Ring 0 of fire: Does Riot Games’ new anti-cheat measure go too far?

by
Kyle Orland
from Ars Technica - All content on (#524XR)
valorant-anti-cheat-800x450.jpg

Enlarge / Artist's conception of some players' perception of Valorant's anti-cheat driver. (credit: Aurich Lawson / Getty / Riot)

In the ever-evolving cat-and-mouse battle between cheaters and game developers, Riot Games is taking expanded measures to protect legitimate players in its new tactical combat game Valorant. But Riot's new Vanguard anti-cheat system-which involves a kernel-level driver that has very low-level access to your system-is raising some eyebrows among both players and security experts.

While the Vanguard anti-cheat client only launches when Valorant is being played, Riot says the system also makes use of a "kernel mode driver" that starts operating as soon as Windows boots up. That's a big change from Riot's pre-Vanguard anti-cheat systems, which operated entirely at the more common "user mode" level, just like most Windows executables.

The old anti-cheat system gave cheaters a big advantage, Riot says, since those cheaters could use code-signing holes or Windows corruption exploits to create cheating software that runs at the kernel level. With that more privileged access to the system, those kernel-level cheating tools could make themselves look completely legitimate to user-level anti-cheat tools (which have more limited visibility into the inner workings of the OS).

Read 19 remaining paragraphs | Comments

index?i=HTyZqWsQVaE:XBH6AMMGpFg:V_sGLiPB index?i=HTyZqWsQVaE:XBH6AMMGpFg:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments