5 comments

[ 2.6 ms ] story [ 18.6 ms ] thread
Thanks! This actually is a really nice blog post. I was unsure about Valorant anti cheat and the start at boot thing, so I never actually installed the game on my system.

> This is good for stopping cheaters because a common way to bypass anti-cheat systems is to load cheats before the anti-cheat system starts and either modify system components to contain the cheat or to have the cheat tamper with the anti-cheat system as it loads. Running the driver at system startup time makes this significantly more difficult.

but it looks like it really is needed:

> by 2015 or so, pretty much all the sophisticated, organized cheat-selling organizations were using kernel drivers.

“The oldest mention I've found of people complaining about kernel drivers in Anti-Cheat were in an article from 2016. However the first time I saw it was when the game Valorant was released with its new Anti-Cheat Vanguard, which is still very controversial to this day. This happened in 2020.”

This goes back much further.

Sony DRM running kernel drivers was 2005 and there were video game anti-cheat programs using similar approaches around the same time.

It was also around this time that Joanna Rutkowska was giving talks at blackhat and defcon on her research (redpill and bluepill) and rootkits which led to discussion, research, and media articles on anti-cheat and other applications.

(comment deleted)
Interesting blog post, I never really understood the necessity of kernel drivers in AC before. This cleared that up for me. I am also curious how server-side AC will develop in the future.
Sorry for my ignorance, but are any of these anti cheat drivers open source? I get that making them public would simplify for a cheater wanting to find ways around it (or a malicious actor to exploit them), but it would also go a long way towards users feeling sure of the fact that the driver isn't violating their privacy in other ways than necessary for detecting cheats during a game. Furthermore, if they are so much single-focus as the article argues then it should be easier for the companies the secure that what they open sourced is safe and can't be exploited.