A
post from Riot on Reddit chimes in on a discussion of anti-cheat measures in
VALORANT, their new first-person shooter (thanks
DSOGaming). This explains why they are loading a driver at boot and what it
does and does not do. Here's word:
TL;DR Yes we run a driver at system
startup, it doesn't scan anything (unless the game is running), it's designed to
take up as few system resources as possible and it doesn't communicate to our
servers. You can remove it at anytime.
Vanguard contains a driver component called vgk.sys (similar to other anti-cheat
systems), it's the reason why a reboot is required after installing. Vanguard
doesn't consider the computer trusted unless the Vanguard driver is loaded at
system startup (this part is less common for anti-cheat systems).
This is good for stopping cheaters because a common way to bypass anti-cheat
systems is to load cheats before the anti-cheat system starts and either modify
system components to contain the cheat or to have the cheat tamper with the
anti-cheat system as it loads. Running the driver at system startup time makes
this significantly more difficult.
We've tried to be very careful with the security of the driver. We've had
multiple external security research teams review it for flaws (we don't want to
accidentally decrease the security of the computer like other anti-cheat drivers
have done in the past). We're also following a least-privilege approach to the
driver where the driver component does as little as possible preferring to let
the non-driver component do the majority of work (also the non-driver component
doesn't run unless the game is running).
The Vanguard driver does not collect or send any information about your computer
back to us. Any cheat detection scans will be run by the non-driver component
only when the game is running.
The Vanguard driver can be uninstalled at any time (it'll be "Riot Vanguard" in
Add/Remove programs) and the driver component does not collect any information
from your computer or communicate over the network at all.
We think this is an important tool in our fight against cheaters but the
important part is that we're here so that players can have a good experience
with Valorant and if our security tools do more harm than good we will remove
them (and try something else). For now we think a run-at-boot time driver is the
right choice.