Gamasutra: The Art & Business of Making Gamesspacer
arrowPress Releases
October 24, 2014
PR Newswire
View All
View All     Submit Event

If you enjoy reading this site, you might also want to check out these UBM Tech sites:

The problem with PunkBuster and the lack of good anti-cheat solutions
by Zoran Cunningham on 10/04/13 03:14:00 am   Featured Blogs

The following blog post, unless otherwise noted, was written by a member of Gamasutra’s community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.


As millions of PC gamers jump onto the Battlefield 4 open beta today, most will simply skip over or ignore the fact that PunkBuster anti-cheat software is being installed on their machines as a requisite for playing the game. Battlefield 3 veterans might not even bat an eye considering PunkBuster is a part of BF3's installer and most won't question a cheating countermeasure that has become par for the course for the Battlefield series.

Battlefield 4 has drawn some concern on player forums for its use of PunkBuster as a countermeasure for competitive multiplayer cheating but it's likely EA and DICE will continue to use the software going forward. Upcoming titles Watch Dogs and Assassin's Creed: Black Flag from Ubisoft will also likely continue the publisher's tradition of using PunkBuster. Cheaters are reviled in all forms of competition sure enough, but it's shocking that software like PunkBuster has existed for over ten years and is still a go-to solution for major publishers like EA and Ubisoft.

Just how bad is PunkBuster and why are major developers and publishers still using it? The answers really aren't all that complex. Let's start by dissecting PunkBuster's Terms of Service as an example. The following is an official statement taken from Even Balance, the developer behind PunkBuster:

In order for games having PunkBuster integrated to be more secure, the part of PunkBuster that needs full access to the computer for scanning purposes now must run all the time at the system level.

This is truly frightening. I've spoken to many IT professionals over the years and none of them see why any anti-cheat device would have to persistently run in the background as a start-up program and scan local files let alone run at any time other than when a game is actually launched and being played.

Even worse, PunkBuster's ToS openly admits to scanning all parts of the user's operating system and hard-discs.  While Even Balance claims that it does not collect personal information, the fact that it scans and has access to such files is hardly reassuring.

Licensee understands and agrees that the information that may be inspected and reported by PunkBuster software includes, but is not limited to, devices and any files residing on the hard-drive and in the memory of the computer on which PunkBuster software is installed. Further, Licensee consents to allow PunkBuster software to transfer actual screenshots taken of Licensee’s computer during the operation of PunkBuster software for possible publication.

The really scary bit is at the end there. Since PunkBuster openly admits to running even when games are not being played, users are granting the software free reign to take screenshots at any point of system operation. This includes private e-mails, online banking statements, photos, classified company documents, and any other private and sensitive information a user may access while using their personal computer.

It's wild that a software developer would expect users to be compliant with what they openly describe as the "invasive nature" of their software. PunkBuster justifies this by asserting that gamers should care more about cheating countermeasures than they do system security.

Licensee agrees that any harm or lack of privacy resulting from the installation and use of PunkBuster software is not as valuable to Licensee as the potential ability to play interactive online games with the benefits afforded by using PunkBuster software.

That's right, the ability to play a game where some percentage of cheaters are caught outweighs any user's personal privacy and security. In what world is this trade-off worth it? It's hard to imagine that most anyone who reads the ToS word-for-word wouldn't find this at least somewhat, if not totally, unsettling. Most invasive software applications get away with such reprehensible practices because they rely on the vast majority of users simply skipping over and agreeing to the ToS because they can't be bothered with the time it takes to get through all the technical and legal jargon.

The intrusive nature and open access on the part of PunkBuster is particularly worrying because the software has a history of being hacked. Hackers who gained access to the PunkBuster software at the master server end on one occasion and were able to manipulate and exploit the software on individual users' machines. That hackers could potentially scan and gain full access to all files on an individual system makes anyone who runs the software a very enticing target.

This is not to say that other anti-cheat measures aren't flawed in some way in their own right. GameGuard, a go-to solution for many Asian MMO's, installs as a rootkit on user machines and has been known to cause numerous system issues. FairFight doesn't snoop on player's computers or scan their hard-discs but its algorithms have drawn some criticism from some highly skilled players who were banned because their performance was so good it was deemed to be the result of cheating. Incidentally, Battlefield 4 is using a combination of PunkBuster and FairFight during the open beta.

More than anything, these issues reveal a severe lack of well-designed and effective anti-cheat tools for PC games that developers can turn to. PC gaming has certainly seen a major resurgence in recent years thanks in part to content services like Steam and the diligence of developers to optimize for the platform. Hopefully, one or more viable and effective anti-cheat solutions will present themselves to faithfully suit this renaissance and provide an alternative to current options.

The real question is, why don't big entities like EA and Ubisoft who have become increasingly reliant on PunkBuster over the years develop their own anti-cheat software? They would save plenty of money down the line and would have their very own proprietary software to boot. Heck, they could even license it to other developers and make a nice return on investment in the process. It's actually quite surprising that the market for anti-cheat middleware isn't bigger when so many big publishers and developers are desperate for solutions.

Other developers and content publishers have utilized their own proprietary anti-cheat solutions to fairly good effect. Blizzard has used Warden for its online titles over the years and has kept the competitive StarCraft II scene clean. Valve Anti-Cheat (VAC) is used for over 60 games on its Steam service, including DOTA 2, one of the most highly played competitive games worldwide. Red5 Studios, the developers behind Firefall, announced development of their very own anti-cheat software cleverly titled RedHanded.

While alternatives may be developed down the road, major issues with PunkBuster remain. But game developers shouldn't accept PunkBuster's ToS and players shouldn't stand for it. No single game will ever be worth the trade-off in security and privacy. Players can actively contact EA and Ubisoft and express their concern on official forums over PunkBuster by stating that they're not willing to sacrifice security and privacy for the sake of a game. How and when they can offer alternate solutions, on the other hand, is entirely up to the developers and publishers themselves. So long as cheaters exist to ruin the fun of online multiplayer, developers will likely continue to see PunkBuster as a necessary evil in providing a level playing field.

Related Jobs

Gearbox Software
Gearbox Software — Plano, Texas, United States

Server Programmer
Giant Sparrow
Giant Sparrow — Playa Vista, California, United States

Junior 3D Artist
Giant Sparrow
Giant Sparrow — Playa Vista, California, United States

Lead Artist
Amazon — Seattle, Washington, United States

Event Marketing Specialist, Game Services


Kyle Redd
profile image
Assuming I'm a gamer who wants to get Punkbuster off my machine completely and never use it again, will the program's built-in uninstaller do the job? Or does it leave (potentially dangerous) elements behind?

Zoran Cunningham
profile image
I'm glad you asked Kyle! I honestly should have addressed that. Even Balance suggests using the actual PunkBuster installer to uninstall the program. It's an all-in-one install/repair/uninstall tool. I did a few checks for leftover registry files after uninstalling it and everything appeared clean. The System32 folder only had a couple of harmless log files left over. It's available on their main site:

Also, I should mention that I have been playing the Battlefield 4 beta without PunkBuster. I haven't been kicked or disconnected from a single game thus far. I imagine that not every server is requiring PunkBuster. Haven't encountered many cheaters or hackers either. Then again, it is only beta. I remember being told by an E3 rep that BF4 wouldn't be using PunkBuster so it's actually quite surprising that DICE and EA have opted for it in the beta.

James Yee
profile image
Well that didn't work for me. Seems I may have installed it with no uninstall option available with that program. :|

Unless if the list is blank then there's no PB on your system....

Lincoln Thurber
profile image
Nice article, but I think the solution to cheating will be technological and social. People cheat for various reasons, and for each game how and why people cheat is probably different. Some peopel cheat to level teh playing field because no matter what they do they lose. Some people cheat because they need to feel a sense of dominance that is not allowed them in other areas of their life. Some people cheat for economic gain or social gain. Some people cheat because taking something apart to see how it works can be fun.

I think the biggest problem we have in online game and cheating is not trying to figure out solutions to prevent cheating on current games as is, but to change the games we make. Change the goals & rules of the game and you change why people will feel the need to cheat for many reasons. There is probably some sweet spot of game rules, taught social norms, and anti-cheat technology that will work best.

Society is very good at thou shall not kill, thou shall not steal, though shall not respect you parents, such rules of society are reenfoced and retaught constantly. But we really do not teach 'don't cheat' very well. It happens mostly at school and it happen in an atmosphere of "this matter" so don't cheat instead of as a 'way of life' useful.

Kenneth Baird
profile image
Do any of these solutions actually work? I know from experience that VAC is useless against driver level cheats like the old msx security. Back when I was counterstriking like half the players were using snap to head, see thru walls and no flash bang. Blatantly obvious on the spectator cameras.

Alfa Etizado
profile image
Just checked and saw it running on my PC, even though the last time I played a game that has it was five months ago, Red Orchestra 2.

Zoran Cunningham
profile image
That's exactly what makes PunkBuster so scary. It installs alongside a game and then stays on a user's machine until it is specifically targeted for uninstall, even if a game is no longer played and even if a game using PunkBuster has been uninstalled.

Alfa Etizado
profile image
Thanks for the tip btw. Told a bunch of other people, linked to your article.

patrik osgnach
profile image
Punkbuster is already bad on its own, but streaming bans are what make it so annoying

E Zachary Knight
profile image
Excellent article. I never thought about the tools that companies use to prevent cheating in their games. Most of my thoughts have been focused on the tools they use to prevent piracy. It is scary to think that people are that complacent, or ignorant, of what games install on their computers to "prevent cheating".

I will have to consider that in the future when I buy games.

Zoran Cunningham
profile image
You are absolutely not alone in that camp. My modus operandi for games over the past few years is to always check if they will be using PunkBuster. I have found that I can uninstall PunkBuster for any game that utilizes it for multiplayer and still enjoy the single-player portion of the game just fine, as was the case for Far Cry 3. Most of the time I found that I can even play the multi-player portion of games without it, as with the Battlefield 4 beta.

It begs the question as to why PunkBuster is even used in the first place. We really need better solutions. I don't want any developer to lose sales as a result of PunkBuster, yet I can't condone its use. It's a tough spot to be put in.

Cj Franks
profile image
As a freelance graphic designer i cannot afford to have software like this on my pc. Thank you for the heads-up. Ill be removing Infestation: Survivor Stories from my laptop this evening.

Ryan Dancey
profile image
These tools activate at boot because not doing so means they'll be sandboxed by tools that seek to defeat them; they'll be running in an artificially "clean" system environment. If you can control what they "see", you can neuter them.

Ted Moon
profile image
It is not necessary for pb-A to run constantly in the background. It is ok to kill pb-A in processes after you quit your game. Both A & B will restart when you start the game again. Did last night when I was getting a pb-B initialization error.

In fact, what I have done on my system is set the pb-A service to "manual" vs "automatic" start. It and pb-B will start when I play a game that needs them. After the game, pb-B exits normally. pb-A will stay running til I kill it in processes. Yes, I kill my pb-A each night as part of my "end-game" routine.

Could I write a script to do it for me? Yes, but I'm too lazy.

James Yee
profile image
Wasn't Apple sued/pressured to have to put giant warnings in plain English when an App wants to scan/examine your data and send it elsewhere?

Why hasn't this been done here against Punkbuster and other such things?