Any major changes to AC we study will cripple the game for many other players. The case of creating a perfect anticheat is not exist, so we could only increase effectiveness without damaging the whole playerbase. More invasive methods will require to do a major overhaul and will 100% lead to technical problems.
Some of suggestion that you propose are understandable but, again, will require a lot of overhaul and will lead to tech problems and/or support hell.
I disagree. I made a few suggestions that would have zero impact on the player base, other than delaying new features/maps. I think most of the community would rather see the game move towards an environment mostly free of cheaters than having new maps to be ESP-ed in.
Zero-Impact
These are all zero impact solutions that are implementable. Users wouldn't have to do anything other than update the game.
Make all network traffic use TLS coupled with certificate pinning and PFS: This would prevent network sniffing/interception from a cheater using a different machine in promiscuous mode. PFS is recommended as it would force an attacker/cheater to continuously monitor the client's memory (and therefore have a module on the computer running the game) to extract the session key of that particular exchange.
Prevent debugging/memory inspection:
Symantec has a paper on that. This prevent cheat authors from reading the game's memory at runtime by attaching a debugger to the process.
Collect and train an ML model based on user behavior:
Start collecting from servers movement and interaction data from players. Feed all that data to a machine learning (ML) model.
When a manual enforcement action is made by BSG, or when an automatic one is made by BattleEye against a player, inform the ML model.
When the model's accuracy of detection is high enough, allow the model to take enforcement actions against players in real time.
THIS IS PURELY SERVER-SIDE, and AWS, Azure and GCP all have products to get you started.
Medium Impact
Some users may need to change their configuration to play the game... Old computers without TPM support would have to upgrade, but fTPM has been a thing in CPUs since 2016.
As for running the game behind an hypervisor, there's very little reason why a person would do that today.
Do hardware attestations when starting the game:
Through a custom TEE module, create a hardware attestation that verifies that the game is not running through an hypervisor, and that creates a snapshot of the hardware (collect the serial number of the CPU and the motherboard).
The hypervisor check is there to prevent obfuscation of the underlying hardware, and hypervisors are pretty much always detectable.
This provides two protections:
It ensures that the environment the game is running in is not tempered with (Kernel DMA protections are ON, VSS/HVCI is enabled on supported platforms, Secure Boot is ON, hardware is not hidden from the kernel, etc.).
It allows banning of the hardware in the case of a violation, and since the check and attestation for the hardware is done in a TEE (and not dependent on Windows' flawed HWID), it cannot be spoofed.
devtrackers.gg