Riot Games is feeling a little heat from security-conscious gamers upon the detection of its Vanguard anti-cheat system for Valorant. The discovery of the system — or rather its re-discovery after having been found on computers that now actually run Valorant — has led to a response from a Riot developer on Reddit and interviews and articles across the internet over the past few days.
First, we’ll look at Riot’s own description of the system from a blog post two months ago, as it related to League of Legends. That laid out the basics of the system, such as the fact that it begins at system startup and operates at the kernel level, giving it the highest level of access to your PC. Despite sounding very scary and unprecedented, that isn’t too unusual for many well-known anti-cheat programs, such as EasyAntiCheat, Battleye, and Xigncode3.
Earlier this week, Paul “RiotArkem” Chamberlain responded to concerns about the system On Reddit, saying that “it’s designed to take up as few system resources as possible and it doesn’t communicate to our servers” and that users can “remove it at anytime.” The reason it needs kernel access is so that cheaters can’t load their cheats before an anti-cheat system starts up, which would be the case if it started when a game launched.
That brings us to an article from Ars Technica, which covered most of the above, as well as reaching out to both Chamberlain and independent security researcher Saleem Rashid. Chamberlain said that Vanguard was audited by three external security groups to check for flaws and possible exploits. He admitted that it can never be 100% perfect, but if anything does go wrong, Riot can patch things “within hours” — or, “In extreme cases, we would work with our patcher team to automatically remove Vanguard from all players’ computers.”
On the other hand, Rashid thinks is “not convinced it helps in the long run” and that a “bug will crash the entire OS, not just the game.” He said that a prospective cheater can simply “analyze the driver from outside of Windows and then apply similar techniques they use to defeat other anti-cheat systems.”
As Chamberlain pointed out, such kernel-level security programs are already in wide usage — Fortnite uses Battleye, for instance — without widespread chaos occurring, so it’s likely that Vanguard will be similarly invisible. The only issue I could foresee is that, because Riot is making its own system rather than using one that’s already in existence, something could be missed that those other systems already have covered. We’ll just have to trust that Riot’s experts are covering all their bases.