Cheating has always been present in PC multiplayer games, but the situation really got worse in the 2020s, when a lot of people appeared in the sphere during the Covid-19 lockdowns. Call of Duty: Warzone, PUBG, and Destiny 2 were all full of people using aim sticks to auto-shoot enemies or wallhacks to see everyone on the map. Riot Games’ Valorant stood out with its controversial and aggressive anti-cheat system, Vanguard, which was able to keep cheaters at bay. Now, four years later, it’s clear that Vanguard, unlike any other anti-cheat system, has won the war against PC cheaters.
“We don’t see as many cheaters anymore,” said Phillip Koskinas, director of Valorant’s anti-cheat system. “It’s just become too much of a chore for cheat developers.” Vanguard made it much harder for PC players to use things like aimbots or wallhacks. This is partly due to a controversial kernel-level driver that starts immediately after the PC boots. Riot’s Nick Peterson developed a system for Vanguard that detects when cheat engines are trying to access Valorant. “He came up with a fairly novel method that can be used to recognize that something has entered the kernel’s memory that shouldn’t be there,” says Koskinas.
The system works in a similar way to when a product is disassembled and parts are removed, which means that the manufacturer of the device knows that the warranty has been voided. “Once that happens, we know something happened, and then we’re just waiting for something to happen on Valorant to confirm that you’re using it to cheat,” Koskinas says. To get around this, the most popular technique for cheat engines today is to use direct memory access (DMA) with dedicated hardware.Basically, you use a PCIe card for physical memory at your request,” Koskinas explains. “Techniques have been developed with these cards – the most popular being the Squirrel – that do a lot of traditional memory scanning, but completely externally.”
This means that a cheater will have a secondary PC that scans Valorant’s memory space looking for player positions. A cheater can use this second PC in conjunction with a monitor to display a special new radar that lets them know exactly where their opponents are. This is a very powerful cheat in a game like Valorant where players rely on tactics, positioning and stealth to gain an advantage. Riot has also developed methods to detect this new form of hardware-level DMA cheating thanks to Peterson. His invention essentially blocks the internal memory of suspicious devices from being read.
But DMA protection can cause other problems, for example, Vanguard can block the NIC after the Valorant game is started. Riot has a list of trusted hardware and firmware, and if the NIC on your motherboard uses a method that looks suspicious, Vanguard can also kill your internet connection. Most Valorant cheats these days are limited to triggerbots, programs that use screen readers to monitor the center of the monitor and automatically fire when the player’s crosshairs land on an enemy. According to Koskinas, these make up “about 80 percent” of the cheats in the game.
Earlier this year, Vanguard was also added to League of Legends, which drastically cut back on scripters. League team revealed in Augustthat more than 175,000 accounts have been suspended for fraud since Vanguard launched. This is encouraging for Valorant and League, but the situation is not so bright for other game developers who are developing their own anti-cheat systems. The University of Birmingham was recently completed study showed that cheats in Activision’s Call of Duty: Warzone are still accessible and affordable, and that Activision’s Ricochet anti-cheat falls short of more sophisticated cheats. Activision even had to patch an anti-cheat hack in Warzone and Modern Warfare III that led to banning of legitimate players.
“The Ricochet team has talented people, but they obviously don’t have enough resources,” he says zebleerthe developer of Phantom Overlay, one of the most popular cheat engines for games like Call of Duty, Overwatch 2, and more. “Call of Duty is inundated with cheats and they are quick to fix when there is a problem.” Zebleer believes that Vanguard has a clear advantage over cheaters thanks to the fact that the anti-cheat team has adequate funding, talent and freedom.Riot has hired engineers who have developed cheat engines before, including Koskinas, who has more than 15 years of experience he previously developed and sold gamer software to finance his university career.
Unsurprisingly, researchers at the University of Birmingham agree that Valorant has the best anti-cheat system. It topped the anti-cheat ranking, followed by Fortnite, which also uses a kernel-level system. Counter-Strike 2, Battlefield 1 and Team Fortress 2 came in at the bottom. The researchers also highlighted weaknesses in Windows’ defenses that allow rogue software to infiltrate the kernel, similar to malware. After the devastating CrowdStrike incident, access to the Windows kernel has become a hot topic as Microsoft increasingly looks for ways to make CrowdStrike and other security vendors work outside of the Windows kernel.
Riot is looking to Microsoft for help in further protecting Valorant. “Microsoft has become much more proactive about revoking certificates for malicious drives,” says Koskinas. “We make the most of what Windows has to offer. If they start requiring virtualization-based security to be turned on, or hardware-enforced stack protection, or maybe hypervisor code integrity, then we’ll use those features to protect Windows for us. We will require them to be turned on and withdraw from the kernel space.” Vanguard will soon only start when you launch the game, assuming all the latest Windows 11 security features are applied, instead of always being on after boot. This may also help with some of your privacy concerns.
Riot is currently focused on Windows when it comes to anti-cheating, and there are no plans for Linux support for Valorant or League of Legends. Although Steam Deck supports some anti-cheats, developers like Riot are increasingly moving away from Linux. “You can freely manipulate the kernel there, and there’s no user-mode call to certify that it’s real at all,” Koskinas says. “You could make a Linux distribution that’s specifically designed for cheating, and we’d be working pointlessly.”
Respawn has just stopped supporting Apex Legends, citing concerns similar to Riot’s. Epic Games also refuses to support Fortnite on Steam Deck / Linux citing lack of users. “Imagine if Steam Deck handled the security, we’d know it’s a real device, fully authenticated. If all these features are enabled, we’d be very happy, let’s play, no problem,” says Koskinas.
Although Riot has already overcome traditional PC cheating, AI-based techniques are coming soon. Dedicated hardware like that can be made MSI monitorwhich helps you cheat in League of Legends, or increasingly sophisticated screen readers. Riot is particularly concerned about image reading. “This is where all the fraud is going,” says Koskinas. “We’ve done a lot of research on what human mouse and keyboard input looks like, but it’s a concern.” In one possible future, AI fraudsters and AI recognition could fight each other in a virtual war. “Frankly, we’re at a disadvantage. AI models can learn what human input looks like,” says Koskinas. Currently, Valorant is winning the war, but AI can reshape the playing field in this ongoing cat-and-mouse game.
Source: sg.hu
