Steamed: Valve Software Battles Video-game Cheaters

Video-game company Valve takes the fight against cheats directly to players' computers

4 min read

Listen to David Kushner discuss Valve Software's ongoing battle with cheaters and hackers with Spectrum's Steven Cherry on This Week in Technology.


The enemy is closing in. Hordes of desperate soldiers battle their foes in a ravaged city. But one of the opposing fighters seems more nimble than others. He’s nailing his targets with ease, blowing off limbs and racking up his score. It’s as if he has X-ray eyes.

The battle is taking place in an online action game, Counter-Strike, and the nimble soldier is being controlled by an anonymous player. And he’s not playing fair. He’s using an online cheating program that increases his speed and allows him to see through walls. For Valve Software, the Bellevue, Wash.–based creator of this and other best-selling computer games such as Half-Life and Left 4 Dead, it’s not just a nuisance, it’s a real-life war. The company has discovered more than 200 000 different types of cheating programs being used by gamers online. There’s even a cheat-code black market, where downloadable cheats go for roughly US $10 a pop.

“Everyone wants to play in a secured service,” says Jason Holtman, Valve’s director of business development, “and you can’t play securely when someone’s cheating.” So now the company’s engineers are battling cheaters via Valve’s online gaming service, Steam.

Development on Steam began in 2001, and the service was launched in 2004 in conjunction with the release of the game Counter-Strike: Condition Zero. Valve founder Gabe Newell and his team originally conceived of Steam as a delivery platform for the company’s titles. As more gamers migrated online, Steam became a farm league for indie developers ( Media Molecule, maker of LittleBigPlanet, delivered its first game, Rag Doll Kung Fu, on Steam). “We always knew we wanted to support a set of games,” says Steam’s lead engineer, John Cook, one afternoon in Valve’s military green conference room, adorned with life-size models of weapons from the games.

Today Steam is a full-blown social and distribution network with more than 570 titles, 20 million subscribers, and 14 languages including Polish and Thai. After downloading the Steam client for free, gamers use it to buy and download games, participate in an online community, and receive software updates for titles they already own. At any given moment, Valve moves a staggering amount of data—40 to 80 gigabytes per second—worldwide. To maintain this, it uses roughly 200 servers in 40 countries including the United States and Russia.

But for all the innovation, Valve is engaged in a meta-game of its own—fighting the cheaters who want to exploit the system. It may seem petty to outsiders, but in the video-game industry, which, according to technology research firm NPD Group, takes in $18 billion annually, having a secure play environment is essential. “Cheating is a superserious threat,” says Cook. “Cheating is more of a serious threat than piracy.” The problem first showed up on the company’s radar in 2004, after it heard rumors that a cheater had devised a way to see through walls. “Our reaction was, we want to keep our games online as long as possible,” says Holtman, “and we couldn’t do that with this going on.”


The company combats this with its own Valve Anti-Cheat System, which a user consents to install in the Steam subscriber agreement. Cook says the software gets around antivirus programs by handling all the operations that require administrator access to the user’s machine. Periodically, the company transmits ”client challenges” to a player’s machine, running software that scans for cheat codes. The Anti-Cheat software might, for example, trigger a dormant code on the player’s machine. If the machine doesn’t send back the appropriate response, the code alerts Valve to a possible violation.

Valve also looks for changes within the player’s computer processor’s memory, which might indicate that a cheat code is running. Finding anomalies is not difficult. The company knows what series of operating code is required to run the game and can spot suspicious activity. Once code is suspected, it’s turned into an incident report, which is analyzed by Cook’s team of 16 engineers. Sometimes code is determined to be a standard privacy or security measure.

“We can see it and say, ‘Oh, that’s just antivirus software running the background,’ and flag it as okay,” says Cook. Valve keeps a directory of cheat codes and can compare new incident reports to others in its database. The team then tests out the code using copies of their own game. Once designated as a true cheat, it’s added to the database for future reference.

Valve’s Anti-Cheat software raises privacy concerns. “Any time you, as a user, allow someone to run software or a process on your system, then you’re not in control,” says Lee Tien, senior staff attorney for the Electronic Frontier Foundation, a San Francisco–based nonprofit advocacy group. But, he says, such measures are not unique. “This is an inherent issue in the gaming industry and a lot of other industries,” he says. ”It’s hackers versus these companies.”

Cook says the company is taking steps to ensure that hackers don’t exploit the Anti-Cheat software itself. “The software is constantly updated and sent down in small portions for the servers as needed,” he says, ”so hackers only get to see small portions of it running on any particular time. So while they may be able to work around pieces of it, they can never hack everything.”

Cheaters are getting more brash and crass, however, posting videos of their exploits on the Web to lure buyers. But Valve has raised its profile, too, spreading word throughout the community when cheaters get caught—just in case any bad guys don’t think it’s on the case. Cook hopes Valve can win the war by fighting its enemies with the most potent weapon of all: permanent bans. Once a cheater is found, Valve ties a product key to the Steam account so that the player can be tracked and banned from playing its games. In total, more than 20 000 cheaters have been blocked since 2002. ”No game is fully cheatproof,” says Cook, ”but we’re desensitizing people to this. Nobody wants to lose their account.”

Listen to David Kushner discuss Valve Software's ongoing battle with cheaters and hackers with Spectrum's Steven Cherry on This Week in Technology.

About the Author

Contributing Editor David Kushner is the author of Masters of Doom (2003), Jonny Magic & the Card Shark Kids (2005), and Levittown: Two Families, One Tycoon, and the Fight for Civil Rights in America’s Legendary Suburb (2009). He wrote IEEE Spectrum ’s September 2009 cover story, “The Making of The Beatles: Rock Band.”

The Conversation (0)

How Health Care Organizations Can Thwart Cyberattacks

The Rethink podcast covers prevention strategies and more

3 min read

Ransomware and other types of cyberattacks are striking health care systems at an increasing rate. More than one in three health care organizations around the world reported ransomware attacks last year, according to a survey of IT professionals by security company Sophos. About 40 percent of the nearly 330 respondents from the health care sector that weren't attacked last year said they expect to be hit in the future.

In the United States, the FBI, the Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services were so concerned with the increase in cyberattacks on hospitals and other health care providers that in October they issued a joint advisory warning of the "increased and imminent cybercrime threat."

Keep Reading ↓ Show less

Charging Rooms Can Power Devices Without Wires

New wireless charging technique can scale down to toolboxes, scale up to factories

3 min read
The University of Tokyo and Nature Electronics

Wireless power holds the promise of freeing devices from batteries and cables, but commercial systems are usually limited to charging stations. Now scientists have developed a way they say can safely charge devices anywhere in a room.

Moreover, "this approach could scale down to charging toolboxes and up to wireless charging warehouses," says study lead author Takuya Sasatani, an electrical and computer engineer at the University of Tokyo. In the future, it could also power implanted medical devices, "which currently have critical challenges in their power supply," he adds.

Keep Reading ↓ Show less

Design of Safety Critical Devices - Resolve the Conflict: reduce time to market and development costs while optimizing reliability & safety. exida's OEMx™ takes you from requirements to architecture review to detailed H/W and S/W design (FMEA to FMEDA) to accurate safety & reliability predictions quicker and at reduced cost.


Keep Reading ↓ Show less

Trending Stories

The most-read stories on IEEE Spectrum right now