Valve Anti Cheat

History

In 2001, Even Balance Inc., the developers of the anti-cheat software PunkBuster designed for Counter-Strike and Half-Life mods, stopped supporting the games as they had no support from Valve. Valve had also rejected business offers of integrating the technology directly into their games.

Valve started working on a "long-term solution" for cheating in 2001. VAC was first released with Counter-Strike in 2002, during its initial release, it only banned players for 24 hours. The duration of the ban was increased over time; players were banned for 1 year and 5 years, until VAC2 was released in 2005, when any new bans became permanent. VAC2 was announced in February 2005 and began beta testing the following month. On November 17, 2006, they announced that "new [VAC] technology" had caught "over 10,000" cheating attempts in the preceding week alone.

During the early testing phase in 2002, some information was revealed about the program via the Half-Life Dedicated Server mailing lists. It can detect versions of "OGC's OpenGl Hack," OpenGL cheats, and also detects CD key changers as cheats. Information on detected cheaters is sent to the ban list server on IP address 205.158.143.67 on port 27013, which was later changed to 27011. There is also a "master ban list" server. RAM/hardware errors detected by VAC may kick the player from the server, but not ban them.

Eric Smith and Nick Shaffner were the original contacts for game administrators. In February 2010, the VAC Team consisted of Steam's lead engineer John Cook and his team of 16 engineers.

In July 2010, several players who successfully used information leaked from Valve to increase their chances of finding a rare Team Fortress 2 weapon/tool called the Golden Wrench found themselves banned by VAC.

As of July 2014, unofficial sources estimate that over 2.1 million Steam accounts have been banned by VAC.

In February 2014, rumors spread that the system was monitoring websites users had visited by accessing their DNS cache. Gabe Newell responded via Reddit, clarifying that the purpose of the check was to act as a secondary counter-measure to detect kernel level cheats, and that it affected one tenth of one percent of clients checked which resulted in 570 bans.

As of May 2016, the system began banning accounts that were registered with the same phone number. Additionally, a phone number that was used on an account at the time it was banned will not be allowed to be re-registered on other accounts for three months.

The system has been criticised for failing to detect the LMAOBOX cheat for Team Fortress 2 until May 2016, which resulted in a spike of bans.

In February 2016, Valve announced plans to introduce a machine-learning approach to detecting cheats in Counter-Strike: Global Offensive, and that an initial version of the system was already in place, which would automatically mark players for manual detection by players through the "Overwatch" system.

Design

Valve rarely discusses the software, as it may help cheaters write new code or conduct social engineering.

The software sends client challenges to the machine, if the appropriate response is not received, it is flagged as a possible violation. It uses Signature Scanning to detect possible cheats when scanning the computer's memory and processes, an incident report is created whenever an anomaly is detected, it is then compared to a database of banned applications and/or analyzed by Valve's engineers. The engineers may inspect the code and run it on their own copies of the game. If the code is confirmed as a new cheat, it is added to the database of cheat codes.

According to Steam's lead engineer John Cook, to stop the anti-cheat software itself from being exploited, "The software is constantly updated and sent down in small portions for the servers as needed, so hackers only get to see small portions of it running at any particular time. So while they may be able to work around pieces of it, they can never hack everything."

Valve also accepts submissions of cheat programs and cheat websites from players through the official Steam Forums. Players may also report players they suspect of cheating through their Steam Community profile, although players are not banned from these reports alone.

If a cheat is found, the player's Steam account will be flagged as cheating immediately, but the player will not receive any indication of the detection. It is only after a delay of "days or even weeks" that the account is permanently banned from "VAC Secure" servers for that game, possibly along with other games that use the same engine (e.g. Valve's Source games, GoldSrc games, Unreal engine games). Valve never discloses which cheat was detected. Players have criticised the system for taking weeks to months to ban cheaters.

Large numbers of flagged accounts may also be banned in "waves".

Additional restrictions

Players that are banned face additional restrictions. Steam Family Sharing allows users to share their video game library with another Steam user to download and play, but games that the player is VAC banned from cannot be shared. If a user shares their games with another user, then cheats or fraud are detected on the recipients account, the original owner of the games being shared may be VAC banned and the sharing function revoked. Banned users can also not contribute to the Steam Translation Server project, that allows users to contribute new translations of Steam and its games. Users banned from a game are not allowed to refund it.

Over 300 games support VAC, players that are banned from the following games face additional restrictions:

Mods based on the games above may inherit VAC support from the host game.

Denotes GoldSrc games, if a player is banned in one of these games they are banned from all of them.
Denotes Source engine games, if a player is banned in one of these games they are banned from all of them.
Denotes games that have a stricter policy of having all servers VAC protected, and additionally bans players for editing of any game files except config files.
Denotes games that face digital goods restrictions if the player is VAC banned.

Social impact

The user's Steam profile is also marked with "ban(s) on record", which is publicly visible and cannot be hidden. An analysis of 43,465 users that had been banned between April 2011 and October 2011 showed that the more VAC banned players a user is friends with, the more likely they will also be VAC banned themselves in the future. After they were banned, they lost more friends, were more likely to increase their privacy settings and also had more VAC banned friends than non-banned players. Banned players are also sometimes referred to as going on "VACation".

Banned players are also excluded from competing in most electronic sports tournaments. In 2014, professional player Joel "Emilio" Mako was banned during a live stream, he initially denied using a cheat, claiming it was caused by "a friend of his played on one of his smurfing accounts which mail is linked to his main account" Then in 2015, he admitted to using a cheat. Hovik "KQLY" Tovmassian, Simon "smn" Beck and Gordon "SF" Giry were banned shortly before they were scheduled to play at DreamHack Winter 2014. The ESEA League claimed the bans were a result of working with Valve directly. Hovik "KQLY" Tovmassian admitted to using cheats.

Locked Items

When users are VAC banned, the items that they have in their inventory for that game, such as Counter-Strike: Global Offensive or Team Fortress 2 will be locked into the users account. They cannot trade those items or sell them on the market, which prevents the users from making profit and gifting another copy to an alternate account to cheat on again. The most expensive inventory that has been VAC banned is around ~$20,000.

False-positive detections

There have been cases where VAC has banned users for false positives.