Valorant's Always-On Anti-Cheat System is "an Important Tool in the Fight Against Cheaters," Says Riot

Role
Valorant's Always-On Anti-Cheat System is "an Important Tool in the Fight Against Cheaters," Says Riot

Like many online shooters, Valorant employs anti-cheat technology to minimize problems caused by malicious players. It is called Vanguard and consists of a client that runs while the game is active and a kernel mode driver that is always on, as explained on Riot's support site. This seems to be making some players uneasy: for example, as pointed out in this Reddit thread, the kernel has full Windows admin rights, and the only way to prevent it from loading is to rename the file so that it cannot load, or to completely The only way is to uninstall it.

It seems potentially dangerous for a program to have that level of access without the user's knowledge at all. But over the weekend, Paul "RiotArkem" Chamberlain, Riot's anti-cheat leader, confirmed in a Valorant subreddit that it is intended to more effectively thwart evasion activity: cheaters usually first load the cheat software to bypass the anti-cheat system by loading it.

"We take driver security very seriously. We have had several outside security research teams review it for flaws (we don't want to accidentally compromise the security of your computer, as other anti-cheat drivers have done in the past)," Chamberlain explains.

"We also follow a least-privilege approach to the driver, where the driver component does as little as possible and lets the non-driver component do most of the work (and the non-driver component is not executed unless the game is running).

The driver does not collect or send any information about the system to Riot, and scans are only performed when the game is running, although the Riot Vanguard driver can of course be uninstalled from the Windows "Add or Remove Programs" menu, If you do so, you will not be able to play the game.

Riot has delved into the details of the kernel driver at Leagueoflegends.com. The post is fairly technical, but it clearly and plainly explains the concepts of permission levels and how cheats work, and also offers multiple reasons why, in Riot's opinion, gamers have nothing to worry about.

"This does not give us surveillance capabilities we did not already have. If we care about grandma's secret recipe for the perfect Christmas pot, we would find nothing wrong with getting it strictly out of user mode and then selling it to the Food Network. The purpose of this upgrade is to monitor the state of the system to maintain integrity (so you can trust your data) and make it harder for cheaters to tamper with the game (so you can't blame Aimbot for your personal failures)," the page states.

"This isn't even news; third-party anti-cheat systems like EasyAntiCheat, BattlEye, and Xigncode3 are already using kernel drivers to protect your favorite AAA games. We are just setting up our own sous chef in the Windows kitchen."

"We want to make sure that when people say, 'Where's the beef?' they get an honest answer."

EAC is used in Fortnite, Apex Legends, and The Division 2; BattleEye is used in Rainbow Six Siege, PUBG, and ARK; and the newest version, BattleEye, is used in the newest version of the game, ARK.

"We believe this is an important tool in the fight against cheaters, but the important thing is that we are here to help players have a good experience with Valorant, and if our security tools do more harm than good, we will remove it (and try something else)," he writes. For now, we think the driver that runs at boot time is the right choice."

Riot has yet to release specific numbers, but the system seems to be working: Chamberlain said on Twitter shortly after Valorant's closed beta began that a cheat ban was already in place.

Thanks, Kotaku.

Categories