VALORANT’s Anti-Cheat System Could Be A Major Security And Privacy Risk For Your Computer

• VALORANT's anti-cheat Vanguard installs a kernel level anti-cheat driver called vgk.sys.
  
  
• Vanguard's lead programmer clarified that it does not collect or send any information about users' computers back to them.
  
  
• This system might already have been bypassed as Riot Games has already banned VALORANT cheaters during the closed beta. 

In a video titled “Why You Shouldn’t Install VALORANT”, popular gaming and tech YouTuber ‘SomeOrdinaryGamers’ a.k.a Mutahar alleged that VALORANT’s anti-cheat software (called Vanguard) might be a security and privacy risk for users.

In it, he states that the game has a kernel anti-cheat driver (vgk.sys) that runs every time a user with the game downloaded turns their computer on. Most modern day operating systems come with protection rings with ring 0 being the most secure. This driver runs in ring 0 for Windows 10 operating systems, giving it the highest level of administrator access/privileges on a user’s computer. He likens this to a rootkit (a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.) and even goes on to call it malware.

This was confirmed by Riot Games’ spokesperson. In a response to a thread about the topic, Programmer and Anti-Cheat Lead for VALORANT, ‘RiotArkem’, stated that Vanguard doesn’t consider a computer as trusted unless the vgk.sys driver is loaded at system startup - a feature that is less common for anti-cheat systems. They claim that this helps in stopping cheaters because a common way to bypass anti-cheat systems is to load cheats before the anti-cheat system starts, allowing it to tamper with system components or the anti-cheat system itself. However, Mutahar claims that this is not hard to bypass using a System Management Mode (SMM) in microprocessors typical to the ones that are used to power games like VALORANT. He also states that this has already been done since VALORANT has already had to ban cheaters during the closed beta.

RiotArkem went on to state that the Vanguard driver does not collect or send any information about users’ computers back to Riot Games and that it can be uninstalled at any time. They also clarified that it does not collect any information from players’ computers or communicate it over the network at all. However, Mutahar indicated that there is no way to verify this and that users have to simply trust Riot Games’ word at face value about their privacy concerns.

While Riot Games and Tencent may not be abusing ring 0 access on users’ computers via VALORANT’s anti-cheat system, Mutahar stated that this is enough incentive for hackers to attempt to exploit it by looking for cracks in the game’s programming and possible security breaches.