The question of "How much freedom are we willing to give up for security?" is far from a new conversation topic. This thought experiment that lies at the heart of basically every piece of cyberpunk fiction has recently come into the spotlight with the release of Riot Games' new game Valorant and its anti-cheat software, the dystopian-sounding Riot Vanguard. Vanguard separates itself from the likes of other anti-cheat programs by installing a kernel-mode driver as part of its monitoring, and this has righteously caused more than a few people to seriously question this move.
On its own, a kernel-mode driver doesn't necessarily sound like the end of the world, but there's a lot to consider here. To explain a somewhat complicated subject in turns so simple even I can understand them: software on a computer runs at different privilege levels. You've most likely seen this through Windows UAC asking for permissions for X program to make changes to your computer or running something in administrator mode. The kernel space (or Ring 0) is the highest possible level of privilege and access in a system; anything running in the kernel space has completely unrestricted access to all hardware, memory, and other software. If that sounds like something that you shouldn't give access away to so you can participate in Riot's new E-sports venture, you're not alone.
The internet has been doing its thing and stirring up a ton of controversy about the permissions that Vanguard is giving itself to your system. Riot has been quick, and correct, to point out that Vanguard is not the only anti-cheat to utilize kernel access. To quote Riot Anti-Cheat Engineer Phil Koskinas:
This isn’t even news. Several third party anti-cheat systems—like EasyAntiCheat, Battleye, and Xigncode3—are already utilizing a kernel driver to protect your favorite AAA games. We’re just installing our own sous-chef to the Windows kitchen, so that when we hit em with a “where’s the beef,” we know we’re getting an honest answer.
Okay, fair enough, except that EasyAntiCheat only runs alongside its implemented games when they launch, and closes when they close. It does not run a kernel level driver at startup permanently, forever, even after Valorant (or any future Riot game which utilizes it) is uninstalled. We also simply cannot gloss over the fact that Riot is wholly owned by Chinese-Bond-Villain-Front-Compny Tencent. At least EasyAntiCheat is owned by Epic Games, who are mostly known for Fortnite and-
Oh god DAMMIT...
Not to be entirely alarmist here, but I'm not exactly comfortable with a Tencent owned company to have unbridled kernel access to my computer at startup forever until you manually uninstall Vanguard. Which is the entire problem that Riot seems to be glossing over here. In a message about Vanguard from Riot's security & privacy teams titled... uhh... A Message About Vanguard From Our Security & Privacy Teams, Riot addresses how "we would never let Riot ship anything if we weren’t confident it treated player privacy and security with the extreme seriousness they deserve." For a lot of people, myself included, the concern isn't weather or not Riot itself wants my nudes, access to my webcam and microphone, and the 3 digits on the back of the credit card, but if its seriously fucking evil parent company or a third party decides to take a look. Again, to Riot's credit, the company has directly addressed concerns about third-party attacks by expanding their bug bounty program for Vanguard, offering up to $100,000 for the most extreme vulnerabilities discovered. Riot's Anti-Cheat Lead Paul Chamberlain told Ars Technica the many steps, plans, and contingencies the company has in place, and it seems very well thought-out. Chamberlain has also been active on Valorant's subreddit, which effectively means he's standing in the trenches in front of a firing squad to quell people's concerns. It cannot be said that Riot isn't taking this level of trust they're demanding from players lightly.
Seriously, if subjecting yourself to this on behalf of your company's questionable actions isn't a testament to Riot's confidence, I don't know what is...
Look, I get it. Cheating is bad. The last thing Riot wants is to be handicapped against players exploiting their competitive E-Sports title, which is something they have a great deal of experience with as a company. Even if Riot is successful in keeping the dark side of the internet out of their kernel driver, there's two questions that will remain: should we be giving this kind of access to companies to play video games, and what about their parent company who is the darkest side of the internet? As a company who needs to protect the integrity of their product, Riot seems to firmly believe that this is the correct path. Their message from their Senior Engineer of Anti-Cheat Lead Technician Engineers conveys strong confidence and good will and I honestly believe them when they say they believe they want keep their customers privacy safe. But a door is a door and adding a new one in the highest privilege level of your personal information that a Chinese megacompany could have access to is just not worth it for vidya games for some people, myself included. For now I guess I'll spend my time on BattlEye games because at least I kn-
SON OF A BITCH
