devtrackers.gg
Aren't cheats usually loading as an unsigned driver? Can't you make a unsigned version, that only loads if the ms checking is disabled?
Definitely! We try to detect when driver signing is disabled and prevent the game from running.
Aren't cheats usually loading as an unsigned driver? Can't you make a unsigned version, that only loads if the ms checking is disabled?
Definitely! We try to detect when driver signing is disabled and prevent the game from running.
[deleted]
We are confident that we're complying with European privacy regulations, we take our obligations to player's privacy seriously.
Then could you do that but create a bunch of decoy drivers whitelisted by riot and shuffles them every update? having the cheat makers going troughs a 1000 of fake drivers in order to find the working one? Btw thanks for the answer!
That's a fun idea, I'm not sure if Microsoft would appreciate us doing that though :)
[deleted]
We take our responsibility as software developers seriously and we'll try to give you as many assurances as we can that this software is safe and secure. We're not perfect but we're putting a lot of effort into to trying to keep players safe.
At some point each player needs to decide whether or not they want to trust any piece of software with their computer. If you don't trust Riot enough to install VALORANT and Vanguard on your computer I'll understand but I hope we can change your mind one day.
You should open source this driver for extra piece of mind on our part
I'd love to but we're worried that releasing the source code would make it easier to bypass. I know it sounds a little "security by obscurity" but when talking about client based anti-cheat efforts there're always some elements of that.
So effectively you need the driver running 24/7 if you want to play the game. Or uninstall and re-install plus reboot your PC every time you want to play ?
Yes, to play the game you need to have the anti-cheat system installed and initialized at boot. You can uninstall it anytime you like but you will need to reinstall it and reboot before playing.
As much as I want to believe this line "The Vanguard driver does not collect or send any information about your computer back to us." it gets proven time and time again this is false. Doesn't exactly help your case being a Tencent company and all as well.
I get it, we'll have to earn your trust!
Feel free to monitor what we're doing and call us out if you see something fishy.
Hi, I just found this.
I prefer my VM setup with GPU Passthrough much more than dual booting. So far I invested too much time in getting the Vanguard service to stop crashing, so I will setup a dual boot configuration.
However, if you guys decide to allow VMs, how could I find about it? Is there a tech blog or something I can subscribe to?
We have a tech blog: https://technology.riotgames.com/ (I have an article coming out here this week)
For something as directly relevant to the game as VM support we'd likely mention it in our patch notes and/or put it in an article on the game site.
This is probably a dumb question but are you planning to continue these security practices as the code is updated?
Definitely, security is a process, we can't just say "we did security and now we don't need to think about it anymore". As we make code changes we know that new risks could be introduced and our previous reviews become less applicable.
And this is one of - if not the most important part.
I was so sorry to hear that someone already beat the anti cheat somehow, or "almost".
Can you give some insight into what they did our what happened unless I missed a post or article?
Again thank you for your time and this lovely game! Also if you stumble over my "CB button" so smash it for me thx! :D
The TL;DR version is that we launched our anti-cheat in a more passive mode to begin with in the hopes of reducing the chance of launch week issues. It was also hoped that this soft start would let us observe how cheaters would attack the current system without us fully tipping our hands.
To be honest in hindsight I would have tried to take a different approach because cheaters made progress much more quickly than I expected. The week or two or ramp up time I was hoping for was actually only a few days and so if I could do it again I would have recommended going hard right out of the gate.
Out of curiosity, if I use something like a PiHole to block outgoing DNS while the game isn't running, what are the consequences of that?
None it'll work fine, we don't have any network connectivity requirements unless the game is running.
Thank you for the hard work on the anti cheat! Game feels great! I had a question regarding this driver. Did you guys think about randomizing the name and location of the driver on boot up? Every vanguard update you could change the list of names to make it harder. I'm not sure if this is possible but I think it would annoy cheat makers as normally they have to inject into the driver to bypass it.
It's a good idea but there's a limitation that prevents us from doing this.
In modern versions of Windows all drivers need to be approved by Microsoft through a code signing process or they won't be loaded. This means that even if the name of the driver is changed there will still be some identifying features that would make it clear that the driver is Vanguard (since the authenticode signature would say "Riot Games").
Ever since downloading the game my computer has had serious issues starting up (like 2 fps serious) I'm all for invasive anti-cheat but not at the cost of my system, i've also observed lag on other games like csgo that I've definitely not encountered before. These issues could definitely be something other then the anti-cheat but I've been doing a lot of troubleshooting nothing has worked. I might just permanently uninstall the game if it continues
Specs 2070 MSI gaming z i7 7700k 16gb trident Z 3200ghz ASRock fatal1ty 4 270 Kingston 500gb nvme sad Windows 10 pro
There could be a compatibility bug (maybe Vanguard isn't compatible with something running on your computer?). I recommend putting in a support ticket so they can help you collect diagnostic information and troubleshoot.
You can also try uninstalling the anti-cheat (Add/Remove Programs and selecting "Riot Vanguard), if that fixes your problem then it's very likely that there's some kind of incompatibility and we'd definitely be interested in your help figuring it out.
If it can just be uninstalled what's the point? Does the game still operate without that component of the cheat system gone?
The game won't operate if you've uninstalled Riot Vanguard
Well, I assume your driver runs in kernel mode, because it start with the system. You straight away render most user mode cheats useless, the basic ones at least, where they are flagged instantly. At the same time 'someone more skilled' can find a vulnerability in your code and run their code in kernel mode. There is no way you can guarantee this won't happen, even when You state that several security teams had a look at your code.
There were multiple examples over the years with kernel drivers being exploited in the wild, Razer Synapse, Capcom and I believe there are several ways to break FaceIt anticheat.
You also stated it's very simple part that runs in kernel mode, which worries me that it will be simple to disable / override and render useless. Secondly, do you inform us anywhere during installation about this technique? I have beta access, but of course I skip all the reading and honestly don't remember.
While I can't guarantee that we're perfect we have put a lot of effort into the security of the kernel driver. We've had multiple groups review it for security flaws (both external security consultancies and our own security teams).
We definitely don't want to put yet another vulnerable driver out into the world!
Is there any updates on the blogpost about the technicalities?
I have a long article (it might be the longest article I've written since school!) about Fog of War coming out this week (Tuesday I think?). I'm also planning on writing shorter pieces about other anti-cheat topics but I haven't started them yet.
Hey there Arkem! I read your clarification. First of all: thanks for that, that was an immensely quick yet pretty detailed response to this topic! Secondly: I'm a bit of a control-freak when it comes to my PC. I'll monitor anything that activates on startup and usually turn most of it off, including non-essential Windows apps and files. I'll monitor Riot's Vanguard as I will any other 'new' component, but I will admit that if your take on anti-cheat proves effective and indeed causes no further issues (or proves to be a vulnerability of some sort)... well... I'll take anything over script kiddies who ruin (competitive) games for others.
tl;dr: thanks for explaining, that eased my mind quite a bit :)
You're welcome! We're trying to be as open as we can because we want people to feel confident in what we're doing. If you ever have any questions I'm happy to answer them.
My opinion is still going to be a hard line in the sand of unacceptable. I closed LoL on the 7th and over the next 48 hours it dumped over 100GB of crash logs onto my C drive(where LoL was not installed). Thankfully I have the ability to pull my drive and delete the file from another device because my computer would not boot(Windows 10 needs more than 22MB to boot).
Sorry about that!
That was a pretty nasty bug, the patcher team rushed out a hotfix during the week. The log files would have been deleted in a few days (only the last few log files are kept around) but obviously it's unacceptable to pollute your hard drive like that!
Can you use those skins on any agent once unlocked or only that specific agent?
You can use them on any agent.
Lol I figured someone had to make the joke. You guys made/are making a hell of a game!
Thanks <3