Riot Games’ free-to-play Valorant relies on an anti-cheat (dubbed Vanguard), which may work very well as an anti-cheat, but for the exact same reasons is also intrusive beyond belief.
Its main component is a kernel driver that is loaded at boot, and runs the entire time you’re using your computer, even when you aren’t playing Valorant.
Kernel drivers are given the most powerful access to your computer out of any software you can run, outside of the operating system itself. Possibly one of the most scary aspects of these is their ability to change how other software runs by editing memory, not only what’s already stored, but in realtime as it’s being read or written.
This is similar to how cheat cartridges work on older game consoles: by transparently editing how the game (software) interacts with the console (hardware). Not every kernel driver does this, but they have the ability to do so. Most kernel drivers are helpful, providing extra functionality to your system.
The big problem with this approach is trust. Unless the driver is open-source, you don’t know what it’s actually doing without special tools to supervise it. You have to trust the developer to be including only the code they say they’re including, and not executing anything harmful.
Here’s where Valorant comes back into the picture. Valorant is owned by Riot Games. But have you ever wondered who owns Riot Games? A quick Google shows you that Riot is 100% owned by Tencent! For those unaware, Tencent is a Chinese conglomerate that, among other things, runs the Chinese state-approved social media networks, which must provide any data to the Chinese government upon request. Tencent is heavily backed by the government of China and thus is inclined to listen to them.
So to recap what has been said thus far, you’re installing system-level software on your computer that a Chinese state-backed company creates.
If that sounds at all bad to you, it really should. This is not to say that anything bad is happening, but would you really assume Tencent is going to act 100% angelically with these ties to China’s government? With this kernel driver, an entire host of other exploits is possible. For starters, the game and this driver automatically updating could enable further exploits, whether demanded by the Chinese government, Riot Games being hacked, or even by their own choice. Your computer could be connecting to a C&C server (see first paragraph on Wikipedia’s entry for botnet (yes, you read that right)) to run remote code, and unless you were watching it happen you would have no idea.
This gets even worse when you understand the portions of the anti-cheat that Riot Games has publicly mentioned. It runs constantly as mentioned earlier, monitoring all software that you run on your computer, and if it thinks (note: thinks) something is a cheat for a game, it will prevent you from opening that software. I say “thinks” because you can’t have 100% accuracy here, since game cheats are constantly evolving. It will also monitor your files for suspected cheats, and if it thinks one of your files might be a cheat, it sends a hash of the file to Riot for evaluation, and if they confirm it to be a cheat the hash will be added to their database of cheats. If one of your files matches this database you’ll simply get banned.
My main question for Riot is, why is any of this necessary? As a multiplayer game, shouldn’t any cheating (think flying, killaura, etc) be easily detectable server-side? I will not take “save processing power on the servers by making players do it themselves” as an answer because that’s no excuse for this.
The problem I have with all of this, however, is the complete lack of transparency. Obviously the kernel driver can’t be open-source, as people who did want to cheat in the game would then know how to bypass the driver. But when you go to install Valorant, you are never told any of this is happening. Not once does it inform you a kernel driver is being installed along with the game, let alone the scope of this driver. All it says is that Vanguard is installing. Any ordinary end-user will just think “okay!” and move on with their day.
But this is not acceptable. A company the size of Riot Games (and Tencent) has no excuse to use this as a solution. Have you ever had a Minecraft server demand you install a kernel driver for anti-cheat? Obviously not. And these Minecraft servers manage to ban hackers just fine, because hacks are easily detectable on the server side. If someone flies, the server can (obviously) notice that they’re no longer on the ground, and ban them.
If you still want to play Valorant after reading this, here is what I suggest you do (for complete protection, this list is quite exhaustive):
Now every time you go to play it, redo steps 3, 4, 6 and 7.
Unfortunately, Valorant won’t install in a virtual machine, which was my initial idea to isolate it. This is probably because VMs could be beneficial for people who do actually want to cheat.
While unplugging your Wi-Fi card may seem like complete overkill, a kernel driver especially could use it to scan for networks nearby. Your Windows registry contains passwords for networks you’ve joined. Your other devices are on one of these networks. The problem should now be apparent.
And the separate disk is simply to prevent the intrusion of privacy that is having all your files scanned.
One day I hope to test the theories stated here, but until then this all remains speculation. But as a user of this software you deserve to be informed of what it could be doing on your computer, and frankly, what it is doing.
If anyone reading this has more info on my theories and proof to back this up, please contact me at admin@donotplayvalorant.com so I can update this article accordingly (with credit, if you want it).
Thank you for your time.