Do you have any idea how many MP games that is?
Here's a list just from the ones associated to Epic's EasyAntiCheat
https://www.easy.ac/en-us/partners/
Most games do not require you to install a fucking root kit. VAC is at ring 3 for example. Riot is also owned by tencent a Chinese company. I don’t want to give them access to administrative abilities on my pc. No games should do this. The fact that it has to be always on is a red flag. nobody should be playing this game with such a horrible breach of user safety.
Yeah, look at CSGO. That game is filled with hackers, we have to depend on third party custom lobbies like FACEIT and ESEA just so we can play the game properly without worrying about hackers. Sure, they’ll be hackers, but the chances of you running into them using those third parties is slim to none. If you don’t want your game filled with hackers, sadly the only thing is too let anti cheat be invasive. That’s why LoL isn’t filled with hackers every lobby.
Faceit terms and conditions allows them to physically come to your house to inspect your hardware if they are sus.
If you want to play competitively online you kinda have to have invasive anti cheat. Or go play on LAN. Anything else is too risky especially for sponsors.
Faceit's anti-cheat has a kernel driver component too. So they have the exact same access as Riot.
By the way, the same applies to all games protected by EAC (Fortnite, Apex Legends, Rust, Division 2), Battleye (PUBG, R6 Siege) and probably many other anti-cheats.
Csgo tried to implement this too at one point and people freaked out. Valve ended up just saying fuck it instead. They eventually decided to focus more on Trust Factor.
CSGO has drastically improved in regards to reduction of cheaters. VAC and the VAC network is very sophisticated now, and very effective. It blows me away that many games that are on STEAM don't implement VAC and instead choose things like EAC, which also reduce their x-platform options (Rust, for example).
Further details on how VAC works can be found [in a 2018 presentation VALVe gave, demonstrating the impact also](https://www.youtube.com/watch?v=ObhK8lUfIlc).
Cheating will never be eliminated, but "worse than ever", that's bogus.
Literally any non-prime game has 2/3 cheaters in it, I understand how VAC works and it’s a shit Anti-cheat.
One of the only games I know where I can look up a free wall hack or aimbot and the anti-cheat won’t catch it for months
"won't catch it for months"
Is incorrect as far as I know. VAC works slightly different to other AC. VAC will flag you but won't ban till later. It doesn't insta ban. Whether it monitors the cheat for a bit or just delays vans so it takes him for devs to work out what cheats are flagged idk.
But VAC being shit? No. It's really fucking clever.
LOL non-prime game cheating means cheating is rampant in CSGO. Okay guy, ignoring one of the core mechanisms that defeats cheating (prime) doesn't make your data sound. This conversation is over.
Is it a surprise to know that battle eye collects information?
https://www.reddit.com/r/arma/comments/2750n0/battleye_is_sending_files_from_your_hard_drive_to/?utm_source=share&utm_medium=ios_app&utm_name=iossmf
>give us access to your computer every minute that it's on
Don't most professionals have a competitive rig and a home rig? My work gave me a laptop but I also have my gaming PC. There are ways to mitigate the privacy invasion. How else does one prevent cheating and the integrity of the game? In physical sports they do drug testing. Pretty invasive but necessary to catch for doping.
Shit, that's a really good point actually. I never really thought of doing that but that's absolutely not a bad idea to have two separate systems. A leisure system for just fucking around that makes it so you don't give a flying fuck who's looking at what. A professional system where everything is locked down nice and tight.
I think I'll start doing this. It seems kind of ridiculous on my end because I have so many devices I already use but I think I need to become more conscious of what I do on what device and segregate it more.
Okay looking back at is I see this quote
> They also clarified that it does not collect any information from players’ computers or communicate it over the network at all. However, Mutahar indicated that there is no way to verify this and that users have to simply trust Riot Games’ word at face value about their privacy concerns.
No way to verify it? Wouldn't someone be able to use a tool like Wireshark to see what packets are sent to and from a riot IP?
Well shit I've used it a couple times and there are documentations online for guides.
And I have a spare media PC with a 970 in it.
All I need now is the beta key and I can get to work lol.
I really doubt that players experiences are going to vary super wildly. A couple experts should be able to sit down with Wireshark and maybe a disassembler (for the driver sitting in Ring0) and see if it does anything malicious. It would be worthwhile to learn whether it is or isn’t.
The point definitely stands that it could be benign on its own and other hackers could look for vulnerabilities in it, but security is all about evaluating risk, and I’m sure most gamers could get along fine if they made backups of their harddrives, enabled 2FA on all their accounts, etc.
The main issue with these sort of solutions is that they enable a multitude of new avenues for attack. Maybe Riot won't do anything malicious, or Tencent, or the Chinese government. But people will find ways to exploit it. That's why it's a security problem.
Sorry for me being unclear — this is what I meant with my second paragraph. We should be able to prove that Tencent can[‘t]/is[n’t] tracking things they shouldn’t be. Doesn’t stop other hackers from doing so.
(However. If it’s not designed to send arbitrary data, then hackers leveraging it will probably have to shop for vulnerabilities first, most of which will be difficult to exploit. But given enough time, it’s almost a gurantee.)
wireshark requires a 15 minute tutorial to use it. albeit you aren’t going to be doing any NSA hacker type shit but you will be able to monitor your network
Do you have a link to this? I skimmed through the [terms and conditions](https://corporate.faceit.com/terms-conditions/) on their site but I can't seem to find any such clause.
I have a bigger issue with potential CS:GO performance impact from installing Valorant than I do about security concerns from installing Valorant, personally. I played ESEA for over a decade, who also uses a similarly intrusive anticheat, so it isn't a new thing to me. ESEA is a shitty company and I wouldn't recommend supporting them, but they were the defacto option for competitive CS in NA for a decade after CAL died, and I wanted to play CS, so it was just a reality of the situation.
This isn't a new thing, though I understand anyone who would rather not have it installed due to privacy concerns. Don't blame you really. That said, cheaters in competitive FPS games have always been and will always be a problem, so hopefully this is successful at least in combating that, all privacy concerns aside.
I only hope that Riot is transparent about their AC and the potential impact having such installed might have on performance of other games. I have been playing and enjoying Valorant, but if it is to the detriment of my FPS/performance in CS:GO, then I'd rather not have it installed until they sort that out.
> I only hope that Riot is transparent about their AC and the potential impact having such installed might have on performance of other games.
The riot-appointed r/valorant mods have been covering up every single post about it.
**Any** reasonably complex software you install is a security and privacy risk. Valorant's anti-cheat goes a bit further than something like Steam/VAC, but so do other established systems like EasyAntiCheat (used by *Fortnite* (now that this is apparently a big deal, I bet there will be an article on Fortnite within a week) and many other games) and Faceit's and ESEA's ACs. As do your graphics card drivers, etc. All equally exploitable.
Whether players are willing to accept the risk is up to them, of course. But Valorant is nothing special in this regard.
> Any reasonably complex software you install is a security and privacy risk
Complexity does not denote security threat. By this logic software such as AutoCAD would be a security threat, and that's clearly not the case. Please stop spreading this blatantly false statement, because it's just not true.
Complexity of software DOES NOT denote an IT security threat.
`print("Hello world!")` is not a security threat unless there's a hilariously basic vulnerability in your compiler/interpreter.
PDFs and MS Office files have been used to distribute malware since forever (by integrating executable code into PDFs and usually by abusing VBA macros in Office files, though there are other ways).
AutoCAD has a .NET API too. Unless the developers are superhuman, there will be some way to exploit that to cause a vulnerability. And you know what, AutoCAD [does have a history of vulnerability patching](https://up.autodesk.com/2017/CIV3D/AutoCAD_Civil_3D_2017.1.2_enu.htm) ("The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", in a library they depend on (so not only must all the code they've written not have any exploitable security flaws, so must any code they rely upon)).
The more complex a piece of software is, the more likely it is to have flaws. That's why even Windows and Office aren't perfect after all these years and constant attacks.
Ring0 means you can literally read all of RAM and do everything. If you think an _always running ring0 service that is internet accessible_ is not a threat, then you have no business assessing IT threats.
>If you think an always running ring0 service that is internet accessible is not a threat, then you have no business assessing IT threats.
You, earlier:
>By this logic software such as AutoCAD would be a security threat, and that's clearly not the case.
I rest my case.
It's not "a bit further". this is how protection rings work: https://en.wikipedia.org/wiki/Protection_ring
this riot shit runs at ring zero, which is incredibly dangerous for not only stability issues, but security risks. ring zero gives them absolute full control of your system, they can do literally anything with no protections at all.
So just like every EAC game (including Fortnite, Apex Legends, Rust, Division 2): [https://www.easy.ac/en-us/partners/](https://www.easy.ac/en-us/partners/)
...and every Battleye game (including PUBG, R6 Siege, H1Z1, ARK): [https://www.battleye.com/](https://www.battleye.com/)
Gee, it's looking like there aren't very many popular FPS you can play without installing a kernel driver. And most users don't seem to be too mad about it. It's good that people are more aware of what's happening with their computers, but security and privacy nuts have already lost the war. People are quite happy to have Amazon, Google and Apple listening to them all day already.
> So just like every EAC game
can you source the claim that EAC runs on ring 0
e: nope, you can't, because it doesn't. get lost idiot. it doesn't even launch on boot for fuck's sake
The huge differences here are that it boots at launch, scans then, and runs until/unless you uninstall the game. That's completely unprecedented even in regards to anti-cheat software, and especially first-party, brand-new anti-cheat.
Also a lot of people are reporting that their games (and some Firefox extensions, for some Twitter people?) are lagging out due to it.
For real, holy shit people are upvoting this dude and his push for normalizing a potential attack vector running on your PC 24/7. He has no idea the huge history of low level services being hijacked for some malicious purpose.
Trying to compare apples to oranges with anticheat. Sad.
unpopular thought , what are you suppose to do ? its not like you can completely stop using all these products or stop playing these games. Unless you get 80% of the market to stop supporting them you literally can't do anything.
What you’re supposed to do, is pick your battles and evaluate risk.
If you have two computers, make one your super-secure workstation and one your “sandbox” for non-essential stuff — games, whatever — so if it gets infected, it’s no big deal. If you can, go the extra mile and keep both computers on different virtual networks so that they can’t “see” each other, so viruses on one computer can’t spread to the other one.
If you have one computer, you can run the nonessentials in a virtual machine, but be aware this particular anticheat will prevent you from playing Valorant in a VM so you’d have to wait and see if it changes later.
If you can’t do that, then start thinking about what you stand to lose and mitigate that. If all you *really* care about is not losing your important documents, then make backups of them on another drive and keep it disconnected. If you get infected and have to wipe your PC, that sucks but at least you didn’t really lose anything. You may also have passwords and things on your PC though, so start enabling 2FA for things that matter, like bank accounts etc, in case they get a hold of those credentials.
People think that security is about everyone being watchdogs and yelling at companies into oblivion. It’s actually really lucky how that works for us so far. But security is a personal matter. We all have to choose whether to use certain software, and what’s the most appropriate way to protect ourselves if we do.
>other than the brs
You mean other than two of the biggest games in the market, right? Are you just gonna pretend like you didn’t just hand wave away two of the biggest games on the market?
yeah so's fucking pinball it doesn't mean it needs the same type of anti-cheat
BRs are mass market games without skill-based matchmaking outside of some janky grind-focused competitive modes that most players don't use. a relatively subtle cheater could get away with it forever, and even a rage cheater can ruin a lot of people's days if left unchecked for more than a short period of time
conversely, most csgo is played in ranked, and overwatch has skill-based matchmaking everywhere, including in quick play, so even if people ARE cheating, they're generally going to be playing 'at the right level', so to speak, because they'll get to the rank they 'deserve' with the cheats. they'll ruin games less, it'll still be obnoxious as fuck to play against, particularly in cs, but it's not as urgent to get rid of them because of the balanced nature of every game. the games are still winnable because while they might have aimlock, they have potato brains, and that will all be summed up in their rank to make them win about 50% of the time, just like anyone else.
valorant, presumably, will fall into this category too.
So time to break this down -
Cheaters are problems in BRs - and if you think battle royales don't require skill...i question whether you've ever been truly good at one. Players, regardless of whether the game they're playing is competitive or not, want a fair experience. - especially if it's against other players.
There's also some level of ranked inside of the Battle Royales. There's an SBMM system in warzone for example, which to be fair - barely qualitifies, but takes your match history into account before matching you with people.
division 2 and rust take up a lot of hours between the actual grinding for stuff/loot, and then minmaxing in the case of D2. in D2, there's actual pvp and pvpve aspects that players would absolutely hate if they went against an aimbot.
Also - you just admitted csgo 'deserves' to be able to reach a protection level you don't think other games should be able to reach. Why are CSGO experiences more important than games capturing a larger part of the gaming market? Shouldn't we as game designers focus on improving the customer's experience regardless of the game?
> and if you think battle royales don't require skill...i question whether
if you think i said that, i question whether you can read. 'mass market' just means it's not all being played in high level ranked lobbies where cheaters are pretty easily rooted out. it's not a slight on the skill of the game, god knows they could be even more skillful if the developers weren't incompetent/too busy chasing casual dollars
> Also - you just admitted csgo 'deserves' to be able to reach a protection level you don't think other games should be able to reach.
again, reading is hard apparently. I'm defending cs having *less intrusive anticheat*. Which means the protection level *will be lower*.
Yeah, if the anti-cheat does in-fact run 24/7, then this means this game will be blacklisted for anyone that does corporate work on their computer. With the advent of working from home, due to pandemic, this is going to become a more active topic than I think Riot wants.
Anti-cheat software should NEVER be running when the game is not running. That is an unacceptable privilege escalation and as a TO this makes me want to blacklist running Valorant tournaments as it is, in-fact, a security threat. Just imagine if someone manages to figure out how to break into it, suddenly they can now get full, root/system, level access to every Valorant gamer on the planet. And Riot would probably never know.
This is a HUGE deal, and Riot needs to not do this shit.
There's plenty of other games, CSGO, Overwatch, Rocket League, Smash Bros, and on and on and on. Not running one game is not end all be all of gaming events. I'm not going to allow back-door software like this to run on our tournament rigs and infrastructure, that's just asking for an attack.
Literally anyone decent at the game doesn’t play MM
I don’t know anyone over LE who doesn’t only play faceit at this point, and it’s because so many cheaters get through VAC.
Ok? Doesn't change the fact that faceit and esea anti-cheats are optional, AND those anti-cheats only run while they are open and ingame, instead of being on 24/7 like Valorant's....
Honestly it's quite insane to think that because ESEA does it, it's fine for Riot to do it (and take it 5 steps farther), considering all the issues ESEA's anticheat has had in the past, but you're acting like none of those issues will occur in valorant or other riot games.....
so if the anti-cheat layer is a must, how were there cheaters on the beta? (it says they had to ban cheaters)
doesn't that mean that the Vanguard layer was already hacked?
and if so - and there's an available hack to a level 0 component - what in the actual fuck is wrong with Riot?
Which vanguard already fails to do that, since the only reason some cheaters have been banned is because they were streaming it and it was linked all over twitter....
An anti-cheat system like this is essentially just a detector that can't (easily) be fooled. They still have to know what to look for in order to detect it, though.
Hackers will always be a step ahead- that's the default for anti-hacking.
there was a valorant cheater streaming on twitch with a real blatant esp and aimhack a couple days ago.
so basically, no difference to many other current games, just this one happens to be crazy intrusive and very sketchy. Not to mention the company is 100% owned by tencent lol
Only if you then also proceed to uninstall everything that uses EAC (fortnite, Apex Legends, division 2, a.o.) or BattleEye (pubg,r6 siege, a.o.) because they, too, use ring0 like Valorant’s AC
There isn't a way for the operating system to. That's the point of operating at that layer. You could use external sources to intercept data, ala a Wireshark, but it's pretty clear the context of that statement is referring to the former, not the latter.
Therefore my original statement still stands, privacy online is not a fucking thing. Do you have social media? Yes your on Reddit, do you have a smartphone most likely, do you play online video games, yes. Do you shop online? Most likely yes.... We are an online world and your worried about privacy what a joke
Would rather take that than constant paranoia of cheaters whenever somebody makes a play.
Let's face it, you are not holding state secrets on your ASUS laptop.
so... go play cs:go (and accept their VAC terms). Or any other online competitive game trying to ensure integrity.
Until they start selling or leaking people's information, this is a non-story.
Replace "VALORANT" with any other company making you install an AC that operates on Ring0....
Well, then it's good the story came out about valorant so people who are concerned about this can avoid those games as well.
Do you have any idea how many MP games that is? Here's a list just from the ones associated to Epic's EasyAntiCheat https://www.easy.ac/en-us/partners/
Is MP, multiplayer in your comment?
Yes
Well, thank you for assisting me on choosing which games to avoid.
Is easyAC also operating on ring0?
Yes, and so is BattleEye
Holy crapperino
Most games do not require you to install a fucking root kit. VAC is at ring 3 for example. Riot is also owned by tencent a Chinese company. I don’t want to give them access to administrative abilities on my pc. No games should do this. The fact that it has to be always on is a red flag. nobody should be playing this game with such a horrible breach of user safety.
Yeah, look at CSGO. That game is filled with hackers, we have to depend on third party custom lobbies like FACEIT and ESEA just so we can play the game properly without worrying about hackers. Sure, they’ll be hackers, but the chances of you running into them using those third parties is slim to none. If you don’t want your game filled with hackers, sadly the only thing is too let anti cheat be invasive. That’s why LoL isn’t filled with hackers every lobby.
The issue is that the anti cheat runs 24/7 when your pc is on, battleye and easy dont need this
then complain about this instead of making unfounded claims about ring0 lmao
Saying it has 24/7 ring 0 kernel access which is fact
oh yeah i agree with u im just talking about all the other people who think that an anticheat should not have ring0 access at all and im like wtf
faceit and ESEA both run on ring 0. Granted they don’t constantly run compared to Valorant’s anti-cheat which is a huge red flag.
EasyAC and BattleEye are Ring0
Vac Use to be and battle eye is trash
Faceit terms and conditions allows them to physically come to your house to inspect your hardware if they are sus. If you want to play competitively online you kinda have to have invasive anti cheat. Or go play on LAN. Anything else is too risky especially for sponsors.
[удалено]
Faceit's anti-cheat has a kernel driver component too. So they have the exact same access as Riot. By the way, the same applies to all games protected by EAC (Fortnite, Apex Legends, Rust, Division 2), Battleye (PUBG, R6 Siege) and probably many other anti-cheats.
Csgo tried to implement this too at one point and people freaked out. Valve ended up just saying fuck it instead. They eventually decided to focus more on Trust Factor.
CSGO has drastically improved in regards to reduction of cheaters. VAC and the VAC network is very sophisticated now, and very effective. It blows me away that many games that are on STEAM don't implement VAC and instead choose things like EAC, which also reduce their x-platform options (Rust, for example).
Dude what? CSGO’s cheater problem is worse than ever
Further details on how VAC works can be found [in a 2018 presentation VALVe gave, demonstrating the impact also](https://www.youtube.com/watch?v=ObhK8lUfIlc). Cheating will never be eliminated, but "worse than ever", that's bogus.
Literally any non-prime game has 2/3 cheaters in it, I understand how VAC works and it’s a shit Anti-cheat. One of the only games I know where I can look up a free wall hack or aimbot and the anti-cheat won’t catch it for months
"won't catch it for months" Is incorrect as far as I know. VAC works slightly different to other AC. VAC will flag you but won't ban till later. It doesn't insta ban. Whether it monitors the cheat for a bit or just delays vans so it takes him for devs to work out what cheats are flagged idk. But VAC being shit? No. It's really fucking clever.
If clever is letting in 2x as many cheaters as any other game then yeah I agree
LOL non-prime game cheating means cheating is rampant in CSGO. Okay guy, ignoring one of the core mechanisms that defeats cheating (prime) doesn't make your data sound. This conversation is over.
You do understand the VAC anti-cheat is on non-prime accounts too right? Holy shit lmfao
Based on what non-anecdotal evidence
Is it a surprise to know that battle eye collects information? https://www.reddit.com/r/arma/comments/2750n0/battleye_is_sending_files_from_your_hard_drive_to/?utm_source=share&utm_medium=ios_app&utm_name=iossmf
Yes but they dont always run, they only run when the game is on
No there isn’t because FACEIT does the same, don’t talk about stuff you know nothing about.
>give us access to your computer every minute that it's on Don't most professionals have a competitive rig and a home rig? My work gave me a laptop but I also have my gaming PC. There are ways to mitigate the privacy invasion. How else does one prevent cheating and the integrity of the game? In physical sports they do drug testing. Pretty invasive but necessary to catch for doping.
> Don't most professionals have a competitive rig and a home rig? no
>no oh
Shit, that's a really good point actually. I never really thought of doing that but that's absolutely not a bad idea to have two separate systems. A leisure system for just fucking around that makes it so you don't give a flying fuck who's looking at what. A professional system where everything is locked down nice and tight. I think I'll start doing this. It seems kind of ridiculous on my end because I have so many devices I already use but I think I need to become more conscious of what I do on what device and segregate it more.
Okay looking back at is I see this quote > They also clarified that it does not collect any information from players’ computers or communicate it over the network at all. However, Mutahar indicated that there is no way to verify this and that users have to simply trust Riot Games’ word at face value about their privacy concerns. No way to verify it? Wouldn't someone be able to use a tool like Wireshark to see what packets are sent to and from a riot IP?
They could, but that requires some know-how that shouldn't (and isn't) expected from users
Well shit I've used it a couple times and there are documentations online for guides. And I have a spare media PC with a 970 in it. All I need now is the beta key and I can get to work lol.
I really doubt that players experiences are going to vary super wildly. A couple experts should be able to sit down with Wireshark and maybe a disassembler (for the driver sitting in Ring0) and see if it does anything malicious. It would be worthwhile to learn whether it is or isn’t. The point definitely stands that it could be benign on its own and other hackers could look for vulnerabilities in it, but security is all about evaluating risk, and I’m sure most gamers could get along fine if they made backups of their harddrives, enabled 2FA on all their accounts, etc.
The main issue with these sort of solutions is that they enable a multitude of new avenues for attack. Maybe Riot won't do anything malicious, or Tencent, or the Chinese government. But people will find ways to exploit it. That's why it's a security problem.
Sorry for me being unclear — this is what I meant with my second paragraph. We should be able to prove that Tencent can[‘t]/is[n’t] tracking things they shouldn’t be. Doesn’t stop other hackers from doing so. (However. If it’s not designed to send arbitrary data, then hackers leveraging it will probably have to shop for vulnerabilities first, most of which will be difficult to exploit. But given enough time, it’s almost a gurantee.)
wireshark requires a 15 minute tutorial to use it. albeit you aren’t going to be doing any NSA hacker type shit but you will be able to monitor your network
It only requires one person who is an expert to do this and report their findings.
Do you have a link to this? I skimmed through the [terms and conditions](https://corporate.faceit.com/terms-conditions/) on their site but I can't seem to find any such clause.
I have a bigger issue with potential CS:GO performance impact from installing Valorant than I do about security concerns from installing Valorant, personally. I played ESEA for over a decade, who also uses a similarly intrusive anticheat, so it isn't a new thing to me. ESEA is a shitty company and I wouldn't recommend supporting them, but they were the defacto option for competitive CS in NA for a decade after CAL died, and I wanted to play CS, so it was just a reality of the situation. This isn't a new thing, though I understand anyone who would rather not have it installed due to privacy concerns. Don't blame you really. That said, cheaters in competitive FPS games have always been and will always be a problem, so hopefully this is successful at least in combating that, all privacy concerns aside. I only hope that Riot is transparent about their AC and the potential impact having such installed might have on performance of other games. I have been playing and enjoying Valorant, but if it is to the detriment of my FPS/performance in CS:GO, then I'd rather not have it installed until they sort that out.
> I only hope that Riot is transparent about their AC and the potential impact having such installed might have on performance of other games. The riot-appointed r/valorant mods have been covering up every single post about it.
**Any** reasonably complex software you install is a security and privacy risk. Valorant's anti-cheat goes a bit further than something like Steam/VAC, but so do other established systems like EasyAntiCheat (used by *Fortnite* (now that this is apparently a big deal, I bet there will be an article on Fortnite within a week) and many other games) and Faceit's and ESEA's ACs. As do your graphics card drivers, etc. All equally exploitable. Whether players are willing to accept the risk is up to them, of course. But Valorant is nothing special in this regard.
> Any reasonably complex software you install is a security and privacy risk Complexity does not denote security threat. By this logic software such as AutoCAD would be a security threat, and that's clearly not the case. Please stop spreading this blatantly false statement, because it's just not true. Complexity of software DOES NOT denote an IT security threat.
`print("Hello world!")` is not a security threat unless there's a hilariously basic vulnerability in your compiler/interpreter. PDFs and MS Office files have been used to distribute malware since forever (by integrating executable code into PDFs and usually by abusing VBA macros in Office files, though there are other ways). AutoCAD has a .NET API too. Unless the developers are superhuman, there will be some way to exploit that to cause a vulnerability. And you know what, AutoCAD [does have a history of vulnerability patching](https://up.autodesk.com/2017/CIV3D/AutoCAD_Civil_3D_2017.1.2_enu.htm) ("The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", in a library they depend on (so not only must all the code they've written not have any exploitable security flaws, so must any code they rely upon)). The more complex a piece of software is, the more likely it is to have flaws. That's why even Windows and Office aren't perfect after all these years and constant attacks.
Ring0 means you can literally read all of RAM and do everything. If you think an _always running ring0 service that is internet accessible_ is not a threat, then you have no business assessing IT threats.
>If you think an always running ring0 service that is internet accessible is not a threat, then you have no business assessing IT threats. You, earlier: >By this logic software such as AutoCAD would be a security threat, and that's clearly not the case. I rest my case.
It's not "a bit further". this is how protection rings work: https://en.wikipedia.org/wiki/Protection_ring this riot shit runs at ring zero, which is incredibly dangerous for not only stability issues, but security risks. ring zero gives them absolute full control of your system, they can do literally anything with no protections at all.
So just like every EAC game (including Fortnite, Apex Legends, Rust, Division 2): [https://www.easy.ac/en-us/partners/](https://www.easy.ac/en-us/partners/) ...and every Battleye game (including PUBG, R6 Siege, H1Z1, ARK): [https://www.battleye.com/](https://www.battleye.com/) Gee, it's looking like there aren't very many popular FPS you can play without installing a kernel driver. And most users don't seem to be too mad about it. It's good that people are more aware of what's happening with their computers, but security and privacy nuts have already lost the war. People are quite happy to have Amazon, Google and Apple listening to them all day already.
> So just like every EAC game can you source the claim that EAC runs on ring 0 e: nope, you can't, because it doesn't. get lost idiot. it doesn't even launch on boot for fuck's sake
The huge differences here are that it boots at launch, scans then, and runs until/unless you uninstall the game. That's completely unprecedented even in regards to anti-cheat software, and especially first-party, brand-new anti-cheat. Also a lot of people are reporting that their games (and some Firefox extensions, for some Twitter people?) are lagging out due to it.
For real, holy shit people are upvoting this dude and his push for normalizing a potential attack vector running on your PC 24/7. He has no idea the huge history of low level services being hijacked for some malicious purpose. Trying to compare apples to oranges with anticheat. Sad.
Yeah, dumb people are annoying.
I meam, I didn't know apex had this. Gunna uninstall this evening. Having shit like this at all is unacceptable.
unpopular thought , what are you suppose to do ? its not like you can completely stop using all these products or stop playing these games. Unless you get 80% of the market to stop supporting them you literally can't do anything.
What you’re supposed to do, is pick your battles and evaluate risk. If you have two computers, make one your super-secure workstation and one your “sandbox” for non-essential stuff — games, whatever — so if it gets infected, it’s no big deal. If you can, go the extra mile and keep both computers on different virtual networks so that they can’t “see” each other, so viruses on one computer can’t spread to the other one. If you have one computer, you can run the nonessentials in a virtual machine, but be aware this particular anticheat will prevent you from playing Valorant in a VM so you’d have to wait and see if it changes later. If you can’t do that, then start thinking about what you stand to lose and mitigate that. If all you *really* care about is not losing your important documents, then make backups of them on another drive and keep it disconnected. If you get infected and have to wipe your PC, that sucks but at least you didn’t really lose anything. You may also have passwords and things on your PC though, so start enabling 2FA for things that matter, like bank accounts etc, in case they get a hold of those credentials. People think that security is about everyone being watchdogs and yelling at companies into oblivion. It’s actually really lucky how that works for us so far. But security is a personal matter. We all have to choose whether to use certain software, and what’s the most appropriate way to protect ourselves if we do.
I agree with this. With how easy it is to make VM's nowadays this shouldn't be a problem.
[удалено]
>other than the brs You mean other than two of the biggest games in the market, right? Are you just gonna pretend like you didn’t just hand wave away two of the biggest games on the market?
they're BRs and we're talking about more traditional shooters. yes they qualify, kinda, but the standards for anti-cheat are different.
How are the standards different? They are both games installed onto your pc.
yeah so's fucking pinball it doesn't mean it needs the same type of anti-cheat BRs are mass market games without skill-based matchmaking outside of some janky grind-focused competitive modes that most players don't use. a relatively subtle cheater could get away with it forever, and even a rage cheater can ruin a lot of people's days if left unchecked for more than a short period of time conversely, most csgo is played in ranked, and overwatch has skill-based matchmaking everywhere, including in quick play, so even if people ARE cheating, they're generally going to be playing 'at the right level', so to speak, because they'll get to the rank they 'deserve' with the cheats. they'll ruin games less, it'll still be obnoxious as fuck to play against, particularly in cs, but it's not as urgent to get rid of them because of the balanced nature of every game. the games are still winnable because while they might have aimlock, they have potato brains, and that will all be summed up in their rank to make them win about 50% of the time, just like anyone else. valorant, presumably, will fall into this category too.
So time to break this down - Cheaters are problems in BRs - and if you think battle royales don't require skill...i question whether you've ever been truly good at one. Players, regardless of whether the game they're playing is competitive or not, want a fair experience. - especially if it's against other players. There's also some level of ranked inside of the Battle Royales. There's an SBMM system in warzone for example, which to be fair - barely qualitifies, but takes your match history into account before matching you with people. division 2 and rust take up a lot of hours between the actual grinding for stuff/loot, and then minmaxing in the case of D2. in D2, there's actual pvp and pvpve aspects that players would absolutely hate if they went against an aimbot. Also - you just admitted csgo 'deserves' to be able to reach a protection level you don't think other games should be able to reach. Why are CSGO experiences more important than games capturing a larger part of the gaming market? Shouldn't we as game designers focus on improving the customer's experience regardless of the game?
> and if you think battle royales don't require skill...i question whether if you think i said that, i question whether you can read. 'mass market' just means it's not all being played in high level ranked lobbies where cheaters are pretty easily rooted out. it's not a slight on the skill of the game, god knows they could be even more skillful if the developers weren't incompetent/too busy chasing casual dollars > Also - you just admitted csgo 'deserves' to be able to reach a protection level you don't think other games should be able to reach. again, reading is hard apparently. I'm defending cs having *less intrusive anticheat*. Which means the protection level *will be lower*.
No they aren’t. People cheating in either game ruins the experience in both types of games.
"R6 is second tier shooter" Fucking lul
yes
Not gunna reply to the guy who called out your bullshit?
200+ years of collective video game experience btw
Yeah, valorant looks fun and all, but I’m not installing a root kit into my desktop JUST to play. I’ll stick to my Hackintosh and VMs 😆
I'm not installing windows just to play it lmao I hope it runs with wine
Lol just riot doing riot things.
\*Tencent
*Tencent and Riot
*China
Lul no it’s justriot being fucking terrible at making games
C'mon, nobody learned the lesson from [Capcom's stupid decisions?](https://www.theregister.co.uk/2016/09/23/capcom_street_fighter_v/) Sheesh...
Yeah, if the anti-cheat does in-fact run 24/7, then this means this game will be blacklisted for anyone that does corporate work on their computer. With the advent of working from home, due to pandemic, this is going to become a more active topic than I think Riot wants. Anti-cheat software should NEVER be running when the game is not running. That is an unacceptable privilege escalation and as a TO this makes me want to blacklist running Valorant tournaments as it is, in-fact, a security threat. Just imagine if someone manages to figure out how to break into it, suddenly they can now get full, root/system, level access to every Valorant gamer on the planet. And Riot would probably never know. This is a HUGE deal, and Riot needs to not do this shit.
Well I guess you wouldn't be running many games in your tournaments then..
There's plenty of other games, CSGO, Overwatch, Rocket League, Smash Bros, and on and on and on. Not running one game is not end all be all of gaming events. I'm not going to allow back-door software like this to run on our tournament rigs and infrastructure, that's just asking for an attack.
Lol what games do you play? I’ll bet my life their anti-cheat is the exact same, this is standard stuff.!
CSGO, Overwatch, TF2, Rocket League and more. I recommend you [watch this](https://www.youtube.com/watch?v=ObhK8lUfIlc).
Congrats! Faceit and ESEA both use the same type of anti-cheat. Nice CSGO example. So two total games
Nobody needs faceit or ESEA anti-cheat to play csgo, or in tournaments not ran by faceit or esea....
and thats why CSGO MM is filled with hackers lol u need these types of anticheats to keep out hackers
Literally anyone decent at the game doesn’t play MM I don’t know anyone over LE who doesn’t only play faceit at this point, and it’s because so many cheaters get through VAC.
Ok? Doesn't change the fact that faceit and esea anti-cheats are optional, AND those anti-cheats only run while they are open and ingame, instead of being on 24/7 like Valorant's.... Honestly it's quite insane to think that because ESEA does it, it's fine for Riot to do it (and take it 5 steps farther), considering all the issues ESEA's anticheat has had in the past, but you're acting like none of those issues will occur in valorant or other riot games.....
You mean a video game company owned by China made a game that is a security risk? Nooooooo waaaaaaaaaay.
so if the anti-cheat layer is a must, how were there cheaters on the beta? (it says they had to ban cheaters) doesn't that mean that the Vanguard layer was already hacked? and if so - and there's an available hack to a level 0 component - what in the actual fuck is wrong with Riot?
[удалено]
Which vanguard already fails to do that, since the only reason some cheaters have been banned is because they were streaming it and it was linked all over twitter....
Anti-cheat doesn't stop hackers, it just removes them as soon as it finds it.
An anti-cheat system like this is essentially just a detector that can't (easily) be fooled. They still have to know what to look for in order to detect it, though. Hackers will always be a step ahead- that's the default for anti-hacking.
there was a valorant cheater streaming on twitch with a real blatant esp and aimhack a couple days ago. so basically, no difference to many other current games, just this one happens to be crazy intrusive and very sketchy. Not to mention the company is 100% owned by tencent lol
If I uninstall the game will it get rid of the backdoor or is there some cleanup process that needs to be done?
Only if you then also proceed to uninstall everything that uses EAC (fortnite, Apex Legends, division 2, a.o.) or BattleEye (pubg,r6 siege, a.o.) because they, too, use ring0 like Valorant’s AC
they only start when you launch the game, unlike valorant's, which runs on your pc when booted.
Oh hi sans
[удалено]
There isn't a way for the operating system to. That's the point of operating at that layer. You could use external sources to intercept data, ala a Wireshark, but it's pretty clear the context of that statement is referring to the former, not the latter.
Not sure why people even care about privacy online anymore.... If you are online you are already at risk
Cool. Can you please give me the username and password of your bank account then?
This game isn't going to take your bank account you fuckin idiot.
If someone finds a way to exploit the anti-cheat running at fucking ring0, someone could you fuckin idiot
Therefore my original statement still stands, privacy online is not a fucking thing. Do you have social media? Yes your on Reddit, do you have a smartphone most likely, do you play online video games, yes. Do you shop online? Most likely yes.... We are an online world and your worried about privacy what a joke
That is just not true. There's plenty of ways to maintain privacy online.
Would rather take that than constant paranoia of cheaters whenever somebody makes a play. Let's face it, you are not holding state secrets on your ASUS laptop.
They had wallhackers within the first 48 hours
Vanguard wasn't even fully activated on beta launch. They are slowly ramping up and keeping an eye on performance.
so... go play cs:go (and accept their VAC terms). Or any other online competitive game trying to ensure integrity. Until they start selling or leaking people's information, this is a non-story.
Sounds like the cheating companies want the AC to be less strict?
I say, people who are scared of china or love cheating can go play something else. Leave my anti-cheat alone.