Vanguard, the controversial anti-cheat software initially attached to Valorant, is now also coming to League of Legends.

Summary:

The article discusses Riot Games’ requirement for players to install their Vanguard anti-cheat software, which runs at the kernel level, in order to play their games such as League of Legends and Valorant. The software aims to combat cheating by scanning for known vulnerabilities and blocking them, as well as monitoring for suspicious activity while the game is being played. However, the use of kernel-level software raises concerns about privacy and security, as it grants the company complete access to users’ devices.

The article highlights that Riot Games is owned by Tencent, a Chinese tech giant that has been involved in censorship and surveillance activities in China. This raises concerns that Vanguard could potentially be used for similar purposes, such as monitoring players’ activity and restricting free speech in-game.

Ultimately, the decision to install Vanguard rests with players, but the article urges caution and encourages players to consider the potential risks and implications before doing so.

  • Buddahriffic@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    10 months ago

    Also, it doesn’t even remove the capability of cheating. A virtual machine can hide things from the kernel. I’m not sure if there’s an existing implementation that makes it completely transparent to the guest OS that it’s running on a VM, but it’s technically possible to do that if it’s not already being done.

    A VM-based cheating system would be more complex than a kernel-mode one, but it’s just the next step in the arms race, unless there’s an even easier one I’m not aware of… I suppose hacking their anti-cheat system itself so that the games think it’s working properly might be possible depending on how it’s done, though that can be defeated by an even bigger security hole: giving it the ability to run arbitrary code from the server in kernel mode.

    Another way to cheat that might not be defeatable is to run a hacked version in parallel to a completely legit one. You use the legit one for all server communications and the hacked one to render an overlay over top of the video from the legit copy.

    IMO, the way anti-cheat should be going is behavior analysis of players. Do players behave as if they are aware of information they shouldn’t be, like the location of other players that shouldn’t be visible? Is the player less effective if the server feeds them fake invisible data about non-existent opponents? Is there a correlation between how difficult shots should be and how likely the player is to make them? Does the player’s performance drastically change from time to time, more so than someone getting into the zone or having a bad day? Does the player ever talk about cheating in the game’s text or voice chat?

    Though that’s assuming the cheating is the reason and not an excuse for this.

    • Breve@pawb.social
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      Yup, very true. There’s even the possibility of hardware level cheats, just like that new MSI monitor that analyzes the screen with AI. Imagine that but instead it’s a KVM switch like device that can “see” everything happening on the screen as well as the keyboard and mouse inputs. You could train it to recognize and track enemies in an FPS then add in some extra inputs to correct the aim every time you fire, or activate abilities in a MOBA automatically in response to enemy actions. I think this is what Gameshark might be trying to do. Short of requiring cryptographically secure input devices, the only way to detect this type of cheating would be behavioural.

      • Buddahriffic@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Another commenter linked a video that goes in to detail about how actual cheats are doing it (my comment was just speculation about what’s possible based on what I know about computers work), and they are doing stuff like that. They use raspberry pis and/or arduinos to analyze the screen (or a small square around the centre where the reticle is). Then they intercept clicks and when one is made, add in the corrections to centre the target and then pass on the click. In this case, the Arduino would have a the mouse and usb/network for the image stream as input and it outputs as if it’s a mouse.

        And as a man in the middle, it would just make the secure connection itself and pretend it’s just a mouse (spoofing whatever IDs it needs to), so I don’t think cryptographically secure mice would make a difference unless the market is willing to accept only buying approved mice that add their public keys to some database. It would just be another front in the arms race.

        Ultimately cheaters have the advantage of having physical access to their device. The scheme we’re talking about would even work on cloud gaming platforms as it’s only using the same information that is already being displayed to the player.

        • Buddahriffic@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          Oh yeah, and for behaviour detection of this, it’s kinda annoying they don’t detect it because I don’t think it would be difficult to do this (either from a problem solving perspective or the amount of computational power that would be required).

          Just track the x and y deltas and their derivative over time (in this case, the derivative is just the difference between the current sample and the previous one, so no calculus required, just a subtraction per sample). Then check if they are continuous. X and y deltas are velocity, which must be continuous because the mouse is a physical object and subject to inertia. Acceleration should also be continuous because of the limitations of our muscles (though if your mouse bumps your keyboard or your hand is moving and bumps your mouse, you can see natural acceleration that isn’t continuous, but these wouldn’t directly preceed a successful shot at a target).

          Then just watch for spikes in either of those. A better cheat program could smooth the spikes, but it slows down the capability of the aim bot.