Richard Lewis: Can we trust Valorant’s anti-cheat? - Dexerto

Richard Lewis: Can we trust Valorant’s anti-cheat?

Published: 19/Apr/2020 17:30 Updated: 8/Sep/2020 15:19

by Richard Lewis


The first week of the launch of the new title from Riot Games, first-person shooter Valorant, has been something of a mixed one for the developer. The almost unprecedented hype around the game saw the closed beta launch reach a peak of 1.7 million viewers on Twitch as people vied for a drop so they could too participate.

The views expressed in this opinion piece are those of the author and are not necessarily shared by Dexerto.

Initial impressions of the game were met with praise from veteran gamers on social media. Then came the revelations that maybe the game’s anti-cheat, which was a big part of the marketing push to attract players of other games, wasn’t all it was cracked up to be with working private cheats being sold in the first few days of the closed beta’s release.

If Riot had egg on their face after that the coming days would bring worse PR their way. On April 12th a post on popular subreddit r/pcgaming would claim that the Vanguard anti-cheat system, which has kernel-level access on the computers that install it, would be launched on booting up your PC regardless of whether or not you were playing Valorant.

Valorant anti-cheat Vanguard
Riot Games
Riot made bold claims about the capabiltiy of their anti-cheat systems.

The post, made by Reddit user u/voidox, read:

“The kernel anticheat driver (vgk.sys) starts when you turn your computer on. To turn it off, you either need to change the name of the driver file so it wouldn’t load on a restart, or you can uninstall the driver (it will be installed back again when you open the game).

so ya, the big issue here is it running even when players don’t have the game open, from startup no less. EDIT – It runs at Ring 0 of the Windows Kernel which means it always has the same rights as administrator from the moment you boot.

For comparison, BattlEye and EasyAntiCheat both load when you’re opening the game, and unload when you’ve closed it. If you’d like to see for yourself, open cmd and type “sc query vgk.”

The thread quickly filled up with people confirming this to be accurate and expressing their concerns. The finding spread across social media like wildfire and made its way to the official Valorant subreddit. Eventually, Paul “arkem” Chamberlain, the anti-cheat lead, commented on Reddit confirming the claims made by the now many users who had tested out the method detailed in the Reddit post.

“TL;DR Yes we run a driver at system startup, it doesn’t scan anything (unless the game is running), it’s designed to take up as few system resources as possible and it doesn’t communicate to our servers. You can remove it at anytime.

Vanguard contains a driver component called vgk.sys (similar to other anti-cheat systems), it’s the reason why a reboot is required after installing. Vanguard doesn’t consider the computer trusted unless the Vanguard driver is loaded at system startup (this part is less common for anti-cheat systems).

This is good for stopping cheaters because a common way to bypass anti-cheat systems is to load cheats before the anti-cheat system starts and either modify system components to contain the cheat or to have the cheat tamper with the anti-cheat system as it loads. Running the driver at system startup time makes this significantly more difficult. 

We’ve tried to be very careful with the security of the driver. We’ve had multiple external security research teams review it for flaws (we don’t want to accidentally decrease the security of the computer like other anti-cheat drivers have done in the past). We’re also following a least-privilege approach to the driver where the driver component does as little as possible preferring to let the non-driver component do the majority of work (also the non-driver component doesn’t run unless the game is running).”

The Vanguard driver does not collect or send any information about your computer back to us. Any cheat detection scans will be run by the non-driver component only when the game is running. 

The Vanguard driver can be uninstalled at any time (it’ll be “Riot Vanguard” in Add/Remove programs) and the driver component does not collect any information from your computer or communicate over the network at all.

We think this is an important tool in our fight against cheaters but the important part is that we’re here so that players can have a good experience with Valorant and if our security tools do more harm than good we will remove them (and try something else). For now we think a run-at-boot time driver is the right choice.”

While I was working on this they also put out another clarifying statement, one that assured their players that their anti-cheat absolutely has to run the way it does and no changes to it are likely. If you want a TL;DR for the whole post it basically states “trust us, we’d never do anything bad to our fellow gamers.”

Hacker detected on monitor in Valorant
Riot Games
Vanguard runs from start-up, which some users feel is too invasive.

Right out the gate let’s establish something. Anyone acting surprised about the level of access that Vanguard has is either uninformed or disingenuous. Two months prior to the release of the closed beta the development team posted a blog detailing exactly how the anti-cheat would operate. As the original Reddit poster acknowledges kernel access anti-cheat isn’t anything new and has been utilised by multiple companies in the past. Indeed, it is the only thing that can give an anti-cheat system a fighting chance because most high-level cheats have that same level of access.

What must be said is that someone who is adept in reassuring people should have given this a thorough proofread. While the sentence “this isn’t giving us any surveillance capability we didn’t already have” might seem benign if you take it to mean the capability is zero, given Riot’s history and the company that funds them, it’s a statement that is incredibly difficult to be relaxed about. It also seems to inadvertently contradict what Chamberlain said in his Reddit post because it implies there is some surveillance capability there. If the intent was to communicate that there is no capacity to spy on you once the software is installed then this was a ludicrously ominous way of expressing that. This conclusion seems an impossibility when the following sentence states “if we cared about grandma’s secret recipe for the perfect Christmas casserole, we’d find no issue in obtaining it strictly from user-mode and then selling it to The Food Network.”

We can all appreciate when a game’s developer has a sense of humour, both about themselves and their projects. It can lead to great things. Think Devolver Digital. One area you probably don’t want to joke about though is having the potential to spy on your customers. The sinister overtone of “we’d find no issue” as a phraseology can’t be overlooked either. Do they mean technically, morally or both?

Still, most people let it slide because there is a growing sentiment among online gamers that they’re willing to take the risk of a big company violating trust with their data to ensure a cheat-free environment. It’s certainly not a sacrifice I would be willing to make and I think anyone willing to do so should probably assess their life priorities, but provided people are informed I believe it is a choice that should be up to the individual. It comes down to a matter of trust. So the only question that matters is how comfortable are you in allowing Riot Games that level of access to your computer?

Some things to consider then. Riot’s history when it comes to data breaches is less than stellar. In 2014 I detailed how they had kept a major hack, one that compromised millions of accounts, secret and then downplayed the details when it became public. The hacker behind that incident was able to continue to gain access after it was brought to the public attention after a warning for players to change passwords wasn’t heeded by a senior Riot employee. Even the President of the company, Marc Merrill, had his Twitter account compromised during this time. It was a hugely embarrassing and costly lapse in security.

Given that this took place between 2011 – 2013 you might be inclined to give them a pass and say it was early in the company’s history. It is worth remembering then that in July 2018 when Riot Games were legally obliged to comply with requests to share data with their customers under the newly adopted General Data Protection Regulation (GDPR) in Europe, they also had a security lapse. Some players were sent other people’s data, which included name, phone number, email and date of birth. While Riot were quick to respond and said it was only a “few” who were affected, the scope of the problem will never be known.

It also doesn’t help alleviate fears when you consider the fact that invasive anti-cheats have been abused in this space before. The Counter-Strike pick-up game system ESEA decided to secretly turn their kernel access anti-cheat into a bitcoin miner, violating their consumer’s trust and damaging user’s machines in the process. They would receive a $1 million fine for this malicious activity, two thirds of which would be scrubbed if they avoided any other violations for a ten year period. In court, the company would blame a “rogue employee” for doing it despite evidence of the owner of the company having made public comments about how they could turn their anti-cheat into a bitcoin miner without customer’s knowledge prior to the incident. Some of the staff that worked on the ESEA anti-cheat are now working on Vanguard.

Developer working on Valorant
Riot Games
Some of the staff from ESEA’s anti-cheat are now working on Vanguard.

Then there’s the elephant in the room… China. Riot Games is now wholly owned by Chinese mega-corporation Tencent. It is career suicide in the gaming industry to talk about how Chinese money and influence directs many of its biggest companies. Whether it’s Activision Blizzard punishing a player for expressing solidarity with the Hong Kong protestors, Mesut Ozil disappearing from PES and FIFA Online in China due to his comments about the persecution of Uyghur Muslims or game stores adhering to Chinese government censorship in order to sell their products in that country, China gets what it wants and games developers let it.

Tencent has become ubiquitous across all of gaming and tech. They own a piece of practically everything it seems. Where their money goes sympathies towards the authoritarian Chinese government seem to build. Indeed, Tencent enjoys a close relationship with Chinese government officials and has been exposed as having used their software for gathering information on their behalf. In March last year, a Dutch hacker revealed that 300 million private messages had been gathered through Tencent applications and stored on a database that could be accessed by police stations in cities and provinces across China.

Now, doubtlessly you’ll say “but that’s in China and there’s no way an American company would ever sign off on people’s data being used that way.” I’d hope you are right but it is hard not to believe that Chinese government influence isn’t present already. For example, last October, League of Legends players found that the game was censoring iterations of the word “Uyghur” and “freedom”. Riot staff took to social media to explain this away as a censoring error and that explained that sometimes the system just bans words by mistake. Interesting then that one of those words would happen to be the name of a minority group persecuted by the Chinese government who wants the atrocities committed against them to be hidden from the eyes of the world. What a crazy coincidence.

Put all this together and at best you should be healthily sceptical about deciding to give across such access to your computer. I’ve seen the arguments made that anything you sign up to can be subject to a hack. Of course, this is right but not everything you sign up to can be used as a surveillance tool without your knowledge and you should absolutely weigh up whether or not you want to opt into this simply to play an online game.

A final consideration… Maybe you are the type of person who is so frustrated with cheaters that you’d be willing to roll the dice on your personal data being used for something nefarious or a malicious entity gaining access to your computer files. So far the anti-cheat has fallen well short of the expectations it was generating before the closed beta launch. We had working private cheats being sold two days into the closed beta and the embarrassments keep coming.

Gun shooting in Valorant
Riot Games
Cheaters were spotted in Valorant only days into the closed beta.

Spanish CS:GO pro Oscar “mixwell” Cañellas was locked out of playing while streaming for charging his mobile phone via his USB port. He wasn’t the only player this happened to (Riot has since addressed the issue, and stated that Mixwell was in fact not banned, but instead hit by a bug that affected digital bootcamp participants who were accidentally still using the alpha build to play the closed beta).

Indeed, some cheats in the past have operated via injection from an external device. This false-positive suggests that at best, the anti-cheat is being overcautious and needs some fine-tuning. Meanwhile, T1 player Braxton “brax” Pierce had two cheaters in one of his games while streaming. Currently, it seems we are relying on manual bans to keep cheaters out of the closed beta, which makes a mockery of the whole idea of having this “revolutionary” anti-cheat in the first place.

So, to conclude, you guys can make your own choices. I personally think Riot Games should yield ground on the idea that Vanguard needs to be working on start-up as this would bring it in line with other kernel access anti-cheats we already have. The argument that it “helps” their fight against cheaters is lame when you consider the potential cost and the fact that so far the anti-cheat software looks like a false bill of goods. Failure to compromise or do more to reassure their players could be a not insignificant factor in the game’s potential success when it leaves this beta phase.


Adam Fitch: New fan engagement schemes are promising but not light tasks

Published: 20/Nov/2020 17:26

by Adam Fitch


Esports organizations are finally exploring ways to create deeper, more meaningful connections with their fans, but are they prepared for what a huge undertaking this can be?

While teams are amassing millions of followers across social media platforms, with fanatical supporters even getting tattoos of their logos, it’s easy to be mistaken in thinking that they’re the stars of the show that is esports. However, players and personalities are the real stars.

This is demonstrated frequently when esports athletes change teams and their dedicated fan base follow suit, now switching their team colors and overall allegiance. It’s not brands that are pulling off incredible plays on the server, nor brands signing autographs and taking selfies at events; again, it’s the players. They command most of the audience and, in a majority of cases, the diehard support of thousands.

In traditional sports, you may find your lifelong team depending on where you’re born or the colors that are placed on you by your family. Manchester United, Dallas Cowboys, Gloucester Rugby — the list goes on, and across numerous sports as just demonstrated. This is different in most cases when it comes to esports.

Team Liquid+ Beta
Team Liquid
Team Liquid announced the beta for their fan engagement initiative in August 2020.

What are organizations doing to combat this trend, or at least attempt to build up a bigger fan base that is in it for the long haul no matter the result or roster? In the last few months, they’ve turned to fan membership schemes.

These programs typically take the form of subscription-based perks, in which fans can buy into a program that awards them with increased engagement, insight into behind-the-scenes happenings, and perhaps even helping to influence upcoming decisions.

Of course, there are perhaps other reasons for these programs to be popping up. The global health situation has cancelled almost every in-person event or at least forced an online substitution to take place since March 2020. Revenue may be down for many, if not all, organizations that don’t have other streams in place to work around the lack of merchandise sales and fan initiatives.

Regardless, experimenting with new revenue streams is important in an industry that’s notoriously difficult to make a profit in — at least on the team brand front — can’t hurt, right?

Subscription services

Kicking off with what is starting to become a trend, one of the most popular organizations in the space, Team Liquid, launched the beta for Liquid+ on August 11. The initiative provides an environment where “regular fan interactions earn opportunities for elite rewards, fan experiences, and access to players.”

North America organization Envy were next, announcing EnvyUS on November 9 with premium memberships costing $29.95 per year. Fellow North American org Cloud9 followed Envy just a day later, announcing Stratus. Starting on January 1, and costing $500 per year, they are taking a similar approach to their predecessors — providing an “exclusive annual membership experience” for “superfans.”

Cloud9 Stratus
Cloud9 are offering the most expensive subscription service to date.

The eye-watering disparity in price between EnvyUS and Cloud9 Stratus is somewhat off-set by the welcome package that the latter offers. It includes a mouse pad, custom keycaps, a keychain, and limited edition t-shirts & jersey. This may not make up for the $500 price tag, but C9 will likely offer more ‘free’ physical items throughout the course of the subscription.

Now, this has been done before. SK Gaming had their own subscription service, SK Insider, over a year ago; accounting for 50% of the organization’s revenue at one point according to their co-founder. This may sound promising for the more recent initiatives but revenue was much harder to come by back then, especially in scale, so it’d be irrational to think that level of contribution to an org’s income is likely in 2020 and beyond.

It is indeed encouraging to see such initiatives from major organizations though, and if they prove to be a success in the future then no doubt this type of offering will become commonplace in the industry.

Third-party platforms

There are third-party attempts to increase and deepen engagement already in play, too. have partnered with the likes of OG, Team Heretics, and Natus Vincere to encourage participation from fans. They offer ‘fan tokens,’ which are effectively platform-exclusive currency that supporters buy with their own money and then use to engage in fan polls and other methods of garnering engagement.

Alliance Partnership with Socios
Former TI champions Alliance are the latest to join

While it’s hard to say whether are proving to be successful for teams on an engagement front, the involvement of longstanding and prominent orgs add a bit of credence to the concept.

Fnatic’s sneaky attempt

On November 11, around the time of Cloud9 and Envy’s announcements, London-based Fnatic revealed that they were to launch a crowdfunding attempt. Aimed at giving small pieces of the business to fans, they were hoping to reach a total of £1m in exchange.

The announcement coincided with the news that they had just raised an additional $10m, taking their investment to a total of around $35m to date, and proving that they weren’t simply turning to fans in a moment of desperation.

I see this as similar in motive to what the aforementioned organizations are doing. With a small sub-section of fans eventually owning a piece of the pie, they’re essentially buying into the future success of the team and are financially incentivized to support them for the foreseeable future.

hylissang inks new one year contract fnatic rekkles question marks remain
Riot Games
Fnatic have raised over their £1m target, reaching $1.2m on November 20.

If the goal of all of these efforts is to make fans stick around longer and be more emotionally (and financially, in some cases) invested, then Fnatic’s approach may be different but it has the same motive. You’re securing long-term fans that want to see you grow and succeed more than ever before.

Engagement isn’t easy

Now, keeping fans engaged with membership programs isn’t a light undertaking. Liquid, C9, and Envy are offering access to exclusive content that’s not available to the public — personnel is needed to make that happen. They also need to speak with their ‘superfans’ more often, and personnel is needed for that also. Hosting events, whether online and offline, requires plenty of hands in most cases too.

These teams can’t afford to now only focus on their paying fans, they need to keep their wider fan base happy with content, merchandise, experiences, and engagement that they’ve grown accustomed to. It’d also be advisable for them to try and obtain new fans also, and that’s not going to come easy.

These initiatives could well be a new, necessary stream of income for even the biggest of organizations, but it won’t be easy. This is just the start of things to come but I hope everything promised is fulfilled and such programs become a mainstay in the industry.