-3

On of the rules for app validation for the Windows Store is:

3.9 All app logic must originate from, and reside in, your app package

Your app must not attempt to change or extend the packaged content through any form of dynamic inclusion of code or data that changes how the application interacts with the Windows Runtime, or behaves with regard to Store policy. It is not permissible, for example, to download a remote script and subsequently execute that script in the local context of your app package.

[emphasis added on last sentence]

AFAIK many anti-cheat softwares work by downloading and executing an executable file every 30 seconds or so, and reporting back the result. This obviously cannot be accomplished if you aren't able to continually download it yourself and execute it.

So, is there something different which works on Windows Store and is good enough, or will Windows Store games just lack anti-cheat features for now?

Nathan Reed
  • 33,657
  • 3
  • 90
  • 114
o0'.
  • 3,370
  • 2
  • 34
  • 51
  • 3
    @Lohoris: Accept the fact that individuals less informed than yourself may be the first to answer questions on quieter sites. The proper response is to explain why the first answers are inadequate, and wait for more informed individuals to spot the question. Some questions, when technically challenging, may take a week or two to be spotted and answered appropriately. Why the rush? – Pieter Geerkens Nov 23 '13 at 22:05
  • 1
    @Lohoris: Bravo! I am on this post, because I am interested in seeing what the consensus turns out to be. At some point in the future I may be making a similar analysis. Let's see what turns up. – Pieter Geerkens Nov 23 '13 at 23:52
  • @PieterGeerkens thanks. Problem is, I don't want to turn this into a "what anti-cheat is best, if at all" post, that would be OT. (that's why that answer made me angry) – o0'. Nov 24 '13 at 11:16
  • @Lohoris you asked if there was "something different which works on Windows Store and is good enough". If you aren't willing to accept alternatives as answers, then that leaves only "yes" and "no". If the only alternative you will accept is something that will function identically to the thing you know is not permitted, then you aren't really asking for alternatives at all; you're just complaining. (And since the first revision of you question did berate the platform itself, perhaps that is exactly your intent.) Complaints disguised as questions are off-topic, of course. – Seth Battin Nov 24 '13 at 23:47
  • @SethBattin an "alternative" is such only if it works. If it is so inferior to the original one to be pointless, then it's no alternative, it's just a "no" answer. Obviously I'm asking because I can't rule out there is an alternative (which actually, you know, work) of some sorts. – o0'. Nov 25 '13 at 10:58
  • Then like @PieterGeerkens said, you should explain why those answers don't work. Or be proactive, and expand your question to explain what criteria you are trying to meet. You could explain what types of cheating you are worried about. You could even elaborate about the game you're trying to protect. Give people the opportunity to give you good answers; you haven't done that yet. – Seth Battin Nov 25 '13 at 22:43
  • @SethBattin uh, he did explain himself why it doesn't work: don't trust the client. While the solution I'm talking about is (obviously) much more hack-proof. If I elaborate more than that, it risks becoming a discussion, instead of a question. – o0'. Nov 26 '13 at 08:47

1 Answers1

1

You could just add the anti-cheat tool to your store package and rely on the stores update-mechanism for keeping the anti-cheat component up-to-date.

Before you wonder if this might undermine the security of the ACT and might make it possible to manipulate it, keep in mind that ACT's can't be effectively protected from manipulation anyway. Never trust the client!

Philipp
  • 119,250
  • 27
  • 256
  • 336
  • It doesn't work this way. The anti-cheat usually downloads a new EXE to the client every 30 seconds, and this is why it kind-of works, usually. – o0'. Nov 21 '13 at 16:00
  • 2
    @Lohoris What a pointless waste of bandwidth, just for some inefficient snake oil. http://gamedev.stackexchange.com/questions/54924/stronger-hack-proof-mmo-game-comparison-game-client-based-vs-via-web-browser – Philipp Nov 21 '13 at 16:09
  • I'm perfectly aware that you can't trust client-side data, I agree with you. Still, there are some situations where you just can't avoid that (think: aimbots in FPS). This system of downloading EXEs is actually quite efficient, you just can't bypass it: if you run the EXE, it will detect the cheat, if you don't run it, you don't have the response to give to the server and you get kicked out. Nothing is un-hackable, but hacking that would be orders of magnitude more difficult. I thought that was common knowledge... – o0'. Nov 21 '13 at 16:20
  • @Lohoris - Is the exe going to be small enough to reliably download every 30 seconds and still robust enough to actually detect things? How do you generate a different exe so quickly such that the user can't just keep running a hacked version to get the correct response? – Bobson Nov 21 '13 at 20:08
  • @Bobson I did not make this up FFS – o0'. Nov 22 '13 at 08:57