Hi,
I'd just like to add a few things to Lex's post above.
I should point out that we don't really need the cheat files in order to be able to fix them. We're aware of most loopholes in the game and possible cheats, both implemented and theoretical. That doesn't mean that we can easily fix all of them; some things are easy to fix, others would require major rethinking and restructuring of how the game works; and some others are plain impossible to prevent, without dire sacrifices. See below for details.
Now, what do we do about the situation at hand?
First of all, I think we need to distinguish two different scenarios: whether the cheats were leaked intentionally or not.
The wide availability of the cheats may not have been intended by the cheats' creators. Some of you may recall the Silkworm 3.x leak (for those who don't -
see here); I believe it wasn't very different from the current situation. A malevolent cheat creator who keeps publicly releasing new versions of cheats is a different situation requiring a different response, so I won't cover it here.
Since these cheats are WormKit modules, we can assume that they work by hooking themselves into W:A's code. Like many other WormKit modules, they will stop working with any W:A version other than the one they were made for. So, one way to get a cheat-free game is to get everyone to use a W:A version for which there are no known cheats. This can be 3.6.30.0, or the next 3.x Beta whenever it comes out. (This doesn't apply to WormKit modules that only modify network packets, so it may not apply to the lightbulb exploit.)
What about longterm solutions?
First, you should know that if a program is running on your computer, there is little to stop you from modifying that program as you please - assuming you have the knowledge and skill to do so. The program may have components that could detect such modifications, but you could disable them as well.
Game cheats are as unfortunate as they are unavoidable. It might be possible to design the game so that some cheats are impossible. For example, if a multiplayer Poker game doesn't send cards that are not visible to the player, no cheat can make them appear on your screen (short of hacking the game server).
We have done a similar change in 3.6.29.0. Quote from the ReadMe:
The contents of crates is now determined when the crate is picked up, destroyed, or viewed with a Crate Spy utility, rather than when the crate is created. This prevents "crate spy" cheats, making it practically impossible to predict the contents of a crate in an online game.
Note that the above change only makes it impossible to spy the contents of the crates. Once a weapon is picked up, its contents is added to the respective team's inventory. The teams' weapon inventories are part of the global game state, which is known and kept in sync by all game instances in the same multiplayer game - so, it's possible to create cheats that view others' weapon inventories, which is probably exactly what happened. Encrypting players' inventories is an idea we're brainstorming about, but it's unlikely to happen in the near future (because of how difficult it is to implement correctly).
While some kinds of cheats can be avoided by restructuring the game logic, others aren't really avoidable - such as macros or aimbots. One exception to this are anti-cheat modules, such as GameGuard and Valve Anti-Cheat. We really don't want to go in this direction, since such software usually intrudes on players' privacy and is expensive (in terms of resources) to develop and maintain.
Some other things mentioned in this thread:
- The exploit to start the game without the light bulbs being lit is fixed as far as we know, however (if I recall correctly) we didn't account for the fact that the host can toggle others' light bulbs. This is easy to fix and will be fixed.
- Kicking modules. There are two things to say here:
- If you let a bot (e.g. HostingBuddy) host 1vs1 games, you can know for sure who "dropped". Note that the term itself is rather ambiguous - people often make the mistake that the disconnection happens on one person's computer or another's. In reality, it can happen anywhere in between. See this thread as an example.
- The long-term plans are to change W:A's network model to full peer-to-peer (everyone connects to everyone, assuming at least one person in every pair is connectable), add automatic reconnections and resuming games.
- Edit:
If CyberShadow and Deadcode can´t close this loophole or what it called, then I suggest we disable wormkit in next update.
I'd like to stress out what Lex has already said - WormKit is not the problem. If WormKit didn't exist, someone else could easily write their own WormKit-like program, or just create cheats in the form of .exe files (as opposed to wk*.dll files) which included WormKit's functionality. Blocking WormKit-like software is impossible, short of going the GameGuard-like rootkit-spyware route.
Finally, I'd like to invite the people who are related to the creation and distribution of the cheats to step up, cut your losses and help the community recover from any damage the leak has caused. It's important to note that a few programmers doing cheats for fun - but not publicly distributing them or abusing them in online play - is comparatively harmless than said cheats leaking out.