And the counter is fairly straightforward: any client-side cheat detection has been broken. You can't trust the client. It doesn't work, your server just thinks it works because it's lying to you now.
Client-side cheat detection can work for tournaments, but it's way simpler there: the tournament provides the hardware, and the players aren't permitted to install anything. This doesn't irritate me quite as much from a security perspective of course, because I am not about to log into my banking site on the presumably insecure tournament device. It's also imperfect: a sufficiently motivated pro player might bypass whatever locks you installed on the thing, especially if they get to spend any time with that device unmonitored.
Even better than that, tournaments have a way better cheat detection method anyway: point a camera at the player's hands. It's suddenly really, really obvious if they're cheating!
I think an overlooked approach is the snapchat model. Absolutely littered with client side integrity checks coupled with an automated obfuscation solution so that the checks in each binary end up being wildly different. Then you frequently push an updated binary and refuse to operate with out of date ones.
At least for competitive AAA titles I don't see why there couldn't be a daily update of the core binary. None of the assets would change so it wouldn't be a large update by any means. In effect it would prevent cheating by imposing impossible work and latency requirements on the tool authors.
The cost of doing this is employing at least one person with deep compiler knowledge who is capable of maintaining the automated system. Obviously that's far too much to ask of indie devs and is probably also out of reach for older titles in most cases.
This is of course all aside from the obvious and common sense but more expensive solution of player flagging, human review, and a binning algorithm (such as trust factor). Avoids needing to ban anyone in the first place and has the added benefit of being at least mildly effective against computer vision based botting solutions (for which there is fundamentally no solution).
Or just private servers and let the individual admins sort it out but god forbid players be permitted to run their own communities corporate might lose out on profit if that were a thing (can't risk another DotA after all).
Client-side cheat detection can work for tournaments, but it's way simpler there: the tournament provides the hardware, and the players aren't permitted to install anything. This doesn't irritate me quite as much from a security perspective of course, because I am not about to log into my banking site on the presumably insecure tournament device. It's also imperfect: a sufficiently motivated pro player might bypass whatever locks you installed on the thing, especially if they get to spend any time with that device unmonitored.
Even better than that, tournaments have a way better cheat detection method anyway: point a camera at the player's hands. It's suddenly really, really obvious if they're cheating!