Why we shouldn’t allow boot-up drivers for anti-cheats
Riot Games’ “Valorant” has been stealing the hearts of gamers on the FPS scene, with thousands of players even before its official launch. But is it stealing your personal data as well? Ultimately, it comes down to a trade-off of privacy and security, and there are better alternatives to consider.
The concerns with Valorant are with its anti-cheat Vanguard, which comes with a kernel-based driver that always runs on start-up of your computer. And while Riot themselves have explained the way the anti-cheat works in various blog posts, that hasn’t stopped concerns about the access level granted to the anti-cheat. In short, when a player installs Valorant, they give Vanguard administrative access to all their system’s files and other drivers. While this isn’t unlike other anti-cheat systems such as Battleye, the difference is that regardless of whether or not Valorant is running, Vanguard is always running. With a game like Rainbow Six Siege, if you don’t want the anti-cheat running, you turn off the game and Ubisoft doesn’t have access to your file system anymore. But Valorant’s anti-cheat is always running: always watching.
But why? The official reason for Vanguard’s always-running status, as stated by Anti-Cheat lead Paul “RiotArkem” Chamberlain on Reddit, is that it makes it more difficult for cheaters to tamper with the anti-cheat or hide cheats on the system before Vanguard starts. And while he also says that the system driver doesn’t scan the PC or communicate wirelessly back to Riot, the nature of an anti-cheat is that it’s hard to confirm anything about it. Revealing exactly how Vanguard works just lets the cheat companies reverse-engineer the code and win the cheating arms race, so besides the word of Riot there isn’t a way to confirm what Riot is saying about the system driver.
Not only that, but cheats for Valorant are still commercially available: in fact, some of them came out within days of the beginning of the closed beta. That’s right: cheat developers picked up the game from the Twitch stream drops and were able to make some sort of workaround within 48 hours of the game coming out. Without either more obvious external auditing or released statistics for how many cheaters are banned or prevented, it’s hard to tell how much more effective Vanguard is in comparison to other market anti-cheats.
On top of that, the anti-cheat team has proven that they have been able to develop creative ways to deal with cheating, such as the fog of war system that deters conventional wallhacks. So, if they can come up with creative strategies such as this, why does there have to be a nebulous run-on-bootup system driver? This sets a precedent for videogames to put similar drivers onto games for the sake of fighting cheaters, and after a previous anti-cheat ESEA was caught mining bitcoin with planted malware into their public client, it’s going to be pretty hard to trust developers with putting invasive components onto anti-cheat software.
The arms race with cheat developers is obviously a hard one. But Riot themselves have proven that they can fight cheat developers with creative methods, and without any specific proof of increased effectiveness caused by the always-on Vanguard, players should continue to demand Riot to remove the bootup drive. Riot themselves have shown openness to change their anti-cheat methods due to popular opinion, so there’s no reason to not petition a removal of the bootup driver to log in and get some frags.