For as long as there have been competitions, there have been ways to cheat and methods to ensure fairness or an Anti-cheat. Bribery existed even during the early stages of the Olympic games. Officials would take bribes to somehow allow a player to win whilst trying to be anonymous in doing so. In the current day, one example could be sports. There are top athletes taking performance-enhancing drugs, and drug tests to try and prevent this. In the world of online gaming, cheating comes in many forms depending on the game that is being played. In casual games, such as Minecraft cheating can appear in form of X-raying, which shows certain blocks through others, or software that increases one’s CPS (Clicks per second), which is crucial in fights.
Competitive gamers see cheating to be a much more subtle and a bigger deal. Two of the most common method of cheating include aimbot, which can help one gain perfect aim without having to do anything, and ESP (Extra Sensory Perception) which can help see one see other players through walls.
A secondary program is typically used for cheating. These programs are either free or paid for that can help do one of the methods mentioned above. Typically, third parties illegally create these scripts and sell them on shady sites. These cheats create an overlay above the game to highlight certain information a normal player would not have, such as player health, locations, etc.
To combat this, many games have an in-built program called an Anti-Cheat. To understand how Anti-Cheats work, it is important to understand how normal Cheats work.
How do cheats work?
Cheats are a collection of code that run in the memory of a computer. The memory of a computer refers to the RAM, which stores information about all the programs running at any given time. This means that if you have a chrome tab open, the RAM will store all the information about the tab, including any code required during its running. When you close the chrome tab, this closes too.
While cheating, the code behind the cheat runs in the system memory in parallel to the game. This allows the cheating software to embed itself between the game and the graphics driver. The cheating software then goes on to change the order things are drawn in to highlight players through walls, make certain walls transparent, etc.
Then, how do Anti-Cheats work?
Anti-Cheats work in several different ways. A very popular one is called “VAC” (Valve Anti-Cheat), developed by the video game giant “Valve” and first released in 2002. VAC tries to detect cheats by downloading a “Cheat detection code” each time you connect to a VAC server. For every attempt at “cheat detection”, a unique ID is calculated and sent back to the server. This happens to prevent cheats from disabling VAC altogether. When a cheat is detected, no ID is sent which prompts an error message and bans the player.
Although VAC sounds good, it is not always very effective. It is known to ignore even the most blatant forms of hacking due to its age and in turn, the games it watches over, such as Counter-Strike are known for their many hackers.
A very effective Anti-Cheat is “Vanguard”, Riot game’s self-developed Anti-Cheat, released alongside “Valorant” in June 2020. Riots’ new anti-cheat has no doubt been effective, however also been part of a big controversy ever since its launch.
How does Vanguard work and why is the controversy over this Anti-cheat present?
Vanguard works by running on ring 0, which grants it kernel access to a computer. The kernel is an interface between the hardware and the software. It helps manage your CPU, memory, and processes on a device. This includes all the device drivers for accessing file systems. This allows software with “kernel-level access” to execute ANY code, without prevention. This may seem like “malware” or the sort, but it is required. The Anti-cheat is running on kernel simply because cheats are also designed to run there, and any other access will deem the Anti-cheat to be ineffective.
Another aspect of Vanguard is the fact that it runs from system boot, even if Valorant is not running. This means it is a Rootkit. A Rootkit is something that gives a software privileged access to a computer while hiding its presence. This is where the controversy arose for the public. Rootkits are generally malicious and are where software like spyware, malware, etc. are run.
The controversy highlights the issue of Trust and User Privacy. Although this is a good thing to be worried about, there is little reason to do so. The rootkit may seem malicious, but there is a reason it is used. Access to it would not be so easy to achieve if it was only used for software with negative intent.
Another aspect of this might be kernel-level access. This may allow certain software to “spy” on a computer. If Riot games are ever caught doing something like that, they will be fined in the tens of billions of dollars due to the illegality of this, but the bigger consequence will be the loss of trust. This would mean constant losses and a bad reputation, which could spell a shutdown of the company.