Riot developer confirms Valorant has an anti-cheat process running in the background

    
29

Many folks feel extremely strongly about multiplayer games that have anti-cheat processes that run when the game boots up, so we feel it fair to report that Valorant is one such game that features this sort of process according to one of the developers themselves.

The alert on the game’s subreddit stresses that this anti-cheat driver fires up at system startup but does not scan anything unless Valorant is running. The process also reportedly takes up “as few system resources as possible” and doesn’t communicate with the game’s servers. It also, apparently, can be removed at any time — simply look for “Riot Vanguard” in your Add/Remove Programs window in Windows.

“We’ve tried to be very careful with the security of the driver. We’ve had multiple external security research teams review it for flaws (we don’t want to accidentally decrease the security of the computer like other anti-cheat drivers have done in the past). We’re also following a least-privilege approach to the driver where the driver component does as little as possible preferring to let the non-driver component do the majority of work (also the non-driver component doesn’t run unless the game is running).

“We think this is an important tool in our fight against cheaters but the important part is that we’re here so that players can have a good experience with Valorant and if our security tools do more harm than good we will remove them (and try something else). For now we think a run-at-boot time driver is the right choice.”

source: Reddit
Update

29
LEAVE A COMMENT

Please Login to comment
  Subscribe  
newest oldest most liked
Subscribe to:
Reader
EmberStar

I’m not really interested in Valorant, or anything from Riot. To me, the “really important part” is that a rootkit with “higher than Admin Access” priority is getting installed on tons of systems, and people *don’t* seem to be bothered by that. But hey, I’m sure you can trust Tencent to never do anything shady. They only have the best interest of the players in mind. And the instructions from the Chinese Communist Party on their desk.

‪‪‪
Reader
‪‪‪

I got my Twitch Drop on April 7th and have been playing on and off since then and when I got better at shooting the game became really fun.

If they manage to fight cheaters effectively, it will become my main FPS.

Reader
Kickstarter Donor
Vunak

I haven’t had an FPS I have enjoyed as much as I do Valorant in a really long time. Just makes it even better knowing that RIOT is putting so much into keeping things as fair and competitive as possible, from anti cheating measures to their networking infrastructure, 128tick server rates etc.

Reader
Kickstarter Donor
Greaterdivinity

Meh, but I am pretty fascinated with Riot “creating their own ISP” through partnerships and whatnot.

That’s pretty rad, and I imagine insanely logistically challenging. It would also partially explain what some of the hundreds of staffers and billions of dollars they have are doing, because they sure as hell aren’t all going into League, or even League + these new titles.

Gonna mark that for a deep dive later and hope Riot does some interviews on it. The tech talk will be over my head, but I’m super interested!

Random MMO fan
Reader
Random MMO fan

I don’t know which rational person would “feel very strongly”, the anticheat component is a necessity in any multiplayer FPS. This is the only way to know if a person is running the actual cheat.

People who have irrational paranoia about a piece of software scanning for game-specific cheats should stick to other game genres or play all multiplayer games on consoles.

Andy McAdams
Staff
Kickstarter Donor
Loyal Patron
Andy McAdams

In several high profile cases, the anti-cheating software took liberties that were far beyond just “game specific cheats,” in grabbing everything in memory and shipping it off to the developer for whatever reason. They also need to sidestep any existing antivirus on your machine, and because engineers don’t really understand what they are doing frequently create vulnerabilities and have unintentionally compromised the host system.

The brunt of the issue for most people isn’t the anti-cheating software, its the hamfisted, amatuerish and downright dangerous implementations of the software that causes problems.

Random MMO fan
Reader
Random MMO fan

I am aware of potential issues, however they are not an issue if the anti-cheat works well, and if there is an issue – it is always in developer’s best interest to fix it as fast as possible. This is no different than the game itself or the game launcher having bugs that affect performance or for example open your PC for potential remote exploits. So people who do not have anything illegal to hide should not really care about the anti-cheat software as long as it works without any performance impact or any other bugs.

flatline4400
Reader
flatline4400

That old chestnut of an “argument” aside, the fact is, anti-cheat software *never does* work without any performance impact or bugs. It is by definition poking a hole in your system defenses. And the number of false flags these things report for totally legitamate software is astounding.

And there’s certainly no need for such software to start at boot and run all the time. If you must have it, run it with the game. Or better yet, write in some decent sanity checks on the server side.

Random MMO fan
Reader
Random MMO fan

anti-cheat software *never does* work without any performance impact or bugs

I had played games with various anti-cheat software, including VAC, EasyAntiCheat and BattlEye, I have never noticed any bugs or performance impacts. Every software may have performance impact (such as increased RAM usage or a few percent of CPU usage) and can certainly have bugs but if they aren’t noticeable – they are not an issue anyone should be worried about.

It is by definition poking a hole in your system defenses

Please show me the working exploits which would allow remote access to PCs running any anticheat software because of vulnerabilities in that software. If there aren’t – this is not an issue that anyone should be worried about.

And the number of false flags these things report for totally legitamate software is astounding

Is it? I have never seen any anticheat software flagging down any legitimate program on any of my PCs and the only report I’ve read is that some people had issues with VM software being detected by anticheat or some keyboard macro programs. This does not look “astounding” to me.

And there’s certainly no need for such software to start at boot and run all the time.

Yes, there isn’t, but most people will never notice it unless they will open Task Manager and look for running services so this is not a big deal and once again, not something people should be worrying about as long as they do not notice performance impact.

flatline4400
Reader
flatline4400

I’m not going point by point because that’s fucking annoying.

Examples of false flags… autohotkey, keyboard drivers, mouse drivers. I literally couldnt play black desert without rebooting into safe mode basically because of their anti-cheat bs.

It doesnt matter if you or I know about the security holes that “still work”. They existed, you can google them as easy as I can. They still exist (not talked about, and I’m not going to point you in the right direction if you don’t know.) They will always exist.

Well *you* may have never noticed any problems, but other people have. God forbid that someone should have a different experience than you, or know something you dont. “Not an issue they should be worried about.” “Won’t notice unless they look for it.” How bout you let people decide for themselves. Dont speak for me. The arrogance. Ignorance is bliss until it bites you in the ass, but enjoy your wallowing. Done with you.

Reader
Utakata

So with that claim you are saying players who have issues with this have something to hide, as opposed having real and problematic issues with this as stated and documented. What a morally perverse position.

Reader
Bruno Brito

So, if it works 100% perfectly, without hiccups, which is almost impossible, and rarely happens, we’ll be all fine?

Long shot.

Random MMO fan
Reader
Random MMO fan

Personally I had 0 issues with any anticheat software from PunkBuster to the VAC or EasyAntiCheat or BattlEye, they did run perfectly for me, so yea, it is possible.

Andy McAdams
Staff
Kickstarter Donor
Loyal Patron
Andy McAdams

Tell me, can you explain to me what each of those programs is collecting about you? What are they communicating back to the developer? what does the developer do with that data after the fact? Do they store it? Do they have a retention policy on it.

Is data encrypted in route and at rest? What kind of security posture does the developer adopt?

These are all things that as an informed citizen and player. you should care about.

Reader
Bruno Brito

It isn’t. You don’t know that, because you don’t know if your PC is running at peak performance when any of these are working. You also don’t know if they’re getting data.

You clearly don’t care about your data all over the cyberspace. Go ahead, i guess.

Andy McAdams
Staff
Kickstarter Donor
Loyal Patron
Andy McAdams

At first blush, it’s in the developers best interest to fix – but that assumes a few things —

  1. that there’s no other higher priority work in the core game that needs to be done (spoiler: that’s never the case)
  2. That the engineers actually have the expertise in code they are trying to fix (also probably not common as most software companies don’t hire that specialized)
  3. that they actually understand where the issue is in the code to fix without a crap ton of investigation first (which takes us back to point 1)

So yeah, in theory its in the developers best interest but reality is frequently not that as we all work in a time-constrained world, and player bases tend to be very unforgiving about developers ‘fixing’ things that aren’t necessarily a priority for them.

There’s also “if you haven’t done anything illegal, this is a non-issue,” which is a bullshit argument. A parallel situation – just because I haven’t done anything illegal doesn’t mean I would let random people riffle through all the things in my house because I bought a toaster off of them. ”

Barring that, the potential for accidental collection of PII (personally identifiable information) that could then be used to gain unauthorized access to the victim’s other accounts is huge. You are basically saying that you trust everyone that has access to the information on the developer’s servers to ‘treat it with gravity it deserves.’ So you are willing to trust a bunch of strangers, who you’ve never met, will probably never met to always, in every situation, do the right thing with your PII. I don’t trust everyone in MY workplace, let alone a group of people who I don’t know.

But even then, let’s assume that everyone acts like their smiting diety of choice is watching and behaves appropriately. That says nothing of the fact that frequently, cybersecurity at many developers is not great / non-existent. A threat actor can (and has … ) accessed whatever information available that these developers store and use that data for whatever nefarious purposes they want. So even if everyone is behaving themselves at the developer, you are still placing a lot of trust that they will never have a breach, that they haven’t collected any PII, and that that PII can’t be used against you.

That’s a lot of stars that have to align just so, and to be honest people shouldn’t be comfortable with any of this from anti-cheating software.

Reader
Kickstarter Donor
Patreon Donor
Loyal Patron
Ashfyn Ninegold

I’m not keen on programs that install apps that run on start up and don’t allow me to nix that. Assurances that it uses “as few system resources as possible” means nothing. It literally means “we’re stealing as much as we need.” And if it can be removed at any time, what use is it against cheaters again?

Correct me if I’m wrong, doesn’t Blizzard’s anti-cheat program run only when their games are up?

Reader
losludvig

you won’t be able to play the game without the anti-cheat running.
They have to be pretty agressive on anti-cheat since cheating is the biggest issue for their main competitor, to the point where people use 3rd party matchmaking to get rid of cheaters in cs:go

Reader
Kickstarter Donor
Patreon Donor
Loyal Patron
Ashfyn Ninegold

Sad commentary on integrity, needing to be accepted and self-esteem.

Reader
Adam Russell

Does it mention in the TOS?

Reader
Life_Isnt_Just_Dank_Memes

Imagine wanting to play a game from Riot after all the incredibly terrible things their management did to people.

Reader
TherecDaMage .

Hundreds of thousands of people have been camping Valorant streams for days straight in hopes of getting a free beta key. If the game is fun, people will turn a blind eye to whatever a company has done.

laelgon
Reader
laelgon

But that doesn’t speak to the game being good or fun really. It’s a pretty straightforward way to build hype, even for games that are complete garbage. Distribute access to high profile streamers, pay the huge ones, and then make it near impossible for the plebs to access. All the people in weird parasocial relationships with their favorite streamers go mental and run with the hype machine from there.

Reader
IronSalamander8 .

That is a huge part of why I haven’t even considered playing this thing. I did see a couple of videos on it, but even if I wasn’t predisposed against Riot, it doesn’t look like it’s actually very good; the TTK is far too high as an example.

Reader
losludvig

If you boycott every company that doesn’t play by the rules you might as well just move out in the woods as a hermit.
Imagine buying electronics made by foxcon, products by a company that doesn’t pay any taxes, clothes made by child labor etc.
At some point, let the laws stort stuff like this out

Reader
losludvig

“Edit:” I don’t mind people boycotting stuff, and do so myself, but I take umbrage with people expecting everyone else to boycott whatever *they* find important. Everyone should pick the fights that matter the most to them

Random MMO fan
Reader
Random MMO fan

Hey you are always free to not play games by any company for any reason, just like other people are always free to enjoy the game by any developer without caring what this developer did to some people (and there is nothing wrong about not caring what they did).

Reader
angrakhan

Personally I look at things on a game by game basis. I don’t think it’s particularly fair to want a given game to fail just because something management did in the past. Often a new game has a completely different set of employees on it than another game and I don’t personally want them to fail just because something that happened on another game or their publisher did something in the past or their management. I see a LOT of people talk about how they won’t buy another game from XYZ publisher… EA for example… For me if the game is amazing, I’m playing it regardless of the past.

Reader
Bruno Brito

My friends will play this probably, and i’m really torn specially because the quarentine is screwing with my hobbies.

I’ll power through it.