Problem is those solutions have also all required a large amount of additional man hours to implement after the fact, rarely are actually preventing the hacks, and tend to require a lot of man hours ongoing for managing the reports and sending out ban-waves (or whatever other punishment method is chosen).
The less you account for during development, the more time and money you waste on half-baked solutions later.
I wonder though whether Amazon will create something - available to developers who use Amazon Cloud. This would mimic EA's approach who developed a detection engine for "general use". Which is what Respawn (Titanfall developers) used rather than develop their own code.
Problem is those solutions have also all required a large amount of additional man hours to implement after the fact, rarely are actually preventing the hacks, and tend to require a lot of man hours ongoing for managing the reports and sending out ban-waves (or whatever other punishment method is chosen).
The less you account for during development, the more time and money you waste on half-baked solutions later.
There is no online game around that can't be hacked. Just think of a game and search for hacking tools for it, you WILL likely find tools for them.
If ban waves and other consequences were what required most effort and man-hours... Then why the games choose that path then?
What games are these that are un-hackable and do not resort to bans or other types of consequences for users who hack, because their games are impossible to hack?
Online games are exploitable by virtue of being online, but there's a lot that people can do about net security in their game to mitigate the ability to hack things or alternatively place in reliable means of checking for consistency errors that are otherwise really cumbersome to handle with any method you have to implement post-case. Especially if you didn't leave any pointers and what-not to use for the content.
It's a matter of how easy you are making it for someone to hack your product, and to what extent they subsequently have access to the functions. Your argument similarly falls under hyperbole as a result of this though since instead of a more realistic response of the fact that some games hide content well or encrypt data better than others.
For an example that actually comes pretty close to your request though, Turbine actually did a reasonably good job of encrypting their games against hacking (exploits however, they were not so great at preventing), as most all the tools you can search up for them are simply scam sites for making people download malware.
That does not change the point made either way though that prior planning saves wasted effort.
Online games are exploitable by virtue of being online,
That does not change the point made either way though that prior planning saves wasted effort.
There's the security you can deal with, fix exploits. And there's the one you can't fix.
Now things as AimBots, will just exist. Hence the necessity of game moderation, of bans or other consequences for people who hack will be there. The matter of fact is that is that it WILL get hacked one way or the other, any small thing that gives advantages on the usual competitive PvP environment.
That's why I talked about popular FPS games when it comes to things as Aimbots, they will exist so they planning ahead comes not from making it not possible, but making them have consequences once they do it.
My point wasn't against time spend planning, was about effort put into attempt to fix exploits like Aimbots (that the OP's video about)..
I wonder..... I mean they have done so many blunders... What if they make HP for ship, parts, and player all client side. GG
So many blunders - easy to say. Would that be more or less than the typical game though? We don't really know of course since almost all games are developed behind closed doors.
There are games that seem to have gone very smoothly. Destiny say - although how smoothly before Bungee signed with Activision we don't know. And then there are games that went less well - based simply on what we heard. TR, SWTOR, Wildstar, WAR, lots of games. How bad it was behind the closed doors for stuff to leak out - yeah.
What was allowed for though. That is the key. For when management start out the only thing they will be sure of is that change and problems will happen. (And in game development that there will be hacks!)
So companies like EA, UbiSoft etc. will - in some way - allow for extra costs, time delays and scope change. Different ways of doing this: float, contingency, risk management, stretched targets (not the KS type) etc. They will do something though. So a disaster might happen and be reported but if it was allowed for not really an issue.
What does a KS funded project do however? Over estimate the cost and have people bleat that it shouldn't cost that much? Have a special goal called "money just in case" - can't see that going down well. Can it be anything other than "best endeavours" on a KS project?
So how is CS doing compared to others? Especially as its an open book.
To me - viewed holistically - it seems to be doing OK. Perfect - no but better than many.
That does not change the point made either way though that prior planning saves wasted effort.
I'd say EvE Online for example, there is all sorts of hacks for that game, due the competitive aspect of there is no lack of demand for them either; but we don't hear much about hacking on EvE do we?
CPP simply did a good job at detecting who hacks and enforce a pretty much 0 tolerance policy on this; as MMO's obviously require constant moderation.
That is the difference between devs who care and devs who don't care; hence why some MMO's released on chaos with community outcries about hacking and the lack of actions against them.
Online games are exploitable by virtue of being online,
That does not change the point made either way though that prior planning saves wasted effort.
There's the security you can deal with, as of patch exploits. And there's the one you can't.
Now things as AimBots, will just exist. Hence the necessity of game moderation, of bans or other consequences for people who hack will be there. The matter of fact is that is that it WILL get hacked one way or the other, any small thing that gives advantages on the usual competitive PvP environment.
That's why I talked about popular FPS games when it comes to things as Aimbots, they will exist so they planning ahead comes not from making it not possible, but making them have consequences once they do it.
My point wasn't against time spend planning, was about effort put into fix exploits like Aimbots (that the OP's video about). Because those exploits will exist.
The only decent answer is that putting effort into preventing hacking should always be a priority in an online environment, because it affects far more than just the user of said hack and can detrimentally damage the user experience of many people, which can in turn detrimentally affect the profit of the company.
People may continually attempt to hack titles, especially popular ones. That does not mean the developers should roll over otherwise those titles are dead in the water. Doing as much as they can to prevent rampancy before launch is just a great plan in general when capable.
That does not change the point made either way though that prior planning saves wasted effort.
I'd say EvE Online for example, there is all sorts of hacks for that game, due the competitive aspect of there is no lack of demand for them either; but we don't hear much about hacking on EvE do we?
CPP simply did a good job at detecting who hacks and enforce a pretty much 0 tolerance policy on this; as MMO's obviously require constant moderation.
That is the difference between devs who care and devs who don't care; hence why some MMO's released on chaos with community outcries about hacking and the lack of actions against them.
I would repeat my prior statement which you avoided/removed as well as the example I posted.
The only decent answer is that putting effort into preventing hacking should always be a priority in an online environment, because it affects far more than just the user of said hack and can detrimentally damage the user experience of many people, which can in turn detrimentally affect the profit of the company.
For me, to some extent, put effort into preventing hacks and cheating vs having systems to deal with it once it happens, is...kinda the same thing as put effort into preventing gold selling. It's things that will happen and I think we all know this. I've saw devs wasting far too much effort changing their game to prevent gold sellers, just to realize they were there to stay.
That doesn't mean they can't plan ahead and some stuff to minimize the issue as part of the game design, but both hacking and gold sellers will be there and forcefully there will be a need for game moderation.
And on the case of SC, the hacking tools already popped in during the Alpha so it's up to them what path they will go on this.
Even gold selling is an example of something that can be greatly mitigated by proper prior planning in the design of the player economy, reward systems, control of access to features that can be easily macroed, etc.
Essentially, mitigating the ability for people to abuse the system will greatly reduce the cost of continuing overhead that ignoring such things during development would otherwise allow. Every person you have to hire to moderate the game post-release because you didn't lock down exploits and hackable assets prior, is an additional 50k a year in operating cost and a potential loss of profit in the interim from people leaving the game.
Doing things that prevent the game from costing more and profiting less over the long term is generally a good idea.
I've saw MMO's who just went after the gold sellers, they wanted to get rid of them, this is a game design that would limit their ability to do such. But at the end of the day they limited the game for EVERY player, and they were still there, they limited them but they didn't stop them.
Black Desert Online on my opinion did this, they even did feature cuts on the game. Gifting was disabled, tons of changes on the auction houses, many of which are just annoying.
We ended up having to spend energy to send a chat message, and I don't think it's far just so the bots can also be limited of sending chat spam. >.>
It is why I don't agree they should limit the game so they can hit the gold sellers, I'd find active moderation, detection and banning does less harm even if it takes more man hours.
That is a matter of which solutions are implemented, how they are integrates with other systems, and personal preference. There are many forms of chat filters and means to limit spam, with more intelligent AI systems offering better solutions than the example you chose.
BDO found itself where it is because they didn't have early implementations of good prevention, so they had to take measures where they could by cutting or modifying already implemented features and expanding their moderators. What you described was the consequences of half measures and poor planning.
Same point is shareable across many types of software and services. You don't want OS developers, enterprise software, and data security services to stop prioritizing stopping hackers trying to get a hold of your bank data, personal identity, etc and play catch up while you wonder why your life just turned upside down.
This would be why in the instance of Star Marine, the fact that hacks are present now serves as a means to highlight faults in the system while the system is still changeable., That's a good thing. Patching security failures and exploits while they still can before they are pushed into playing perpetual catch up after release saves them and the users a lot of problems.
EDIT: Which also highlights a side point about why preventing hacking is such a priority. Because it's not just the game being hacked for personal entertainment. The more exploitable an online service is, the more readily it can be used to target other people. Stealing game data and mining it for accounts, billing info, etc is a very serious thing, and taking it into account for how secure your overall game is, is rather important.
For example, the fact that bugs in DS games are used as ways to root and hack those devices. For the most part it's a safe endeavor because you can only really hack your own device that way, but it's the fact that it's a third party piece of software used for entertainment in most cases exposing all the most sensitive elements of a system that is the point. Preventing as many such possibilities is simply good business.
Just did a fast Google search and yep they are out and renting the hacks.
"We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa "We don't see things as they are, we see them as we are." SR Covey
That is a matter of which solutions are implemented, how they are integrates with other systems, and personal preference. There are many forms of chat filters and means to limit spam, with more intelligent AI systems offering better solutions than the example you chose.
BDO found itself where it is because they didn't have early implementations of good prevention, so they had to take measures where they could by cutting or modifying already implemented features and expanding their moderators. What you described was the consequences of half measures and poor planning.
Same point is shareable across many types of software and services. You don't want OS developers, enterprise software, and data security services to stop prioritizing stopping hackers trying to get a hold of your bank data, personal identity, etc and play catch up while you wonder why your life just turned upside down.
This would be why in the instance of Star Marine, the fact that hacks are present now serves as a means to highlight faults in the system while the system is still changeable., That's a good thing. Patching security failures and exploits while they still can before they are pushed into playing perpetual catch up after release saves them and the users a lot of problems.
EDIT: Which also highlights a side point about why preventing hacking is such a priority. Because it's not just the game being hacked for personal entertainment. The more exploitable an online service is, the more readily it can be used to target other people. Stealing game data and mining it for accounts, billing info, etc is a very serious thing, and taking it into account for how secure your overall game is, is rather important.
For example, the fact that bugs in DS games are used as ways to root and hack those devices. For the most part it's a safe endeavor because you can only really hack your own device that way, but it's the fact that it's a third party piece of software used for entertainment in most cases exposing all the most sensitive elements of a system that is the point. Preventing as many such possibilities is simply good business.
When it comes to hacking it's easier as, prevention as fixing exploits can exist, and automation of account flagging can be done. But it still requires moderation.
You were talking about profits, you can be sure that EA, Blizzard, Activision and so on do are thinking on the cheapest ways to do it, but they still go through the path of actively moderate their games against hacking, side of the constant prevention on the exploits that can be fixed, account flagging to bans and bans and more bans.
There are issues that you can't prevent, the Aimbots I exemplified that the hacking tool posted on this thread was about that are the so-called client-side exploitation, that will happen so you don't prevent it from happening, but you will need to apply consequences to who does or the issue is doomed to increase. It's not like or prevention or moderation, both are necessary to work out the best security for a game.
Gold-selling for me is quite a bigger challenge, they don't really play by how one hacker would and it's because of them we have silly limitations on several MMO's that are there just to fight gold sellers. I always liked the way Guild Wars 2 went about it, they had/have issues with gold sellers but they did not limit their game because of them (that always ends on limitations on mails/trade/auction houses & chat systems), instead, they keep actively moderating the game with detection systems and moderation to keep them out.
Same goes for EvE Online, sure you can hack it, though their moderation is there to ensure you don't get away with it, and that creates a good stability.
SC fans should feel happy about this: if the hackers are interested enough to hack it, that means they think there's a real game coming
"Social media gives legions of idiots the right to speak when they once only spoke at a bar after a glass of wine, without harming the community ... but now they have the same right to speak as a Nobel Prize winner. It's the invasion of the idiots”
― Umberto Eco
“Microtransactions? In a single player role-playing game? Are you nuts?” ― CD PROJEKT RED
The example of aimbots is something that is preventable because you could implement cross-client and server side consistency checks. If the actions of one person are notably aberrant, they can be ignored by the server and decync the player, disconnect them outright, or roll them back every time the inconsistency is found.
Only way for a client to hack their way around that kinda prevention is to force their client to ignore the server's commands, which breaks their connection to the game's run-time any ways and prevents any further actions form them from impacting other users regardless since they are effectively roaming about a snapshot of the gameplay and gaining no current/new data.
Guild Wars 2 is an example of planning ahead on the matter. They implemented a system where exchange of currency was already a functional part of the game, and third party gold sales were marginalized by it and forced to undersell the price average of the game itself in order to operate at all. There was considerably more than just tracking and moderation on Arenanet's part when it came to how they managed that stuff to mitigate exploits and things like gold sales.
And I never spoke against having moderation, I spoke against the notion that preventing hacking was somehow a superfluous activity.
Moderation is all well and good, but stopping something before it's a problem (when you have the opportunity to do so) is still better than saying "Well it'll happen any ways."
The example of aimbots is something that is preventable because you could implement cross-client and server side consistency checks. If the actions of one person are notably aberrant, they can be ignored by the server and decync the player, disconnect them outright, or roll them back every time the inconsistency is found.
So why none of the popular FPS shooters around do it? The way this plays is people use aimbots, they do have systems to flag the accounts and the account gets flagged; then it usually ends on bans.
Or like Titanfall once the accounts get flagged they put special match-making rules on them, hackers vs hackers.
If there is one popular FPS game around for PC ofc, where aimbots do not work then I am not aware of it O.o
Limnic said: There was considerably more than just tracking and moderation on Arenanet's part when it came to how they managed that stuff to mitigate exploits and things like gold sales.
Oh for sure they had one automated system on the play there.
I was perm-banned wrongly 2 times back at release times because of the bad account flagging systems they implemented for bots had a hell high rate of false positives. Send gold via email was the first perm-ban and that was enough to get me flagged, was rather annoying until they fixed it.
A lot of the shooters do actually implement such things. That's why a lot of aimbots fail. The few that do work well tend to do so by emulating elements of regular game movement and mouselook so that the system doesn't catch it.
That is the point where moderation is finally useful. You don't use moderation to weed out countless bots that could have been removed by proper planning, you use them for the extreme cases that are clever enough to make it past some of our current best methods until we have better systems that can detect those as well.
To the contrary, if you don't consider security until a game launches, it's too late. A lot of things that are easy to implement if you have them in mind before you start writing code can be just shy of impossible to patch in later. Messing with fundamental systems as can sometimes be necessary to fix cheats after a game releases can easily break your game in unpredictable ways. That's fine while a game is in alpha and the game can be in a broken state for a while as you work on fixing it, but really bad after release.
The thing is, this "contrary" does not apply on the actual biggest games around.
You have Battlefield 1, you have Black Deserts, The Divison, GTA V and many many others that only dealt with hacking after they released their games. And the norm is via bans.
In fact, hacking tools are still available for all of these games as of right now, it's not there they fight them, it's by detecting the players who use them while in-game and apply consequences, famously known as BAN or as @gervaise1 mentioned, stuff as put the cheaters playing against each other. lol
From what I see by norm, the fight against hacking on online games comes not from prevention (make game un-hackable), but from detection & action.
I can put my point as: - It's not about "This game can't be hacked!" - It's about "If someone uses hacks on this game, there will be consequences."
The games who do not enforce consequences are the ones with most issues, I remember Black Desert and The Division as it took a while to even start banning people, it was their lack of action that made the number of hackers increase, with it, the problem. Once those two games took action, things normalized.
Hacking tools exist for the game? Nothing new here. The point will be how will they detect and get rid of who does that. Should they ban backers from playing the game during the alpha for such? idk..
There's an enormous difference between:
1) Building in major security features from the start, then patching a few holes that hackers find later. 2) Not even thinking about security when writing the game until after it launches.
Furthermore, if you want to crack down on cheating, you can't just do one thing and assume that you've got the one magic bullet that will fix everything. You have to build in security measures (server-side checking, don't send unnecessary data to client, etc.), and then also monitor for hackers who find holes that you missed. If you try to rely only on one or the other, you'll fail miserably.
A lot of the shooters do actually implement such things. That's why a lot of aimbots fail. The few that do work well tend to do so by emulating elements of regular game movement and mouselook so that the system doesn't catch it.
That is the point where moderation is finally useful. You don't use moderation to weed out countless bots that could have been removed by proper planning, you use them for the extreme cases that are clever enough to make it past some of our current best methods until we have better systems that can detect those as well.
Exactly.
This is piracy you know, the companies who invest so much into protect their games against cracks, then they end up cracking it then they change it again, then they crack it again... That's the cat > mice game in a loop. Hence why I see the strict moderation policy more effective.
Why is it more effective? I can put it like this: If the developers decide to lay "traps" on the game's code to sneakly catch and flag the account using the aimbot, the hacker will not know it was flagged and will not know if their aimbot did actually go "under the radar". Makes it also hard for them to safe-test their hack tool against the game security measures.
And that's why I say that method isn't the best is because, without the prior planning and prevention that are being implemented, most any game you might bring up would be an unplayable mess regardless of how many moderators you have.
Point of example would be when GTA:O rolled out for PC and the hack prevention was abysmal. People were able to hack the game so they could press a single button and cause everyone on the instance to explode. The rampancy of it was simply too much to prevent through simply logging data and vetting player accounts, Rockstar had to go through and rebuild parts of the game to implement consistency checks on their servers. Something they should have done to begin with before the mayhem alienated a bunch of players.
Combat Arms had problems like that too....Aimbots that could shoot through walls and other hacks that would kill everyone on map no matter where they were at.
@Limnic but if you think of it, you actually see the smart ways they make this work.
The actual sneaky ways of laying traps on the game's code to trigger flags that the users will not see or notice anything, they'll just see the hack working drives a bunch of stuff that benefits the devs from being constantly developing a solution when the hackers will develop a patch for that solution. That makes it much harder for the hackers.
So the detection and account flagging end of the day I think you can notice how they intentionally do this is a way to protect their games that does work.
Yes, but that's only a minor solution to an ongoing problem. "Treating the symptoms but not the cause" is not good for a game's health. The primary concern generally remains preventing as much of such from happening in the first place as possible.
Tracking and moderation is a good/necessary aid, but not a solution in itself.
Yes, but that's only a minor solution to an ongoing problem. "
It fixes one side of it. Let's separate the client/server exploitation for a sec.
This we just talked about is the solution for the client-side exploitation, the one they have less control of and that is where the most exploits are. This is where they play mostly by the flagging accounts method.
The other one is server/game stuff, usually, it's the exploits they might find within the game, abuse bugs and so forth to their own benefit, that is the other side of the coin where prevention is constantly patching those hacks because in there they do have the control. On this side hackers will not at all be able to hack the game once they patch it. Take the example of BDO once they patched the skill casting timers to get the server to control them, no way to exploit them anymore.
Comments
I wonder though whether Amazon will create something - available to developers who use Amazon Cloud. This would mimic EA's approach who developed a detection engine for "general use". Which is what Respawn (Titanfall developers) used rather than develop their own code.
It's a matter of how easy you are making it for someone to hack your product, and to what extent they subsequently have access to the functions. Your argument similarly falls under hyperbole as a result of this though since instead of a more realistic response of the fact that some games hide content well or encrypt data better than others.
For an example that actually comes pretty close to your request though, Turbine actually did a reasonably good job of encrypting their games against hacking (exploits however, they were not so great at preventing), as most all the tools you can search up for them are simply scam sites for making people download malware.
That does not change the point made either way though that prior planning saves wasted effort.
Now things as AimBots, will just exist. Hence the necessity of game moderation, of bans or other consequences for people who hack will be there. The matter of fact is that is that it WILL get hacked one way or the other, any small thing that gives advantages on the usual competitive PvP environment.
That's why I talked about popular FPS games when it comes to things as Aimbots, they will exist so they planning ahead comes not from making it not possible, but making them have consequences once they do it.
My point wasn't against time spend planning, was about effort put into attempt to fix exploits like Aimbots (that the OP's video about)..
There are games that seem to have gone very smoothly. Destiny say - although how smoothly before Bungee signed with Activision we don't know. And then there are games that went less well - based simply on what we heard. TR, SWTOR, Wildstar, WAR, lots of games. How bad it was behind the closed doors for stuff to leak out - yeah.
What was allowed for though. That is the key. For when management start out the only thing they will be sure of is that change and problems will happen. (And in game development that there will be hacks!)
So companies like EA, UbiSoft etc. will - in some way - allow for extra costs, time delays and scope change. Different ways of doing this: float, contingency, risk management, stretched targets (not the KS type) etc. They will do something though. So a disaster might happen and be reported but if it was allowed for not really an issue.
What does a KS funded project do however? Over estimate the cost and have people bleat that it shouldn't cost that much? Have a special goal called "money just in case" - can't see that going down well. Can it be anything other than "best endeavours" on a KS project?
So how is CS doing compared to others? Especially as its an open book.
To me - viewed holistically - it seems to be doing OK. Perfect - no but better than many.
CPP simply did a good job at detecting who hacks and enforce a pretty much 0 tolerance policy on this; as MMO's obviously require constant moderation.
That is the difference between devs who care and devs who don't care; hence why some MMO's released on chaos with community outcries about hacking and the lack of actions against them.
People may continually attempt to hack titles, especially popular ones. That does not mean the developers should roll over otherwise those titles are dead in the water. Doing as much as they can to prevent rampancy before launch is just a great plan in general when capable.
That doesn't mean they can't plan ahead and some stuff to minimize the issue as part of the game design, but both hacking and gold sellers will be there and forcefully there will be a need for game moderation.
And on the case of SC, the hacking tools already popped in during the Alpha so it's up to them what path they will go on this.
Essentially, mitigating the ability for people to abuse the system will greatly reduce the cost of continuing overhead that ignoring such things during development would otherwise allow. Every person you have to hire to moderate the game post-release because you didn't lock down exploits and hackable assets prior, is an additional 50k a year in operating cost and a potential loss of profit in the interim from people leaving the game.
Doing things that prevent the game from costing more and profiting less over the long term is generally a good idea.
I've saw MMO's who just went after the gold sellers, they wanted to get rid of them, this is a game design that would limit their ability to do such. But at the end of the day they limited the game for EVERY player, and they were still there, they limited them but they didn't stop them.
Black Desert Online on my opinion did this, they even did feature cuts on the game. Gifting was disabled, tons of changes on the auction houses, many of which are just annoying.
We ended up having to spend energy to send a chat message, and I don't think it's far just so the bots can also be limited of sending chat spam. >.>
It is why I don't agree they should limit the game so they can hit the gold sellers, I'd find active moderation, detection and banning does less harm even if it takes more man hours.
BDO found itself where it is because they didn't have early implementations of good prevention, so they had to take measures where they could by cutting or modifying already implemented features and expanding their moderators. What you described was the consequences of half measures and poor planning.
Same point is shareable across many types of software and services. You don't want OS developers, enterprise software, and data security services to stop prioritizing stopping hackers trying to get a hold of your bank data, personal identity, etc and play catch up while you wonder why your life just turned upside down.
This would be why in the instance of Star Marine, the fact that hacks are present now serves as a means to highlight faults in the system while the system is still changeable., That's a good thing. Patching security failures and exploits while they still can before they are pushed into playing perpetual catch up after release saves them and the users a lot of problems.
EDIT: Which also highlights a side point about why preventing hacking is such a priority. Because it's not just the game being hacked for personal entertainment. The more exploitable an online service is, the more readily it can be used to target other people. Stealing game data and mining it for accounts, billing info, etc is a very serious thing, and taking it into account for how secure your overall game is, is rather important.
For example, the fact that bugs in DS games are used as ways to root and hack those devices. For the most part it's a safe endeavor because you can only really hack your own device that way, but it's the fact that it's a third party piece of software used for entertainment in most cases exposing all the most sensitive elements of a system that is the point. Preventing as many such possibilities is simply good business.
"We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa "We don't see things as they are, we see them as we are." SR Covey
When it comes to hacking it's easier as, prevention as fixing exploits can exist, and automation of account flagging can be done. But it still requires moderation.
You were talking about profits, you can be sure that EA, Blizzard, Activision and so on do are thinking on the cheapest ways to do it, but they still go through the path of actively moderate their games against hacking, side of the constant prevention on the exploits that can be fixed, account flagging to bans and bans and more bans.
There are issues that you can't prevent, the Aimbots I exemplified that the hacking tool posted on this thread was about that are the so-called client-side exploitation, that will happen so you don't prevent it from happening, but you will need to apply consequences to who does or the issue is doomed to increase. It's not like or prevention or moderation, both are necessary to work out the best security for a game.
Gold-selling for me is quite a bigger challenge, they don't really play by how one hacker would and it's because of them we have silly limitations on several MMO's that are there just to fight gold sellers. I always liked the way Guild Wars 2 went about it, they had/have issues with gold sellers but they did not limit their game because of them (that always ends on limitations on mails/trade/auction houses & chat systems), instead, they keep actively moderating the game with detection systems and moderation to keep them out.
Same goes for EvE Online, sure you can hack it, though their moderation is there to ensure you don't get away with it, and that creates a good stability.
“Microtransactions? In a single player role-playing game? Are you nuts?”
― CD PROJEKT RED
Only way for a client to hack their way around that kinda prevention is to force their client to ignore the server's commands, which breaks their connection to the game's run-time any ways and prevents any further actions form them from impacting other users regardless since they are effectively roaming about a snapshot of the gameplay and gaining no current/new data.
Guild Wars 2 is an example of planning ahead on the matter. They implemented a system where exchange of currency was already a functional part of the game, and third party gold sales were marginalized by it and forced to undersell the price average of the game itself in order to operate at all. There was considerably more than just tracking and moderation on Arenanet's part when it came to how they managed that stuff to mitigate exploits and things like gold sales.
And I never spoke against having moderation, I spoke against the notion that preventing hacking was somehow a superfluous activity.
Moderation is all well and good, but stopping something before it's a problem (when you have the opportunity to do so) is still better than saying "Well it'll happen any ways."
Or like Titanfall once the accounts get flagged they put special match-making rules on them, hackers vs hackers.
If there is one popular FPS game around for PC ofc, where aimbots do not work then I am not aware of it O.o
Oh for sure they had one automated system on the play there.
I was perm-banned wrongly 2 times back at release times because of the bad account flagging systems they implemented for bots had a hell high rate of false positives. Send gold via email was the first perm-ban and that was enough to get me flagged, was rather annoying until they fixed it.
That is the point where moderation is finally useful. You don't use moderation to weed out countless bots that could have been removed by proper planning, you use them for the extreme cases that are clever enough to make it past some of our current best methods until we have better systems that can detect those as well.
1) Building in major security features from the start, then patching a few holes that hackers find later.
2) Not even thinking about security when writing the game until after it launches.
Furthermore, if you want to crack down on cheating, you can't just do one thing and assume that you've got the one magic bullet that will fix everything. You have to build in security measures (server-side checking, don't send unnecessary data to client, etc.), and then also monitor for hackers who find holes that you missed. If you try to rely only on one or the other, you'll fail miserably.
This is piracy you know, the companies who invest so much into protect their games against cracks, then they end up cracking it then they change it again, then they crack it again... That's the cat > mice game in a loop. Hence why I see the strict moderation policy more effective.
Why is it more effective? I can put it like this:
If the developers decide to lay "traps" on the game's code to sneakly catch and flag the account using the aimbot, the hacker will not know it was flagged and will not know if their aimbot did actually go "under the radar". Makes it also hard for them to safe-test their hack tool against the game security measures.
Point of example would be when GTA:O rolled out for PC and the hack prevention was abysmal. People were able to hack the game so they could press a single button and cause everyone on the instance to explode. The rampancy of it was simply too much to prevent through simply logging data and vetting player accounts, Rockstar had to go through and rebuild parts of the game to implement consistency checks on their servers. Something they should have done to begin with before the mayhem alienated a bunch of players.
The actual sneaky ways of laying traps on the game's code to trigger flags that the users will not see or notice anything, they'll just see the hack working drives a bunch of stuff that benefits the devs from being constantly developing a solution when the hackers will develop a patch for that solution. That makes it much harder for the hackers.
So the detection and account flagging end of the day I think you can notice how they intentionally do this is a way to protect their games that does work.
Tracking and moderation is a good/necessary aid, but not a solution in itself.
This we just talked about is the solution for the client-side exploitation, the one they have less control of and that is where the most exploits are. This is where they play mostly by the flagging accounts method.
The other one is server/game stuff, usually, it's the exploits they might find within the game, abuse bugs and so forth to their own benefit, that is the other side of the coin where prevention is constantly patching those hacks because in there they do have the control. On this side hackers will not at all be able to hack the game once they patch it. Take the example of BDO once they patched the skill casting timers to get the server to control them, no way to exploit them anymore.
You're talking in circles.