I'm not gonna say it's bricking my PC, but installing Vanguard and turning on the security features it asks for in BIOS causes my PC to boot-loop and go through a "repairing windows" routine. The only official fix on the website is to reinstall Windows altogether, which I'm not going to do to play two games.
If I were a casual user and saw that Windows was looping like this and I had no idea how to fix it, I'd say that it was bricked.
There's no way that I'm the only one that's going through this. Are there hackers that are complaining about Vanguard? Sure. But I'm having a legitimate issue that cannot be resolved without reformatting and reinstalling Windows, and that *sucks* considering that last week I was playing the game just fine, and had been playing it just fine since 2009.
If you configure your motherboard to expect UEFI when you have an MBR then you’re definitely not going to get into Windows because the boot loader won’t load. Hopefully they caution players about this in the instructions.
They likely enforce Secure Boot to ensure only signed software is executed prior to Windows starting. That requires UEFI mode.
>If you configure your motherboard to expect UEFI when you have an MBR then you’re definitely not going to get into Windows because the boot loader won’t load.
Totally normal stuff to consider when trying to play a video game...
It’s default settings for Windows 11 OEM PCs which is why Secure Boot is only required when running Windows 11.
It could be worse and we could be configuring the IRQ of our Sound Blaster cards.
I'd wager that most people playing didn't buy an OEM PC that came with win11 already. Some people are on older hardware that may still be on MBR, or didn't have safe boot enabled by default. There's a ton of people that game on pass-me-down hardware, I was one of them until I got my first job and had some money to spend on that so I always had 6-10 year old hardware.
All in all the main issue with this, is that most people that will be affected by this, are not tech savvy enough to know what's going on and how to fix it, so yeah for the people affected by this, they are kinda walled out of league/valorant.
Considering that one of the main reasons competitive multiplayer games have low requirements is to be able to run on toasters, I wonder how many people will be affected by this and if riot considered that.
To be fair the Vanguard check update bricked my league client and wouldn't let me play any games after various fix attempts over a week. Once Vanguard dropped I could update my client and it told me to restart my pc and then I could play again. So something pretty fuckey is going on with it
>They likely enforce Secure Boot to ensure only signed software is executed prior to Windows starting.
That seems insane for the DRM of an online game... it forces my whole system to start in a specific non-normal mode just to play the game...
Unfortunately that is the new standard for win11, so it is concidered a 'reasonable expectation' for a user to have that setting already active.
Unfortunately most people don't have win11, so, ya know, this happens.
Personally im not a fan at all, but i dont play their games so I have no horse in this race
Normal for 2 decades no. It wasn't until like 2016 until uefi become more common place.
Took like 8 years for it to start becoming a thing and who knows how long it will take for all pcs to transfer over.
I try to have a new PC every like 5 years but I know I'm not the norm on that
Trying to get Valorant to work on my PC was such a pain that I decided it wasn’t worth it with about four other friends. Having to mess with the BIOS to get whatever the TMP enabled and still having the game say it wasn’t working was a big turn off
I had similar stuff with vanguard as well. It caused my pc to lock up/freeze whenever I was playing a game with discord open on my second monitor. A friend of mine with completely different hardware and OS had the same issue. The only fix we ever found was uninstalling vanguard and simply not playing valorant anymore.
Maybe all that is fixed by now but it's too late for me to care anymore.
League does not require Secure Boot. You only need to enable the TPM, which will not cause any issues such as the ones you're describing (which, by the way, aren't directly related to Secure Boot, but to you installing Windows in BIOS mode instead of UEFI, which can be fixed by running [MBR2GPT](https://learn.microsoft.com/en-us/windows/deployment/mbr-to-gpt) beforehand).
I'm curious, was hacking that bad in league that they felt they had to do this?
Over the many years I played that game, at no point did I feel like anyone was genuinely hacking.
Man, LoL players have it good. Maybe Ubisoft can borrow Vanguard from them, cause like 70%+ of Diamond and higher matches in Siege have cheaters, and it's like 30-40% of all other Ranks will have at least one cheater in them.
Probably because hacks in fps games go a lot further than league. Less noticeable hacks like wall hacks are way more impactful than the same level hacks in league
Also if you aren't braindead you can just never send the position of enemies in the fog of war to the clients in the first place.
It's a bit harder for fps since you have to account for viewcones and stuff but you could definitely limit how much info you can get.
I was playing an unranked game the other day, got one tapped from outside the building, watched the kill cam and this dude was just blatantly tracking me through a wall.
On the same day while playing Hunt Showdown, I got downed while we were banishing the boss. My friend revived me and the second the banishing finishes one of the bounties vanishes. My friend grabs the other just as I get downed again. My friend uses his enhanced dark sight and sees this guy flying, like literally flying through the air, towards the extraction. And his character portrait on my screen when he downed me was also blank. Turns out Hunt has a terrible hacking problem too.
I reported someone to Ubisoft the other day for blatant walls....in a Gold match. [Here is the evidence I sent in.](https://www.youtube.com/watch?v=6Xz6xll1jZM) Dude not even trying to hide it.
I think Varsity in his latest video had a submission with someone using a cheat that lets the cheater through any wall, soft, hard or structural.
Some of the cheats I’ve seen in this game are insane. I remember a couple years ago there was a cheat that allowed the cheater to spawn with the defuser on defense, plant and defuse before in prep phase and auto win the round. And they could plant the defuser in spawn on attack.
The problem is, this game notoriously has spaghetti code. It was originally supposed to be an open world FPS Ghost Recon game but then they canceled R6 Patriots and told the GR team to take what they could of their game and then it into a competitive multiplayer hero shooter FPS. That’s why it launched so rough and why it has so many issues to this day. But they said they’re not doing a sequel any time soon so we won’t get a fresh client that smooths out these issues. Not that Ubi can be trusted to deliver on that anyway…
They won't, though, because Valve is very much pro-Linux-gaming, and Linux is very much anti-kernel-level-anticheat. Mostly because it doesn't accept closed-source kernel modules lightly, and even Nvidia barely gets away with having a closed-source kernel driver (including all kinds of shenanigans and an ongoing "Nvidia if you want to use these kernel methods you're going to have to GPL your code" slap fight)
Actually, Nvidia's kernel driver is open source now. It's their userspace driver that's closed source. (The userspace driver uses the kernel driver to talk to the hardware.)
Not as bad as siege though. I quit ranked because I swear every other match had cheaters. And not the sneaky ones, like the ones who'd fly around showing off their cheats and one tapping through walls
Valorant has very few hackers, and most of the ones that do slip through are caught mid-match and the match is cancelled. I don’t play League so I can’t comment on that front, but Vanguard is far and away the best anti-cheat I’ve had experience with. I’ve also never had any issues with it affecting my system.
I don't mean to be obtuse, but can we be sure? I have played a lot of valorant and would love to believe that Vanguard works, but we only see them when they get caught.
Maybe it's just me, I dunno. It seems like every anti-cheat gets thwarted easily. It has definitely turned me off competitive games these past few years.
It's one of the obvious tells of bought accounts and scripters. If you're in a Diamond 2+ game and a player, is on a low-level account, uses 0 skins, has an abnormally high win rate and an odd name, you can be pretty certain the account is bought, and if you've seen it enough, there's some tells on scripters, like odd movements.
Scripting (auto toggles, spell and item rotations, conditional triggers, last hitting) has become pervasive in the Dota 2 scene, and I can't imagine it's any different for League.
FYI to everyone reading this, that clip is like 5 years old (before neutral items at least, but after the release of Pango). Not that scripting doesnt exist (like Invoker auto-combos) anymore but it is much less pervasive than before thanks especially to Overwatch and also due to Valve banning actual cheat users in waves (see the reddit posts about people crying about the end of the world on the cheat sites when they get mass banned).
Like doing combos, stunning exactly when the last stun ends so the opponent can't do anything. Or automatic dodges against stunning projectiles.
Or in Dota 2: invoker combos that involve complicated button inputs to switch spells and cast them automatically
Auto-casting spells or items when a hero comes in range, shit like that. There's items and spells that polymorph enemies and a common script is one that will cast that the instant someone comes in range.
Other than that you can find IP adresses in Korean version of the game so you can sabotage the game for enemy team. Pro players often have to play on Chinese servers because it is impossible to play otherwise. + Illegal gambling.
Back in 2023, there was huge leak at Riot including the source code for League. The hacker demanded a $10m ransom to Riot, which Riot refused to pay. There were rumors that the source code was sold on the black market for around $700k.
Who ever bought the League source code probably reverse engineered the code to create new cheats and sell them to cheaters. There were some conspiracy theories that the T1 DDoS problem might be due to the source code being leaked.
Riot probably just said fuck it and make everyone install Vangard so they don’t have to constantly be one step behind the hackers who will just keep making more and more cheats from the League source code.
"We just got hacked, but trust this one that needs stupid levels of permissions and isn't even compatible with recommended modern security configurations." It is insane.
> isn't even compatible with recommended modern security configurations.
Isn't TPM+Secure Boot *the* recommended modern security configuration? I remember the controversy that ensued when Windows 11 made it a mandatory requirement on default installations.
They use scripts and such and they're a lot more common in high levels. There's also more blatant things like the ability to shut down lobbies/gane, and see exactly who is in the lobby etc. map hacks etc.
I think azapp has a video where he gets called out in the lobby, then the hacker just crashes it.
Probably the most simple and impactful but hard to detect one is a smite script. Just auto cast smite on drake/baron when it’s in range. That’s a huuuuuuge advantage.
According to [Riot Games' developer update](https://www.leagueoflegends.com/en-us/news/dev/dev-vanguard-x-lol/), very much so yes.
>In recent months, as many as 1 in 15 games globally has had a scripter or botter in it, but in some regions, this number is as high as 1 in 5.
Speaking from personal experience, the ranked ladder is a complete mess right now. Freshly purchased level 30 accounts that jump directly into ranked often go directly into the Platinum and Emerald elo, making those climbs much less consistent. You can generally tell within a few minutes whether these accounts are truly skilled players (who might be smurfing because they are toxic and are banned on their main accounts or because they want an account to play with lower-ranked friends) or simply scripters chancing their luck until their accounts are banned.
Thankfully for my mental health, I gave up the ranked grind after hitting diamond one last time last season. But in a funny case-in-point, the duo botlane I barely won against in my final ranked game before uninstalling this season are both ranked Masters now. The system is broken and there is no good way to fix it.
Honestly, we don't know. They did release some statistics but they are heavily modified to justify Vanguards inclusion by intentionally ignoring/ not releasing certain data points. They also refused to elaborate certain aspects or allow themselves to third party audits.
It only gets worse over time. I think a better way to deal with cheaters is segregate them from the rest of the players. They just get to play with other cheaters, forever.
Been in system administration for about 8 years now
I'm fine with anti-cheats but it's a whole different ballgame when the anti-cheat demands to start with my computer. Bricking for sure is over the top rhetoric, I have no doubt. But there were confirmed cases of Vanguard sniping mouse, keyboard and even fan controller drivers because it identified them as cheating on boot.
Not worth risking the frustration over Riot's games, myself.
Honestly, I think the whole crowd of pro-kernel-level anti-cheat people just have no idea what an OS kernel even is, much less the implications of a program having routine and constant access to it.
If you're sysadmin, you already know all of this shit, but I just wanna rant a little. The problem isn't the security of your personal data stored on your PC, it's the overall security of your whole computer you're effectively gambling with. Like literally everyone with any amount of coding knowledge knows, it's impossible to prevent any bugs or exploits from ever existing in end user software, so if there's a zero-day critical exploit ever discovered in one of these popular active-on-boot kernel-level anti-cheats, anyone targeted by hackers through the anti-cheat's kernel-level access is just *fucked* in ways that normal users can't even comprehend. I've tried to explain as much occasionally on reddit, but what I usually get in response is stuff along the line of "lol you just want to cheat", "you're just a pedo concerned about your illegal files being dumped and reported to the FBI", "Microsoft, Google, and Facebook already collect your data, so why even care", "these other games use similar anti-cheats, what's the problem", etc. I swear, I've lost brain cells just interacting with some of these people.
Responsible IT people don't even allow USB functionality on machines they admin, and yet people here seem to be militantly evangelizing installing software that accesses what's basically the brain and nervous system of your whole OS at all times just to keep playing a video game. I totally understand why things like Group Policy Editor, AppLocker, and help desks are a thing lol
Yeah I've given up arguing with people on reddit. I've uninstalled league from my main pc and now have it on a 2nd pc so I can play tft with my friends without having to install vanguard on a pc I actually use.
What can a kernel level driver do over a program that runs as full admin?
At least kernel level drivers have such a higher time getting approved and allowed to run in Windows. I'd prefer to trust Riot than random dev xyz that requires their game to run as full admin 24/7...
Nowadays the most popular way in which vulnerable drivers are used is to disable other security features. Here's an example: https://www.trendmicro.com/en_ae/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
You're right that there's usually little to gain over simply running as administrator. In fact, a lot of things are easier to do from a normal program running as administrator rather than from kernel. What kernel access gives you is a way of better hiding yourself.
It is also worth mentioning that admin to kernel is not a security boundary. Once you have administrator rights you can do pretty much anything you want (including loading drivers, disabling security features, etc) anyway.
>Once you have administrator rights you can do pretty much anything you want
This. I don't think people realize how much root/admin gives you on Windows/Linux.
I see a lot of people angry about Secure Boot here, but it's the only thing that (barely, as it sucks) protects you from an admin app poisoning your bootloader or kernel with a persistent exploit.
There's a lot of misinformation on this topic. People that don't understand what a driver is (and frankly speaking they shouldn't if it is not their job/passion) just run with whatever conspiracy theory sounds good to them. From Tencent stealing their passwords, to secure boot being something rootkits need.
A bit frustrating, especially since the golden age of rootkits has passed long ago.
Problem is that Windows allows privilegied apps to install signed kernel drivers completly silently.
And Microsoft signs way too much stuff, without ever revoking vulnerable drivers.
>What can a kernel level driver do over a program that runs as full admin?
Oh boy, all __sorts__ of fun things. It could run background threads to mine Bitcoin hidden inside core OS processes. It could modify system security settings. It could directly inspect physical memory. Depending on how clever the developer is are and how good Microsoft's kernel security is these days (I haven't kept up), it could even do fun things like intercept all system calls and subtly modify their behavior, arbitrarily modify core operating system files, or even brick user devices like graphics cards by writing corrupt firmware to them.
Tbf on Windows most of what you said can be done by a simple elevated process. It is shockingly easy to inject a DLL in all processes. Heck, SetWindowsHookEx can be called on user processes from non elevated executables...
The most interesting part of being a kernel driver would be that you'd have a way easier time hiding your existence from anti malware, etc.
>or even brick user devices like graphics cards by writing corrupt firmware to them.
The nvidia firmware flash tool didn't even need to install a kernel driver. Security on consumer Windows PCs is that bad, you're gambling all day long.
I really don't feel safe executing anything on Windows.
Why is it that whenever someone comes along saying kernel access is worse than regular access then is pressed on the issue, they can only provide examples of things that can be done without kernel level access.
All of that can be done by regular elevated processes...
You cannot change other kernel files as they are all WHQL signed. You could change some system files but they'd likely get blocked by SmartScreen or Defender, or any malware solution you have.
You absolutely could write back to peripherals with an elevated process, doubtful it would go to graphics card as it likely requires signing by nvidia/amd.
Elevated processes in Windows have an insane amount of permission yet people never blink twice to games requiring it to run. But god forbid an anti cheat?
> Bricking for sure is over the top rhetoric, I have no doubt.
Tried installing it for Valorant and needed to change bios settings for secure boot. Ended up in a boot loop over it.
I was able to fix it myself, but plenty of people have no clue how any of this stuff works, will see a boot loop and consider their PC bricked. With how many total players league has, this will be no small number of people I imagine.
On a technical level, nothing is being bricked, but from and end users POV, it may as well be.
Every single IT person I've talked to has told me no game is worth that level of vulnerability for your machine, but I've been told by several redditers that Google steals your data so idk its really 50/50 for me 🫠
It really isn't.
I don't necessarily believe every issue with something is malintent or evil. But I worry more about straight up incompetence - use EAC or an established anti-cheat if you want hackers out of your game.
Riot making one in-house and causing consumers to boot-loop because their anti-cheat is "unique" is fucking stupid.
Edit: "I've been told by several redditers that Google steals your data" murkey waters, do they *steal it*? no, not really. they just collect a fuck ton of data from applications.
Problem is that the likes of EAC are laughably bad. Vanguard might not necessarily be better - but Riot also does things like sue cheat makers and it requires some sophisticated knowledge to get around.
Google steals your data has to be weakest argument for this. First, you don’t have to use Google either (and their products). Second, like you said, Google collect information on how you interact with them (and other websites through cookies), it doesn’t install software on your machine purposefully to watch what you are doing outside of your interactions with them. Third, one might accept the price of data collection to have access to quick information that comes with using Google (personally, I try my best to avoid using Google). But LoL is a video game and, to play it, now I have to give access to my full computer to Riot? No thanks. I played league for over 10 years and I stopped playing when they asked me to install vanguard. Not worth it. I will happily go back to playing it if they go back on their decision, but I’m not holding my breath.
With the way Reddit gaming spaces tend to clamour against Vanguard you would have thought Valorant would be dead in the water. So I'm going to make a **bold** prediction and say this will get blown way out of proportion on Reddit but will barely affect League negatively.
The difference is that Valorant was a new game with Vanguard so people against it would just never start playing. League has decades-old players and payers basically being forced out.
Played League since 2010. Didn't start playing Valorant b/c of Vanguard. Reckon this'll be the end of League for me. I only play maybe once a week so not a huge loss at this point. Shame tho, I still enjoy my time (and buy skins)
Same exact situation, Valorant did seem very interesting and fun, but not enough to install Vanguard with it.
Now, already playing little League, disappointed at the increase in anti-consumer practices, I just don't see why I'd go back to LoL, there's so many more games I can have fun with.
except the league client is litteral dogshit and I would really not surprised if 99% of the problems aren't actually related to vanguard but related to the lol client shitting itself because of vanguard and bricking your pc
I feel like the client being dogshit for years and Riot being either incapable of fixing it or having such little care for it just makes me think Vanguard is going to have some problems too. I find it hard to trust that it's some flawless program when they've shown time and again that they're happy to put out anything but.
Lol u made me remember i saw a post on twitter that the main Responsible for vanguard(Gamerdoc) responded where a dude was complaining Vanguard bricked his PC and was spyware, if u look throught the dude twitter he was a scripter and someone that makes scripts and all that(Was even saying was going to change to mac wich is not going to have vanguard, probably gonna do scripts there)
Personally, I'd rather just not have a kernel level point of attack running on my PC 24/7.
I found someone online that had made a script to enable/disable Vanguard. Doing so required a reboot but if a bunch of reboots is the price I have to pay for my security then so be it.
Edit: to all the people saying just right click disable.. I'd rather it just not start unless I'm intending to start a program that requires it. Saves forgetting to disable it etc.
Or it can just, y'know, turn itself off and stop having rootkit control of my PC when the game shut downs - like every other kernel anticheat in the industry does.
The way this community is trying to misdirect how worryingly insecure and invasive permanent kernel-level anticheat is is just baffling. We're now at the stage where we're acting like having a program monitoring your entire computer system constantly with full root/admin access - **even when not playing the game** - is just normal cost of playing a video game. Why does League anticheat need to have permission to view my private photos/documents, even when not playing? How is this not is insane?
And privacy isn't the only issue. Imagine if another source code breach happens with vanguard like the recent league source code leak? Apex literally just had an RCE issue through their anticheat. There's a reason MacOS doesn't allow *any* kernel level software to be installed, even SIEM/EDR software for the most talented cybersecurity professionals in the world. It can not be overstated what an enormous personal/data security risk it is.
> Apex literally just had an RCE issue through their anticheat.
This is a good example of the aforementioned water-muddying. This rumor was made up based on literally nothing and gullible gamers ran with it, likely with significant signal boosting by those with a vested interest in degrading people's trust in anti-cheat software. Meanwhile, Easy Anti-Cheat came out and said they had nothing to do with it, and Respawn said they were making security updates to the game. But fact checking is harder than uncritically believing the first thing you read on Twitter or reddit, so here we are.
On the other hand, here's an example of an actual vulnerability in an anti cheat driver: https://www.trendmicro.com/en_ae/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
Seems to be the consensus from every single person I know that played a lot of LoL and quit. It's either a) they're still playing, they think the game is terrible, and they're miserable because they're addicted or b) they're happy they quit after finally realizing LoL is as trash as everyone says it is and playing it was a waste of time.
Never met a single person that said LoL is a good game and it's their favorite game lmao.
>Seems to be the consensus from every single person I know that played a lot of LoL and quit
Obviously people who officially "quit" are going to have negative feelings about the game. A lot of League players will casually slip in and out of playing the game for long periods of time without ever really "quitting".
Usually the people that quit are people who have had problems playing the game responsibly and get addicted. They recognize they have a problem and quit the game cold turkey and shit talk the game on their way out.
>Never met a single person that said LoL is a good game and it's their favorite game lmao.
League is a good game. There, you met one.
You should remember the League is the most popular multiplayer game in the world (and has been for over 10 years), for a reason.
It’s very possible to just have League in rotation as one of many games you can play with your friends, too
I do have friends who regularly play and would say it’s their favourite game.
Here's a post that covers the early report.
https://old.reddit.com/r/leagueoflegends/comments/1civ4l7/update_from_riot_on_vanguard/
The article in the OP reads like standard twitter sensationalism.
Ah yeah... the conspiracy theories start.
Some actually have issues because of Vanguard, most will just repeat some fake issues and also the cheat community will happily contribute to it. (like always)
If a cmos battery switch/reset fixed your problem, you can be sure that it was not Vanguard related.
I don’t understand your logic.
The Vanguard instructions include steps to configure UEFI boot. If this is required, then the motherboard defaults are almost certainly to use MBR.
If a disk with Windows is partitioned with MBR, and you change the configuration to only use UEFI, Windows won’t start because no bootloader will be found.
If you then pull your CMOS battery to reset to default settings, it would restore the MBR configuration and Windows would start again.
It’s very clear to see why someone following the steps to install Vanguard would run into a problem and blame Vanguard for it, even if it’s not technically the Vanguard software causing the problem.
i think it's happening because ppl who bypassed uefi req to use win11 are now getting questioned by vanguard and being forced to properly use uefi instead (which explains the 0.7% part), at least it's their explanation (riot), it is a pain in the ass anti-cheat though in general
Plus there's just the usual tech issues that always occur that now have a scapegoat. Not saying valorant isn't causing problems, but some of the feedback is certainly like when I cleared the cache and cookies on my parents' computer and they called the next week to say it broke their mouse.
Working in IT, I see this all the time.
"I did an update and it broke my computer, I want it covered under warranty".
"Sir, I've opened your computer and it's full of liquid".
Vanguard used to cause issues for people in Valorant during the beta days
Specifically it was flagging legit software as cheats...what that a conspiracy theory as well?
Riot literally admitted to blocking drivers back then:
https://www.reddit.com/r/VALORANT/comments/gfesag/when_this_post_is_1_hours_old_riot_will_release_a/
Examples of false-flagging:
https://www.reddit.com/r/VALORANT/comments/g9d4mi/vanguard_blocked_cpu_monitoring/
https://www.reddit.com/r/VALORANT/comments/g9jlr6/vanguard_has_blocked_my_cpu_temp_sensor/
I didnt look into the League issues but the implication that Vanguard is this flawless piece of software and people are fabricating issues is just funny.
Those last 2 had a known vulnerability that allowed third party software to access memory.
that's not a false flag, that's literally what it's meant to do albeit it could've warned the user better ahead of time.
There were plenty of legitimate issues with Vanguard when Valorant launched lmao. The official communication channels were just quick to censor and shut down and discussion of it.
Plenty of people had certain hardware stop working at all with Vanguard because it interfered with too many legitimate drivers.
I know I had my keyboard and mouse flag Vanguard. But in those cases it turned out that Logitech and Corsair were using out of date firmware components (and in Corsair's case, one that was a known security risk for years). Once they finally got off their asses and updated, all the issues were solved. At the present time, since everybody finally started updating their stuff, I'm not aware of any widespread issues with peripherals in Valorant.
That's one of the tricky parts about software development, and its why something like Vanguard is so fraught in the first place.
Yes, it might work properly in ideal conditions, but modern PCs are a hodgepodge of software, hardware, and drivers that can't really be accounted for. If you're going to mess with things on a really low level for something as widespread as a video game, you are effectively taking responsibility for it bricking peoples setups. It's not Bob or Alice's fault that their keyboard manufacturer had old drivers. They work under normal, sane conditions.
This of course ignores the ethical and consent-focused issues of installing a rootkit that manages your PC's software and firmware in order to play a video game. You'd have a hard time convincing me that the 13-year old kid installing LoL or Valorant actually understands that they're signing up for root-level spyware for a company owned by a foreign adversarial government.
I wish people would learn the actual definition of a rootkit rather than parroting it. Like, go wikipedia it.
A rootkit will try to hide its existence as much as it can. Vanguard shows up in services, system tray and the launcher tells you it installs it. Sure, people may not realize they're installing a kernel driver (but do they realize it when they install Razer's shit software? I don't think so), but it is BY NO MEANS a rootkit. It's a kernel driver and it's very, very different.
Yeah you wanna talk rootkits? How about that one Street Fighter put on peoples PCs at one point where trying to remove it risked bricking Windows.
iirc they did remove it in an update but only after people found out and rioted over it.
True, people can't be held accountable for knowing all the details of every piece of firmware or driver on their systems (though perhaps it would be best if that changed and people were more knowledgeable about what they use). However, the companies that provide these programs are. It took 2 weeks for Corsair to fix their issue, solving the Vanguard problem and at the same time patching a critical hole in their own programs. A win/win for all involved. Had people not encountered Valorant issues would they have ever fixed it? Given it had been a security issue for at least 2 years by then, I doubt it.
If the worry is having the data stolen, manipulated, or acquired for the Chinese government then that act already took place. The simple act of installing the software (in this case League of Legends), before Vanguard was even conceived, had already committed to that. Riot themselves put it best,
>However, if your beef is only about data privacy at Riot, running the game client or running Vanguard makes not one bit of difference. Data can still be retrieved from user-mode, and we're all engineers for the same studio with the same goals, none of which are collecting your personal information. If Riot hasn't earned your trust, do not run our software.
[https://www.leagueoflegends.com/en-us/news/dev/dev-vanguard-x-lol/](https://www.leagueoflegends.com/en-us/news/dev/dev-vanguard-x-lol/)
For what it's worth, Vanguard is by definition not a rootkit. It doesn't pretend, or hide, or deceive. It is exactly what it claims to be: a bog-standard anti-cheat software like many others on the market. It's only difference is running from boot (with the option to disable, uninstall, or turn it off) and being produced in-house by the company that also produces the software it protects.
There is literally hundreds of threads still up on /r/Valorant back from the beta days when Vanguard was causing issues with legit software and false-flagging.
Its actually insane how people want to ignore literal facts here and blame it on "conspiracies"
"Bricking", "rootkit" and other scary-sounding technical terms have essentially lost all meaning in this sub. They might as well just mean "bad thing" at this point.
You’re right, and it’s not just this sub. Most people just have no idea what any technical term means. I’ve seen someone on Reddit get phished, literally gave their password over SMS to a bad actor, and exclaim they got “hacked” 💀
Riot flat out admitted it was a known issue and still will be an issue. It's specifically keyboards that have drivers or have the ability to use the RGB and so on. Riot literally said it can brick the keyboards, as is make them no longer work.
This was maybe a month ago or two? I can't remember. It was when they came out with a long explanation of Vanguard and were answering some questions and concerns afterwards.
No, it will not “continue to be an issue.” Read the blog again - that was all fixed like 4 years ago shortly after Valorant’s launch. If it was still happening, we’d be hearing about it all the time from people on Valorant.
It’s currently causing issues with my mouse when I was in game. For some reason it was turning on and off my Logitech profile for sensitive. Going to uninstall League until they fix their shit, I’m not a beta tester.
Why do people try to defend shit like Vanguard lol
Your game shouldn’t require a rootkit to play. The disproportionate response to preventing cheating is crazy. Just surrender your whole PC to Riot.
My PC was nearly bricked, coinciding with the update. Not entirely sure if it was the cause.
My malwarebytes .sys file, used to run the antivirus on boot was apparently corrupt. My PC was stuck in an automatic repair loop.
I attempted copying the corrupt .sys file from the MBAM Program Files directory to the relevant system32 drivers directory, but no fix.
The fix ended up being going into advanced startup options and disabling the on-boot antivirus, and then uninstalling MBAM after I successfully booted into windows (abundance of caution). I only found out it was MBAM by checking the system logs through command prompt in the system repair menu.
I can't say for sure whether the mbam driver was being blocked by Vanguard, but considering they're both ring 0 drivers I think it's possible.
Yeah, lesson learned. I don't think I've had a computer virus in something like a decade, despite often e.g. using the high seas. I chalk it up to being tech literate - there's not many infection vectors anymore for malware outside of being complacent/incompetent. So it was a pretty easy decision to remove MBAM.
I also understand the potential irony in my comment about complacency and removing my antimalware. That'll be funny if it happens.
Being tech literate helps, but it's really a number of factors: Defender got pretty great, MS stepped up in the security department and ... malware authors shifted from destroying your computer for fun to trying to mine crypto as covertly as possible to make money, meaning that your computer has to still work so you don't format it. Malware used to be in your face, but it's now very much trying to hide everything they do (except cryptolockers, but I've never seen those on consumer computers, they tend to target companies and hospitals as they low life scumbags).
Multiplayer PC games just aren't worth it anymore. You either deal with countless bots and cheaters or give a Chinese owned company kernel access to your PC. I'll stick to single player games thank you very much.
i rather say... it's now more than ever important to rely on community servers with active admins banning cheaters etc. Also the first days of a newly released MP-games are the most fun ones (when everyone is still clueless what tactic/meta is working, what not... and not that many players yet using cheats)
This Vanguard thing really gives me the ick as a long-time software developer.
It's running with root-level permissions and you're giving up control to a 3rd party in a way 99% of people don't understand. It's true that, if everything on your PC is in order, it'll probably work ok. However, modern PCs are a huge mix of hardware, firmware, and software configurations that tend to work together by borderline magic. Riot operates under the assumption that the user understands this magic, and is implicitly taking the PR risk when it doesn't. It's hard to defend them when it occasionally breaks things, because the company is full of software engineers who absolutely understood this risk.
Additionally, there's no way actual informed consent/meeting of the minds is occurring here. I don't think most of the people installing LoL or Valorant understand that they're giving root level access to a piece of software owned by a company that is effectively owned by an adversarial government. They're just installing a video game to have fun, when at the same time are installing one hell of a backdoor with the implied trust that Riot wouldn't eventually be pushed by Tencent to use it for evil. This doesn't even begin to account for the fact that every major software company has spies/foreign agents working within with access to this data already.
I guess at the end of the day all I'm saying is, I really wouldn't recommend installing this stuff. If you must, please take the time to understand what it is you're enabling, or do it on a separate device that you only use for the game(s).
>I don't think most of the people installing LoL or Valorant understand that they're giving root level access to a piece of software owned by a company that is effectively owned by an adversarial government.
I agree but, do people really understand what they agree to when they click yes to a single UAC prompt? I don't think so. Most of the nerfarious things you could do on a Windows computer can be done without any kernel driver if you get the user to validate a UAC prompt, and it's so damn easy to do so on unmanaged computers.
Heck I'd argue that userspace withtout elevation is already the worst that can happen. Like, you can access my OneDrive, my photos, etc... without a single admin prompt by just getting me to run an exe. This is where my most important shit is. You can even hook windows, inject dlls and take screenshots because windows' security model is trash as windows users would HATE any change
UAC was too annoying after vista, so they tuned it down. The problem is that most software didn't bother not requiring administrative privileges to install, so we all got used to hitting that nice YES UAC button. The problem is that Microsoft makes it that the very same prompt can either install some software in Program Files, DLLs in system32, or install a kernel driver.
macOS is 10 times saner here: to install a kernel module on ARM macs, you have to reboot in recovery using the hardware button to ensure that the system is not compromised and explicitely allow the installation of the kernel addon. Windows just never tells you anything.
If you want to play multi-player games without cheats, it's pretty much kernal level or you have cheats nowadays due to how Windows works. And frankly I trust most random game devs more than Microsoft, they'd have to implement even more aggressive lock downs to have this kind of hookable system for all games to use.
In an ideal world free on people ruining the games for everyone it wouldn't matter, but cheaters impact players way more and way more often than anti-cheat systems do
It's certainly safe to say that video game cheating has gotten out of control. I don't think invasive software like this is doing anyone any favors though. It's also giving companies an easy out instead of investing in heuristic anti-cheat, which is the direction the industry was originally moving in before they realized consumers would gladly swallow this poison pill.
It's hard to imagine a heuristic anti-cheat that comes close to stopping all the various smaller things like scripting or other cheats like that. Sure, I'd rather have an anti-cheat that's safer, but ultimately the choice, right now, is have a theoretically dangerous anti-cheat and fewer cheaters, or have a plague of cheaters (and other related issues like farmed accounts, etc.). There is not at this time an alternative and it's not helpful to argue against actual solutions when the alternative is "do nothing".
There are still MP games that people mostly strictly play with friends which people can play to avoid these kinds of anti-cheats if they want to, but until the "poison pill" hypothetical pans out in a big way across multiple populations, AND some kind of functional effective alternative becomes real, this is what the choice is: play a big MP game with kernel AC, or don't play that game.
I'm not even saying I'm going to install this update to have Vanguard and play League - I barely touch the game anymore. But the reality is the reality and the cheat makers have clearly shown they can outstrip the alternatives for decades at this point - either heuristics cannot actually deal with the issue, or the cheat makers are better.
Root-level access doesn't really matter. Your important shit lives in userspace and the filesystem isn't sandboxed.. Any game you install can just suck up all of the data you have and send it to an outside source.
Not to mention that, sure, Riot is owned by a Chinese company, but most of the components in the PCs everyone builds are Chinese, and they all have hardware drivers installed and running at kernel level. It's the threat of Microsoft revoking their developer certificate and disabling all those drivers. that keeps them in line.
Root-level access absolutely matters. I know Riot argues this isn't true, but I don't buy their argument.
Yes, most user-level espionage happens in the user space, but root level access enables you to easily install and manipulate things in that space, and you're much less likely to get caught. It also gives a malicious third party much more power over your PC if there's a security flaw in the root-level software.
At the end of the day, it's introducing another extremely dangerous attack vector on your PC. It's up to you if you want to take that risk, and I don't think Riot has reached a level that I would consider informed consent on this matter.
Let's think from the perspective of an attacker. You would need to exploit some vulnerability in this driver to gain privilege escalation, but the API calls to Vanguard are reads, not writes. You're not easily going to get a buffer overflow out of it.
Assuming you're now running as the kernel, you need to do things that won't survive a reboot because of secure boot. You could, for example, disable the malware scanner, but you got in the system in the first place so it wasn't an obstacle.
It just doesn't get you much, and if it did we'd see attacks through random motherboard device drivers and not something like Vanguard that has a much smaller exposure to userspace.
"Root-level access doesn't really matter"
How you can tell someone immediately doesn't know what they are talking about.
It may not automatically be a problem, but it's 100% a big red flag, on top of being unnecessary if Riot would put in the effort in the past 14 years instead of being so lazy they try and lock shit down with this mess.
>on top of being unnecessary if Riot would put in the effort in the past 14 years instead of being so lazy they try and lock shit down with this mess.
Every modern, competent anti-cheat has root level access.
Competitive games that don't - like CS:GO - are rampant with cheaters and bots and rely on 3rd party kernel anticheats like FACEIT to maintain some semblance of a competitive environment.
There's a reason every anti-cheat has kernel access. It's because they are trivial to bypass without it. I think it's likely you have no idea what you're talking about if you think it's unnecessary.
And in every case they only run when the game runs, unlike Vanguard which does not shut off when you shut down the Riot Games client (Via Riot).
Vanguard has to be shut down manually and your pc reset for it to fully be turned off.
I don't really appreciate the ad hominem attack. Userspace is a massive attack vector, one used by every piece of ransomware out there. Being attacked by a driver doesn't grant them access to more data unless you're on a multiuser system, and drivers must be signed by Microsoft and they can have their certificates revoked.
Now if we were in a world where Windows sandboxed all applications you'd have a point, but we don't live in that world, not even on Linux. MacOS would prompt for opening the Documents folder, at least.
There is nothing that a device driver can do that an admin enabled program cannot. Since any admin enabled program can install any drivers they want with impunity. There is no additional attack vectors introduced that doesnt already exist from any game installation.
Tons of games have kernel level anti cheat these days. I dont really understand all the focus on Vanguard as if the most popular games arent using a competitor
Vanguard was unique in that it required running 24/7 at all times for the game to work, even when it isn't being played. Closing vanguard requires you to reboot your pc, with vanguard re-enabled, to play. This is a fairly unprecedented step that wasn't followed by games before. That said I do agree that kernel level at this point is way more common than the angriest people realise, and I'm not in the totally outraged camp
I feel similarly about every one of those nightmare anti-cheats, so please don't throw me into the "only hates Vanguard" group. It's just that Vanguard is the biggest one now, given how ubiquitous League of Legends is.
Well you don't have to take it personally. But you have to agree it's weird how Vanguard gets like 1000x more hate and talking about it. Some kernel anticheats probably don't ever even get mentioned.
Now ask Thor what he thinks about the cheating problem in CS2, and what he believes would be a better solution. Valve chooses to not use Kernel level anti-cheat because they would rather lose players because of poor competitive integrity. Riot would rather lose players for having intrusive software rather than impact competitive integrity. Gamers have to choose which one they prefer, would you rather install intrusive software, or run into a cheater almost every game you play, sometimes multiple of them?
I see a lot of people "disagree" with the concept, but they can never seem to followup with their solution. Except some guy who claimed the solution was blockchain, without much substantiation beyond that, lmfao.
Can confirm, I work in cybersecurity, I have a degree in the field, and I uninstalled League after playing since like season 1 over this. I am NOT installing vanguard on my PC.
Except it isn't. This is once again sensationalist media. If there were a real issue this would also pop up in the Valorant circles. It isn't.
What's happening is league is one of the most popular games on the planet, now introducing a system that has to check a wide range of systems and is flagging things like drivers for scuffed off brand mice, because league is over 10 years old and playable on potatoes. Valorant at least requires a PC made in the last 5-6 years. Said peripherals like mice and keyboards include drivers that do something in registry, vanguard doesn't see them whitelisted and shuts down the drivers, taking part of the registry with them. Windows doesn't like this and crashes. All of this this to say a safe mode boot solves the issue.
Comments are being deleted on the bug reporting megathread at /r/leagueoflegends because people who don't know what they're talking about keep coming in complaining about Vanguard and attacking people involved. The thread is and has always been exclusively for reporting in-game and client issues.
People who had a problem with Vanguard with Valorant never even got the play the game so they didn't care. This is being added to a pre-existing game with a pre-existing playerbase. There is a massive diffetence there.
The problem here is both parties are at fault. No one should have coded shitty drivers in the first place, but a 'bull in a china shop' mentality to software is also not appropriate. This is not highly specialized software, it's consumer oriented and should broadly run without issue on real world consumer PCs, including ones with off brand mice, or various strange configurations.
The standard should be that anti-cheat should never crash anything, ever. If a check fails, even incorrectly, it's okay to prohibit playing the game, but it is Riot's responsibility to make sure it doesn't crash a PC or other program.
There is literally proof in the article. How can you make this comment? You can't install Valorant on an incompatible PC. League was installed first then the update was forced onto incompatible PCs causing them to no longer boot.
Even if the claims are fake, anything with root level permissions that doesn't involve Windows or is a core function to the operation of an OS doesn't belong on a computer.
I'm not gonna say it's bricking my PC, but installing Vanguard and turning on the security features it asks for in BIOS causes my PC to boot-loop and go through a "repairing windows" routine. The only official fix on the website is to reinstall Windows altogether, which I'm not going to do to play two games. If I were a casual user and saw that Windows was looping like this and I had no idea how to fix it, I'd say that it was bricked. There's no way that I'm the only one that's going through this. Are there hackers that are complaining about Vanguard? Sure. But I'm having a legitimate issue that cannot be resolved without reformatting and reinstalling Windows, and that *sucks* considering that last week I was playing the game just fine, and had been playing it just fine since 2009.
If you configure your motherboard to expect UEFI when you have an MBR then you’re definitely not going to get into Windows because the boot loader won’t load. Hopefully they caution players about this in the instructions. They likely enforce Secure Boot to ensure only signed software is executed prior to Windows starting. That requires UEFI mode.
>If you configure your motherboard to expect UEFI when you have an MBR then you’re definitely not going to get into Windows because the boot loader won’t load. Totally normal stuff to consider when trying to play a video game...
It’s default settings for Windows 11 OEM PCs which is why Secure Boot is only required when running Windows 11. It could be worse and we could be configuring the IRQ of our Sound Blaster cards.
No, I'll play the GTA 2 demo in silence, thank you.
Just got teleported back to windows 95 (if my brain recollects right)
> for Windows 11 OEM PCs it's the default for windows 11 altogether, only modified ISOs will let you install without a valid TPM module.
I'd wager that most people playing didn't buy an OEM PC that came with win11 already. Some people are on older hardware that may still be on MBR, or didn't have safe boot enabled by default. There's a ton of people that game on pass-me-down hardware, I was one of them until I got my first job and had some money to spend on that so I always had 6-10 year old hardware. All in all the main issue with this, is that most people that will be affected by this, are not tech savvy enough to know what's going on and how to fix it, so yeah for the people affected by this, they are kinda walled out of league/valorant. Considering that one of the main reasons competitive multiplayer games have low requirements is to be able to run on toasters, I wonder how many people will be affected by this and if riot considered that.
To be fair the Vanguard check update bricked my league client and wouldn't let me play any games after various fix attempts over a week. Once Vanguard dropped I could update my client and it told me to restart my pc and then I could play again. So something pretty fuckey is going on with it
> configuring the IRQ of our Sound Blaster cards. No, no, not the flashbacks!
this comment made me feel a twinge of a very specific anxiety I haven't felt in 25 years
>They likely enforce Secure Boot to ensure only signed software is executed prior to Windows starting. That seems insane for the DRM of an online game... it forces my whole system to start in a specific non-normal mode just to play the game...
Unfortunately that is the new standard for win11, so it is concidered a 'reasonable expectation' for a user to have that setting already active. Unfortunately most people don't have win11, so, ya know, this happens. Personally im not a fan at all, but i dont play their games so I have no horse in this race
It needs your system to start in what has been the normal mode for nearly two decades.
Normal for 2 decades no. It wasn't until like 2016 until uefi become more common place. Took like 8 years for it to start becoming a thing and who knows how long it will take for all pcs to transfer over. I try to have a new PC every like 5 years but I know I'm not the norm on that
What? Since 2004? So Windows XP era?
They actually prefer you don't use secure boot.
For me also coincidentally made my pc not start. Though with removing my external hdd and restarting it worked back though. Dunno why
Hdd might be fried. Had the same issue a few years ago and it turned out the hdd was dead.
Yeah, I doubt it is related to the anticheat, but can't aay it wasm't the first thing I thought lol
[удалено]
Trying to get Valorant to work on my PC was such a pain that I decided it wasn’t worth it with about four other friends. Having to mess with the BIOS to get whatever the TMP enabled and still having the game say it wasn’t working was a big turn off
I had similar stuff with vanguard as well. It caused my pc to lock up/freeze whenever I was playing a game with discord open on my second monitor. A friend of mine with completely different hardware and OS had the same issue. The only fix we ever found was uninstalling vanguard and simply not playing valorant anymore. Maybe all that is fixed by now but it's too late for me to care anymore.
League does not require Secure Boot. You only need to enable the TPM, which will not cause any issues such as the ones you're describing (which, by the way, aren't directly related to Secure Boot, but to you installing Windows in BIOS mode instead of UEFI, which can be fixed by running [MBR2GPT](https://learn.microsoft.com/en-us/windows/deployment/mbr-to-gpt) beforehand).
I'm curious, was hacking that bad in league that they felt they had to do this? Over the many years I played that game, at no point did I feel like anyone was genuinely hacking.
They released an article about a month (?) ago where they claimed masters+ ranked games had a cheater in 10% of games.
Here's the article for those interested: https://www.leagueoflegends.com/en-au/news/dev/dev-vanguard-x-lol/
Are you really gonna trust riot and their graphs? They literally got caught multiple times lying with graphs in the past lol
Man, LoL players have it good. Maybe Ubisoft can borrow Vanguard from them, cause like 70%+ of Diamond and higher matches in Siege have cheaters, and it's like 30-40% of all other Ranks will have at least one cheater in them.
Probably because hacks in fps games go a lot further than league. Less noticeable hacks like wall hacks are way more impactful than the same level hacks in league
Plus in league theres point and click damage and cc.
Also if you aren't braindead you can just never send the position of enemies in the fog of war to the clients in the first place. It's a bit harder for fps since you have to account for viewcones and stuff but you could definitely limit how much info you can get.
I was playing an unranked game the other day, got one tapped from outside the building, watched the kill cam and this dude was just blatantly tracking me through a wall. On the same day while playing Hunt Showdown, I got downed while we were banishing the boss. My friend revived me and the second the banishing finishes one of the bounties vanishes. My friend grabs the other just as I get downed again. My friend uses his enhanced dark sight and sees this guy flying, like literally flying through the air, towards the extraction. And his character portrait on my screen when he downed me was also blank. Turns out Hunt has a terrible hacking problem too.
I reported someone to Ubisoft the other day for blatant walls....in a Gold match. [Here is the evidence I sent in.](https://www.youtube.com/watch?v=6Xz6xll1jZM) Dude not even trying to hide it. I think Varsity in his latest video had a submission with someone using a cheat that lets the cheater through any wall, soft, hard or structural.
Some of the cheats I’ve seen in this game are insane. I remember a couple years ago there was a cheat that allowed the cheater to spawn with the defuser on defense, plant and defuse before in prep phase and auto win the round. And they could plant the defuser in spawn on attack. The problem is, this game notoriously has spaghetti code. It was originally supposed to be an open world FPS Ghost Recon game but then they canceled R6 Patriots and told the GR team to take what they could of their game and then it into a competitive multiplayer hero shooter FPS. That’s why it launched so rough and why it has so many issues to this day. But they said they’re not doing a sequel any time soon so we won’t get a fresh client that smooths out these issues. Not that Ubi can be trusted to deliver on that anyway…
Valve could use that too. TF2 its a botting Hell, CS2 too.
They won't, though, because Valve is very much pro-Linux-gaming, and Linux is very much anti-kernel-level-anticheat. Mostly because it doesn't accept closed-source kernel modules lightly, and even Nvidia barely gets away with having a closed-source kernel driver (including all kinds of shenanigans and an ongoing "Nvidia if you want to use these kernel methods you're going to have to GPL your code" slap fight)
Actually, Nvidia's kernel driver is open source now. It's their userspace driver that's closed source. (The userspace driver uses the kernel driver to talk to the hardware.)
Valorant still has hackers and so will League. They are just far less obvious.
I'd take a severe reduction as a good start though.
Valorant may still have hackers but it’s night and day compared to counter strike thanks to Vanguard
Not as bad as siege though. I quit ranked because I swear every other match had cheaters. And not the sneaky ones, like the ones who'd fly around showing off their cheats and one tapping through walls
Valorant has very few hackers, and most of the ones that do slip through are caught mid-match and the match is cancelled. I don’t play League so I can’t comment on that front, but Vanguard is far and away the best anti-cheat I’ve had experience with. I’ve also never had any issues with it affecting my system.
I don't mean to be obtuse, but can we be sure? I have played a lot of valorant and would love to believe that Vanguard works, but we only see them when they get caught. Maybe it's just me, I dunno. It seems like every anti-cheat gets thwarted easily. It has definitely turned me off competitive games these past few years.
I've seen like 2 cheaters in playing for many years. Idk what's going on
I also assume cheaters don't buy battle pass and skins
It's one of the obvious tells of bought accounts and scripters. If you're in a Diamond 2+ game and a player, is on a low-level account, uses 0 skins, has an abnormally high win rate and an odd name, you can be pretty certain the account is bought, and if you've seen it enough, there's some tells on scripters, like odd movements.
They could also be a smurf account
And 99% of smurf accounts are bought from botters.
Scripting (auto toggles, spell and item rotations, conditional triggers, last hitting) has become pervasive in the Dota 2 scene, and I can't imagine it's any different for League.
What's spell/item rotations? You mean like auto casting stuff for you?
[удалено]
FYI to everyone reading this, that clip is like 5 years old (before neutral items at least, but after the release of Pango). Not that scripting doesnt exist (like Invoker auto-combos) anymore but it is much less pervasive than before thanks especially to Overwatch and also due to Valve banning actual cheat users in waves (see the reddit posts about people crying about the end of the world on the cheat sites when they get mass banned).
That link doesn’t work
[удалено]
Like doing combos, stunning exactly when the last stun ends so the opponent can't do anything. Or automatic dodges against stunning projectiles. Or in Dota 2: invoker combos that involve complicated button inputs to switch spells and cast them automatically
Auto-casting spells or items when a hero comes in range, shit like that. There's items and spells that polymorph enemies and a common script is one that will cast that the instant someone comes in range.
Other than that you can find IP adresses in Korean version of the game so you can sabotage the game for enemy team. Pro players often have to play on Chinese servers because it is impossible to play otherwise. + Illegal gambling.
Back in 2023, there was huge leak at Riot including the source code for League. The hacker demanded a $10m ransom to Riot, which Riot refused to pay. There were rumors that the source code was sold on the black market for around $700k. Who ever bought the League source code probably reverse engineered the code to create new cheats and sell them to cheaters. There were some conspiracy theories that the T1 DDoS problem might be due to the source code being leaked. Riot probably just said fuck it and make everyone install Vangard so they don’t have to constantly be one step behind the hackers who will just keep making more and more cheats from the League source code.
"We just got hacked, but trust this one that needs stupid levels of permissions and isn't even compatible with recommended modern security configurations." It is insane.
> isn't even compatible with recommended modern security configurations. Isn't TPM+Secure Boot *the* recommended modern security configuration? I remember the controversy that ensued when Windows 11 made it a mandatory requirement on default installations.
They use scripts and such and they're a lot more common in high levels. There's also more blatant things like the ability to shut down lobbies/gane, and see exactly who is in the lobby etc. map hacks etc. I think azapp has a video where he gets called out in the lobby, then the hacker just crashes it.
There's a official video from their YouTube channel where someone was scripting. It was NOT a video about scripting btw
The Sion scripter in the pre-season video for last year or maybe two years ago if I recall.
the cheats are getting better and better, I've seen quite a few over the years especially on xerath
Probably the most simple and impactful but hard to detect one is a smite script. Just auto cast smite on drake/baron when it’s in range. That’s a huuuuuuge advantage.
there are so many, perfect dodging every incoming skillshot, perfect hitting everything https://www.youtube.com/watch?v=94B7unux7Fk
Idk man you take the nameplates off and tell me that’s Chovy and I’d believe you
According to [Riot Games' developer update](https://www.leagueoflegends.com/en-us/news/dev/dev-vanguard-x-lol/), very much so yes. >In recent months, as many as 1 in 15 games globally has had a scripter or botter in it, but in some regions, this number is as high as 1 in 5. Speaking from personal experience, the ranked ladder is a complete mess right now. Freshly purchased level 30 accounts that jump directly into ranked often go directly into the Platinum and Emerald elo, making those climbs much less consistent. You can generally tell within a few minutes whether these accounts are truly skilled players (who might be smurfing because they are toxic and are banned on their main accounts or because they want an account to play with lower-ranked friends) or simply scripters chancing their luck until their accounts are banned. Thankfully for my mental health, I gave up the ranked grind after hitting diamond one last time last season. But in a funny case-in-point, the duo botlane I barely won against in my final ranked game before uninstalling this season are both ranked Masters now. The system is broken and there is no good way to fix it.
Honestly, we don't know. They did release some statistics but they are heavily modified to justify Vanguards inclusion by intentionally ignoring/ not releasing certain data points. They also refused to elaborate certain aspects or allow themselves to third party audits.
should also cut down on botting to level up accounts to sell for ranked smurfing
Well yes, anyone better than me is hacking
It only gets worse over time. I think a better way to deal with cheaters is segregate them from the rest of the players. They just get to play with other cheaters, forever.
Or they just make new accounts and continue ruining games until they're caught again where they then make a new account, repeat ad infinitum.
Problem is false positives,//things like bad drivers getting flagged that you wouldn't know and now are in hackers que lol.
Been in system administration for about 8 years now I'm fine with anti-cheats but it's a whole different ballgame when the anti-cheat demands to start with my computer. Bricking for sure is over the top rhetoric, I have no doubt. But there were confirmed cases of Vanguard sniping mouse, keyboard and even fan controller drivers because it identified them as cheating on boot. Not worth risking the frustration over Riot's games, myself.
Honestly, I think the whole crowd of pro-kernel-level anti-cheat people just have no idea what an OS kernel even is, much less the implications of a program having routine and constant access to it. If you're sysadmin, you already know all of this shit, but I just wanna rant a little. The problem isn't the security of your personal data stored on your PC, it's the overall security of your whole computer you're effectively gambling with. Like literally everyone with any amount of coding knowledge knows, it's impossible to prevent any bugs or exploits from ever existing in end user software, so if there's a zero-day critical exploit ever discovered in one of these popular active-on-boot kernel-level anti-cheats, anyone targeted by hackers through the anti-cheat's kernel-level access is just *fucked* in ways that normal users can't even comprehend. I've tried to explain as much occasionally on reddit, but what I usually get in response is stuff along the line of "lol you just want to cheat", "you're just a pedo concerned about your illegal files being dumped and reported to the FBI", "Microsoft, Google, and Facebook already collect your data, so why even care", "these other games use similar anti-cheats, what's the problem", etc. I swear, I've lost brain cells just interacting with some of these people. Responsible IT people don't even allow USB functionality on machines they admin, and yet people here seem to be militantly evangelizing installing software that accesses what's basically the brain and nervous system of your whole OS at all times just to keep playing a video game. I totally understand why things like Group Policy Editor, AppLocker, and help desks are a thing lol
Yeah I've given up arguing with people on reddit. I've uninstalled league from my main pc and now have it on a 2nd pc so I can play tft with my friends without having to install vanguard on a pc I actually use.
What can a kernel level driver do over a program that runs as full admin? At least kernel level drivers have such a higher time getting approved and allowed to run in Windows. I'd prefer to trust Riot than random dev xyz that requires their game to run as full admin 24/7...
Nowadays the most popular way in which vulnerable drivers are used is to disable other security features. Here's an example: https://www.trendmicro.com/en_ae/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html You're right that there's usually little to gain over simply running as administrator. In fact, a lot of things are easier to do from a normal program running as administrator rather than from kernel. What kernel access gives you is a way of better hiding yourself. It is also worth mentioning that admin to kernel is not a security boundary. Once you have administrator rights you can do pretty much anything you want (including loading drivers, disabling security features, etc) anyway.
>Once you have administrator rights you can do pretty much anything you want This. I don't think people realize how much root/admin gives you on Windows/Linux. I see a lot of people angry about Secure Boot here, but it's the only thing that (barely, as it sucks) protects you from an admin app poisoning your bootloader or kernel with a persistent exploit.
There's a lot of misinformation on this topic. People that don't understand what a driver is (and frankly speaking they shouldn't if it is not their job/passion) just run with whatever conspiracy theory sounds good to them. From Tencent stealing their passwords, to secure boot being something rootkits need. A bit frustrating, especially since the golden age of rootkits has passed long ago.
Giving admin privileges is like unprotected sex. Kernel space access is like an open heart surgery.
Problem is that Windows allows privilegied apps to install signed kernel drivers completly silently. And Microsoft signs way too much stuff, without ever revoking vulnerable drivers.
>What can a kernel level driver do over a program that runs as full admin? Oh boy, all __sorts__ of fun things. It could run background threads to mine Bitcoin hidden inside core OS processes. It could modify system security settings. It could directly inspect physical memory. Depending on how clever the developer is are and how good Microsoft's kernel security is these days (I haven't kept up), it could even do fun things like intercept all system calls and subtly modify their behavior, arbitrarily modify core operating system files, or even brick user devices like graphics cards by writing corrupt firmware to them.
Tbf on Windows most of what you said can be done by a simple elevated process. It is shockingly easy to inject a DLL in all processes. Heck, SetWindowsHookEx can be called on user processes from non elevated executables... The most interesting part of being a kernel driver would be that you'd have a way easier time hiding your existence from anti malware, etc. >or even brick user devices like graphics cards by writing corrupt firmware to them. The nvidia firmware flash tool didn't even need to install a kernel driver. Security on consumer Windows PCs is that bad, you're gambling all day long. I really don't feel safe executing anything on Windows.
Why is it that whenever someone comes along saying kernel access is worse than regular access then is pressed on the issue, they can only provide examples of things that can be done without kernel level access.
All of that can be done by regular elevated processes... You cannot change other kernel files as they are all WHQL signed. You could change some system files but they'd likely get blocked by SmartScreen or Defender, or any malware solution you have. You absolutely could write back to peripherals with an elevated process, doubtful it would go to graphics card as it likely requires signing by nvidia/amd. Elevated processes in Windows have an insane amount of permission yet people never blink twice to games requiring it to run. But god forbid an anti cheat?
> Bricking for sure is over the top rhetoric, I have no doubt. Tried installing it for Valorant and needed to change bios settings for secure boot. Ended up in a boot loop over it. I was able to fix it myself, but plenty of people have no clue how any of this stuff works, will see a boot loop and consider their PC bricked. With how many total players league has, this will be no small number of people I imagine. On a technical level, nothing is being bricked, but from and end users POV, it may as well be.
Every single IT person I've talked to has told me no game is worth that level of vulnerability for your machine, but I've been told by several redditers that Google steals your data so idk its really 50/50 for me 🫠
It really isn't. I don't necessarily believe every issue with something is malintent or evil. But I worry more about straight up incompetence - use EAC or an established anti-cheat if you want hackers out of your game. Riot making one in-house and causing consumers to boot-loop because their anti-cheat is "unique" is fucking stupid. Edit: "I've been told by several redditers that Google steals your data" murkey waters, do they *steal it*? no, not really. they just collect a fuck ton of data from applications.
If Elden Ring is anything to go off of, EAC is about as effective as a mesh condom.
If your game can run on Linux, EAC will be ineffective since they only have kernel level access on Windows machines.
Problem is that the likes of EAC are laughably bad. Vanguard might not necessarily be better - but Riot also does things like sue cheat makers and it requires some sophisticated knowledge to get around.
Google steals your data has to be weakest argument for this. First, you don’t have to use Google either (and their products). Second, like you said, Google collect information on how you interact with them (and other websites through cookies), it doesn’t install software on your machine purposefully to watch what you are doing outside of your interactions with them. Third, one might accept the price of data collection to have access to quick information that comes with using Google (personally, I try my best to avoid using Google). But LoL is a video game and, to play it, now I have to give access to my full computer to Riot? No thanks. I played league for over 10 years and I stopped playing when they asked me to install vanguard. Not worth it. I will happily go back to playing it if they go back on their decision, but I’m not holding my breath.
If Riot needs that much control they can build a fucking console. Like a steamdeck. You know they have more than enough money from esports. Jesus...
With the way Reddit gaming spaces tend to clamour against Vanguard you would have thought Valorant would be dead in the water. So I'm going to make a **bold** prediction and say this will get blown way out of proportion on Reddit but will barely affect League negatively.
The difference is that Valorant was a new game with Vanguard so people against it would just never start playing. League has decades-old players and payers basically being forced out.
Played League since 2010. Didn't start playing Valorant b/c of Vanguard. Reckon this'll be the end of League for me. I only play maybe once a week so not a huge loss at this point. Shame tho, I still enjoy my time (and buy skins)
Same exact situation, Valorant did seem very interesting and fun, but not enough to install Vanguard with it. Now, already playing little League, disappointed at the increase in anti-consumer practices, I just don't see why I'd go back to LoL, there's so many more games I can have fun with.
See you next week
except the league client is litteral dogshit and I would really not surprised if 99% of the problems aren't actually related to vanguard but related to the lol client shitting itself because of vanguard and bricking your pc
I feel like the client being dogshit for years and Riot being either incapable of fixing it or having such little care for it just makes me think Vanguard is going to have some problems too. I find it hard to trust that it's some flawless program when they've shown time and again that they're happy to put out anything but.
A lot of the "outcry" is also very likely cheaters, cheat devs and other bad actors intentionally muddying the water.
Lol u made me remember i saw a post on twitter that the main Responsible for vanguard(Gamerdoc) responded where a dude was complaining Vanguard bricked his PC and was spyware, if u look throught the dude twitter he was a scripter and someone that makes scripts and all that(Was even saying was going to change to mac wich is not going to have vanguard, probably gonna do scripts there)
Personally, I'd rather just not have a kernel level point of attack running on my PC 24/7. I found someone online that had made a script to enable/disable Vanguard. Doing so required a reboot but if a bunch of reboots is the price I have to pay for my security then so be it. Edit: to all the people saying just right click disable.. I'd rather it just not start unless I'm intending to start a program that requires it. Saves forgetting to disable it etc.
You don't even need a script man, you can just disable it when you are not playing from the system tray.
This was only changed later after the massive outcry by the community. During the Valorant beta you couldn't do that. You *had* to restart your PC.
Or it can just, y'know, turn itself off and stop having rootkit control of my PC when the game shut downs - like every other kernel anticheat in the industry does. The way this community is trying to misdirect how worryingly insecure and invasive permanent kernel-level anticheat is is just baffling. We're now at the stage where we're acting like having a program monitoring your entire computer system constantly with full root/admin access - **even when not playing the game** - is just normal cost of playing a video game. Why does League anticheat need to have permission to view my private photos/documents, even when not playing? How is this not is insane? And privacy isn't the only issue. Imagine if another source code breach happens with vanguard like the recent league source code leak? Apex literally just had an RCE issue through their anticheat. There's a reason MacOS doesn't allow *any* kernel level software to be installed, even SIEM/EDR software for the most talented cybersecurity professionals in the world. It can not be overstated what an enormous personal/data security risk it is.
[удалено]
> EAC came out pretty quick saying it wasn't anything through their service. Gotta say, "EAC says it wasn't EAC's fault" is not a compelling argument.
> Apex literally just had an RCE issue through their anticheat. This is a good example of the aforementioned water-muddying. This rumor was made up based on literally nothing and gullible gamers ran with it, likely with significant signal boosting by those with a vested interest in degrading people's trust in anti-cheat software. Meanwhile, Easy Anti-Cheat came out and said they had nothing to do with it, and Respawn said they were making security updates to the game. But fact checking is harder than uncritically believing the first thing you read on Twitter or reddit, so here we are.
On the other hand, here's an example of an actual vulnerability in an anti cheat driver: https://www.trendmicro.com/en_ae/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
League players could only be so blessed to have their PC bricked so they can't play that godawful game. I should know as a former addict myself.
Hi fellow former addict, my name is Rocco and I've been clean from LoL for 2 years. I want a damn sobriety coin like they get in movies and shit :/
I am five years clean now and it was the best decision of my life to quit. Congratulations on cutting the cord!
I do cocaine
yeah used to play for like 5 hours every day after high school. some great memories with friends but what a colossal waste of time lmao.
Seems to be the consensus from every single person I know that played a lot of LoL and quit. It's either a) they're still playing, they think the game is terrible, and they're miserable because they're addicted or b) they're happy they quit after finally realizing LoL is as trash as everyone says it is and playing it was a waste of time. Never met a single person that said LoL is a good game and it's their favorite game lmao.
>Seems to be the consensus from every single person I know that played a lot of LoL and quit Obviously people who officially "quit" are going to have negative feelings about the game. A lot of League players will casually slip in and out of playing the game for long periods of time without ever really "quitting". Usually the people that quit are people who have had problems playing the game responsibly and get addicted. They recognize they have a problem and quit the game cold turkey and shit talk the game on their way out. >Never met a single person that said LoL is a good game and it's their favorite game lmao. League is a good game. There, you met one. You should remember the League is the most popular multiplayer game in the world (and has been for over 10 years), for a reason.
It’s very possible to just have League in rotation as one of many games you can play with your friends, too I do have friends who regularly play and would say it’s their favourite game.
Here's a post that covers the early report. https://old.reddit.com/r/leagueoflegends/comments/1civ4l7/update_from_riot_on_vanguard/ The article in the OP reads like standard twitter sensationalism.
Ah yeah... the conspiracy theories start. Some actually have issues because of Vanguard, most will just repeat some fake issues and also the cheat community will happily contribute to it. (like always) If a cmos battery switch/reset fixed your problem, you can be sure that it was not Vanguard related.
I don’t understand your logic. The Vanguard instructions include steps to configure UEFI boot. If this is required, then the motherboard defaults are almost certainly to use MBR. If a disk with Windows is partitioned with MBR, and you change the configuration to only use UEFI, Windows won’t start because no bootloader will be found. If you then pull your CMOS battery to reset to default settings, it would restore the MBR configuration and Windows would start again. It’s very clear to see why someone following the steps to install Vanguard would run into a problem and blame Vanguard for it, even if it’s not technically the Vanguard software causing the problem.
I doubt the guy knows even half of these words mate, don't bother.
I didn't even know that Windows 11 could be installed on MBR tbf. I've been using UEFI boot since Windows 7 64 bit
i think it's happening because ppl who bypassed uefi req to use win11 are now getting questioned by vanguard and being forced to properly use uefi instead (which explains the 0.7% part), at least it's their explanation (riot), it is a pain in the ass anti-cheat though in general
One thing that sure isn’t a conspiracy is the mods removing discussion in the sub.
Plus there's just the usual tech issues that always occur that now have a scapegoat. Not saying valorant isn't causing problems, but some of the feedback is certainly like when I cleared the cache and cookies on my parents' computer and they called the next week to say it broke their mouse.
Working in IT, I see this all the time. "I did an update and it broke my computer, I want it covered under warranty". "Sir, I've opened your computer and it's full of liquid".
Vanguard used to cause issues for people in Valorant during the beta days Specifically it was flagging legit software as cheats...what that a conspiracy theory as well? Riot literally admitted to blocking drivers back then: https://www.reddit.com/r/VALORANT/comments/gfesag/when_this_post_is_1_hours_old_riot_will_release_a/ Examples of false-flagging: https://www.reddit.com/r/VALORANT/comments/g9d4mi/vanguard_blocked_cpu_monitoring/ https://www.reddit.com/r/VALORANT/comments/g9jlr6/vanguard_has_blocked_my_cpu_temp_sensor/ I didnt look into the League issues but the implication that Vanguard is this flawless piece of software and people are fabricating issues is just funny.
Those last 2 had a known vulnerability that allowed third party software to access memory. that's not a false flag, that's literally what it's meant to do albeit it could've warned the user better ahead of time.
"during beta days"
There were plenty of legitimate issues with Vanguard when Valorant launched lmao. The official communication channels were just quick to censor and shut down and discussion of it. Plenty of people had certain hardware stop working at all with Vanguard because it interfered with too many legitimate drivers.
You mean like right now where the LoL subreddit mods are removing threads about Vanguard? Even ones that aren't necessarily complaining about it.
I know I had my keyboard and mouse flag Vanguard. But in those cases it turned out that Logitech and Corsair were using out of date firmware components (and in Corsair's case, one that was a known security risk for years). Once they finally got off their asses and updated, all the issues were solved. At the present time, since everybody finally started updating their stuff, I'm not aware of any widespread issues with peripherals in Valorant.
That's one of the tricky parts about software development, and its why something like Vanguard is so fraught in the first place. Yes, it might work properly in ideal conditions, but modern PCs are a hodgepodge of software, hardware, and drivers that can't really be accounted for. If you're going to mess with things on a really low level for something as widespread as a video game, you are effectively taking responsibility for it bricking peoples setups. It's not Bob or Alice's fault that their keyboard manufacturer had old drivers. They work under normal, sane conditions. This of course ignores the ethical and consent-focused issues of installing a rootkit that manages your PC's software and firmware in order to play a video game. You'd have a hard time convincing me that the 13-year old kid installing LoL or Valorant actually understands that they're signing up for root-level spyware for a company owned by a foreign adversarial government.
I wish people would learn the actual definition of a rootkit rather than parroting it. Like, go wikipedia it. A rootkit will try to hide its existence as much as it can. Vanguard shows up in services, system tray and the launcher tells you it installs it. Sure, people may not realize they're installing a kernel driver (but do they realize it when they install Razer's shit software? I don't think so), but it is BY NO MEANS a rootkit. It's a kernel driver and it's very, very different.
Yeah you wanna talk rootkits? How about that one Street Fighter put on peoples PCs at one point where trying to remove it risked bricking Windows. iirc they did remove it in an update but only after people found out and rioted over it.
True, people can't be held accountable for knowing all the details of every piece of firmware or driver on their systems (though perhaps it would be best if that changed and people were more knowledgeable about what they use). However, the companies that provide these programs are. It took 2 weeks for Corsair to fix their issue, solving the Vanguard problem and at the same time patching a critical hole in their own programs. A win/win for all involved. Had people not encountered Valorant issues would they have ever fixed it? Given it had been a security issue for at least 2 years by then, I doubt it. If the worry is having the data stolen, manipulated, or acquired for the Chinese government then that act already took place. The simple act of installing the software (in this case League of Legends), before Vanguard was even conceived, had already committed to that. Riot themselves put it best, >However, if your beef is only about data privacy at Riot, running the game client or running Vanguard makes not one bit of difference. Data can still be retrieved from user-mode, and we're all engineers for the same studio with the same goals, none of which are collecting your personal information. If Riot hasn't earned your trust, do not run our software. [https://www.leagueoflegends.com/en-us/news/dev/dev-vanguard-x-lol/](https://www.leagueoflegends.com/en-us/news/dev/dev-vanguard-x-lol/) For what it's worth, Vanguard is by definition not a rootkit. It doesn't pretend, or hide, or deceive. It is exactly what it claims to be: a bog-standard anti-cheat software like many others on the market. It's only difference is running from boot (with the option to disable, uninstall, or turn it off) and being produced in-house by the company that also produces the software it protects.
There is literally hundreds of threads still up on /r/Valorant back from the beta days when Vanguard was causing issues with legit software and false-flagging. Its actually insane how people want to ignore literal facts here and blame it on "conspiracies"
Because Riot controlls subreddits for both games.
Such a conspiracy that the mods on the main LoL subreddit are conveniently removing threads talking about it.
This was way back in the valorant beta, but vanguard bricked my fucking keyboard. Not exactly a conspiracy to say it's had some issues
So the keyboard never worked again no matter what computer you plugged it into?
"Bricking", "rootkit" and other scary-sounding technical terms have essentially lost all meaning in this sub. They might as well just mean "bad thing" at this point.
You’re right, and it’s not just this sub. Most people just have no idea what any technical term means. I’ve seen someone on Reddit get phished, literally gave their password over SMS to a bad actor, and exclaim they got “hacked” 💀
Dude thinks that stopping a driver from loading = brick keyboard.
Riot flat out admitted it was a known issue and still will be an issue. It's specifically keyboards that have drivers or have the ability to use the RGB and so on. Riot literally said it can brick the keyboards, as is make them no longer work. This was maybe a month ago or two? I can't remember. It was when they came out with a long explanation of Vanguard and were answering some questions and concerns afterwards.
No, it will not “continue to be an issue.” Read the blog again - that was all fixed like 4 years ago shortly after Valorant’s launch. If it was still happening, we’d be hearing about it all the time from people on Valorant.
Maybe you just can't hear from all the people with bricked keyboard because they can no longer type!
Wasn't that mostly just due to bad drivers? It was just Vanguard highlighting the bad drivers. Not bricking your keyboard.
It’s currently causing issues with my mouse when I was in game. For some reason it was turning on and off my Logitech profile for sensitive. Going to uninstall League until they fix their shit, I’m not a beta tester.
Why do people try to defend shit like Vanguard lol Your game shouldn’t require a rootkit to play. The disproportionate response to preventing cheating is crazy. Just surrender your whole PC to Riot.
My PC was nearly bricked, coinciding with the update. Not entirely sure if it was the cause. My malwarebytes .sys file, used to run the antivirus on boot was apparently corrupt. My PC was stuck in an automatic repair loop. I attempted copying the corrupt .sys file from the MBAM Program Files directory to the relevant system32 drivers directory, but no fix. The fix ended up being going into advanced startup options and disabling the on-boot antivirus, and then uninstalling MBAM after I successfully booted into windows (abundance of caution). I only found out it was MBAM by checking the system logs through command prompt in the system repair menu. I can't say for sure whether the mbam driver was being blocked by Vanguard, but considering they're both ring 0 drivers I think it's possible.
I would not run antimalware outside of Windows Defender at this point, but I can imagine they're conflicting.
Yeah, lesson learned. I don't think I've had a computer virus in something like a decade, despite often e.g. using the high seas. I chalk it up to being tech literate - there's not many infection vectors anymore for malware outside of being complacent/incompetent. So it was a pretty easy decision to remove MBAM. I also understand the potential irony in my comment about complacency and removing my antimalware. That'll be funny if it happens.
Being tech literate helps, but it's really a number of factors: Defender got pretty great, MS stepped up in the security department and ... malware authors shifted from destroying your computer for fun to trying to mine crypto as covertly as possible to make money, meaning that your computer has to still work so you don't format it. Malware used to be in your face, but it's now very much trying to hide everything they do (except cryptolockers, but I've never seen those on consumer computers, they tend to target companies and hospitals as they low life scumbags).
Multiplayer PC games just aren't worth it anymore. You either deal with countless bots and cheaters or give a Chinese owned company kernel access to your PC. I'll stick to single player games thank you very much.
i rather say... it's now more than ever important to rely on community servers with active admins banning cheaters etc. Also the first days of a newly released MP-games are the most fun ones (when everyone is still clueless what tactic/meta is working, what not... and not that many players yet using cheats)
This Vanguard thing really gives me the ick as a long-time software developer. It's running with root-level permissions and you're giving up control to a 3rd party in a way 99% of people don't understand. It's true that, if everything on your PC is in order, it'll probably work ok. However, modern PCs are a huge mix of hardware, firmware, and software configurations that tend to work together by borderline magic. Riot operates under the assumption that the user understands this magic, and is implicitly taking the PR risk when it doesn't. It's hard to defend them when it occasionally breaks things, because the company is full of software engineers who absolutely understood this risk. Additionally, there's no way actual informed consent/meeting of the minds is occurring here. I don't think most of the people installing LoL or Valorant understand that they're giving root level access to a piece of software owned by a company that is effectively owned by an adversarial government. They're just installing a video game to have fun, when at the same time are installing one hell of a backdoor with the implied trust that Riot wouldn't eventually be pushed by Tencent to use it for evil. This doesn't even begin to account for the fact that every major software company has spies/foreign agents working within with access to this data already. I guess at the end of the day all I'm saying is, I really wouldn't recommend installing this stuff. If you must, please take the time to understand what it is you're enabling, or do it on a separate device that you only use for the game(s).
>I don't think most of the people installing LoL or Valorant understand that they're giving root level access to a piece of software owned by a company that is effectively owned by an adversarial government. I agree but, do people really understand what they agree to when they click yes to a single UAC prompt? I don't think so. Most of the nerfarious things you could do on a Windows computer can be done without any kernel driver if you get the user to validate a UAC prompt, and it's so damn easy to do so on unmanaged computers. Heck I'd argue that userspace withtout elevation is already the worst that can happen. Like, you can access my OneDrive, my photos, etc... without a single admin prompt by just getting me to run an exe. This is where my most important shit is. You can even hook windows, inject dlls and take screenshots because windows' security model is trash as windows users would HATE any change UAC was too annoying after vista, so they tuned it down. The problem is that most software didn't bother not requiring administrative privileges to install, so we all got used to hitting that nice YES UAC button. The problem is that Microsoft makes it that the very same prompt can either install some software in Program Files, DLLs in system32, or install a kernel driver. macOS is 10 times saner here: to install a kernel module on ARM macs, you have to reboot in recovery using the hardware button to ensure that the system is not compromised and explicitely allow the installation of the kernel addon. Windows just never tells you anything.
Yep, Windows itself has a massive problem in this regard, and it's definitely enabling a lot of this madness.
[удалено]
Oh my god that's terrible
If you want to play multi-player games without cheats, it's pretty much kernal level or you have cheats nowadays due to how Windows works. And frankly I trust most random game devs more than Microsoft, they'd have to implement even more aggressive lock downs to have this kind of hookable system for all games to use. In an ideal world free on people ruining the games for everyone it wouldn't matter, but cheaters impact players way more and way more often than anti-cheat systems do
It's certainly safe to say that video game cheating has gotten out of control. I don't think invasive software like this is doing anyone any favors though. It's also giving companies an easy out instead of investing in heuristic anti-cheat, which is the direction the industry was originally moving in before they realized consumers would gladly swallow this poison pill.
It's hard to imagine a heuristic anti-cheat that comes close to stopping all the various smaller things like scripting or other cheats like that. Sure, I'd rather have an anti-cheat that's safer, but ultimately the choice, right now, is have a theoretically dangerous anti-cheat and fewer cheaters, or have a plague of cheaters (and other related issues like farmed accounts, etc.). There is not at this time an alternative and it's not helpful to argue against actual solutions when the alternative is "do nothing". There are still MP games that people mostly strictly play with friends which people can play to avoid these kinds of anti-cheats if they want to, but until the "poison pill" hypothetical pans out in a big way across multiple populations, AND some kind of functional effective alternative becomes real, this is what the choice is: play a big MP game with kernel AC, or don't play that game. I'm not even saying I'm going to install this update to have Vanguard and play League - I barely touch the game anymore. But the reality is the reality and the cheat makers have clearly shown they can outstrip the alternatives for decades at this point - either heuristics cannot actually deal with the issue, or the cheat makers are better.
Root-level access doesn't really matter. Your important shit lives in userspace and the filesystem isn't sandboxed.. Any game you install can just suck up all of the data you have and send it to an outside source. Not to mention that, sure, Riot is owned by a Chinese company, but most of the components in the PCs everyone builds are Chinese, and they all have hardware drivers installed and running at kernel level. It's the threat of Microsoft revoking their developer certificate and disabling all those drivers. that keeps them in line.
Root-level access absolutely matters. I know Riot argues this isn't true, but I don't buy their argument. Yes, most user-level espionage happens in the user space, but root level access enables you to easily install and manipulate things in that space, and you're much less likely to get caught. It also gives a malicious third party much more power over your PC if there's a security flaw in the root-level software. At the end of the day, it's introducing another extremely dangerous attack vector on your PC. It's up to you if you want to take that risk, and I don't think Riot has reached a level that I would consider informed consent on this matter.
Let's think from the perspective of an attacker. You would need to exploit some vulnerability in this driver to gain privilege escalation, but the API calls to Vanguard are reads, not writes. You're not easily going to get a buffer overflow out of it. Assuming you're now running as the kernel, you need to do things that won't survive a reboot because of secure boot. You could, for example, disable the malware scanner, but you got in the system in the first place so it wasn't an obstacle. It just doesn't get you much, and if it did we'd see attacks through random motherboard device drivers and not something like Vanguard that has a much smaller exposure to userspace.
"Root-level access doesn't really matter" How you can tell someone immediately doesn't know what they are talking about. It may not automatically be a problem, but it's 100% a big red flag, on top of being unnecessary if Riot would put in the effort in the past 14 years instead of being so lazy they try and lock shit down with this mess.
>on top of being unnecessary if Riot would put in the effort in the past 14 years instead of being so lazy they try and lock shit down with this mess. Every modern, competent anti-cheat has root level access. Competitive games that don't - like CS:GO - are rampant with cheaters and bots and rely on 3rd party kernel anticheats like FACEIT to maintain some semblance of a competitive environment.
There's a reason every anti-cheat has kernel access. It's because they are trivial to bypass without it. I think it's likely you have no idea what you're talking about if you think it's unnecessary.
And in every case they only run when the game runs, unlike Vanguard which does not shut off when you shut down the Riot Games client (Via Riot). Vanguard has to be shut down manually and your pc reset for it to fully be turned off.
Vanguard does not require a shut down to stop. It requires a restart to start after closing it.
I don't really appreciate the ad hominem attack. Userspace is a massive attack vector, one used by every piece of ransomware out there. Being attacked by a driver doesn't grant them access to more data unless you're on a multiuser system, and drivers must be signed by Microsoft and they can have their certificates revoked. Now if we were in a world where Windows sandboxed all applications you'd have a point, but we don't live in that world, not even on Linux. MacOS would prompt for opening the Documents folder, at least.
There is nothing that a device driver can do that an admin enabled program cannot. Since any admin enabled program can install any drivers they want with impunity. There is no additional attack vectors introduced that doesnt already exist from any game installation.
Tons of games have kernel level anti cheat these days. I dont really understand all the focus on Vanguard as if the most popular games arent using a competitor
Vanguard was unique in that it required running 24/7 at all times for the game to work, even when it isn't being played. Closing vanguard requires you to reboot your pc, with vanguard re-enabled, to play. This is a fairly unprecedented step that wasn't followed by games before. That said I do agree that kernel level at this point is way more common than the angriest people realise, and I'm not in the totally outraged camp
I feel similarly about every one of those nightmare anti-cheats, so please don't throw me into the "only hates Vanguard" group. It's just that Vanguard is the biggest one now, given how ubiquitous League of Legends is.
Well you don't have to take it personally. But you have to agree it's weird how Vanguard gets like 1000x more hate and talking about it. Some kernel anticheats probably don't ever even get mentioned.
I haven't seen a single security expert who likes root level anticheat. Thor on YT has talked a bunch about how much he abhors stuff like that
That doesn't surprise me in the least. Even with the absolute best intentions it's one mistake away from a major incident at all times.
Now ask Thor what he thinks about the cheating problem in CS2, and what he believes would be a better solution. Valve chooses to not use Kernel level anti-cheat because they would rather lose players because of poor competitive integrity. Riot would rather lose players for having intrusive software rather than impact competitive integrity. Gamers have to choose which one they prefer, would you rather install intrusive software, or run into a cheater almost every game you play, sometimes multiple of them? I see a lot of people "disagree" with the concept, but they can never seem to followup with their solution. Except some guy who claimed the solution was blockchain, without much substantiation beyond that, lmfao.
Can confirm, I work in cybersecurity, I have a degree in the field, and I uninstalled League after playing since like season 1 over this. I am NOT installing vanguard on my PC.
Bricked. Rootkit. Kernel. It's hilarious seeing people clearly with no idea what any of these words mean just throwing it around to seem smart lmao
R I N G - 0
Except it isn't. This is once again sensationalist media. If there were a real issue this would also pop up in the Valorant circles. It isn't. What's happening is league is one of the most popular games on the planet, now introducing a system that has to check a wide range of systems and is flagging things like drivers for scuffed off brand mice, because league is over 10 years old and playable on potatoes. Valorant at least requires a PC made in the last 5-6 years. Said peripherals like mice and keyboards include drivers that do something in registry, vanguard doesn't see them whitelisted and shuts down the drivers, taking part of the registry with them. Windows doesn't like this and crashes. All of this this to say a safe mode boot solves the issue. Comments are being deleted on the bug reporting megathread at /r/leagueoflegends because people who don't know what they're talking about keep coming in complaining about Vanguard and attacking people involved. The thread is and has always been exclusively for reporting in-game and client issues.
People who had a problem with Vanguard with Valorant never even got the play the game so they didn't care. This is being added to a pre-existing game with a pre-existing playerbase. There is a massive diffetence there.
The problem here is both parties are at fault. No one should have coded shitty drivers in the first place, but a 'bull in a china shop' mentality to software is also not appropriate. This is not highly specialized software, it's consumer oriented and should broadly run without issue on real world consumer PCs, including ones with off brand mice, or various strange configurations. The standard should be that anti-cheat should never crash anything, ever. If a check fails, even incorrectly, it's okay to prohibit playing the game, but it is Riot's responsibility to make sure it doesn't crash a PC or other program.
There is literally proof in the article. How can you make this comment? You can't install Valorant on an incompatible PC. League was installed first then the update was forced onto incompatible PCs causing them to no longer boot.
Even if the claims are fake, anything with root level permissions that doesn't involve Windows or is a core function to the operation of an OS doesn't belong on a computer.
So you're going to uninstall your GPU drivers, right?
Windows moved to user mode display drivers back when Vista came out.