Interesting, yet strangely unsatisfying.

I was hoping for some more substance, but meh, at least you guys have someone working on the issue (which I was already pretty sure you did).

I agree with Bryckk, this was a pretty unsatisfactory article. Almost no real information was given other that "we really are working on this." I'm glad to see that they at least have some of these hacking tools in order to find ways to fix the code and mitigate their use, but I would have liked a more infomation about how well they've been able to fix these issues.

How about a better explantion of what to look for? How can I tell if someone is using a speed hack if they hit me with 2 autoattacks and 3 normal attacks (not including procs) that seem to ingore the global cooldown in 1 second? 

While I appreciate there being an article on this topic, there are a couple of gaping holes in the idea of you guys doing something effective about the "hackers".

1. The article says that prevention is something being worked on.  The current list of features offered by the most popular 3rd-Party Program is astonishing and hasn't changed in recent history.  Based on that, prevention doesn't seem to be working very well.
2. The article says that detection is alive and well, and that people are being banned with very few false positives.  We have absolutely zero evidence that people are being banned.  We have evidence that they are not being banned when known "hackers" are seen still running around free.  We have evidence that there are false positives, as seen over at this post. 

---

Kladiest wrote:

While I appreciate there being an article on this topic, there are a couple of gaping holes in the idea of you guys doing something effective about the "hackers".

1. The article says that prevention is something being worked on.  The current list of features offered by the most popular 3rd-Party Program is astonishing and hasn't changed in recent history.  Based on that, prevention doesn't seem to be working very well.
2. The article says that detection is alive and well, and that people are being banned with very few false positives.  We have absolutely zero evidence that people are being banned.  We have evidence that they are not being banned when known "hackers" are seen still running around free.  We have evidence that there are false positives, as seen over at this post. 

Given those, what are we supposed to take from this article?  That you guys understand the theory of how to combat 3rd-Party Programs but cannot provide any evidence of successfully doing so?

---

+1

I would also add that the idea of a "Wall of Shame", where account names and character names on that account are posted up after they are confirmed cheating, may be a useful deterrent.

Never underestimate the power of shame to affect people's actions.  If all they have to worry about is their account being banned and having to go through the appeals process to try to get their account reactivated, then that's not a very effective deterrent.

However, if they feel that using 3rd party programs will not only get their account banned but that anyone that plays can see that all of their accomplishments are tainted and they didn't have the skill to play without using an unfair advantage, then that may be a risk they are unwilling to take.  People will always have looser morals if they feel they have complete anonymity and the only way to combat that is to remove that anonymity to a certain degree.

Looking at this from a security monitoring perspective, I can relate somewhat to how they are approaching the issue.  There are numerous incident handling models out there that all rely heavily on preparation, detection, containment, eradication and so on.  This is not new.

What I find disturbing; however, is that the third-party programs commonly used are not secret.  In fact, they seem to be much more prevalent.  As I am doubtful that the cheat code and or traffic handling protocols are changing drastically day-to -day, I can not understand why Mythic is not more agile with prevention/mitigation controls.

To me, this means that:

a) their montioring is not fully matured, making accurate detection difficult or,

b) they lack proper resources to reverse engineer the cheat programs to fully understand how they work or,

c) they lack the ability to accurately apply preventative measures or

d) they lack human resources and are in a fire-fight state of operation, reacting to reports, rather than proactively assessing the risks

e) maybe all of the above?

Whether I am accurate in the above assessment is not important.  I do appreciate the intent behind the interview, and hope that they are able to resolve this issue sooner, rather than later.  My guild recently had to post a 'no-cheat' policy, just to ensure that everyone had clear expectations.  Considering how easy it is to obtain and utilize these third-party programs, it significantly detracts from the enjoyment of the game, resulting in a loss of playerbase.  And, I'm fairly certain, this is not something any of us wants to see.

I'll be blunt.

Nice blah blah to succumb the average Joe that still has faith in Mythic in that regard, for everyone that however has a tad of technical knowledge, this won't work and will be shrugged at best.

I mean, you talked nicely around the whole issue, well done. But commonly, well known hacks, for 3-6 months STILL working without much of hack build upgrades other than implementing even more features makes all effort to save face in vain.

I mean, quickest and easiest version would be to just have war scan for a certain process / program routine running while war.exe is active. That at least would block majority of the idiots for the time being who are clueless about technical backend or would force the hacks dev to actually get into their 6+ months old source again to change something about it.

That article leaves nothing but a bitter taste in my mouth. I'd rather have watched one of Microsofts / Apples pro Windows / Mac ad clip.

It is good to know that there is at least attention and time being spent on these issues. As much as most online companies' policies may be to ignore the subject publicly, that line of communication with us, the players, often makes a very positive difference.

While I think all of us would still love to hear more news, details, etc, or ultimately hear those impossible words: "WAR: Cheat Free!", dev diaries like this at least open the discussion, and that is a good first step.

 If I might make one suggestion that I think will go miles for your playerbase - and this comes from working on another big MMO - have the CSR's or other investigative teams get back in touch with players who submit reports on cheaters, glitchers, or potential hackers. If the info they send in helps flag a cheater beyond a doubt, send them a message thanking them for the report, and letting them know that the user has been dealt with.

If you want to truly create evangelists for your game, this final step in communication is a must. A few weeks ago I reported some users who were exploiting the terrain to glitch into our LOTD Warcamp and try to kill the lord with three people - I got a note that a CSR was looking into it, but I never heard anything following. As a player, it makes me feel like either Mythic's support team doesn't care about my report, or they simply don't care about the terrain exploit itself. 

One sentence of extra communication truly does go a long way. I urge you all, as a team and as a company, to realize that the line between privacy for cheaters and communication for your players is one that becomes smaller by the day. Let those who do good know that they are making the WAR Community a better place, and everyone will be the better for it.