How Riot Games is Fighting the War Against Video Game Hackers (techcrunch.com) 55
Riot Games has reduced cheating in Valorant to under 1% of ranked games through its controversial kernel-level anti-cheat system Vanguard, according to the company's anti-cheat director Phillip Koskinas. The system enforces Windows security features like Trusted Platform Module and Secure Boot while preventing code execution in kernel memory.
Beyond technical measures, Riot deploys undercover operatives who have infiltrated cheat development communities for years. "We've even gone as far as giving anti-cheat information to establish credibility," Koskinas told TechCrunch, describing how they target even "premium" cheats costing thousands of dollars.
Riot faces increasingly sophisticated threats, including direct memory access attacks using specialized PCI Express hardware and screen reader cheats that use separate computers to analyze gameplay and control mouse movements. To combat repeat offenders, Vanguard fingerprints cheaters' hardware. Koskinas admits to deliberately slowing some enforcement: "To keep cheating dumb, we ban slower." The team also employs psychological warfare, publicly discrediting cheat developers and trolling known cheaters to undermine their credibility in gaming communities.
Beyond technical measures, Riot deploys undercover operatives who have infiltrated cheat development communities for years. "We've even gone as far as giving anti-cheat information to establish credibility," Koskinas told TechCrunch, describing how they target even "premium" cheats costing thousands of dollars.
Riot faces increasingly sophisticated threats, including direct memory access attacks using specialized PCI Express hardware and screen reader cheats that use separate computers to analyze gameplay and control mouse movements. To combat repeat offenders, Vanguard fingerprints cheaters' hardware. Koskinas admits to deliberately slowing some enforcement: "To keep cheating dumb, we ban slower." The team also employs psychological warfare, publicly discrediting cheat developers and trolling known cheaters to undermine their credibility in gaming communities.
This sort of thing (Score:4)
The sort that when I hear of I think, "JFC man, if you'd spend half that effort on just learning the material you'd get an A without being a cheating piece of shit."
Re: (Score:1)
Most cheating schemes are born by laziness of the examiners.
I teach small classes, "tests" are small and parceled out evenly to require work throughout the semester, the final is oral.
Come on and cheat me.
Re: (Score:2)
People are cheating you. The the real laziness is the examiners who are too lazy to identify the students that are cheating. It doesn't matter what you do, someone is attempting and likely succeeding in cheating you. The only question is if you're good enough to identify it.
Re:This sort of thing (Score:4, Insightful)
Re: (Score:2)
This is an examiner and structure of the test issue. Examiners are lazy/desire efficiency, and want something easy to grade. So they reuse a lot of questions, and even whole tests.
Gaming cheating is the opposite. Every game is different so active effort must be made by both cheat creators and anti-cheat makers to adapt to each other constantly. Also pretty much everything relevant is remote only, so games effectively have to operate in uncontrollable hardware and software environment. Unlike tests, where yo
Police state methods (Score:2)
Re: (Score:2)
But they can they sell the "tech" back to the state, which is potentially yuge, man.
Re:Police state methods (Score:5, Insightful)
over a f.... video game???
You sound like the type of person who thinks that video games remain something you play on your Nintendo on your home TV, rather than something that has a ranked league, sponsored teams, contests with actual real world money to be made, etc.
You sound like the type of person who would dismiss the idea that trolls and idiots who cheat for the lulz are just kids being kids rather than a group who are actively making a a game less fun to play for others and by extension less popular and directly affecting the bottom line of the company who is producing it.
Cheating in some games has real world consequences. Notice there's no kernel level anti-cheat systems in single player games? What people do on their own system is their business. When they affect others, especially those with financial interests, expect the big guns to be brought out.
Re:Police state methods (Score:4, Insightful)
Video games are exactly home TV entertainment. You're an idiot company for offering money for those antics.
And round balls are just to kick around in your garden. You're an idiot for paying to see someone do it, leagues are idiots for expecting people to want to watch it, teams are idiots to pay people to do it professionally. yadda. yadda. yadda. Have you ever watched the Superbowl? That is also home TV entertainment for most people.
The reality is that there are professional leagues in Valorant. The reality is your entertainment on a gaming platform is related to your experience, and cheaters ruin that experience. You can ignore all this and not play the game, but then please sit out discussions you don't understand about why people play cat and mouse games with cheaters.
Objectively there is money changing hands which elevates this to be more important than home TV entertainment, that you and I don't participate in this doesn't change this fundamental fact - there are profits to be defended.
Re: Police state methods (Score:2)
The majority of people do, only a few are at the top and even they don't always win.
Game cheaters are assholes. Single player fine, cheat as much as you want, pve whatever, pvp FU.
Re: (Score:2)
I get the impression you get beat a lot playing online games.
I do not. I dabble in a bit of Helldivers. The only impression you should be getting is that I am making a perfectly logical argument. If that's not your impression then by all means let's debate the merits of what I said.
If all you got is ad hominem then the only impression everyone else will get is that you're an idiot. I invite you to correct that perception now.
Ball sports have no owner, unlike esports (Score:2)
One fundamental difference is preservability: a game publisher can shut down an esport. If the NFL goes bankrupt, gridiron football will continue to exist in other leagues, such as UFL, NCAA FBS, and high school. By contrast, once Riot Games no longer operates Valorant, Valorant ceases to exist. Ask any player of Overwatch or Club Penguin what happens to a live service game upon sunset. Or it can continue to operate Valorant while playing favorites, using copyright to shut down the less-favored league's pub
Re: (Score:2)
That is indeed a difference, but I wonder how this in any way changes the point? In fact it sort of reinforces my point a bit. If the player base crumbles then you're even more likely to shut something down which provides even more incentive to control cheating so it doesn't get that far.
Re: (Score:2)
Next you can tell us how stupid sock hops are!
Re: (Score:2)
I imagine it eont be but a few more years before Fanduel betting starts cashing in on eSports.
Re: (Score:2)
And they don't do Olympic level doping tests where someone watches
Re: (Score:2)
digitally probing body cavities to prevent cheating in a real world event.
Nobody tell chess grandmaster Hans Niemann [nypost.com]!
Re: (Score:2)
Kernel anticheats are the equivalent of strip searching and digitally probing body cavities to prevent cheating in a real world event.
Good analogy. When we are unable to identify cheating in any other way in real world events we also do invasive searches. This is why blood tests / urine tests are done at the olympics.
Re: (Score:2)
You can fuck right off with this line of thinking that any possible measure is justified to investigate wrongdoing. You also think every computer should be a locked down walled garden to enforce DRM?
You seem to be unable to separate my logical argument with my opinion, I haven't stated an opinion on the matter. I don't think either is justified from a consumer point of view, and I would appreciate not having this kind of stuff - but then I don't play games which require it either.
I think it's justified from a developer point of view and objectively... yes developers objectively DO think their products should be locked down with DRM to prevent privacy - that is something they actively do.
Try and read wh
Re: (Score:2)
You sound like the type of person who thinks that video games remain something you play on your Nintendo on your home TV, rather than something that has a ranked league, sponsored teams, contests with actual real world money to be made, etc.
You sound like the type of person who would dismiss the idea that trolls and idiots who cheat for the lulz are just kids being kids rather than a group who are actively making a a game less fun to play for others and by extension less popular and directly affecting the bottom line of the company who is producing it.
Many of us don't want to play in a ranked league, get sponsorship for our team or make a single penny yet this impacts everyone regardless.
Ultimately this is a fools errand attempting to solve governance problems which the tech industry is comically bad at with technology in ways that are never going to work. Guaranteed in a year or two cheaters will be having AI play for them completely OOB of the PC... then what?
Will there be encrypted tamper proof mice and keyboards required to play in the future? Will
Re: (Score:2)
Many of us don't want to play in a ranked league, get sponsorship for our team or make a single penny yet this impacts everyone regardless.
Agreed but professional leagues is only one side of the money coin. We have countless examples of online games where the primary people calling for anti-cheat technology to be put in place were ... the players. Even if there's no money changing hands playing against someone who is cheating objectively sucks, and games have suffered as a result. It's one of the reason I don't play PvP games.
Will there be encrypted tamper proof mice and keyboards required to play in the future?
We already have this in some degree - See Xbox locking down the accessories market. See DotA teams getting disqualified
Re: (Score:2)
Agreed but professional leagues is only one side of the money coin. We have countless examples of online games where the primary people calling for anti-cheat technology to be put in place were ... the players. Even if there's no money changing hands playing against someone who is cheating objectively sucks, and games have suffered as a result. It's one of the reason I don't play PvP games.
First you said...
"You sound like the type of person who thinks that video games remain something you play on your Nintendo on your home TV, rather than something that has a ranked league, sponsored teams, contests with actual real world money to be made, etc."
And now you are changing the subject to players generally want anti-cheat software... no they don't - most people are against it and only tolerate its existence while being well aware of persistent record of its failure to prevent cheating.
The honest t
Re: (Score:2)
Not anymore that I know of, but shit like that [wikipedia.org] has happened. If people stop being wary, it could happen again.
Re: (Score:2)
Re: (Score:2)
Online multiplayer video games are the bleeding edge of security technology. I can almost certainly bet that World of Warcraft had 2FA a solid 5-10 years before your bank did.
Re: (Score:2)
Wow came out like a decade after my bank at the time had 2fa.
Sure at first it was over telnet and phone lines so it wasn't terribly secure at first..
Re: (Score:2)
Bullshit. This is just malware propaganda (Score:3, Insightful)
Kernel level anticheat is inherently insecure and inherently dangerous. It is by definition malware in and of itself, and is a growing vector for other malware to spread to systems infected with it. They're lying about something nobody can disprove to try and normalize the idea of giving some of the most incompetent, untrustworthy, and malicious corporations out there kernel level access to people's computers just to run a video game. It's the same as why they go out of their way to sing the praises of malicious hardware level DRM.
Mods? Private servers? Playing your game when you want where you want and not only when and where your corporate overlord's servers say you can? It's all going the way of the dodo.
You will own nothing and be happy.
Re: (Score:2)
Yes inherently its just running on the customers computer anyway, so they don't actually have control.
Not sending other players locations when not necessary etc would be cooler.
And you can cheat by off-device means anyway, you can do an aimbot that doesn't run any code on the computer now.
Network lag and game world prediction (Score:2)
Not sending other players locations when not necessary etc would be cooler.
The extremely hard part is predicting when it would suddenly become necessary.
Networked games have inherent lag that is compensated and cheated around:
What you see on your own screen is supposed to be "the now", but is based around informations that was sent to you be the server a few ticks ago, and its own view of the world is based on pings that your adversaries sent a few fractions of blinks before. You screen is based on slightly outdated information.
The art of good network game code is hiding these inc
Re: (Score:2)
I don't install the stuff on my computers, so it could be presumed I'd agree with you, but instead of making a rational argument you loaded it down with dishonest hyperbole where you apply a pejorative label, and then use that to imply the software does something different than what they say.
Hardware DRM exists all over the place. It's stupid and I avoid it, but that doesn't make it "malicious."
Surely the stuff that you mention as "going the way of the dodo" died, or is dying, also because of prevalent chea
Turn based (Score:2)
And chess, which is competitive but where the types of cheating that work can also be detected server-side by post-game analysis.
Also chess is turn based.
So it's not afflicted by the need to balance between the server sending enough information to compensate for network lag in a fluid manner versus sending too much information and the players being able to infere information about their adversary that wouldn't be able just from the screen informations, as real-time action games are.
Chess is, as your mention, entirely based around secretly augmenting the decision making process of a player, which is indeed an entirely different can of
Re: (Score:2)
Best comment here.
Re: (Score:2)
This is exactly why I don't buy games anymore. Even single-player games require online accounts and low-level DRM.
Fuck it. I've built a large collection of games over the last 40 years, all of which work perfectly fine offline.
alternative? (Score:2)
Why not just lump all the known or suspected cheaters in with each other? If you have the tech to identify them, just push them into a lobby with others. Kind of like an unlimited class where you can do whatever you want, but you don't get to mess with the stock folks.
Re: (Score:2)
Why not ban their account permanently, ban their IP address for a few months, ban their hardware id's permanently and post their account information to the internet labeled as "cheater"? That's what I would do if I was CEO.
Re: (Score:2)
There are lots of alternatives. Server-based anticheats. IP and hardware bans. Injection prevention.
You use an overbearing kernel level anticheat system when your make a shitty product and are too lazy to fix it. To launch a Riot game, you have to go through like 3 different launchers. The League of Legends client and game are two completely separate .exe files for absolutely no reason. Riot spends more time on skins than they do fixing their shitty games.
Gaming System (Score:2)
Hope these pointless endeavours were worth it (Score:2)
Really sad you can't even pay for a game and just play for fun anymore. Between the endless data exfiltration and games that demand the installation of kernel malware I've stopped caring about games altogether.
Get the impression half of them wouldn't even let me play anyway between scanning systems for debuggers and vm software to demanding nonstarters like TPM. Won't be long until people start rigging up AI bots to play for them. I hope the industry enjoys its fools errand while it lasts.
TPM and secure boot are because of VBS (Score:2)
They started to demand TPM because they can't look into the Hypervisor which runs with Virtualization Based Security (which runs parts of Windows Hello). They need to trust it and for that they need attestation it's straight from Microsoft.
Before they had virtualisation detection and had full view of the kernel, so secure boot wasn't so essential.
who owns my computer (Score:3)
I paid a handsome sum for it, but somehow everyone else seems to thing they can demand a fee for me to use it and take control of it
Riot is Shit (Score:2)
I'm all for preventing cheating in PvP games, but if you can't figure out how to do it on the server, then I'm not interested in your games. Riot is a lazy developer that spends more time on bullshit lore and skins than they do on improving their shitty games.
big event competition play should be local lan onl (Score:2)
big event competition play should be local lan only with locked download hardware (mouse and keyboard as well) that the event provides.
Trying to control BYOH is an lot of work and can lead to issues if some DRM / anit cheat software brakes the install / os / hardware.
rootkit (Score:2)
By requiring installation of buggy as shit ring 0 rootkit.