Valorant Vanguard: The story behind the world’s most sophisticated anti-cheat system

Pic Courtesy : TopEsports
Pic Courtesy : TopEsports
Abhishek Mallick

Vanguard, which is Riot Games’ new anti-cheat software for Valorant, can be very easily defined by two words, ‘strict’ and ‘uncompromising.’

Not only has it garnered the reputation of being one of the most sophisticated anti-cheat software in video game history, but it has been subject to a lot of controversies as well. Vanguard had started kicking players off servers after detecting minor irregularities in their systems, which were neither hacks nor cheat bots.

Not everything can be perfect, and Vanguard’s non-compromising nature for protecting the competitive integrity of the game comes with its very own side-effects. However, Riot is trying its level best to balance the anti-cheat the best they can, and with the game’s official launch right around the corner, we’re bound to see a lot of improvements in the coming weeks.

But before we get too ahead of ourselves in praising an anti-cheat software which much of the player base seems to hate, let’s first go into what Vanguard is and how exactly it works.

So what is Vanguard in Valorant?

Pick taken from DiTech
Pick taken from DiTech

Vanguard is the new anti-cheat software from Riot Games, which comes as a package with Valorant, and helps protect the game from harmful third-party applications.

It has two different parts to it; one is a ‘kernel-mode’ driver which runs as soon as you boot up your PC, and the second is the client, which constantly checks to make sure that you aren’t running a cheat as soon as you start Valorant.

Though the functioning of the client is self-explanatory, it’s in the utilization of the kernel-mode drivers where much of the complications arise.

In layman’s terms, the kernel-mode is the guard that protects the client; it's the security for your anti-cheat software that ‘looks at other drivers and blocks them from running if it detects that they have a known vulnerability.’

Drives with vulnerabilities can be used for cheat exploits, so if the Vanguard driver is not started as soon as your PC boots, you will not be able to log into Valorant.

Why so much security for Valorant?

Pic Courtesy : All Things How
Pic Courtesy : All Things How

Some of the initial apprehensions towards kernel-mode (which gives way to much of the controversy around Vanguard), came from the fact that most players felt that if a cheat exploit found a loophole on the driver itself, then it can be much worse than just finding a vulnerability in a software.

So the reason for Riot still going ahead with using a kernel-mode driver in Vanguard is because over the last couple of years it has become the norm in many esports titles.

Softwares like EasyAntiCheat are notorious for utilizing the kernel-mode drivers, and it’s used by the major esports title Apex Legends. BattleEye is another example of a kernel-mode user, and that software is used by games like Rainbow Six Siege and PUBG

So Vanguard’s basic functioning is pretty similar to theirs, however, there are 2 differences in the anti-cheat from Riot Games that makes it a bit more complicated than either EasyAntiCheat or BattleEye:

  1. Unlike EasyAntiCheat or BattleEye, Vanguard starts with Windows as soon as you boot your PC, instead of starting with the game.
  2. It’s not as lenient as other anti-cheat softwares when it comes to blocking vulnerable drivers.

What are the things that Vanguard takes action on in Valorant?

Pic Courtesy: HotSpawn
Pic Courtesy: HotSpawn

In essence, Vanguard is programmed to stop or block certain drivers along with the programs which utilize these drivers. Though we can’t provide you with a specific list of drivers that Vanguard will block, what we can tell you is the type of drivers that it will definitely stop: temperature monitors, fan controllers, graphics overclocking tools, and the like.

One of the biggest concerns that players have raised, is that Vanguard won’t let them run popular programs like Core Temp, which provides players with the temperature of their CPU cores.

Now, in Vanguard’s eyes, softwares like these use drivers who are known to be vulnerable and can act as a security risk to the game. Though the creators of Core Temp themselves are unaware of such vulnerabilities, Riot still feels that they might pose a threat, and explains the situation by saying, "Vanguard blocks drivers with known security vulnerabilities (usually privilege escalation via arbitrary memory writes) that allow cheat developers to load their cheats into the kernel without approval from Microsoft,"

This is quite a vague statement from the Valorant anti-cheat lead Paul Chamberlain, which really doesn’t explain the problem all that much.

However, a lot of players have gone digging and have found that most of the drivers that Vanguard blocks do tend to include vulnerabilities. But the problem arises when the software can't seem to segregate between those drivers which actually have some vulnerability in it and those who do not.

Vanguard’s success so far in Valorant

Pic Courtesy : Esportz Network
Pic Courtesy : Esportz Network

It’s important to note here, that no anti-cheat software can be a hundred percent successful, there will be loopholes in the program which exploiters will find and make cheats around. So the anti-cheat for a first-person shooter genre should be more of an evolving process, and it should keep mutating as its exploits keep mutating.

In terms of its success, Riot’s Vanguard has done much better than most. There were indeed a lot of cheats that made its way into Valorant so far, but we have to keep in mind that the game is still in its beta and in the earlier weeks the banning system was rather incomplete.

Riot had opted to ban the exploit users in waves, and not just cut them out of the server from the get-go. This can be because they feel that they should give the cheaters a false sense of security before bringing down the ban hammer and then upgrading Vanguard to counter them.

According to Chamberlain in a blog post "It's fundamentally a defense-in-depth approach." So, when the game finally releases, not only do they want Vanguard to be resistant to all sorts of cheats but they also want to:

  • Use Vanguard to make cheats hard to develop (and thus expensive)
  • Catch cheaters through player reporting
  • Use replays and machine learning to ban the exploiters
  • Use hardware bans and not just IP bans to keep cheaters from rejoining with new accounts

It only gets better from here.

The reason why Vanguard is not well received by many players is that they feel powerless as to what programs they can run and what they can’t while playing valorant. The lack of a choice in the matter has made many criticize the software, and keep installing and uninstalling Vanguard every time they log in and out of Valorant.

In a comment to a Reddit post, Chamberlain had said that “We’re working on ways to make the experience better. Our current notification pop-ups aren't as good as they could be and we’re looking for ways to give you more control over how Vanguard works.”

This just goes to show that the devs are quite serious about making their game as enjoyable as possible, which is why they’re so keen on player feedback. They are working really hard to improve the entire process, one step at a time.

Edited by Suromitro Basu
Article image

Go to article
Fetching more content...
App download animated image Get the free App now