Vanguard, the controversial anti-cheat software initially attached to Valorant, is now also coming to League of Legends.
Summary:
The article discusses Riot Games’ requirement for players to install their Vanguard anti-cheat software, which runs at the kernel level, in order to play their games such as League of Legends and Valorant. The software aims to combat cheating by scanning for known vulnerabilities and blocking them, as well as monitoring for suspicious activity while the game is being played. However, the use of kernel-level software raises concerns about privacy and security, as it grants the company complete access to users’ devices.
The article highlights that Riot Games is owned by Tencent, a Chinese tech giant that has been involved in censorship and surveillance activities in China. This raises concerns that Vanguard could potentially be used for similar purposes, such as monitoring players’ activity and restricting free speech in-game.
Ultimately, the decision to install Vanguard rests with players, but the article urges caution and encourages players to consider the potential risks and implications before doing so.
Kernal level anti-cheat means I ain’t gonna play it
I don’t care where the company is based no game should be requiring kernal level access, that’s just opening the door for security concerns
I’m wondering if there’s a way we can even know they’re installing it. Windows just gives that generic admin prompt, I imagine? Tells you nothing of what’s happening.
Well if you get asked for sudo, then that’s a risk.
Installing almost anything* on Windows requires the equivalent of sudo, same as Linux.
Determining if it’s a normal install or adding a kernel driver wouldn’t be feasible just by watching the installation. (On either OS if they are not showing terminal output)
*Microsoft store apps are probably an exception, but that’s off topic.
Most user software should NOT need sudo.
Typically you need “sudo” to use the package installer though, if that’s where you’re getting confused. But that’s because most Linux package managers are built to install software to be available for all users. However once installed that does NOT mean the package always has sudo access. And the way Linux software is typically installed is just putting the executable in a certain folder, unlike Windows where you run a software’s custom installer which asks for admin access and then does who knows what.
My context here (which I should have been more explicit about) is “ordinary user is installing a closed source commercial large game” (with its own installer) and doesn’t know if they are also getting a free rootkit.
Sure when it’s something you compile yourself and you have some knowledge you can ./configure it to go under your home directory and not need sudo to make install later, but a game with a script or binary you need to run is likely to ask for root on launch (Especially on Windows) and maybe asks later or has command line options for a single user install, but we can assume the user does whatever is default.
However once installed that does NOT mean the package always has sudo access.
I didn’t suggest that it would (although it Could if it’s malicious - on Linux that would be as simple as the setuid bit. Or …back on topic… installing a kernel driver on either OS)
Installing almost anything* on Windows requires the equivalent of sudo, same as Linux.
I feel like you’re not sure how system software like
sshand a user’s personal game software can install differently in different places, and where one needs no root access to install at all. Go see how mac does it.Macs still ask me for permissions and I have no idea what’s asking to do what.
I get it for Linux and Windows (though I don’t know how MacOS does it) my context here (which I should have been more explicit about) is “ordinary user is installing a closed source commercial large game” (with its own installer) and doesn’t know if they are also getting a free rootkit.
Sure when it’s something you compile yourself and you have some knowledge you can ./configure it to go under your home directory and not need sudo to make install later, but a game with a script or binary you need to run is likely to ask for root on launch (Especially on Windows) and maybe asks later or has command line options for a single user install, but we can assume the user does whatever is default.
You can list all the current loaded drivers. You can examine the system event log for service start operations. You can run with a kernel debugger attached and examine any loaded driver. The driver itself is likely correctly signed and will not require additional user acknowledgement beyond what was given when the game was installed.
Unfortunately all of those just tell you it’s already installed, not that it’s about to install it. If you didn’t know, who’s going to be constantly checking for new drivers after every software install?
*kernel
Colonel*
Carnal
Kerbal
Cornhole
Cornell
We totally won’t harvest your data.
Ignore the fact that we have political, state, and financial interest to do so, and that you would have no way of verifying or detecting if we did harvest your data, but you can trust us.
Just trust us.
It’s not only interests of the chinese government, they HAVE to oblige legally if they are asked to. So even if the company has the best intentions, the government overrules.
And don’t make that a chinese bad guy argument, as if western companies aren’t doing the same, they just don’t do that officially, which one is shadier is yours to decide.
All you can do as a company or anyone is to stop harvesting data and don’t plant blackboxes/backdoors in customers systems
Aaaand there goes linux support
Linux was never supported
Riot games official statement was that they were okay with linux players and actively went out of their way to make sure they didn’t get banned unjustly. They didn’t support linux as a software platform, which is why wine was required, but they did support linux players.
That’s cool
I gave up League years ago when every update the launcher broke, then required some patches done to Wine. I’d known yhe kermel level anticheat would arrive someday but maybe I’m a little surprised it took as long as it did.
Who gives a shit, they’re 100% owned by Tencent
Plenty of people do
Anglification of blåhaj is blaahaj, not blahaj, btw
Why are you explaining this to a random user from the instance on a random thread?
Why not?
Because why would a random user not affiliated with the creation of the instance, therefore having no power over the spelling utilized in it, in anyway care
if we’re gonna randomly pedant on people it’s “anglicization”. not that anyone cares.
People that care about different things than you.
Difficult as it is to consider, I know.
If you ask me, it’s best to treat any program requiring kernel level access that isn’t part of your base operating system or something you created and have full control over as malware. All it takes is one exploit or something of similar nature and some bad actors taking advantage of it before it can be patched for your computer to become fucked.
Well base operating system or hardware driver. There are exceptions, the pps driver for timekeeping makes sense to be kernel level too.
But games developers? No, they have no right to ring 0. I understand they want to protect from cheats, but they’re just moving the battleground to a part of the system that results in blue screens/panics when it fails. And cheat developers will follow them there and even move to the hypervisor if needed, trust me on that.
Not to mention MSI releasing a monitor with built-in AI to highlight enemies for you that almost definitely counts as cheating, yet there’s nothing they can do except ban the hardware all together.
Is this the death of LoL on Linux, then? It was possible to get it working pretty well a few days after every patch, but this will change all that.
For the forseeable future, unless someone is committed enough to making Darling work.
(Mac layer instead of Windowz, the mac version does not and will not have vanguard.)Yes, if Valorant hasn’t been playable on Linux due to Vanguard then so will LoL.
It’s the death of LoL anywhere. Only suckers will play it.
Isn’t that basically the entire player base anyway?
Yes unfortunately. Just gotta hope that none of those suckers can be exploited for military advantage. Probably not.
Different software purposes and all, but it vaguely puts me in the mind of the Sony compact disc DRM scandal.
Here’s the summary for the wikipedia article you mentioned in your comment:
The Sony BMG CD copy protection scandal concerns the copy protection measures included by Sony BMG on compact discs in 2005. When inserted into a computer, the CDs installed one of two pieces of software that provided a form of digital rights management (DRM) by modifying the operating system to interfere with CD copying. Neither program could easily be uninstalled, and they created vulnerabilities that were exploited by unrelated malware. One of the programs would install and “phone home” with reports on the user’s private listening habits, even if the user refused its end-user license agreement (EULA), while the other was not mentioned in the EULA at all. Both programs contained code from several pieces of copylefted free software in an apparent infringement of copyright, and configured the operating system to hide the software’s existence, leading to both programs being classified as rootkits.
Good bot, if this is how you earn your keep.
Another game I’ll never play 👍🏻
Eh, probably for the best, everything I’ve heard about LoL is that it turns you into a toxic hateful shell of a human.
I haven’t played for years so it may have changed, but yeah, the player base was not a very nice one.
That’s gonna be an uninstall for me, Tencent.
Another reason not to play LoL.
Is there an open source MOBA? Players need an alternative, even if it’s not as good to begin with.
I mean Dota exists. I guess I’ll switch to that. Or maybe I’ll just take a shower.
Dota was the OG anyway, LOL coined the term MOBA to shift focus that they stole their gameplay mechanic from one dude, icefrog.
I remember when people used to type AoS-like game (Aeon of Strife) when hosting a similar custom map on SC or Warcraft III
i.e. DotA 5v5 AoS-like
Then after DotA got popular, it became DotA-like
i.e. Naruto Wars 5v5 DotA-like
deleted by creator
Dota has always been a drastically better game, I see this as an absolute win for Linux. League is cancer.
Uhhhh no. Dota is slow and terrible. Not that I think anyone should touch that CCP spyware of a game League.
Not that I know of, the most popular open source games I have heard of are Space Station 13 (and its newer release Space Station 14 on steam), and Beyond All Reason which is an RTS.
If we’re talking about RTSs as well, there’s 0AD, which I tried out briefly during the period between Ensemble Studios being shut down, and the revival of the Age franchise with the HD edition (over a decade ago now, and it looks like 0AD has been under constant development since then).
An open source and popular MOBA would have an even larger problem with cheating and bad actors.
Security through obscurity clearly isn’t working anyway
The creation of cheats would be easier in principle but maybe in knowing than then you wouldn’t design a game where you trust the client in the first place. For example; don’t tell the client the location of every (unseen/unheard) player on the map in an FPS.
Perhaps there’s an alternative to addressing cheating which hasn’t been explored. Conventional wisdom was pirates are basically people wanting stuff for free so you should invest in DRM to force them to pay for it - now some treat piracy as a service problem where they instead need to offer a better user experience. I think it’s worth investigating if some cheaters would be better satisfied with built-in cheats, and if some non-cheaters would be willing to fight some uneven battles if they knew that’s what they were getting into.
By that logic any sever running something open source like Linux would be more vulnerable than say, Windows.
Is open-source compatible with competitive games? As much as I love open-source in general, I feel like cheating would be a serious problem if the source code is available for everyone. That’s not really an issue in single-player or co-operative games (outside of cheating leaderboard positions) but it would absolutely cause problems in a PvP game.
Proving source code would reduce the barrier to entry for creating cheats, but cheats are very prevalent anyway. I do not want to make proprietary games so I have no choice but to find an alternative if I ever choose to make a competitive multiplayer game.
There was a MSI monitor at CES which pops-up a warning when an enemy appears on the mini-map in LoL. Significant cheats may be accessible without going to shading sites (perhaps kernel-level anti-cheat could have some success to figure out what monitor you’re using but my understanding is that’s easily fooled in software and perhaps undetectable via hardware video splinters). Cheats which do not run on the host machine at all are undetectable by traditional anti-cheats.
I think the end-game of anti-cheat is intolerable. Can one get enough data for machine learning to determining if a player is cheating without a high error rate (banning false positives)? Would players tolerate having cameras recording their inputs like it’s a submitted speedrun or an exam during Covid?
Here is an alternative Piped link(s):
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
osu! is a competitive game that is open source, and its arguably the most popular rhythm game right now and there’s not much of a cheating problem.
You’re right about osu! Although it’s probably one of the few competitive games where there’s no gameplay interaction between players - if another player is cheating, it hurts the overall competitiveness, of course, but it doesn’t directly affect your gameplay experience.
It’s not like playing a shooter where someone has an aimbot and wallhacks, or a racing game where someone can ram you off the track without slowing themselves down - those things directly ruin your gameplay experience as well as obviously hurting the competitive integrity. I don’t think those kinds of games would work at all if they were open-source and without anti-cheat unless there was strict moderation and likely whitelisting in place for servers.
It’s not so much that the source code is available. It’s that there would not be systems in place to ban cheaters, detect them, etc.
It’s open source, why would there be support teams and bans and all that?
In the past people created communities for multiplayer games around specific forums or LAN centers and sometimes hosted allow-list servers. If you didn’t play by the rules you’d get banned of the forum, and thus that server which it was tied to.
I’m not a fan of needing an account to play online and if I created a multiplayer game I don’t want to host that information in a centralized server. Perhaps there are more ways than I know but I’d be more interested in finding an alternative to this arms race of banning vs avoiding bans.
Yep, a lot of recent anti-cheat is looking a lot like DRM.
more like intentionally installed malware but yes, 100 % this
Not just looking like DRM, I would say it IS DRM.
It really confuses me why people would want to play a competitive video game that is balanced around profit. Riot openly admits to buffing and nerfing based on skin sales and champion releases.
Addiction, I suppose.
Cool, I uninstalled League years ago. Now I’m definitely not gonna reinstall
Sell sell sell!!!
This won’t change much for me considering i already have a dozen reasons not to play this shit ass game
I know two couples who got divorced because of it.
Care to elaborate?
The guys were playing all nights & weekends for years, neglected their wives and in one case children (other couple didn’t have any), the childless wife ended up cheating, the other allegedly as well (but wasn’t ever proven nor admitted to), both women eventually filed for divorce.
They also neglected their friends and came crawling back once their lives fell apart. I had since moved so didn’t really hang out with them again, but from what I hear, both got back into the game eventually and withdrew further.
Damn
What a shitty game to throw your life away over…
Alcohol doesn’t really taste good and neither do cigarettes.
People often times have illnesses that make these types of things consume their life. It’s easy to look down on them but they honestly need help.
