Originally posted by ImSkripted
id assume VGK loads at system start to prevent people using vulnerable drivers to either run their own code and or load unsigned drivers and will prevent the vulnerable driver from loading or prevent valorant from running after.
if this is the case i do see one hole in this form of security, you only know about publicly known vulnerable drivers. there are many other drivers that could be used other than what ill call "Driver C" because of, well the first letter. I know of one that is not only a very common driver but is also their latest version of that driver so I don't see how you could differentiate between someone using it to load cheats or is just wanting to use it for its intended purpose. not to mention the person who discovered it submitted a report in 2019 to the company and Microsoft, who both are still yet to acknowledge it, I've even gone as far as to contact my university to help him get the driver a CVE & fix but due to corna it seems that has been put on the...
Read more
You're not wrong, there are some difficulties with things like "Driver C"
When making calls like this one of the things we look at is the cost of cheat development. Even if a mitigation is imperfect we consider whether or not it increase the time/effort to develop cheats to be worth doing. There's also the cliche of "Defense in Depth" where several imperfect mitigations could work together to create a much stronger overall protection.
The theory goes that fewer people will make cheats if it's difficult and time consuming which will make it easier for us to detect them (or otherwise get them to desist).
So even when a mitigation is imperfect the additional burden on cheat developers can be worthwhile either to increase the cost of cheat development or just as one more part of an overall strategy.