[AntiCheat] Game Security: The Uncomfortable Truth About Manpower

@codewiz · April 23, 2012 · 6 min read

Among domestic game security companies, our company is the smallest and the latest entrant. Consequently, in company meetings, we often hear doubts about our capability to provide adequate support with our limited manpower. Ironically, many of these companies, after using our services, commend us for our excellent support and effectiveness in catching hacking tools. Why is this?

The uncomfortable truth that many game companies fail to realize lies in something called MPS (Man Per Site). MPS refers to the number of personnel allocated per site. What do you think this number is? Could it be 1? Obviously not. If it were, game security companies would have gone bankrupt a decade ago. So, what is it? It's much lower than you might expect. Companies achieving an MPS of 0.1 are rare. This means that not even one person is effectively covering ten game sites. Conversely, one person has to cover more than ten sites. How can effective security and hacking tool control be expected under such conditions? This is why even major companies struggle to block hacking tools. It's not due to a lack of interest, but a lack of manpower. Naturally, our MPS is above 0.1, at least for now. That’s why we can do better than other companies.

So, what would be an adequate MPS for controlling hacking tools? I believe the minimum should be 0.57. Why this number? It represents four people covering seven sites. Where does this 4-person team and 7-site figure come from? Typically, a popular online game is likely to be launched in about seven countries. So, managing one game with four people is like managing seven sites. What roles would these four people have? They would be in charge of searching, analyzing, developing, and QA. Can this team manage? Honestly, with such a team, almost every hacking tool can be effectively countered, assuming the necessary infrastructure is in place. Without it, what can four people do? And of course, this assumes these four people are exceptionally smart.

The sad reality, however, is that many game companies, despite claiming interest in blocking hacking tools, are reluctant to invest even in achieving an MPS of 0.57. Most domestic game security companies sell their products on an annual subscription basis. But the subscription fees have barely changed from ten years ago. By today's standards, an annual subscription usually covers an MPS between 0.1 and 0.2. So, it's challenging for companies to allocate more than an MPS of 0.1 after covering all their costs. In this situation, it's unfortunate that even major game security companies don’t reevaluate their approach. It's common to see a chicken game being played in this field. That’s why even if game security products want to improve, they often can't.

Now, I hear murmurs about economies of scale. Indeed, as companies grow, naturally, more manpower becomes available. But it's a big mistake to assume that among these many employees, there are those monitoring your game forums or hacking tool forums. They don't. Why? Because these numerous employees are shared resources. They have too many other tasks to attend to. Will they do it on their own initiative? Honestly, no. People are human. If they find a spare moment, they're more likely to go for a smoke than monitor these platforms. So, including shared manpower in these calculations is nonsensical.

Next comes the argument about developing technology for source blocking. But this is a really frustrating point, or perhaps a misconception by game companies. To clarify for many who misunderstand what source blocking means: when game security companies talk about source blocking, they refer to the ability to automatically counter tools made by someone who learned Visual C++ for a week and modified a tool from a hacking community by changing some variable offsets. Sadly, as you may well know, even this often doesn’t work as well as hoped. So, if a company mentions source blocking in a meeting, understand it as a technology to block basic-level hackers, and think, “So other companies can't even do this.”

Those numerous undetected green ones!!! Dizziness ㅠㅜ~<br><br>However, if you use a good game security product at MPS 0.57, it's not impossible to get off that list.

Those numerous undetected green ones!!! Dizziness ㅠㅜ~

However, if you use a good game security product at MPS 0.57, it's not impossible to get off that list.

So, what are the real hacking tools that trouble game companies? Are they just toys created by kids? Certainly not. The paid hacks that cause serious concerns for game companies, and even lead to the shutdown of game services, are crafted by individuals who have spent years honing their skills in Visual C++ (and it’s a misconception to think hacking tool sources are sloppy). They are proficient in assembly language and reversing, and some create these tools as a side job for income. In extreme cases, corporations are behind these tools, and these companies can be even larger than security or game companies. Using the term "source blocking" for these sophisticated tools is like guaranteeing it won’t rain for a year or promising that a stock will continually rise to 5000. It's an assurance about something that will happen in the future, which is obviously nonsensical. There's no such thing as source blocking in this context, and using that term is nonsense.

Then what's the difference? It all boils down to how swiftly and accurately a company can respond when a hacking tool emerges. Naturally, this response means changing those ubiquitous green "Undetected" labels to red "Detected" labels for at least a couple of days. This level of suppression might seem insignificant, but it's crucial. I recommend visiting the hacking tool pages after your security product updates. You'll quickly realize how eternal these two days can feel. And if your chosen security product is truly exceptional, you might witness the miracle of your game being permanently removed from those lists.

Everyone wants to play a fair game because that's what makes it enjoyable.

Everyone wants to play a fair game because that's what makes it enjoyable.

The gaming market is continually growing, and naturally, the black market associated with it is expanding as well. Nowadays, with the release of online games, certain questions always follow: What anti-cheat solution is being used? What are the measures against cheats? This indicates that such considerations have become standardized and are incredibly important in the realm of online gaming. Now, let's draw a conclusion. Yes, having a large number of employees in a company doesn’t necessarily mean there are more people paying attention to your game. Moreover, to better block and manage hacking tools, a minimum investment towards achieving an MPS of 0.57 is essential. If these conditions are met, creating a clean online gaming environment is certainly not an impossible task.

For those who haven’t yet grasped the full context of this discussion, let me add just one more thing, 😆:

When it comes to game security, think XIGNCODE, XIGNCODE – that's the answer. 😄👍

manpower2
manpower3
manpower4

Someone who has tasted meat eats well, someone who has experienced love loves well,<br><br>and someone who has tried to block hacking tools blocks well.<br><br>We have the best team, and that's why we can hear such stories like this.

Someone who has tasted meat eats well, someone who has experienced love loves well,

and someone who has tried to block hacking tools blocks well.

We have the best team, and that's why we can hear such stories like this.

@codewiz
Looking back, there were good days and bad days. I record all of my little everyday experiences and learnings here. Everything written here is from my personal perspective and opinion, and it has absolutely nothing to do with the organization I am a part of.
(C) 2001 YoungJin Shin, 0일째 운영 중