Closer Look: Halo Infinite’s Anti-Cheat Strategy
Today we’re taking a closer look at an important topic for any online multiplayer game – anti-cheat. To do so, we sat down with members of our PC, Security, and Safety teams to answer common community questions about Halo Infinite’s anti-cheat, discuss our overall approach, speak to what the future may hold, and more.
That said, let’s dive right in!
INFORMATION & CLARIFICATION
The first point of clarification we’d like to provide is yes, Halo Infinite shipped with its own proprietary anti-cheat system which we call Arbiter. Our vision for anti-cheat in Halo Infinite is to have as little impact as possible on the experience of legitimate players, whether that is game performance, compatibility, or privacy. We want to make the development of cheats slow and difficult, and quickly detect the cheats that do get built. We took on this work because building our solution internally allowed us to adhere to this vision and build it in the best way possible for our game over the long term.
We haven’t discussed Arbiter or anti-cheat much publicly before this for one major reason: the more detail we provide about its systems and how it works, the more information we are directly providing to cheat developers and cheat users. We want to keep as much secret as possible, for as long as possible.
Anything we can do or say – or in this case, not say, to help protect our methods – is worth it to help protect our players and their in-game experience. We know some of you may not entirely agree with our decision to keep this conversation out of the spotlight up until now, and since we don’t believe the efficacy of our approach relies entirely on its secrecy, we want to be as transparent about the current state of anti-cheat as we can.
Now, the question that’s likely on your mind is, “If there is anti-cheat, why are there cheaters in the game right now?” It’s a fair question, so let’s talk about it.
Cheating will be a never-ending battle and we’re taking an approach that will help us in the long-term and at a large scale. The good news is, we’ve already laid a lot of the groundwork to continue this fight long into the future.
To do that, we needed to ensure that we have a good strategy and approach for anti-cheat in Halo Infinite. We mention “strategy” or “approach” often because building a good anti-cheat at a game and studio level is more than just putting up a wall and hoping cheat developers won’t find a way through. Instead, we view the entire process, top-to-bottom, as an overall anti-cheat strategy.
Each aspect of this strategy originates from these core ideas:
- Prevention: This is perhaps the most vital step during the development process and can pay dividends down the road. By diving into the architecture of our game engine and restructuring it to make it difficult for cheat makers to find the information they want, we can prevent or slow down the creation of whole classes of cheats. It is especially important to us to fix legacy components that were secure enough on a console but don’t meet the bar for a modern PC game.
- Protection (through Arbiter): When most people discuss anti-cheat, this is usually the “wall” defense mechanism that they’re referring to. Protection in this case means securing the game build with this “wall” as well as securing the in-game data players may have on their computer when in a match. Prevention and protection make up the foundation of our anti-cheat philosophy and are where we will continue to make a significant investment: it’s always better to stop cheaters before they’re able to get in a match with legitimate players. Arbiter as it exists today focuses mainly on this idea.
- Detection: No matter how much work we put into prevention and protection, we know there will still be cheaters. We need to make sure we can find them and understand how their cheats are working. We can do this from within the game build itself, internal automated methods and game telemetry, as well as by investigating player reports. When players think of anti-cheat software, this is usually the most visible component and is a significant part of how commercial solutions like Easy Anti-Cheat or BattlEye work.
- Enforcement: Once a cheater has been detected, we take enforcement action by issuing bans correlated to the severity of their cheats. These bans can vary in scope (account bans or hardware bans) as well duration (temporary or permanent). As with detection, common anti-cheat software often helps handle this part.
- Improvement: If we ever stop self-reflecting or improving, we’ll fall behind. No anti-cheat system is perfect, so we need to remain flexible and iterative as we continue to improve each part of this approach over time.
By making sure our current (and future) anti-cheat work is focused on improving the areas above, we can believe that our overall approach will only get better and better as time goes on. There is no silver bullet and cheats will still be present, but we are committed to this for the long haul.
THE ROAD AHEAD
Since there is no “one size fits all” permanent solution to cheating, let’s talk about the road ahead. There will be steps we can take quickly, some that will improve consistently over time, and some larger efforts will take more time as we build out the supporting systems.
Improving Detection and Reporting
We focused a lot of our early efforts around building the tools and technology required to make an impact in prevention and protection long-term. We still believe that was the right move and we’ll continue to improve those systems iteratively over time – and we already have through recent updates – but in the short-term, we’re turning our attention to more visible issues where we have a chance to make the biggest impact right now.
We’ve heard loud and clear that we need to improve our ability to report other players in-game for cheating or toxic behavior. Right now, there’s an existing process through the Halo Support site at aka.ms/HaloReportAPlayer which leads to direct investigations from our Safety team. Every report of cheating is reviewed by a member of the Safety team, and we're grateful to all of you who have submitted a ticket and helped us take action. While our current system is impactful, we know we want to streamline the reporting process and make it even more intuitive by building the functionality completely in-game. It’s a feature we’re working on, but it will take time as we build and polish all the supporting systems needed in the pipeline to make it run smoothly and accurately. As we get closer to the time when this feature is ready to ship, we’ll be sure to share more.
Halo Infinite's temporary and permanent bans have been effective at keeping accounts and devices with evidence of cheating out of matchmaking. However, since our multiplayer is free-to-play, some cheaters create new accounts or appear on new devices in an attempt to evade our enforcement actions. We typically catch ban evasion fairly quickly, but there is more we can do here and we’re pursuing multiple different solutions.
One way that we’re adding additional friction to people creating new accounts is introducing a requirement to play a certain number of multiplayer games before you can queue for ranked games. We’re currently planning to set this number at 25 games – though that may change before we enable this – as we think this not only to keeps the player out of ranked for a while but also gives our other systems a chance to detect them as a current or recurring cheater. We expect this will also help new players find their footing in social playlists before they jump right into the more challenging Ranked experience.
On that note, we’re also looking into additional ways we can identify banned players who are creating new accounts on the same device without having to rely solely on the device information that we have right now. There are a few efforts underway here and nothing, including leveraging third-party solutions in combination with our existing work on Arbiter, is off the table. As with our improved player reporting, we’ll be sharing more about this work as we get closer to a release.
We are committed to continuously improving our anti-cheat systems and strategies. We added a few improvements in our mid-season update and we will drop updates to address cheating as soon as they become available (rather than waiting for another large patch to ship with).
Thanks for your continued support as we continue this work. While this is always on-going, we encourage you to provide feedback on our approach and continue to report cheaters on the Halo Support site at aka.ms/HaloReportAPlayer. Before we wrap up here though, we also wanted to answer a few common community questions directly below.
We’ll catch you all online!
Why doesn’t Halo Infinite currently use a third-party anti-cheat software like Easy Anti-Cheat (EAC)?
When we decided to build Arbiter early on we felt that for the long-term health of our game we needed to build the entire anti-cheat end-to-end. That includes handling the detection and enforcement aspects that are usually provided by products like Easy Anti-Cheat or BattlEye. Building the whole solution in-house is a pretty common approach in the industry for studios who maintain multi-year live games like Halo Infinite. There's nothing wrong with using a commercial anti-cheat, and like everything else it definitely isn't something that we have completely ruled out as a way to augment our existing solution, but most anti-cheats don’t have a strong focus on prevention and protection and therefore we needed to build Arbiter anyway. We’re certainly evaluating what it would look like to use both Arbiter and another third-party solution together.
Have we reconsidered implementing a kernel level anti-cheat?
This is definitely something we have considered, and we know it can be a hotly contested issue both for players and for game developers. At the moment our solution doesn't leverage a kernel driver for a few reasons.
On the technical side, you do get a lot of advantages for using a kernel driver that are really difficult - or impossible - to do at the application level. But there is a lot of peripheral work that needs to go into building and supporting an anti-cheat that includes a kernel driver. To write the driver you need to make sure you have in-house kernel development experts. Stability becomes a serious concern because if you have a bug, you don't just crash the game client, you bug check ("blue screen") the entire machine. You need to either run the game as administrator to start the driver when the game starts, or you need to install an administrator service to do it for you. If the latter, then you need to write that service and keep it updated. Making changes to the driver requires signing and certification steps that add more time to an already lengthy release pipeline. On top of all that, you're guaranteeing an escalation in the technical complexity of the cheats that do get developed to bypass your anti-cheat.
Looking at it through the lens of our anti-cheat philosophy, you can see how all of the above doesn't align very well with our "be as unobtrusive and invisible as possible" ideals. Many players are also concerned about privacy and providing a game developer with unfettered system access. While that may not be as much of an issue as people believe, it does feel like an overreach as a game developer.
All that said, we're committed to building what is necessary to protect the experience of our players. Nothing is completely off the table. If we did end up wanting to leverage a kernel driver, it’s likely we would use an existing third-party solution to provide that for us rather than build that component in-house.
What was the removal of red reticle meant to do? Why did you speak to it but not other aspects of anti-cheat before this?
Our desire to have anti-cheat be as unobtrusive and invisible as possible is still at our core, but this is one area where pursuing a more secure experience does show up to the player. For that reason, it needed to be discussed as many people were beginning to think it was a bug impacting their weapons and their ability to aim, which was not the case. In no way were we touting it as a “flagship” anti-cheat measure, it’s just one that happened to be player-facing and therefore we wanted to provide the “why” behind our decision.
To speak to the “why” again, one element of preventing widespread cheating is to make it more difficult to create cheats. Removing red reticle on PC reduces the ease of creating some homemade cheats, with trigger bots being the most common of the bunch. Rather than allowing players to create their own “If pixel X turns red, then fire” cheat, we opted to raise the barrier and therefore reduce the number of cheats people can trivially develop.
We’ve heard the calls for it to be reinstated because there are cheaters in the game anyways, but other cheats existing does not mean we should lower our guard in other areas. We’ll continue to keep an eye on this, but we still believe this is the right decision for the health of the game as it stands right now.