kohlrak: Not necessarily true, that you can't ban without it. There are many alternative ways, especially when you decentralize.
timppu: Not sure what those other things are, but when I wrote about it (DRM needed to ban cheaters for good from an online multiplayer game), I was thinking of public servers as those are where I play. I know one can control things himself when he is playing on a private server with people he knows personally.
On public servers, there has to be some way to ban a cheating player from the server or even from the game for good. The most straightforward way for that I can think of is that the game he has bought is tied to his online account, so if he is caught cheating, the game publisher/server admin can make sure that that account, and that purchased copy of the game, can't join the server(s) anymore.
The problem is, you have to catch people cheating, if only cheating is your problem. Getting away with cheating is pretty easy if it doesn't have good anti-cheat measures. Even with online games there are sneaky methods if you don't have absolutely perfect design (everything shy of rendering must be server side, and that gets expensive, quick). I've seen some pretty sneaky anti-cheats for local games, though. They're not perfect, but they're reasonable, and i have an idea in my head that would work effectively: store relevant variables in multiple formats in dynamic locations encrypted and cross reference. The would be cheater would have to not only be aware of how to find them in what formats, but to even do that they'd have to re-encrypt the numbers they're looking for, decrypt them (and there's sneaky methods for that), but they'd also have to make sure they hit all of them. Sure, they could hit them during the calculation phase before they're stored back in all those formats, but that's a race condition and really, really easy to get caught on. Simply crash the program when that happens.
So there is a real incentive for people not to cheat, as then their copy of the game would become pretty much useless on public servers. The only way they could overcome that was to create a new account, AND buy a new copy of the game.
The problem still is in free-to-play online games like Team Fortress 2. Since the game is free, you can just create a new temp Steam account to play TF2, if your earlier temp account got VAC banned. In fact, the little I read about "cat-bot" cheater bot program (it is open source, running on Linux) that has been a bane on TF2 casual public servers lately, apparently it automatically creates up to nine temp Steam accounts for the cheater bots, without the user having to create them manually. That's why the "cat-bots" just kept appearing even if people reported and voted them out.
Now, if you're dealing with this kind of problem, only allow 2 or 3 connections per IP. If you have more people in your house playing it, maybe you could get a LAN game started? There's also the idea that, if you ban 2 people from the same IP, autoban the IP for the specified time. Alot of networks actively seek out proxies, so unless you have some private proxies (limiting your ability to do this too much), that helps. You could also require a port range to be open, or something, and require that the game return encrypted data based on what the server sends to that port. Of course this can be thwarted, but update every now and then if you want to have public server games (honestly, i don't like non-distributed multiplayer).
(Luckily, I haven't seen the cat-bots anymore for like 1-2 weeks, so maybe Valve finally did something about them. Here's hoping they don't come back, apparently the original author was originally banned already in last August, but the bots still came back later.)
At that point I had to wonder, why has Valve made it so easy to create new Steam accounts, even by a script (if I understood right)? Isn't there even a simple CAPTCHA check, and if they really wanted to stop it, IMHO they could require some kind of identification, even merely a credit card, for creating an account. Maybe it isn't that simple and that certainly has some pitfalls too (e.g. some kind uses his dad's credit card on Steam and it gets banned because the stupid kid tried some cheats, and the father can't play the same game either anymore...).
You are responsible for your information. If your kid steals your credit card, it's your own fault. And you bring up a good point: why isn't there a captcha in the game? That'd stop bots COLD, even if you had multiple accounts. And you can easily get creative with the captchas, so they're not overly invasive. "Which card is Geralt?"
