Murdoch

Breaking News: id Not Complete Morons

Recommended Posts

I see a lot of good things in that post, and it answers a few questions I had.

 

For example, "Why would it be needed in Singleplayer?"

Quote

Establish cheat protection in the campaign now in preparation for the future launch of Invasion – which is a blend of campaign and multiplayer

Okay, that definitely makes sense.

 

What still doesn't make sense is why it needs to be KERNEL mode though. Yes, it's most effective, I won't deny that - nobody who knows how PCs work would deny that - but it's also the riskiest option you have. It gambles the entire safety of your user's system on it not being broken - if it is, the user is fucked.

 

However, since DAC is being outright removed next patch, that renders this argument moot. For now it's being scrapped entirely and they're going back to the drawing board on anti-cheat.

 

I would HOPE that the next anti-cheat they pick, however, isn't Kernel mode. If it must have more privileged access, make it Ring 2 or Ring 1, but not Ring 0. If that means people on Win7 can't play online or participate in Invasion (technical note - most programs for Windows up until recently were written just for Ring 3 or Ring 0 as that's all Windows exposed until Win8 or Win8.1, I believe), that's probably a small price to pay since the OS has stopped receiving official support.

 

Interesting for them to note that this decision was theirs and theirs alone, too, and not pushed on them by Bethesda/Zenimax. If that's the case, then bravo on them for stating that and owning up to it, but I would definitely want to see some extra talk from them on why a kernel-mode anti-cheat would be strictly needed versus a non-kernel-mode one, and how the benefits gained from that extra bit of privilege outweigh the risks of what happens if someone breaks it.

 

Some extra talk about how the user system would still be protected in the event it IS somehow broken would also be really nice to hear.

Share this post


Link to post

Greatly appreciated message from Marty there. Id are once again demonstrating how they are a cut above the rest. While I am very interested in hearing the precise details of what their future plans entail regarding anti-cheating measures, the fact they came right and said that they are removing DAC in the next patch is enough for me to re-install once that update releases. 

It's given me the motivation to fix my broken PC this weekend...

Share this post


Link to post

It also vindicates my decision to keep Doom Eternal installed but pause updating and playing, as I had hoped that something like this would happen relatively quickly.  It means my current game plan is simple: wait for the 1.1 patch (which might only be about a week or so, judging by reports), update to v1.1, play.

Share this post


Link to post

It was the only smart thing to do both in terms of PR and sales. I understand their thinking, but people are so paranoid these days - some of it justified, some not - that really this should have been anticipated. Likely they thought so people would be mad but probably did not anticipate people being quite this mad. However, as usual much of what was being said was complete twaddle. Not the actual technical stuff, that was right on. But conspiracy nonsense was, well, nonsense.

Share this post


Link to post
9 minutes ago, Murdoch said:

It was the only smart thing to do both in terms of PR and sales. I understand their thinking, but people are so paranoid these days - some of it justified, some not - that really this should have been anticipated. Likely they thought so people would be mad but probably did not anticipate people being quite this mad. However, as usual much of what was being said was complete twaddle. Not the actual technical stuff, that was right on. But conspiracy nonsense was, well, nonsense.

"Breaking news: Conspiracy theorists have no fucking clue what's going on. Film at eleven."

Share this post


Link to post
7 minutes ago, Dark Pulse said:

"Breaking news: Conspiracy theorists have no fucking clue what's going on. Film at eleven."

 

Yes. So much yes.

Share this post


Link to post
3 hours ago, Dark Pulse said:

What still doesn't make sense is why it needs to be KERNEL mode though. Yes, it's most effective, I won't deny that - nobody who knows how PCs work would deny that - but it's also the riskiest option you have. It gambles the entire safety of your user's system on it not being broken - if it is, the user is fucked.

 

This is pure opinion of mine, but I can imagine how they might have seen it as a less intrusive option.

 

I know, it sounds mad, but let's think it through a moment. Either you have user-land software spamming system calls, scanning files and process lists and inspecting what *other* files and programs are doing, potentially exposing your anti-cheat software to a host of sensitive, personally-identifying information (let alone probably being flagged as a virus), OR, you run in kernel mode and defend just your app against a handful of suspicious syscalls related to inter-process communication, memory sharing and maybe direct draw.

 

Now suppose you trust the software not to spy on the user. Sure, even though the software *could* do horrible, unspeakable things and sure, if it has any flaws that can be exposed you just opened every bank vault in existence to the outlaws. But I'm going to speculate that assurances were made that the software is quality-tested and reliable.

 

This is my pure speculation, imagination and opinion and nothing else. I'm just saying I could see how it might happen in such a way.

 

I do appreciate their response to remove this and in my opinion kernel mode anti-cheat is way too risky.

Share this post


Link to post

This is very good news. I was wanting to get back into playing Doom Eternal around the time the update hit, and I thought at first that the inclusion of Denuvo Anti-Cheat was Bethesda's choice.

Share this post


Link to post

Well, I'm cautiously optimistic after reading this, but I would've liked to have seen some information on why the decision was made to add DAC post-launch, and why DAC in particular was chosen. I have to admit that I'm still a bit skeptical that it was only added because of the reasons he listed.

Share this post


Link to post

Awesome! Hopefully people will clean up their review-bombing, otherwise all they did is damage the game's reputation, so it won't sell as much because there are folks that judge the game by its review score.

Share this post


Link to post
1 hour ago, Smouths said:

Well, I'm cautiously optimistic after reading this, but I would've liked to have seen some information on why the decision was made to add DAC post-launch, and why DAC in particular was chosen. I have to admit that I'm still a bit skeptical that it was only added because of the reasons he listed.

 

The reasons he gave were perfectly valid and sensible, at least from a developer perspective. Whatever the technical risks, Kernel mode is more effective strictly speaking or at least they felt it was. And it was added post release because the multiplayer clearly was not finalised at the time of release.

 

There is no logical or financial gain reason why this was done with genuine malicious intent. To intentionally fuck up the Doom franchise Bethesda and/or id would be not so much killing the goose that laid the golden egg as torturing it for hours, killing it, flaying it, then making it's skin into a stylish hat. It was a miscalculation. It happens. Stop looking for conspiracies. 90% of the internet does it and it's fucking tiring sometimes. Basic logic goes out the damn window in favour of a good bitch fest. To paraphrase Myles Power in one of his YouTube videos, the vast majority of the time, it's cockup before conspiracy.

Edited by Murdoch

Share this post


Link to post

The main problem is that they are wed to a publisher that has simply proven again and again that it cannot be trusted. People were so willing to believe it was on Bethesda because it had their style of stink all over it, especially with my finding that it was definitely being planned before release. This is just something AAA publishers have all been doing too much lately, putting controversial bits off until after release. Maybe there are good reasons it wasn't included at launch - it'd only be more speculation to guess why at this point. It was still within users' rights to express discontent with the nature and circumstances of the change regardless.

 

Again I'm just really glad they've heard and are willing to try to find a middle ground for those of us that are only interested in the single-player experience and see how it shouldn't have to require this kind of software unconditionally. And it also, via my list of reasons they wouldn't want to roll it back, gives us a bit more confidence that other unsavory features aren't on the way soon.

Share this post


Link to post

When you use words like "breaking news, id not complete morons", you're making actual id members who post here feel unwelcome.

Share this post


Link to post
Just now, printz said:

When you use words like "breaking news, id, not complete morons", you're making actual id members who post here feel unwelcome.

I figured it was meant to be a sarcastic jab at people that were willing to believe they were and not any kind of actual burn on id.

Share this post


Link to post
7 minutes ago, Quasar said:

I figured it was meant to be a sarcastic jab at people that were willing to believe they were and not any kind of actual burn on id.

 

Precisely. The made a miscalculation, and they would have absolutely been morons to not address it and do something about it. They have responded well and done the right thing.

Share this post


Link to post

This was great news, I wonder how Marty carries his balls around the office, it was a very bold move.

 

That said, I hope the future solution they choose for anti-cheat will not be ring-0, I'm sure they understand now that that's why everyone was so mad when it was added, and after the recent findings it definitely shows it was planned since launch. Whatever they do, I hope they'll remain transparent, and make the future anti-cheat measure necessary only for the MP/Invasion component either, that would be ideal, but we shall see how realistic it is.

Share this post


Link to post

I totally expected the id Team would make a message like this because if there is anything about them, its that they really do care about the community of Doom. Ofcourse, some of their PR stuff is PR, but if you just look at the speedrunning video they did recently discussing how it was done, you can tell its not pre-conditioned nonsense.

 

And that's good, you know? Its kind of embarassing that a high profile studio like id ticks off the boxes on how to be on proper terms with your community by simply acting like folks that love their own games.

 

That said, i am sure other devhouses equally love their own games - Just the way they evocate this is likely filtered out.

All in all, just an Epic (*wink*) message from Marty. Really lays out why things were initially done and how they are now taking the resultant feedback to heart - This is what any studio should do, exactly this way.

Share this post


Link to post
5 hours ago, Quasar said:

This is just something AAA publishers have all been doing too much lately, putting controversial bits off until after release. Maybe there are good reasons it wasn't included at launch - it'd only be more speculation to guess why at this point.

Well, consider how people would pass on buying if they announced the game would be launching with a brand new kernel level anti-cheat.

Share this post


Link to post
5 hours ago, Murdoch said:

 

The reasons he gave were perfectly valid and sensible, at least from a developer perspective. Whatever the technical risks, Kernel mode is more effective strictly speaking or at least they felt it was. And it was added post release because the multiplayer clearly was not finalised at the time of release.

 

There is no logical or financial gain reason why this was done with genuine malicious intent... Stop looking for conspiracies. 90% of the internet does it and it's fucking tiring sometimes.

 

Yes, they seem like perfectly valid reasons, and I'm sure most everything he said here was verifiable.

 

I'm not being conspiratorial, it's just worth pointing out that this was obviously part of a longer term plan/roadmap they had in mind, and that resources have gone into putting it in place since before launch. The fans aren't the only people they have an obligation to here, and I can't overlook that they did something suspicious just because they're responding to the backlash in a way that I like. Like I said, cautiously optimistic.

 

5 hours ago, Quasar said:

The main problem is that they are wed to a publisher that has simply proven again and again that it cannot be trusted. People were so willing to believe it was on Bethesda because it had their style of stink all over it, especially with my finding that it was definitely being planned before release. This is just something AAA publishers have all been doing too much lately, putting controversial bits off until after release. Maybe there are good reasons it wasn't included at launch - it'd only be more speculation to guess why at this point. It was still within users' rights to express discontent with the nature and circumstances of the change regardless.

 

Seconding this bit. Personally, I distrust id's publisher/parent company to such an extent that I already felt like I was going out on a limb buying the game in the first place.

Share this post


Link to post
6 hours ago, printz said:

When you use words like "breaking news, id not complete morons", you're making actual id members who post here feel unwelcome.

But we gotta fight the system and not let the man bring us down with their corporate nonsense no matter what the cost. /s

Share this post


Link to post

Great news. I'll be checking DW for feedback on the 1.1 update before reinstalling and fixing my Steam review, but I'm looking forward to doing another run.

 

Chalk up another win next to OpenIV. Still iffy about buying games on launch in the future, though.

Share this post


Link to post

Cool. Now I can consider getting the PC version at some point again.

Share this post


Link to post
13 hours ago, JadingTsunami said:

 

This is pure opinion of mine, but I can imagine how they might have seen it as a less intrusive option.

 

I know, it sounds mad, but let's think it through a moment. Either you have user-land software spamming system calls, scanning files and process lists and inspecting what *other* files and programs are doing, potentially exposing your anti-cheat software to a host of sensitive, personally-identifying information (let alone probably being flagged as a virus), OR, you run in kernel mode and defend just your app against a handful of suspicious syscalls related to inter-process communication, memory sharing and maybe direct draw.

 

Now suppose you trust the software not to spy on the user. Sure, even though the software *could* do horrible, unspeakable things and sure, if it has any flaws that can be exposed you just opened every bank vault in existence to the outlaws. But I'm going to speculate that assurances were made that the software is quality-tested and reliable.

 

This is my pure speculation, imagination and opinion and nothing else. I'm just saying I could see how it might happen in such a way.

 

I do appreciate their response to remove this and in my opinion kernel mode anti-cheat is way too risky.

Yeah, from a developer's point of view, it totally makes sense. Obviously, as devs they'd have full access to the DAC code, and would know exactly what it could and couldn't do. An issue of trust literally isn't a problem for them, because they know exactly what it's going to do.

 

What they forgot, though, was "The system is all but spread open like a whore if the anti-cheat is exploited." Because that's the downside of kernel-mode - there is no way to protect against something that has the lowest-level privileges you can get. Essentially you are trading having less calls and so on, for basically just presuming "it will work and never be broken."

 

And it very well never might! If that's the case then obviously there's no problem - the anti-cheat does its thing, those who play MP/Invasion get to enjoy their game, everyone lives happily ever after.

 

But in the event it DOES get broken, the anti-cheat has full kernel access. Some injected code here and there and suddenly the anti-cheat is capable of doing new things - things that won't be disastrous to id's systems, or to Irdeto's systems (although both their reps will definitely take a hit from the resulting fallout), but to the system of the guy who was just playing a game and now is being extorted for Bitcoin.

 

Basically, as a developer, you shouldn't just be asking yourself "Will this be the most-secure, least-attackable implementation we have?" but also "How do we secure our users if this DOES get broken?" I obviously can't claim to know what sorts of discussions went around in the id offices, but I have a feeling that it was a little too much on the former, and not as much as should have been done on the latter.

 

Essentially, for a program to be given kernel-mode privileges, it should be very, VERY trusted, and people should make sure that if it does somehow get compromised, there's a contingency plan. For example, if DAC detects it's compromised, does it shut the game down and force a clean reinstall of DAC? How does it maintain security even if it doesn't detect it's compromised? Things like that that basically users shouldn't have to know (or even NEED to know for the most part), but owing to it being given the most trusted level of privileges, are arguably things the user SHOULD know.

 

If we got that sort of explanation, maybe I'd be more comfortable with why I should trust my system to a kernel-mode anti-cheat. After all, I've got nothing against anti-cheats in principle, and even a game with a relatively small multiplayer component benefits from it.

 

I just want to know what they're doing to secure my system from exploitation if that mandatory component gets broken, because as-is, a broken anti-cheat has the permissions needed to do what most other viruses, trojans, malware, etc. cannot - because none of those are kernel-mode code (unless they're exploiting a driver or something).

Share this post


Link to post
5 hours ago, Smouths said:

I'm not being conspiratorial, it's just worth pointing out that this was obviously part of a longer term plan/roadmap they had in mind, and that resources have gone into putting it in place since before launch. The fans aren't the only people they have an obligation to here, and I can't overlook that they did something suspicious just because they're responding to the backlash in a way that I like. Like I said, cautiously optimistic.

 

 

As someone who has worked in the industry on multiple 'live service' type games and seen firsthand how projects are managed I would say it is very unlikely this wasn't planned before launch.

 

Game projects (or at least competently managed ones) don't just operate day to day and decide what they are doing on a whim. Tasks are put into a roadmap, estimated and prioritized and planned many months (sometimes years) in advance. It's the job of the producers to manage time on a project and ensure that important dates are being hit for marketing and business reasons; part of that is work is gaining an understanding of what needs to be done. Yes reactive stuff does occasionally pop up in response to player feedback or changing business conditions but generally most work is planned well in advance.

 

12 hours ago, Quasar said:

The main problem is that they are wed to a publisher that has simply proven again and again that it cannot be trusted. People were so willing to believe it was on Bethesda because it had their style of stink all over it, especially with my finding that it was definitely being planned before release. This is just something AAA publishers have all been doing too much lately, putting controversial bits off until after release. Maybe there are good reasons it wasn't included at launch - it'd only be more speculation to guess why at this point. It was still within users' rights to express discontent with the nature and circumstances of the change regardless.

 

 

Building on my previous point, I actually think there is perfectly simple and benign reason why it shipped later - it simply wasn't a priority for launch.

 

Doom Eternal had slipped dates already once and the team were crunching pretty hard to hit the new date; delaying a second time probably wasn't an option. Based on that I can see why a non essential feature such as DAC might have been de-prioritized and scheduled for a later update, alongside multiplayer improvements/features it was intended to support. They probably wanted it at launch originally but delayed it to allow the team to focus on higher priority stuff for the 1.0 release.

 

It genuinely seems to me that the team wanted to improve the MP experience in Doom Eternal and were perhaps taken a little by surprise that this addition would be received so negatively, so I would give them the benefit of the doubt on this and say that the timing was not deliberate - just a byproduct of how things worked out.

 

I'm glad to see them react so quickly to the issue though and promise a fix soon. It's a little silly that DAC got included for the SP game but again maybe that's a product of rushing to get things done quickly rather than spending the additional time to make separate SP/MP executables.

 

Share this post


Link to post
12 hours ago, seed said:

That said, I hope the future solution they choose for anti-cheat will not be ring-0

Slight problem with that request, there isn't any. The only one that is user-level and still actively maintained is VAC, which they can't exactly use outside of Steam (and isn't even considered any good anymore). Everything else is ring-0.

Share this post


Link to post
6 minutes ago, Edward850 said:

Slight problem with that request, there isn't any. The only one that is user-level and still actively maintained is VAC, which they can't exactly use outside of Steam (and isn't even considered any good anymore). Everything else is ring-0.

 

Oh dang, really?? Well RIP in pepperoni then, I guess :( .

 

I would like to think that maybe id makes their own, but for a SP-focused game at this point... I'm seeing no point tbh. Sucks if everything out there is ring-0 now. Good thing I've stopped playing these games then...

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×