None clickbait title:
Riot Games will rollout their vanguard anti-cheat to league of legends.
for those not in the loop, Vanguard is the anti-cheat Riot Games created for Valorant, their competitive first person shooter. The issue with Vanguard is that it's quite an aggressive anti-cheat, it runs on Ring 0 as a windows kernel driver. Hence, why some people call it a "rootkit".
I think its the “kit” part people are objecting to. Arguing that this software won’t make it easier to install other malware (unlike the infamous Lenovo LSE rootkit, which would install and hide other software).
The core issue is software freedom. Software, when it’s commercial, is something you basically give control of your hardware to and you have to trust that it won’t abuse that power. Or, you dont even use your own hardware, and you just send your data in an even more opaque way to the cloud. Will it be misused?
Typically, yes, egregiously. We need either computing platforms that sandbox things fully, or else full control over our software. And an end to these Eula’s Eula’s that, let’s be honest, could ask for anything and we couldn’t say no. Even governments get stuck here and can’t refuse
They’re doing what seems to be literally the standard for windows anti cheat. That they’re Chinese owned is moot as worrying about evil Chinese government hackers is to me a secondary concern to the long and illustrious history of terrible security vulnerabilities in all kernel mode “anti-cheat” drivers.
It seems much more likely that this anti cheat driver is just as buggy as every other anti cheat driver, and will end up being exploited by the same groups that every prior driver has been.
My view is that the correct fix for anti cheating is simply pitting all suspected cheaters against each other rather than trying to ban/block them.
There is a major difference that is worth the clickbait from what you call the standard for windows anti-cheat. Vanguard requires secure boot and runs the moment a computer is powered on, regardless if the game is open or not.
I never really got the outrage. Or rather, I don't understand why it's directed at the principle of a ring-0 anticheat.
I feel that security minded folks are apt to avoid installing software from notably untrusted vendors on important machines. If Riot ends up malicious then I'm not sure that kernel level access is capable of _that_ much more damage than what's required for a 'regular' anticheat to function. My bank account is unsafe either way. Obviously less access is better, but it feels like discussion around Vanguard always distills into an argument that would also suggest Riot's software to be untrustworthy even without a ring-0 anticheat.
They want to have their cake and eat it too. If you don’t want Tencent software to potentially one day turn your computer into a zombie that DDOS’s the pentagon or something… why are you still putting League on your computer? They’re running it down mid in more ways than one.
A lot of the outrage is because how riot has acted. They have repeatedly dismissed the concerns of security experts and their community in offhand/very dismissive ways. I don't think the outrage would be anywhere nearly as bad if they took the time to address the legitimate concerns raised and took steps to ease everyone mind (they could be more transparent about it and release the source for example).
Because people will find exploits that allow them to bypass it. Anti cheats in general rely on tons of factors but mainly a lack of knowledge on exactly how HWID bans are enacted, what injections by what processes are put under scrutiny, etc. With source available, all of that stuff is going to be a cake walk for cheaters to bypass. It’s not just a matter of “here’s the source but we are running as ring -n so it doesn’t matter”. full knowledge of AC behavior is a huge boon to bypassing, because there’s almost certainly problems with the implementation that a 15 year old will go on to discover and exploit.
I've been thinking about this as I recently reset Windows but didn't format my hard drive and create a new version of Windows. How do rootkits work? Can I look this up somehow?
> I could tell from the title that this was just going to be racist but I didn’t expect the racism to happen this early into the article lol.
There is, objectively, no racism here. You are intentionally introducing a politically-charged tangent in order to deflect from the points presented in the article.
> Just because a company is based in China doesn’t mean it is fully controlled by the CCP
This is objectively false. China has a law that literally compels Chinese companies to do whatever the government wants, with zero restrictions.
>Just because a company is based in China doesn’t mean it is fully controlled by the CCP,
If I were a non US company I would automatically assume said company is fully controlled (or I should say compelled) by the US .gov to gather information on foreign companies and governments. US companies such as Apple have had to outright public battles with the .gov to stop this data collecting, and we've learned again and again a large portion of companies just go silently with it.
What I would ask is, do you think China is not asking their internal companies for this information. And if you think no, how nieve do you have to be?
In the US the government can secretly spy on your data by jumping through various legal hoops. In China the government gets such data as a matter of routine.
I'm concerned with the CCP government using their controlling shares of Tencent to surveil computers around the globe with their kernel-level software for their own national security interests.
It's not racist to point out the CCPs ties to a company. You equating the CCP to be "The Chinese" is actually speaking more to your own racism as you can't differentiate from the government and the people it supposedly "represents"
for those not in the loop, Vanguard is the anti-cheat Riot Games created for Valorant, their competitive first person shooter. The issue with Vanguard is that it's quite an aggressive anti-cheat, it runs on Ring 0 as a windows kernel driver. Hence, why some people call it a "rootkit".