Valorants Anti Cheat is a Kernal level Rootkit

In Riots quest to make the most competitive shooter they have taken a firm stance that in order to properly combat cheaters they need to install a ring 0 Rootkit on your machine.

This seems to have flown under the radar of every news outlet so let’s talk about what this is and what this means for software and privacy in general.

This is plain and simple software that gives the softwares controller full remote access to your machine. Anything you do or have on it is visible to them the moment you boot up your computer. If they wish to poll what software you have installed or are running they can. If they want to send files back to their servers for analysis they can but the developers pinky promise they won’t. According to some folks it also does not uninstall if you uninstall Valorant, you have to manually remove it.

If this does not scare you it really should.

  1. Riot can harvest whatever data on you that they want
  2. Riot could be compelled by a government to use this as a backdoor into your computer
  3. It’s not a question of if it’s a question of when this gets breached what happens with a game that is put out by a company that claims to have the most installs internationally
  4. A game this large will set a precedent for not only video games going forward but for software in general
  5. If Riot is dissolved over night what happens to everyone who still has this installed on their system. I just uninstalled Radical Heights this month despite that game being shut down for a long time. If you do not actively remove this once support stops you’re on a timer to exploitation
  6. There is no clear warning to anyone installing this game that this is giving them God on your computer

Not sure what everyone else is planning but I’m hard passing on Valorant

7 Likes

If people won’t pass on another Riot game because of the company’s history of gendered discrimination and sexual assaults, and ongoing attempts to bury related litigation against them for these acts, then perhaps this will.

2 Likes

The glib tone and bad humor is super out of place in that post. Anyone have insight into the other kernel mode anti cheat software that they say is already doing this? That seems like a big part of the “hey don’t worry” vibe but I don’t know enough to assess that on the actual merits.

2 Likes

Street Fighter V attempted and failed horribly at doing it in 2016

If others are doing it that’s news to me.

3 Likes

That’s, uh… a yikes from me.

I was actually looking forward to this, now I’ll probably avoid it unless something changes, which seems unlikely.

Ah well, more time to play my favorite, totally non-problematic hero shooter, Overwatch

2 Likes

More like Valorain’t gonna play it.

9 Likes

Ars Technica just put up an article about this:

2 Likes

That includes one group that was focused exclusively on the driver and another that performed “black box” attacks on the system from the outside.

Why not do white-box??? They gave a security team a black box approach and probably gave them 2 weeks to do as much as they could. I for one would want to see the actual details of these tests and the names of the third parties involved. There are so many fly by night testing companies now that you could just pick 3 random ones off the internet and say you got verified. Make them put their reputation on the line by being linked to this monstrosity.

“In extreme cases, we would work with our patcher team to automatically remove Vanguard from all players’ computers,” Chamberlain added. “After we had pushed a fix or removed the driver, we would work with Microsoft to get the vulnerable driver blacklisted.”

Because the first thing attackers are not going to do is make sure they can’t be patched out using the ring 0 access you have given them? How stupid do you have to be to believe that you can wrestle control back once someone has this level of access?

This is not going to play out where a few people get infected and they push a patch out that resolves everything. This is going to be something where we find out people have been infected for days if not weeks before the controller uses them to do something like ddos a service. Whoever gets control of this is going to make sure they do not lose control.

5 Likes

Hi, so I don’t know enough about computers as I should. Can you clarify for me what a Ring 0 rootkit is?

EDIT: I should have waited to post this, as the second I opened the article linked it explained!

1 Like

I’ll be the one to go low here and say it’s a good thing then that Valorant doesn’t seem to be catching on. I only first heard about it this week and from what I’ve heard it’s rather unastonishing.

It’s also a concern for other Riot Games properties, as they’ve indicated intent to port it to League of Legends etc if it works out for Valorant.

2 Likes

The game was only announced in March, so if you’re not keeping up with Riot’s stuff (and general gaming sites won’t help you there) it’s perfectly reasonable to have only just heard about it. As for popularity, it’s looking like people are clamoring to get a limited beta slot, so I think that this game is going to have legs, unfortunately.

2 Likes

This does not bode well for me ever being interested in Riot’s fighting game or ever running it at my tournaments. Hopefully it’ll see a console release?

Which is a shame because I loved Rising Thunder.