STEAM GROUP: bashandslash

Gaming Ethics: PunkBuster Part 3/3
Written by jockyitch   
Tuesday, 29 January 2008

In this third of a three part series on gaming ethics, we talk about PunkBuster and the "level playing field".

One of the most exciting developments to attempt to level the gaming playing field centers around spotting full-fledged cheats. While some seasoned gamers claim to be able to spot cheats, like aimbots and wall-hackers, the sophistication of the hackers who come up with these devilish pieces of code keeps on increasing. How then, can the average gamer ensure that there are no cheats on the server they play on?

Approximately eight years ago, the answer to this question came galloping onto the FPS scene, mounted on a white-charger: PunkBuster to the rescue.

To tell our readers all about PunkBuster and its developer, Evenbalance, is Micah, lead engineer at Evenbalance.




BS: Micah, thanks for agreeing to answer some of our questions today. First off, having played you in CoD2 on a few community servers around the net I must say you are a great player* - but I had not until recently known that you worked at Even Balance. I suppose your [PBSTAFF] tags should have given that away. LOL. Can you give me a little autobiography and what is your role there at Evenbalance?

Micah: Even Balance hired me almost four years ago to be their lead engineer.  I work with game development teams to integrate PunkBuster into new game titles.  When I'm not on the road doing new game integrations, I work daily to detect the latest cheats and improve PunkBuster technology.  Even Balance headquarters is located in Houston, Texas, but our staff is international.  There are roughly eighteen people at Even Balance these days all performing various tasks from support to research.

Personally, I've been into computers and programming for a long time.  My dad bought me a Commodore 64 when I was still in elementary school.  That C-64 became my first real experience with a PC.  I was hooked from my first endless loop.

I'll also admit that I have a weakness for "Call of Duty 2" and frequent several servers just to get some game time in.  It's a fun, fast paced game and the custom maps keep things interesting.

*jock: Micah is too humble to say that he pwns me when I play him. Damn his humility! LOL. 

BS: I remember reading somewhere that PunkBuster came out of a grass-roots community effort. Where did PunkBuster come from? Whose idea was it? In generic  terms, how does it work?

Micah: In late 2000, Tony Ray, the President of Even Balance,  came up with the idea to develop a client/server package that would “watch over the shoulders” of players similar to a referee at LAN competitions.  At the time, Tony was an avid Half-Life player and even an admin for a league.  At one point a commercial company released a video card and driver that marketed it's ability to help  people play dishonestly.  Tony decided he could either quit playing the game or try to contribute to a solution.  I know many gamers out there are happy he chose to fight.

Taking a page from our website, PunkBuster is an: 
"Auto-updating, real-time scanning, anti-cheat system for online multiplayer games"
- Evenbalance 
The best way I've found to describe PunkBuster is to say that it works like an anti-virus program.  PunkBuster constantly scans a player's computer looking for cheat programs.  If the scanner finds a cheat, it reports the findings back to the game server.  We work all the time to issue new and improved versions of PunkBuster.  All of this happens in the background while the player is playing the game.

BS: How did Evenbalance get involved with Activision?

Micah: Activision was the publisher for iD Software at the time and they wanted PunkBuster in their first-person shooters after seeing how it worked in "Return to Castle Wolfenstein".  We've worked with them on many of their biggest hits, including, of course, the "Call of Duty" series.

BS: What is Evenbalance's philosophy on hacking. Where do you draw the line? Here for example is a quote from
"Scripts are allowed, as long as they do not go out-side of the anti-cheat config cvar ranges, and pb's cvar ranges."
Is this philosophy shared by Evenbalance as well. If so, where can we get those ranges (are they different than the ranges IW sets in game)?

Micah: Let me answer the part about the cvars first and then I'll talk about what you might call our "philosophy" on cheating.

In areas like cvars, where different settings might be acceptable to some admins and not others, we only provide the tools so an admin can check them.  A server admin can choose if they want to check and kick for very specific cvar settings or not.  PunkBuster's screen shot facility is another example of a subjective tool.  Administrators must look at and evaluate each screen shot to determine if it contains proof that the player is cheating.  Communities like PunksBusted and  PBBans provide a great deal of help to server admins that want to get the most out of PunkBuster's subjective tools.  Most of these communities publish recommended configurations that include cvar checks.  The communities also frequently have screen shot review forums so an admin can get outside perspective.  On the other hand, when PunkBuster kicks for a cheat, it is doing so because it has found a specific cheat program in memory.

In terms of "philosophy", the staff at Even Balance were all drawn here because they have a strong desire to create a fair playing field for multiplayer gaming.  Many of them joined Tony in the early days when PunkBuster was purely a volunteer effort.  The motivation wasn't money or a business, it was simply a decision to take a stand and fight.  Over the years we've discovered that, just like the real world, cheating goes hand-in-hand with other immoral behaviors such as lying and stealing.  It is unfortunate that many people think they can cheat and lie in one area of their life and that it will not effect the rest of their life.  I guess personally I hope that a young person playing one of the games we support will learn accountability in an arena where it doesn't cost them a job or a family.

BS: Multihacks are becoming more and more sophisticated lately. What are you seeing? Is it more of a problem now than it was a few years ago?

Micah: Cheating methods and techniques are constantly evolving.  To me, it's proof that Even Balance has had a major impact on cheating.  The evolution that we've seen over the years has little or nothing to do with what the cheats do.  From the first days of cheating, they have all allowed a cheater punk to see what they should not or aim in some automated fashion.  The difference today is that cheat authors spend a *huge* amount of their time trying to hide their work.  The sophisticated parts of today's cheats are all about keeping it out of our hands.

BS: Can you guess what the ratio between hackers to regular players is?
Micah: We don't keep updated statistics on things like the ratio of hackers to fair players, but I can tell you that games that add PunkBuster after an initial release see a significant drop in hacking.  I think in many cases players can be persuaded that somebody else is hacking by false accusations.  That means the perception that there are a high number of hackers may vary greatly from the truth.  More than once I've been suspicious of somebody because of an incredible kill streak, but then I've also had some lucky kill streaks myself.  It's important for server admins to stay active on their servers.  Reviewing screen shots, tweaking PB configs, and reviewing complaints all help manage the perception.

BS: We did a BASH episode on hacking, Haxer! , awhile back in an attempt to provide Server Admins some advice on what to look for when it comes to hacks. Do you have tip sheets/manuals/readme's? Is there anything that would allow the admin/player to spot hackers.
Micah:   The best advice I can give server admins is to get plugged into a community of admins that know the game and can recommend useful PunkBuster settings for that game.  A stock configured game with PunkBuster is really effective, but enhancing cvar checks and reviewing screen shots/logs is a good idea too.

We have administrator manuals posted on our website for the games we support.  These can also provide some information about the more detailed PunkBuster features.

As an example, the link for CoD and CoD2 admin manuals are as follows:


BS: Many professional hackers are starting to get into this act. Here is an example of how brazen they are:



Another such site is
Is there an active campaign at Evenbalance to catch these types of professional hacks.

The hackers above claim they have not been caught by PB and won't be. How are these guys getting away with this?

Micah: I'd like to quickly reference my previous comments about cheating:  cheating and lying go hand-in-hand.  Very frequently "commercial" sites pop up to sell a cheat that "is not detected, never has been detected, and never will be detected by PunkBuster".  These people are simply scammers.  They are just like spammers, phishers, and warez peddlers.  They may provide a cheat that works and maybe even works for some period of time, however invariably their cheat gets busted and their customers get banned.  It's very interesting to see the reactions of these commercial cheat providers when their cheats are detected.  The mob of angry customers ask questions like, "Why was I caught?  I thought that we would  never get caught."  and "Why does the main page still say 'undetected' when my CD key was just banned!?!".  The response is almost always some form of redirection:  "It wasn't our cheat.", "We will have a new, super cool, undetected cheat soon." or even better "Remember you didn't pay us for the cheat, but just access to this special forum."

Our research staff get a lot of help from people in the community that send us private and commercial cheats.  In some cases, a cheat author from another site will send in the competition's hack just to get it busted and drive more business to his own scam site.

BS:  Does PB look for specific hacks or does it have heuristic capabilities (can it catch generic hacks)?
Micah: PunkBuster's scanner is always looking for a specific hack.  Because many of the cheats have evolved in the direction of Operating System modifications, we've also extended PunkBuster to check the integrity of the environment that it is running in.  That means if a cheater punk modifies his operating system in an attempt to spoof or bypass our detections, we're also going to catch them.

PunkBuster makes no determinations heuristically.  A heuristic approach is simply too unreliable to use in a large-scale system like PunkBuster.  For heuristic approaches, cheater punks simply tune down their cheat programs so that they fall under the heuristic algorithm, but they are still cheating.  Also, heuristic approaches have a good chance of falsely accusing a player that is just really good on a particular map or a particular game.  This is the major reason that we don't use any sort of heuristics in our anti-cheat approach.
BS: Does PB search all folders in your computer? Or is it limited to gaming folders?

Micah: PunkBuster software is very invasive software by necessity.  An anti-cheat system that limits itself to a particular area of a computer, the game folder for instance, is crippled from the very beginning.

Cheat authors would simply move their cheats outside the game folder. PunkBuster software is not limited on the areas that it can scan if it needs to in order to catch a particular cheat.  I'll also comment that scanning each and every file on a computer hard disk would not make for a very effective anti-cheat system.  Our privacy policy also might be useful reading for players that want to know more:
BS: There are rumors that PB tracks where you go on the net. Is this true? Quite honestly I'm a little nervous about PnkbstrA running all the time.

Micah: We do not collect or maintain any personally identifiable information regarding players.  PunkBuster does not track web surfing habits or log instant messaging conversations.  Many of the privacy invasion rumors out there are started by cheat authors in an attempt to spread misinformation about PunkBuster.

The PunkBuster services (PnkBstrA and PnkBstrB) are purely a technical necessity. With the release of Vista and undoubtedly all future Microsoft OSs, video games must be run at the lowest possible security level.  Since PunkBuster must have access to the entire memory space, it cannot be restricted by the "least privilege possible" rule.  The services allow a player to run a game without administrator level privileges and still have the benefit of PunkBuster.  PnkBstrA is running at startup because a limited access user doesn't have the rights to start a service.  If you do have administrator level privileges on your computer and are comfortable with stopping and starting services, you can simply stop PnkBstrA until you are ready to play a PunkBuster enabled game.  Just make sure you remember to start PnkBstrA again before connecting to a PunkBuster enabled server or you will be kicked. Stopping and starting the service manually is not recommended nor is it something we officially support.
Here now are some questions from our BASHBoard forum-goers: 
1. "Can PB optimized? PB seems to slow my PC for up to 5 minutes! If that happens on a S&D match, you´ll die for sure on the firsts rounds. What is PB checking for?" - EagleEye|JohnDoe
Micah: We are very sensitive to performance and test to make sure that PunkBuster is not consuming more resources than necessary.  A slow down for five minutes is not normal and should be addressed with our support team. 
You can fill out a trouble ticket on our website and work directly with them to find a solution:
Also, it can be helpful for players with performance issues to do routine PC maintenance.  That might include virus scanning, disk optimization, and disabling unnecessary processes while playing the game.  Since PunkBuster is an additional service that runs along side an already demanding game, it is important to make sure your system has adequate RAM and processor for the game.  If your system is on the border-line between minimum and "out of spec" for a game, consider upgrading some components.  Since PunkBuster scans all of memory looking for cheats, running several programs on a low RAM system is likely to cause excessive page-swapping to the harddrive.  This, of course, slows your machine way down.  I'd highly recommend taking a look at the processes running on your system before you play a game and killing anything that is not absolutely necessary to run.
2. "When a new update comes out, and the client downloads it, and the server doesn't, why does the client get kicked from the server? Isn't the software backwards compatible?" - [DBTRS]Deuce
Micah: PunkBuster's auto-update system works by having the game server first download the new client update and then the game server pushes the update out to the connected players.  If you are being kicked from a particular server because of a version mismatch, you'll need to contact that particular game server admin and have them update their server to the latest version of PunkBuster.

BS: What have you got in store for the future at Evenbalance? Are you  working on a smarter PB? Or are you just keeping up with the ever growing number of hacks out there?
Micah: Yes, definitely!  One of the retaining attractions while working at Even Balance is that each day is a new challenge.  We are constantly improving and updating PunkBuster to be more effective.  Our staff are very good at pioneering new ideas.  We're looking forward to a busy 2008 with new games and new challenges.

Thank you Micah!

If you want to learn more about PB, go to Additional words of wisdom from Micah are available here in this very interesting interview he had with an UltimaOnline fansite: here .


Ethics in Gaming: Part One

Ethics in Gaming: Part Two


< Prev   Next >

BASHandSlash Network


BASH on YouTube


The BASHandSlash Forums

original solarflare design by rhuk
lunarized by joomlashack