I really do not understand how server anti cheat is not way easier.
In a clean slate, it is. It’s also way more effective (except for things like wall hacks, aim bots, recoil suppressors, etc, but most of those things are only really important and popular in competitive FPS). It’s also much simpler to understand and to leave no “holes” behind. It also lives in the developers domain so it can’t be “compromised” or circumvented.
The thing is that client side “anti cheat” can be commoditized. Every game with server authority/anti cheat needs specific server software to run their game logic. Client anti cheat is basically “look at everything else running on the system and see if any of it seems suspicious”. As such, there’s not really anything “game specific” to these - they basically are just a watch dog looking for bad actors - so as such, one company can come along, make one, and sell it to other devs.
This being “off the shelf” and not something the dev team has to think about besides a price tag means that management is just going to buy a third party solution and check off the “anti cheat” box on their task list.
I feel like devs are caught up on realtime anti cheat and not willing to do anything asynchronous.
First, this is a management problem and not the devs. Any dev worth their salt knows this isn’t really a good solution.
But I’d say the more relevant and prominent thing here is that game companies just don’t want to have to run servers anymore. It’s a cost, requires dev time, and requires maintenance, and they don’t want to do that. If these games had servers running the game world like games used to, they’d inherently have their own “anti cheat” built in for free that wouldn’t necessarily catch everything but would do a better job than some of these. And it could be enhanced to cover more bases.
But studios don’t want to do this anymore. It’s easier to make the game p2p and slap an off the shelf anti cheat and call it a day.
Some games still require matchmaking servers etc, but the overhead there is way lower.
Or they really like paying licensing fees for client-side anticheat.
Not that I agree with the decision, but it is definitely cheaper and faster than the alternative. But picking something like nprotect totally fucking baffles me. There are better options.
I just don’t understand how any competent software engineer or systems admin or architect trusts the client so fervently.
In some ways, same. Every project I’ve been on that has gotten anywhere near client side trust I’ve fought adamantly about avoiding it. I’ve won most arguments on it, but there are some places where they just utterly refuse.
But then there are things like New World… I don’t know how the fuck that shit released like it did. The number of things trusted to the client were absolutely baffling. I expected Amazon’s first foray into gaming to be a fucking joke, but I was totally appalled at how bad it turned out. They even touted hiring ex blizzard talent to get my hopes up first.