Steam’s VAC protection now scans and transfers your DNS cache

vac dns cache

I think we can all agree that games need some form of cheat protection. This is especially true for multiplayer games where people compete against each other.

If you have ever been on a server where a cheater ruined the game for everybody else on the server by using aimbots or speed hacks, you know that this needs to be prevented from happening.

Many gaming companies use anti-cheat software, either their own products or third-party products such as Punkbuster.

If you have played any Valve games on Steam, you know that the company uses its own Valve Anti-Cheat (VAC) solution since 2002 when it was introduced to Counter-Strike 1.6.

According to Wikipedia, more than 60 games use VAC on Steam. This includes all first-party Valve titles but also popular games such as several Call of Duty titles, Killing Floor, Dead Island, DayZ or Resident Evil.

A ban does not take effect immediately, but after a random time in days or even weeks. If an account is flagged as cheating, it will be blocked from any games that use VAC for protection.

Update: According to a Gabe Newell, Valve is not sending the browsing history to Valve.

A recent thread on Reddit indicates that VAC has been modified by Valve recently to scan a computer's DNS cache next to all the other protection forms that it utilizes.

The DNS cache is a system-wide cache that records any domain name look-ups on your machine. If you visit a site like Ghacks or Facebook, then access to those sites is stored in the cache.

All programs make use of the cache, which means that all of your Internet activities are recorded by it, even those where you never visit the site in question thanks to technologies such as Chrome's network actions prediction feature.

According to the thread author, VAC is retrieving the cache information and submits hashed versions of each domain you have visited or was looked up to remote servers. Hashed means it does not know the url itself, but only a hash of it.

While it is not clear what happens then, it is likely that the hashes are compared against a database of known cheating services and websites.

We do not know if users will be banned outright if domains are found in the cache that are known cheating sites, but think that it is unlikely that this is going to happen. It is more likely that a "suspicious" flag is added to the account, but we do not know that for sure either.

Protecting yourself

Clearing the cache before you connect to Steam offers the best form of protection against this.

  1. Use Windows-R to bring up the run box, type cmd, and hit the enter key.
  2. Type ipconfig /displaydns to display the current cache status.
  3. Type ipconfig /flushdns to empty the cache.

You can automate the process if you like. The following batch file clears the DNS cache and loads Steam as the second command.

@ECHO OFF
ipconfig /flushdns

cd C:\Program Files (x86)\Steam
start steam.exe

Note that you may need to alter the third line that switches to the Steam program directory if you have installed or moved Steam to another directory.

Create a new text document, paste the contents into it, and save it as Steam.bat or similar. Make sure .bat is the file extension, and not .bat.txt.

You start Steam by running the batch file instead of Steam directly.

Alternatively, disable the DNS Cache service on your system. This may slow down look ups somewhat for sites that you visit regularly though.

  1. Press Windows-r, type services.msc and hit enter.
  2. Locate the DNS Client service, right-click it and select Stop.
  3. Double-click it and set the startup type to manual.

Closing Words

Valve has not commented yet no this, and the information have not been verified by third-parties. You should take the information with a grain of salt until it has been verified or debunked.

facebooktwittergoogle_plusredditlinkedinmail


Filed under:

Responses to Steam’s VAC protection now scans and transfers your DNS cache

  1. nonqu February 16, 2014 at 3:10 pm #

    Use "cd /d" if you have Steam on another partition.

    • ReX February 16, 2014 at 11:50 pm #

      Or just use "pushd".

  2. Nebulus February 16, 2014 at 5:44 pm #

    If this is true, it is very stupid.

    1. DNS cache can be disabled easily. For instance, I use my own DNS server with caching facilities and I don't need that service. The query for the list of DNS would return an empty table all the time on my computer. If I can do that, then any cheater can do it too, so the measure is rendered useless.
    2. Catching someone who cheats in online games by looking at the sites (s)he visits is a non-sense. The bad action here is "cheating" not "reading about cheating", and Valve does nothing but to invade player's privacy for no reason.

    • Chains The Bounty Hunter February 17, 2014 at 6:47 am #

      Beyond stupid. Posting a rumor where the mechanics aren't even explained in full by the party who stumbled onto it seems in bad form as well.

      • Martin Brinkmann February 17, 2014 at 7:42 am #

        You have two choices in regards to the rumor. Either become proactive and disable the DNS Cache or clear it before starting Steam, or not do anything at all. Since the former does not hurt, I see no reason to wait for verification from other sources (which may never come due to the nature of the code).

      • Chains The Bounty Hunter February 18, 2014 at 5:34 pm #

        That's three choices based on your phrasing, but putting that aside - even posting about this rumor is just scaremongering since the first thing people are going to leap on is "Valve is invading my privacy!?". Since that allegation alone is serious enough to warrant a massive amount of public backlash Valve's way it was only logical that someone representing them was going to speak out in some fashion to address this claim.

  3. Barnassey February 16, 2014 at 9:35 pm #

    This needs to stop, it is a serious privacy invading way of trying to find cheaters. it wont work in the long term.

  4. jimmyjamesjimmy February 17, 2014 at 5:16 am #

    the current knife hack whereby someone knifes you from across the room is really getting to me lately grrrr

  5. SteaM-becomes-SteaL February 17, 2014 at 8:52 am #

    In 2013, people becomes angry about NSA spying activity.
    In 2014 Q1, games become angry about Steam Stealing their DNS history.

    Man, this is very frustrate me and also makes me sad.
    Steam has a good reputation, and this news ruins their trust.

    OK I quit my Steam account for now!
    I'm not a lawyer, but Steam should realize that any kinds of privacy invasion is NOT tolerated!

  6. dwarf_t0ssn February 17, 2014 at 9:09 am #

    No matter if it is a benign function, I appreciate you bringing it to our attention. "Erring" on the side of caution and deleting the cache hurts nothing in the meantime. That said, I don't care too much about my personal web history being known to them, but as a matter of principle I despise companies doing things like what is alleged on Reddit just because they can. At the least, it ticks me off that many corporations in the Facebook age think it's OK to opt everyone in without telling them, and even if they DO tell people, they know that most people couldn't care less, don't think in the long-term, and don't see a slippery slope in anything at all, ever.

    The opt-you-in-first culture of relying on the ignorance of the masses is thoroughly obnoxious and goes a long way to showing how much like stupid cattle (some, not all) corporate entities think people really are (Facebook and Beacon comes to mind, Sony's rootkit, I could go on). If they can get away with it, they will as they can always apologize later.

    My gut reaction, having heard nothing of it beforehand from Valve, is tempered with all of the accumulated good will that Valve seems to enjoy. I tend to think it might be nothing to worry about, but at the same time I can't fathom why they would do this. Perhaps that is ignorance of underlying technologies needed for STEAM to work speaking. At the least, I reallllly hope this isn't about flagging people going to cheat program sites. Such would imply that cheating is like a pandemic (it really isn't) and Valve thinks that justifies low-level spying of hashed URLs, which seems ludicrous to me. I gotta assume that Valve is not this collectively stupid. Cheating is a problem, but not a big enough one to justify such a measure, imnsho.

    Martin never said "OK guys Valve is spying", and even if this is merely a "rumor", I see no bad form in making people aware of it, and noting *possible* privacy implications it may have. Complacency is and always has been a bad idea when one considers matters of security.

  7. patrick February 18, 2014 at 6:47 am #

    So what is the equivalent batch / terminal to clearing DNS in Linux? Steam OS? Thanks.

    I have always wondered about the privacy implications of using the Steam Client, if other data was collected, NSA request. I mean they have 7 Million users from around the world that can communicate with one another. They have unencrypted text chat and voice chat, and in-game web browser, that you can't tell sites do not track you, clear history, block ads, or block or clear cookies and trackers. Valve is certainly collecting some of that data too.

    Steam = Advertising Spyware

  8. Anon February 18, 2014 at 4:03 pm #

    This has already been proven false, and if you read the original reddit thread that caused this, it was clearly pretty mean-spirited and with an agenda against Valve. Its CEO came down from corporate heaven and addressed this issue. Shouldn't his explanation be somewhere else than in the very middle of the article? You are not helping matters at this point. No code to upload the data was found, and this method is not even used anymore because crooks already caught up, it lasted only 13 days.

    • Chains The Bounty Hunter February 18, 2014 at 5:50 pm #

      The original thread did seem like whoever wrote it had a massive axe to grind (I'm sure there's plenty of reasons for that, valid or not).

      I also agree that the placement of the update is odd, given that the information in it should take precedence over the old, debunked info.

    • nonqu February 18, 2014 at 8:46 pm #

      Nothing was proven. That was just a corporate statement. One can believe it or not and I see no reason to blindly trust such a PR "trust"-filled declaration. The guy that posted this on reddit is the only one that showed actual evidence and even according to Valve some data was sent to their servers for double checking and it was tied to the user. I doubt that they had a 0% false positive ratio.

Leave a Reply

Subscribe without commenting