Hi swily, I own Echo. This is a common misconception about our software, we're an established and still growing company. There are indeed some bad eggs in the community, however we are trusted and our tool has absolutely no malicious capabilities from the server staff on the player. Every mainstream game has a powerful anti cheat performing kernel functionality just like ours. If someone is asked to download and scan with Echo, firstly since we're established and it's better than being asked to download "Swiley Tool", secondly they always have the option to say no and it's absolutely not forced.
I'm touched that you cared enough to reply to my comment and it is nice that it's separate from the game, that's definitely an improvement over the status quo for AAA closed source video games. I don't mean anything against you personally and am sure you and your team are wonderful and intelligent people but:
1) popularity alone does not justify misbehavior (especially distributing what are essentially rootkits.)
2) mature communities can function without cheating. I often play a game called Xonotic which has no such functionality and have yet to meet someone cheating at it.
3) I would always elect 100% of the time to abandon any game or server before running any kind of software like this.
I completely understand your concerns, however I have a few points that might change your thoughts on this:
- Almost all competitive games nowadays have a powerful client side anticheat which is constantly monitoring processes on a kernel level to combat kernel cheats. They use a lot of the same functionalities that Echo does, such as protecting memory. What makes our trusted company different from another trusted company such as Epic Games and their "easy anti-cheat"? The only difference is we're doing these checks using a scanner interface, with absolutely no extra functionality which could be used maliciously by the staff member.
When you install Valorant, using this logic, they are "essentially installing rootkits". But they're not rootkits, since it's authorized and an automatic process.
- Once the 30 second scan has completed, there is absolutely nothing left on the computer whatsoever. Echo is a single binary, on launch it extracts the .sys kernel driver, creates a service. It then uses that kernel driver throughout the scan. Then on exit, it deletes the service, deletes the .sys and all that is left is the original binary you downloaded. It leaves absolutely nothing left behind, and it does this automatically. With client side anti-cheats which large game companies use, they often require it to be launched on start-up (it may say "you need to restart your computer before playing), this has even more malicious potential.
- Everything has malicious potential as soon as you click "Yes" on the UAC menu, trust in the companies is a huge huge part of keeping yourself safe. What if Facebook shares all your personal data randomly? They won't. What if Valorant starts doing malicious stuff with their kernel capabilities? They won't, and neither will we.
A computer forensic analysis of memory to look for cheats after they've been deleted is not as effective as a client side anti-cheat would be, however for Minecraft it's much easier because it's difficult to make cheats for it without leaving traces behind. But, it's the same level as risk being asked to use a client side anti-cheat to play on a server than being asked to scan with Echo if the server side anti-cheats show indications.
>Almost all competitive games nowadays have a powerful client side anticheat which is constantly monitoring processes on a kernel level to combat kernel cheats.
That's totally ok if the anticheat admins are providing a computer to run the software on and not attacking one the player owns. Again "almost everyone else does it" doesn't make it ok, I don't know why people keep repeating that.
>absolutely nothing left on the computer
That's nice that it doesn't leave a mess, copying tons of data out of the machine from ring0 probably exposes people to a lot of liability though, that whole thing sounds like a terrible idea but it's still better than the status quo so props to you for clearing that bar.
>- Everything has malicious potential as soon as you click "Yes"
Yes. That's my point.
>What if Facebook shares all your personal data randomly? They won't.
Well, it's not random, usually you have to pay for it except on some pretty bad days. That's a great example of why I would universally reject something like this though. You pretty much can never trust someone handing you closed blobs.
I'm honestly pretty shocked anyone tolerates this, it sounds pretty similar to random cavity searches when you leave wallmart. Maybe because I'm not a "kid" anymore I wouldn't know what the social scene looks like.
> That's totally ok if the anticheat admins are providing a computer to run the software on and not attacking one the player owns. Again "almost everyone else does it" doesn't make it ok, I don't know why people keep repeating that.
What do you mean by this? You realize almost every competitive ranked game right now has a kernel driver constantly running and monitoring in the background while you play right? Anti-cheats serve a purpose to detect cheats, just like an anti-virus serves a purpose to detect viruses.
You seem oblivious to the fact that there is no extra security risk from a client sided scan versus (like with Echo) having a client side anti cheat running while you play (like every game). What point are you trying to make?
You keep saying it's a terrible idea but haven't said what's wrong with it...
It doesn't copy tons of data out the machine through ring0 and it doesn't expose anyone to anything whatsoever, its almost all on machine and the same goes for most anti-cheats.
I suppose that in the MC community, there is a certain level of trust to "SS Tools". Since there aren't "that many" SS tools. I also think the culture is different in competitive minecraft, since whenever I get SSed I usually see a pattern: "They use Anydesk", "They use either Echo, Paladin, Avenge or Actova" and "They usually do dome manual stuff in process hacker" and this usually makes me feel more comfortable. Its ok to not wanna get SS'ed in the community, but this usually comes with a punishment, like a permanent ban, or a temporary one. The SS'ing process in the MC community is more of a "Last chance to prove you are legit before your cheating ban" rather than a "I SS you just randomly".
In Echo's case they have taken action by now taking logs and looking at the custom themes where people used images such as "launching booter" and "Injecting rootkit" and are now handing out punishments to users who do that. ( Reference to Joshyer's announcement: https://media.discordapp.net/attachments/852881172152844318/... )
I would also understand why people would be confused about what a program such as Echo does, Its not a remote access tool, and it does not provide any access for anyone after the fact. Here is how it works if you are confused: I tell the person to send me their Anydesk code, then I go to the panel of echo and generate a pin, on the person in question I run the tool and enter the pin, the tool does some magic, removes itself from the pc and then i can see all the info I need like Program start times, Ran and Deleted files, internal strings, etc. Without ever leaving anything on the users PC, except possibly a log file. After the fact I have no access to the users PC or data not necessary for scanning, and the program has been deleted.
Addressing your points:
1) Of course it doesn't, but again, Its not Echos fault that some of the custom themes were posted, and some of their competitors dont exactly have squeaky clean records either, But the fact that echo removes itself, makes it either seem legit, or like the worlds worst virus (Canadian Virus; "Woops didnt mean to infect your PC, ill just remove myself, just carry on.").
2) Welcome to minecraft, a game where you download a zip file, run a .bat and boom you have the source code. Minecraft offers no internal anticheat so therefore using a solution like Badlion's BAC or lunars (No longer existing) Lunar Online mode can help since they catch cheaters by running in the background while the game runs, looking at DLLs and inputs to determine if a person is using a advanced Autoclicker, or a bad cheat like VL. Minecraft has plenty of serversided anticheats since creating Plugins for servers is even easier than creating a modded client. The issue with the game is that it runs at 20 TPS, meaning that you only have 20 samples per second to deal with, this can lead to major issues and some things just being near impossible to detect without a client sided component. And i can tell you, on minecraft servers (especially Practice, Kitpvp, Kitmap, HCF and SMP) Cheaters make anywhere from 5 - 50% of the playerbase. Where people use anything from mild 8 CPS autoclickers, to TPAura, Fly, Killaura, etc.
3) Well again, the culture is different, Some people decide to click the "Quit to menu" button, indicating that they would rather have the ban instead of proving they are legit, or having the embarrassment of being proven a cheater and having the slight public humiliation of the "PLAYERNAME has been removed from the server for "Cheats found in SS"" message getting sent to everyone on the network. Then there are the people who either think their cheats bypass, or who are legit and who aren't afraid to show whoever runs the SS Tools. So again, the culture around SS Tools in minecraft is different than, lets say Xonotic.
Hope this helps clear up a bunch of stuff.
(Wrote more than for my final exam right here lmao)
Never heard of Xonotic before, but a quick look at the website, its says: "Features such as... ...a functioning anticheat system", While I cannot vouch for if it works (sounds like it since you have never met a cheater) its better than Minecraft where there is no anticheat and only runs at 20 TPS, which is why the SS tool market even exists in minecraft, Games with a cheater problem or where a bunch of things are handled client side (Like Minecraft) there's gonna be external anticheat solutions. CSGO is another example, since VAC bypasses are widespread solutions like FACEIT and ESEA have been made, these are all external solutions to prevent cheaters. Minecraft is also Java meaning its very easy to decompile yourself, it only has minor obfuscation aswell, so yeah its not source, but its as good as source. (http://www.modcoderpack.com/)
