Ring 0 of fire: Does Riot Games’ new anti-cheat measure go too far?
Enlarge / Artist's conception of some players' perception of Valorant's anti-cheat driver. (credit: Aurich Lawson / Getty / Riot)
In the ever-evolving cat-and-mouse battle between cheaters and game developers, Riot Games is taking expanded measures to protect legitimate players in its new tactical combat game Valorant. But Riot's new Vanguard anti-cheat system-which involves a kernel-level driver that has very low-level access to your system-is raising some eyebrows among both players and security experts.
While the Vanguard anti-cheat client only launches when Valorant is being played, Riot says the system also makes use of a "kernel mode driver" that starts operating as soon as Windows boots up. That's a big change from Riot's pre-Vanguard anti-cheat systems, which operated entirely at the more common "user mode" level, just like most Windows executables.
The old anti-cheat system gave cheaters a big advantage, Riot says, since those cheaters could use code-signing holes or Windows corruption exploits to create cheating software that runs at the kernel level. With that more privileged access to the system, those kernel-level cheating tools could make themselves look completely legitimate to user-level anti-cheat tools (which have more limited visibility into the inner workings of the OS).
Read 19 remaining paragraphs | Comments