As someone who runs an online Counterstrike platform, I can attest to this firsthand. There are literally dozens of open source cheats on Github that bypass the major anticheat services. And when one gets detected, they're usually updated in just a few days. For private paid cheats, they're very rarely detected. I've heard of people paying thousands of dollars for custom-built cheats that have gone years and years without being detected.
The cheating in the game is out of control and has been for half a decade. People still play and can find little pockets to play in to avoid cheaters (namely playing with friends or on paid services, that cut down on cheating due to the barrier to entry of cost), but it's inevitably unavoidable to consistently run into cheaters
My approach has been to run no client anti cheat outside of that built into the game (VAC), as I don't believe invading people's privacy (e.g. always-on kernel level detection) for the illusion of reducing cheating is worth it. There are better ways of hindering cheating than on-client detection, in my humble opinion.
You're talking about VAC, which is not even close to the same tier as EAC, there are no "open source cheats" that bypass the major anticheat services because they are quickly identified and patched.
Correct, VAC is very different than EAC. But it's absolutely not true that there are not open source cheats that bypass EAC, FaceIT, and ESEA. The more popular ones get patched, but I've seen a bunch of smaller ones that do not get detected – you just have to know how to find them. They may eventually get detected, but cheaters generally will just create a new account and start cheating again.
When my platform launched 6 years ago, we were the first to approach the problem of preventing cheating via non-invasive methods. We required you to have played several hundred matches in-game before being allowed to join our platform. ESEA, who are widely considered to have the best client side CS:GO anti-cheat, just recently implemented something similar, proving that clientside anticheats alone don't solve the problem.
> They may eventually get detected, but cheaters generally will just create a new account and start cheating again.
Typically games will either avoid putting low play count players in the pool with established or paying players. Both because they don't want the guy playing for the first time to be constantly creamed by heavily invested players which would drive them off but also because real time and real dollars are strong deterrent to most and at least an extreme slowdown to the remaining. The net result of anti-cheat is to make it unviable to continually cheat, not to never have hacks that temporarily work.
CS's problem is Valve has shit anti-cheat that doesn't really care to detect cheaters and even when it does it doesn't have strong new player segmentation to delay them from coming back. Both of these are reason's Valve is lax with cheaters not reason's anti-cheats aren't effective.
You probably won't be in there for long, if ever, if you're a standard new player. It's a factor most serious anti cheats consider, not the only factor.
That is you came in on an account that had existing game time or existing purchases or you hop on with a friend in good standing or you bought something in game or anything to indicate your account is actually valued by a legitimate player in some way you won't even see this process.
On the other hand if you're a fresh account with 0 time, 0 spend, and the only people that will friend you are accounts that accept every request or are known for accepting new cheaters expect you aren't just going to be dumped into the clean player pool on your first night. Not only are you the hardest type of player to prevent false positives for but you're the least likely to ever be profitable to server anyways.
Even if you aren't immediately uplifted some strategies mean you may not care if your initial nights had a higher risk of cheaters anyways matter. E.g. Fortnite is F2P but your first night you aren't likely to run into many real players. Both because they want you to get some wins to get hooked but also because it dilutes the amount of cheating new players will see.
Does popflash.site have an AC? I didn't have a problem last time I tested it.
I think your server could check for several cvars that are only enabled for cheaters using some cheats, to auto-ban them. Though this precludes externals and some better internals.
Sorry, I edited my comment after you asked. We don't have an "anti-cheat" in the traditional sense, though I've developed a few solutions to curb cheating in the past. Fortunately, it's not really a problem I've had to solve because I only offer scrimmages these days, meaning you choose who you play with. If I were to offer matchmaking, I'd be more liable to prevent cheaters from using the platform since I would be matching up people to play with.
Since my users are mostly just playing friends I don't really have rampant cheater problems like other services.
The cheating in the game is out of control and has been for half a decade. People still play and can find little pockets to play in to avoid cheaters (namely playing with friends or on paid services, that cut down on cheating due to the barrier to entry of cost), but it's inevitably unavoidable to consistently run into cheaters
My approach has been to run no client anti cheat outside of that built into the game (VAC), as I don't believe invading people's privacy (e.g. always-on kernel level detection) for the illusion of reducing cheating is worth it. There are better ways of hindering cheating than on-client detection, in my humble opinion.