That’s a false dichotomy though. There are ways to prevent cheating that don’t rely on the security of the client against the owner of the device on which the client runs (which is what both of what your ‘ways’ are).
For one thing, it has long been a principle of good security to validate things on the server in a client-server application (which most multi-player games are). If they followed the principle of not sending data to a client that the user is not allowed to see, and not trusting the client (for example, by doing server-side validation, even after the fact, for things which are not allowed according to the rules of the game), they could make it so it is impossible to cheat by modifying the client, even if the client was F/L/OSS.
If they really can’t do that (because their game design relies on low latency revelation of information, and their content distribution strategy doesn’t cut it), they can also use statistical server-side cheat detection. For example, suppose that a player shoots within less than the realistic human reaction time of turning the corner when an enemy is present X out of Y times, but only A out of B times when no enemy is present. It is possible to calculate a p-value for X/Y - A/B (i.e. the probability of such an extreme difference given the player is not cheating). After correcting for multiple comparisons (due to multiple tests over time), it is possible to block cheaters without an unacceptable chance of false positives.
That’s a false dichotomy though. There are ways to prevent cheating that don’t rely on the security of the client against the owner of the device on which the client runs (which is what both of what your ‘ways’ are).
For one thing, it has long been a principle of good security to validate things on the server in a client-server application (which most multi-player games are). If they followed the principle of not sending data to a client that the user is not allowed to see, and not trusting the client (for example, by doing server-side validation, even after the fact, for things which are not allowed according to the rules of the game), they could make it so it is impossible to cheat by modifying the client, even if the client was F/L/OSS.
If they really can’t do that (because their game design relies on low latency revelation of information, and their content distribution strategy doesn’t cut it), they can also use statistical server-side cheat detection. For example, suppose that a player shoots within less than the realistic human reaction time of turning the corner when an enemy is present X out of Y times, but only A out of B times when no enemy is present. It is possible to calculate a p-value for
X/Y - A/B(i.e. the probability of such an extreme difference given the player is not cheating). After correcting for multiple comparisons (due to multiple tests over time), it is possible to block cheaters without an unacceptable chance of false positives.