While it's mostly about ensuring both clients have a smooth experience and how to achieve that (prediction, rollback, etc) many of the same techniques apply to cheat prevention - have the client "echo" or predict what it thinks will happen, but have the source of truth be the server. "Desync" is a common term for what happens when they disagree, the server keeps its version of events and kills the client connection. In peer-to-peer or direct connection games, one player is the server and this does present a problem, but keeping it random will reveal statistical irregularities.
In general, how it works depends on the cheat. You cannot stop someone running a program to automatically aim and shoot at enemies. The enemy data is in memory so pinpoint accuracy is simple to achieve. Usually, statistical analysis, recording, allowing an admin to view their screen, and other methods can be used. Often, anti-cheat software is installed to scan for known cheats or by using heuristics (much like anti-virus software). This is a bit of a hot topic right now as a recent game tried to install such a program in Ring 0 (lowest level device driver) in Windows, which runs at startup even if the game isn't running, and won't automatically uninstall. Some people reported it stopped their PC booting.
For informational cheats (such as seeing players through walls) that data is also in memory and is harder to detect if the player doesn't make any illogical plays taking advantage of it. You might ask why the client has player position data for people you can't see? That again depends, but IIRC in at least one case a game tried to suppress the information until just before they became visible but the cheaters realised that the game had to generate sound (footsteps) for the players and reverse engineered the directional sound back into positions.
In other cases, passing network data through a proxy defeats local anti-cheat. Packet scanning and direct injection can be used for superhuman speed (such as claiming unique monsters in an MMO before anyone else can).
In general, stopping cheats is largely impossible, it's more about how to catch them and policies to handle the fallout e.g. If I cheat and earn a bunch of ingame money then trade it to you, should you lose it? How do we know you're not an accomplice?
https://arstechnica.com/gaming/2019/10/explaining-how-fighti...
While it's mostly about ensuring both clients have a smooth experience and how to achieve that (prediction, rollback, etc) many of the same techniques apply to cheat prevention - have the client "echo" or predict what it thinks will happen, but have the source of truth be the server. "Desync" is a common term for what happens when they disagree, the server keeps its version of events and kills the client connection. In peer-to-peer or direct connection games, one player is the server and this does present a problem, but keeping it random will reveal statistical irregularities.
In general, how it works depends on the cheat. You cannot stop someone running a program to automatically aim and shoot at enemies. The enemy data is in memory so pinpoint accuracy is simple to achieve. Usually, statistical analysis, recording, allowing an admin to view their screen, and other methods can be used. Often, anti-cheat software is installed to scan for known cheats or by using heuristics (much like anti-virus software). This is a bit of a hot topic right now as a recent game tried to install such a program in Ring 0 (lowest level device driver) in Windows, which runs at startup even if the game isn't running, and won't automatically uninstall. Some people reported it stopped their PC booting.
For informational cheats (such as seeing players through walls) that data is also in memory and is harder to detect if the player doesn't make any illogical plays taking advantage of it. You might ask why the client has player position data for people you can't see? That again depends, but IIRC in at least one case a game tried to suppress the information until just before they became visible but the cheaters realised that the game had to generate sound (footsteps) for the players and reverse engineered the directional sound back into positions.
In other cases, passing network data through a proxy defeats local anti-cheat. Packet scanning and direct injection can be used for superhuman speed (such as claiming unique monsters in an MMO before anyone else can).
In general, stopping cheats is largely impossible, it's more about how to catch them and policies to handle the fallout e.g. If I cheat and earn a bunch of ingame money then trade it to you, should you lose it? How do we know you're not an accomplice?
There is also a MMO called Pwn Adventure where cheating is intended for you to progress. Live Overflow did a series on it at https://www.youtube.com/watch?v=RDZnlcnmPUA