Category: riot
Riot turns on ability to turn off kernel-level anti-cheat tool


-
An example of an average “special” power in action. Brimstone has a cloud he can place anywhere nearby, but it forces him to pause and load a map interface.
-
Then, the cloud is delivered from up high.Riot Games
-
The resulting cloud is completely opaque, but bullets and attacks can still go through it.Riot Games
-
Raze’s Boom Bot is basically a combat Roomba. Once you place it, the bot auto-waddles toward enemies, and if they enter its vision cone, the bot will lock onto them and chase them.Riot Games
-
At any time during a match, hold a button to bring up explanations for your character’s range of abilities.Riot Games
-
The gun selection. Notice “wall penetration.” Yes, even average weapons can strike through boxes and other debris.Riot Games
-
Down goes a bot in the game’s practice range section.Riot Games
-
This customizable target-practice system includes a nice read for how weapon accuracy plays out in action.Riot Games
Riot Games announced last night that a new update to the Vanguard anti-cheat system used in Valorant will let users disable and/or easily uninstall the kernel-level security driver via a system tray icon.
That doesn’t mean cheaters can just turn off the anti-cheat tool and do whatever they want, though—Vanguard still needs to be installed and running to actually play Valorant. If you shut off the service from the system tray, you’ll have to restart your entire system before loading up Valorant. And if you uninstall Vanguard altogether, it will automatically be re-installed when you launch the game, requiring another restart.
The system tray tool will also notify users when Vanguard blocks certain third-party apps from running on your system. Users can disable Vanguard at that point and run the suspect app normally.
While Riot says “most players will never run into such a scenario,” the vast majority of such app-blocking behaviors deal with “software [that] has a known vulnerability or is being exploited in the wild.” That includes apps found in CVE databases that could let a cheater load unsigned code into the system kernel.
“Ultimately, you get to choose what software you run on your computer,” Riot writes. “You can uninstall or stop Vanguard to allow your software to work, but that will have the side effect of not allowing Valorant to work until you reboot.”
While Riot acknowledges that there are already working cheats out in the wild for Valorant, the company maintains that Vanguard “make[s] it difficult for all but the most determined to cheat, while also giving us the best chance to detect the cheats that do work.” Cheaters that do get through the Vanguard system can still be “remove[d]… from our ecosystem by leveraging other game systems,” Riot writes.
The changes come as Riot continues to try to quell concerns about Vanguard’s use of a startup-loaded kernel-level driver, which it says is necessary to monitor system integrity and user-level hacks from outside of Valorant. The company says the driver “isn’t giving us any surveillance capability we didn’t already have” and that Vanguard “does not collect or send any information about your computer,” in any case.
But the driver itself could potentially be exploited for serious kernel-level attacks on Windows systems, a setup that independent security researcher Saleem Rashid told Ars “introduces a large attack surface for little benefit.” Riot has expanded its bug bounty program to encourage hackers to report any unknown driver exploits, and Riot anti-cheat lead Paul Chamberlain tells Ars the company would “likely be able to respond within hours” to disable the driver if such a vulnerability were found.
Listing image by Riot Games