Hacker News new | past | comments | ask | show | jobs | submit login
How Riot Games is fighting the war against video game hackers (techcrunch.com)
54 points by badmonster 14 hours ago | hide | past | favorite | 133 comments





This Koskinas character seems a little frayed. Hyperfocused on punishing people, to the point where he's helping exploit writers to get an in, and then fervorously banning all their customers on release.

Back when anyone could run their own game server, logging was way more prevalent. Many games let you replay an entire match and it was comically trivial to playback and spot superhuman recoil control, aim snapping, wall hacks, etc etc etc. We had kickvote and Overwatch to farm this out to players in near-real time.

But instead of improving this (esp with "AI"), or just adding some financial loss to being banned, these free-to-play monsters need the lowest level system introspection. Seems a bit suss to me. "You can play my game for nothing but I need root?" No thank you.

Charge a one-off £5 for an account. 95% of your cheaters evaporate if they can't freely cycle accounts.


This reads like privacy-invasion propaganda directly from the Chinese state. "Look how great we are at having full control over your PC. You know, to battle cheaters!".

Kernel-level anticheat is ridiculous. Especially when your data becomes a gaping would ready for the chinese state to stick their fingers into and twist around. It's like the police installing mandatory cameras in everyones house to catch thieves (if society here is games with kernel-level cheats).

I want to go back to the days of Windows 7. When there was minimal corporate bloat in the ecosystem, no ads in the startmenu, and when game studios actually knew what they were talking about and had some balls to stand up for their values.


Riot Games is a morally bankrupt and extremely profit-driven company. If they're not abusing Vanguard to provide MSS actors access to user's machines (free VPN to cover your tracks!), then they're mining data from your computer - perhaps for market research or to sell to adtech.

As a player of some of their games - they not only don't care about their players, but have a deeply abusive relationship with us.



And an extended discussion on the manipulative gaslighting by Riot on their Crowdstrike-esq rollout incident:

https://www.youtube.com/watch?v=H4YvcQOSiRM&list=PLzBq1zjrpq...


Don't forget:

- penalizing a pro player for picking a particular champ and rune combo due to it being bugged (which is their fault) even though the player didn't abuse the bug

- the CEO of the company doxxing the developer of a competing game

- the insane AI-powered "zero tolerance chat filter" that regularly catches comments that, upon human review, are clearly inoffensive

- the "lane swap detection" anti-feature

- autofill

- client and server crashes being blamed on the players

...and many, many, many more examples.


You seem to feel pretty strongly about Riot. Are you going to stop playing their games?

Yes! I've already gotten about 2/3 of my friends to stop playing their games. I'm working on the last third - after I get a couple key people off I can quit for good.

Yes. I played League on Linux before they imposed anticheat, and stopped immediately afterwards.

Quitting Riot games was one of the easiest things I've ever done, especially now that Deadlock lets you make lobbies.


Crazy you think Riot Games is extremely profit driven. I have played League of Legends for 13 years and not once have they required or requested a single penny from me. I have given them 0$.

An extremely profit driven company wouldn't allow that.


This is wrong in almost every possible way.

It's invalid to say "a profit-driven company wouldn't do x" for almost any value of x.

It's also invalid to suggest that a company that doesn't require money isn't profit-driven. There are thousands of free-to-play games run by greedy companies that push monetization on users (even if they don't require it). There are tens of thousands of companies that use ads to monetize their games.

There's also ample evidence of Riot's greed over the past few years - $500 skins, progressive removal of more and more free cosmetics from the game despite record revenue, encouraging and enabling smurf accounts (which absolutely ruin the experience for other players) because they buy more skins, and many, many more instances.


https://en.wikipedia.org/wiki/Television_Delivers_People

Perhaps you may benefit from reading this.

But basically, if the product is free, then you are the product.


This isn’t a given since there’s still a way to give them money directly for cosmetics (which makes them a ton of money). Many freemium business models give away a lot product for free with the goal of convincing a minority of users to pay and subsidize the rest.

Bummer there’s no link to the video

This is like saying Google isn’t extremely profit-driven because we don’t pay them.

The issue isn't cheating--the issue is that cheaters can come back cheaply. Consequently, human moderation of cheating doesn't really work.

Given how intrusive these anti-cheats are, identity verification and login would be less intrusive.

At least with verification, when you ban a cheater, they stay banned. At that point, you can put humans in the loop.


Or they could tie your account to a phone number and use burner lists. You know, like DotA.

This isn’t about that at all. They want their cake and to eat it too.


Riot doesn't use a kernel anticheat on mac os because Apple provides sufficient security from their OS. Once Microsoft eventually catches up Riot will not need a kernel level anticheat for Windows. The ridiculous thing is how Microsoft has failed to secure Windows from cheaters despite it being a problem for such a long time.

The consequence game does not work on Linux as far as I am aware. Interesting in the time when most of the other games do.

Linux does support Secure Boot, and I believe Red Hat offers RHEL with signed bootloaders, kernels and kernel modules. However, I don't know how secure the secure boot environment is in practice, and I'm pretty sure Secure Boot support on most distros is stubbed to be good enough to boot with Secure Boot enabled, but not good enough to meaningfully verify the integrity of your environment.

I wouldn't be surprised if Valve started making serious innards into improving Secure Boot support on Linux for the sake of Steam Deck compatibility. However, I'm not sure that would work with the lack of stable driver ABI on other platforms that aren't a known quantity.


The mainstream GNU/Linux/whatever software stacks fully support secure boot on a technical level.

> not good enough to meaningfully verify the integrity of your environment

That depends entirely on whose perspective you take. There are tools to do pretty much anything you can think of and you always have the freedom to extend them yourself. So for the end user it's significantly better at that task than proprietary competitors because the end user has full control over the process.

From the perspective of an entity like Riot it doesn't offer anything of value because (AFAIK) none of the distros choose to provide releases that verify the environment binaries match official releases built by the maintainers. I imagine the majority of maintainers would consider providing such a thing to be an anti-feature.

Valve could easily provide an attested system if they wanted to. I'm glad they choose not to (at least so far). If a studio is turning to kernel level anti-cheat they screwed something up to arrive there.


> The ridiculous thing is how Microsoft has failed to secure Windows from cheaters despite it being a problem for such a long time.

The problem is, it's gotten hard to do drivers for custom hardware on macOS as a result for everything that can't be done with libusb as a result - and it's also gotten harder to patch over deficiencies of macOS.

You can't have an OS that you can tinker around with and an OS that is secure from cheaters, software pirates and malware at the same time. Android is the best example - either you run an OS that passes Play Integrity/SafetyNet and is blessed by Google and thus can use games, Netflix, banking or a whole lot of other apps that require non-rooted phones these days, but you lose e.g. the ability to do an actual full-device backup, or you run a phone that's rooted or runs a custom OS (say, aftermarket once the manufacturer ceases providing even security updates) but you lose out on about 2/3rds of apps because they just refuse to run.


>You can't have an OS that you can tinker around with and an OS that is secure from cheaters

But do these need to be the same OS? Or is it possible to have them be partitioned off from each other that way you can have a game run with full integrity and then also be able to have a customized experience for things which don't care about integrity.


Dual-booting utterly sucks experience-wise, and the very second you allow any kind of "untrusted" code on a device - even if it's another OS nominally "separate" from the main OS - you multiply the attack vectors that are possible.

That's part of the reason why Apple is so against not just jailbreaks for mobile devices but also any kind of non-Apple-sanctioned access to anything they deem safety critical.


I was referring to virtualization. The experiences doesn't have to be bad. For example on Windows 11 you can double click on a shortcut to a Linux app and when it opens it looks like a regular window like any other program on the computer, but it's actually running on Linux.

This is mostly true. You can run a VM in the trusted OS to do untrusted stuff. For stuff like 3D graphics you will likely need a second GPU to pass through to the guest if you want reasonable performance.

That resolves the tinkering vs intrusive vendor issue. However it doesn't address the privacy, autonomy, or user freedom angles.

By autonomy I mean (for example) the inability to perform a proper backup on a "secure" android system. By privacy I refer to the fact that the vendor can see everything you do even in the VM. User freedom is only an issue when you can't boot an "insecure" OS on the platform, but if nothing will run when you do that the situation isn't much different. For example, technically I have the freedom to run DOS today but in reality I won't be getting much done if I do.

Addressing the privacy issue we've at least got confidential VMs now. However at that point we've just pushed all the issues down a level and the same drama plays out again with the hardware vendor.


>For stuff like 3D graphics you will likely need a second GPU to pass through to the guest if you want reasonable performance.

No, a single GPU can support virtualization and be shared among multiple visitors.

>the inability to perform a proper backup on a "secure" android system.

This is by design as a "proper" backup violates Android's security model. Instead a backup system that respects Android's security model was built. Autonomy is given up but in exchange the high level functionality remains the same and there is better security.

>By privacy I refer to the fact that the vendor can see everything you do even in the VM.

What does this even mean? There is no fundamental reason for spyware to exist and even if there was that is independent to using virtualization.

>User freedom is only an issue when you can't boot an "insecure" OS on the platform

User freedom and security are orthogonal, but due to Turing completeness almost everything will support booting insecure operating systems.

>but if nothing will run when you do that the situation isn't much different.

If there is no market demand for running applications on insecure platforms then perhaps that's an okay situation to be in.


> No, a single GPU can support virtualization and be shared among multiple visitors.

Do you really think I'm unaware of that? Have you tried it lately? Most (nearly all) consumer level hardware doesn't support it and (I might be wrong about this next bit but IIRC) you won't get full performance because most solutions partition the hardware rather than multiplexing it.

> This is by design as a "proper" backup violates Android's security model.

I'm aware. That doesn't address the problem.

> the high level functionality remains the same

Absolutely false. Apple at least built a solution that appears to perform as advertised even if I vehemently disagree with the underlying security model and believe that it is actively making society worse off in the long run. Google has failed miserably at that (at least last I checked, which was a few years ago TBF).

> and there is better security.

By whose definition? The officially sanctioned security model does not provide anything of value to me (from a technical perspective) relative to having full control over my device.

> What does this even mean?

It means that if someone else has control over the software on my device then outside of a truly unusual end-to-end code auditing arrangement I can never be confident that I'm not being watched.

> There is no fundamental reason for spyware to exist

What sort of drugs are you on over there? Ad tech is a massive industry. There are all manner of motivations to hoover up user data from market research to selling it to authoritarian tendencies.

> User freedom and security are orthogonal

Notice the quotes. By "insecure" I mean not provided by BigTech and system state attested by a whitelisted HSM.

> due to Turing completeness almost everything will support booting insecure operating systems.

Have you tried customizing the OS on a vendor bootloader locked mobile device lately?

> If there is no market demand for running applications on insecure platforms then perhaps that's an okay situation to be in.

Sophistry. It's user choice due to a combination of lack of awareness and understanding, a preference for convenience even when that's detrimental to society in the long term, and the resultant network effects.


> Instead a backup system that respects Android's security model was built.

... that many apps don't use and that's the point. Even today there are still games that don't even do cloud synchronization.

The problem is, as always, cheaters and microtransaction forgeries.


You're still running untrusted code on the same devices. IOMMUs aren't enough, not since side-channel attacks entered the field, not to mention the consistent availability of IOMMU and Secure Enclave bypasses.

Yeah but that’s an interesting technical point, more suited to 2015 HN - in 2025 we can’t let technical matters get in the way of our Sinophobia…

There is precisely zero Sinophobia in the parent thread. Conflating criticism of a country's government with discrimination against that country's people is a very old state propaganda technique that is deeply evil and you should be ashamed of yourself.

This thread is actually about criticism of Riot Games, not any country's government. But for some reason, whenever Westerners do things to other Westerners, they call each other Chinese. In the not-racist way that one does that.

> This thread is actually about criticism of Riot Games, not any country's government.

And, as anyone remotely familiar with the situation would know, Riot Games is a wholly-owned subsidiary of Tencent, a Chinese company, and all Chinese companies are subject to arbitrary amounts of control by the Chinese government.

> they call each other Chinese. In the not-racist way that one does that.

You just committed the same fallacious propaganda technique of the parent. It's extremely dishonest and malicious. Don't do it.


This article seems to be making all of the worst things about anti-cheat (kernel modules, mandatory Secure Boot/TPM, etc.) seem like good things. Why?

Realistically what is the alternative? That is pretty much the only way to ensure the cheats don't run at kernel level. If the cheat runs at kernel level it is very hard (or impossible) to detect it from user land outside of behavior (which mostly happens on the server side).

Only thing I can think of is Microsoft locking down Windows so hard that nothing outside of code written (well signed) by Microsoft can run with kernel level privileges but I think that is an even worse option.

If you don't like it you can always just go and play any of the titles without kernel level anti-cheat and get a cheater in ~1/5th of your games (my experience in counter strike).


Chess essentially has ID verification at a high level because the best players can go to real-life tournaments and get titles for the prestige, which grants them free premium accounts on major platforms. It's easier to analyze the subset of top-tier players that aren't verified.

I'd rather just give Riot Games my driver's licence than full access to my computer. They already know my name and where I live from metadata.

There should be a KYC solution for gaming where a company like Epic, Riot, or Valve verifies your identity and developers can gate competitive video games behind that. If you cheat, you're out for 5-10 years (so dumb teenagers aren't locked out forever). The big issue imo isn't banning cheaters, it's preventing them from creating a new account and cheating again.

Such a system would be free money & low maintenance for whatever company develops it first.


The other obvious solution is to charge enough for accounts that it covers moderation costs plus some extra. That way with each ban wave either the number of cheaters goes down or the funding for moderation to catch them goes up.

Maybe let people opt-in to photo ID verification if they want a one-time free account.


This is actually how cheating is "solved" to some degree in South Korea. Basically you can't play without logging in with your government provided id.

Though they do also use it for stuff like under 16 year olds not being able to play online games between midnight and 6am.

edit: Some extra details about this from a few months ago https://x.com/deteccphilippe/status/1883945555102957617

> KR (Korea) requires national identity numbers for gaming, which opens up a convenient opportunity to ban cheaters at the “soul” level. It is remarkably effective at keeping them out of game for longer periods of time—cheaters have to buy whole new identities to keep playing, so the bans really stick.


This makes the stakes for getting caught cheating, much higher. It does nothing to "solve" cheating. If someone is using additional code to gain an un-fair advantage, knowing who they are does nothing to detect this.

It's relatively easy to catch cheaters. There's constant banwaves in Valorant, CS2, and Rainbow Six Siege. The challenge is that cheat authors fix their exploits to be undetectable, and the cheaters get a new account in a week or two. This means detecting cheats does not have a lasting impact on cheating's presence in a game. The prevalence of cheating is the problem a game developer is trying to solve.

But it does lower the amount of cheaters as the consequences are bigger. Also makes manual banning/moderation much more cost effective as the bans actually stick.

At the end of the day the goal isn't 0 cheaters but having few enough that the chance of your match being ruined by one is 1 or 2% instead of 10 or 20%


I don't see why something like ChexSystems IDV wouldn't be viable here.

Acquire my identity in the same way you would if I was seeking approval for a new checking account or loan. I'd be perfectly happy to see the bar raised a few inches off the ground. The current state of competitive video games is really bad.


>Realistically what is the alternative?

What even makes you think it's a solvable problem? Even with a totally cryptographically controlled end-to-end hardware chain that treats the player like an adversary/inmate (like in the consoles, maybe even more strict) there's always a possibility of ML-based cheats with a low-latency camera. Barely anyone does that now because there are easier methods, but trust me, it will get used if required, just like DMA is used now. People already throw crazy money into cheating.

It's a race to the bottom where everybody eventually loses except the corporations. Players never get rid of the cheaters completely, unrelated people who don't play games get their hardware+software locked down because of a bunch of whiny gamers, and corpos obtain the ultimate vendor lock.

The optimal amount of bad behavior is not zero.


So just because lock picking lawyer can pick the locks at your home you should just get rid of the locks? (and maybe even the doors too)

Making it hard enough is good enough. The difference in 1% of games having a cheater and 5 or 10% is massive in the player experience.


This is more like giving control over the locks to a corporation so they can make sure you are safe. Its not even remotely the same thing as you just described.

> So just because lock picking lawyer can pick the locks at your home you should just get rid of the locks? (and maybe even the doors too)

The solution is not to make the lock so hard that it inconveniences you, the user, it is to shoot intruder on sight (aka better moderation).


> So just because lock picking lawyer can pick the locks at your home you should just get rid of the locks? (and maybe even the doors too)

If the locks treated me, the legitimate owner, as a criminal and required the kind of low-level access that software that runs at the kernel level gets, and still didn't work, then maybe.


it's more like, I'm not going to spend money on a smart lock that reports my movements to a third party just so a burglar can chuck a landscaping stone through my window and unlock the door

> Players never get rid of the cheaters completely

> The optimal amount of bad behavior is not zero.

Obviously the goal never has been to have 0 cheaters. Just from the detection side you need to delay the bans, let in some of the previously detected cheats again, etc to keep the cat and mouse game going on (make it harder to A/B test your cheats)

https://x.com/deteccphilippe/status/1883945555102957617

> Worse still, is that we actually have to let them back in. When we outright “block” a cheating method, we are technically providing the cheater an instantaneous surface to iterate against, allowing them to A/B test their cheats until they find something that is actually undetected at that layer.

> unrelated people who don't play games get their hardware+software locked down because of a bunch of whiny gamers

If you think it is an issue then don't play their game. Very few companies are willing to go through the effort as it is actually quite a lot of work just from the security vulnerability aspects alone (and you also have to effectively detect the cheats too)


Ban delay is a standard practice, as is raising the entry barrier, but everything both did was creating a culture that made cheaters adapt and get more and more involved, to the point where the cheating itself is the game. What anticheat companies brag about in your link and in the PR piece in OP is entirely irrelevant, the reality is pretty different. I know because I'm pretty familiar with it, having studied it for years in a low-energy mode.

>If you think it is an issue then don't play their game.

This is a hypothetical example which would affect everyone regardless of playing any games. Not an existing thing, thankfully.

(although I wouldn't be surprised if the pressure will eventually be enough to make this happen. The fact that you can't fix a rotten culture with authoritarian measures without affecting everyone else never stopped anyone)


It seriously isn't. Effectively you can not ban cheating. A cheater can just use virtual or modified hardware keyboards, displays and mice to cheat. How is a kernel extension going to prevent that? That is the logical next step, which is already being done by some (currently less than alpha). Once we reach this state as a default, nothing can prevent cheating, besides a real tournament with checked hardware. All the effort riot is currently putting into this will be for nothing. I do not understand, how they are missing that.

You can raise the cost of cheating so that cheating kids will get annoyed and go cheat in some other game or scroll TikTok or whatever. We're not exactly dealing with nation-states here.

"Bored kids" is a pretty naive idea of cheating in PvP games. There's custom hardware for it, and a surprisingly large amount of people spend more than $1k/mo just to cheat in video games.

Most cheating software come from china and russia, I still bet those government actively encourage cheating in games just to annoy western countries.

I used to work at a biz in the states selling modified ps4 and xbone controllers, they weren’t cheap and the money was kept in the states.

Grow up, you cannot honestly think that government employees in Russian and China dont have more important things to deal with than ruining western teenage gamers experience with state funded cheat codes and hacks.

That's the thing with psyops and "plausible deniability" stuff. Do too much of it and eventually you'll be blamed for everything that's gone bad no matter if you actually did it or not. China and Russia are in the "FO" phase of "FAFO".

Besides, sowing discontent is a tried and true propaganda strategy.


I'm sorry, but no posts above make any sense, which is obvious to anyone with any degree of familiarity with chinese/russian/brazilian/german/british/north american cheating demographic and communities (yes that's a thing, also note how those two are only 1/3 of the worst offenders, and the poster above clearly doesn't have any idea about it). Stop the nationalistic flamebait and FUD, please.

Everyone cheats, I think no one here is seriously arguing that, no matter the country.

The question is: who coughs up the money for developing these cheats? Some of these, particularly the PCIe hardware rootkits, take a lot of money, time and skilled people to develop - and it is not too far fetched to assume that a nation state has been of assistance here.

Others openly flout their allegiance to Russia like the MIG-Switch developers, a ton of "bulletproof hosters" use Russian ASNs and/or are based in Russia, malware automatically disables itself when it detects indications of being in Russia... I can explain the latter away as "don't shit where you eat", but the others? There's no way there aren't direct links between the Russian government and the criminal actors. At the very least there must be some sort of "tacit approval".


I know that I'm repeating myself but none of that has any connection to reality for anyone remotely familiar with the devs of specific cheats and their history. Especially DMA hardware developers which are neither Russian nor Chinese. I can write a long post about this some day (especially about how local online game hacking economy/culture works, for every cultural bubble - they overlap a lot, and specific moments of drama inside them) and post it to HN, but please, stop being a part of the "psyop" you're talking about.

That wasn't my point though. My point was to offer an explanation why everyone is so quick to blame Russian and Chinese propaganda these days - I call it "inverse yell fire" or "inverse crying wolf": both countries have so often denied any involvement or responsibility in clear and serious violations that now everyone defaults to not believing their denials.

Because it's not for nothing.

Cheaters currently use entirely second PCs, or other extremely complicated methods of cheating, and are still getting caught.

Security isn't "for nothing", you make it as expensive as possible for cheaters/adversaries to win, and then keep raising the bar, to make the majority of users safe and secure.


In all fairness, anti-cheat is like a lock. No lock will prevent a determined thief from just breaking your window, but the point is to keep out the majority of "easy thieves". For them the goal isn't the be perfect but to not be the easy target.

Now is a kerbal level anti-cheat overkill? Hard to say from the outside but it does seem like installing a steel vault for your door. While the window is still right there as normal.


Its a lock that can be weaponized against you so yea, is more than just a lock. Your simplistic analogy doesn't do the reality justice.

Can be, sure. But if people care more about compromising their computers to play a few matches of League, I can't stop them.

i was simply explaining that these studios don't need perfect security to accomplish their missions.


That is what you use behavior detection for. If you don't give human like inputs from the cheat it is detectable and if you limit yourself to what a human can do then the cheat is not very desirable.

> “You have to humanize [the cheat] to a degree where the advantage is imperceptible from what a human can do,” said Koskinas. “And once you’re there, you’re not really cheating enough to make it worth it for most users.”

But if you read the article they do have some way to detect (some) DMA based hacks too where the actual cheat runs on a different computer and use DMA through a pci-express card to read/write directly into memory.

> “I think we detect the majority of it today, but it’s kind of iterative,” said Koskinas.

Though most cheaters "rage cheating" after losing really badly and using cheats to "get back" and those are much easier to detects. This kind of "download random cheat from the internet" at the best only get you banned and at worst your computer is super duper hacked (you are effectively manually downloading a virus and manually giving it admin/kernel level access)

> Thanks to all these techniques and strategies, most cheaters can now be roughly divided into two categories. The first, representing the majority of cheaters, is made up by those who are “rage cheating” by using cheap tools that are easy to detect. Riot employees sarcastically call these cheats “download-a-ban,” according to Koskinas.

At the end of the day all I know from my own experience is that the difference in the amount of cheaters I run into between Counter Strike and Valorant is massive and the main claimed difference being kernel level stuff in Valorants anti cheat (or Valve is just really really bad at making anti cheats)


Valve surprised me 1-3 years ago. I had a compromised password because my steam account was created in my youth and has not been used since.

Someone figured it out and used my account to cheat in counter strike. Valve banned the account one week (!!) later. Now the account can not be used to play their competitive games anymore. Needlessly to say it was a lifetime ban.

To this day I keep wondering how they can fk this up so bad. Why I am even allowed to play CS without 2fa enabled and without Email confirmation for the first login? They also failed to block the login from Thailand despite it's creation in Germany. This could have been so easily prevented.

Not sure if they fixed this yet. Otherwise you have your answer, why there so many more cheaters. It is not just the kernel extension. The most basics are not in place.


> To this day I keep wondering how they can fk this up so bad. Why I am even allowed to play CS without 2fa enabled and without Email confirmation for the first login? They also failed to block the login from Thailand despite it's creation in Germany. This could have been so easily prevented.

This is because any barrier to playing the game is also effectively a barrier for someone to buying their lootbox crap.


Valve is really bad at anti cheat. As in, their solution can barely be _called_ anti-cheat.

This

CS2 is entirely unplayable now due to hackers. I’m told Valorant isn’t much better. There’s probably just no solution unless you design your game to not benefit from hacking (e.g. Hearthstone, MTG)


I play both and in my experience Valorant is way better. Better as in "less cheaters" not "better game".

Though as I understand the amount of cheaters in both games varies based on how high/low in the ranked rating you are.


Community servers that people can host and create hacker-free spaces.

We can play online games on purpose made hardware, leaving more freedom over our PC's

Is there any actual data on how prevalent cheating really is? In my experience, it's not remotely as big of an issue as some people make it out to be...

In my personal experience with counter strike is around 20% of the games has at least one cheater (one that is very obvious. usually aimbot). There could be more careful with usage of wallhacks etc that are harder to detect for the other players.

Here is some graphs for Valorant https://x.com/deteccphilippe/status/1883945555102957617 basically reaching ~10% at its worst (when Riot devs are only xmas holidays) and around ~1% at its best (~now). And this is the number of caught cheaters so actual amount of cheaters is probably slightly higher.

Here is someone doing a "study" in counter strike https://old.reddit.com/r/GlobalOffensive/comments/1bnhikf/th...

> Out of 60 games, I had 28 games with spinbotters. 28 is an absolutely insane number. 17 games had the spinbotter on the enemy team, 11 games had the spinbotter on my team. Keep in mind though, some games had more than 1 spinbotter, bringing the total number to 36 spinners in 60 games.

(spinbot is a form of aimbot that is very obvious)


The alternative is that the online games they're protecting become infested with cheaters, players depart, and the game closes down because it's no longer a viable business.

It's not nice, I don't like running a kernel mode anti-cheat any more than you do, but I can see why it's necessary for preserving the competitive integrity of free-to-play shooter games like Valorant.


They are already full of cheaters. DMA cards are undetectable even from kernel anti cheat.

The DMA card still needs to be installed, have drivers installed, firmware, etc. The anti cheat tests for that (the cheaters do mask the device spoofing the name/vendor/etc). Having to make new driver/firmware every time the anti cheat starts to detect it is way slower then just new software. Though at some point they will probably just automate it so that every customer gets their own driver and firmware matched with only their cheat software making this way harder but we are not there yet (and you would have to get all of these signed so following the cert chain should make it easier to find at least whos stolen cert they are using)

Also the amount of people willing to buy another pc and DMA cards is way smaller making the chance of running into cheater in your match smaller.


Giving every customer their own firmware is already automated.

Computer vision based cheats are also rapidly on the rise. You don't get wall hacks but you do top 1% reaction times and perfect tracking.


That's a good idea indeed.

are you writing your own firmware or hotwiring the bus? there are many methods to detect this.

If one must give up kernel level security of their system to an untrusted 3rd party, was it really free?

Stuff you run as your user can already read all your files and memory of processes of that user so you're already very exposed.

Insert the quote about freedom vs securities. This author (or his sponsors) clearly made their choice.

Makes me glad I prefer mostly single player content and never tolerate this stuff on my PC. If I gotta be locked down I'll just pick up a console.


It can be seen as a Chinese backdoor on western computers.

I am not expert, but I think it's not necessarily the case?

Cheating is really a plague right now, and the only way to mitigate it is using kernel anti cheat.


And now AI can pretend to be input devices and need only video output. Kernel anti-cheat will be useless, and we'll be better off for it.

If your solution is bad, it doesn't deserve to work. Find something else.


Though if the AI is only as good as a human can be it is not that desirable. If the cheat does "super human" stuff it can be detected from behavior on the server side though this is after the fact from processing some replay files and thus not that "great" for players as the cheater gets to ruin at least one game.

> “You have to humanize [the cheat] to a degree where the advantage is imperceptible from what a human can do,” said Koskinas. “And once you’re there, you’re not really cheating enough to make it worth it for most users.”

But it is something they acknowledge will be an issue at some point in the future. Personally I think for now AI is way too slow as all the computation needs to happen in a few milliseconds to really be effective.

> Koskinas says he often worries about the use of AI for screen classification, to learn what human inputs look like, and how to reproduce them.


Since AI is everywhere you think it can be used to spot cheaters behaviours ?

Has been used for some time now.

https://x.com/deteccphilippe/status/1883945555102957617

> “Behavior” refers to an ML suspension (also called “server-sided” anti-cheat), often given to ragehackers.

But then you can just teach an AI to act like a human. Anti cheats in computer games is and always will be a cat and mouse game and AI/ML is just another tool in the bag of many tools (most bans seem to be fingerprinting based basically rebanning previous offenders who failed to get around the fingerprinting system)


The fundamental problem is that a subtle enough cheater is indistinguishable from a good enough human player.

Yes, that's the real solution, not rootkits.

AI certainly is not the solution. It has its issues, false positives, and there's barely any way to get support for that case as support agents are instructed with the AI being infallible.

They're neither inherently good nor bad but unfortunately necessary.

Meanwhile, a ~year since Riot required Vanguard, League/Valorant playerbase isn't really any smaller. If anything, it's continued to grow.

The players do not seem to mind. At all. Basically a non-issue for 99%.

I'm not terribly surprised so many here find kernel anti-cheat "unacceptable" or "ridiculous" or whatever, but there's just no there there. Microsoft has kernel access: are they selling my stuff, too ? I don't pay for Firefox: are they auctioning off my passwords? I guess it's fun to speculate; I can make unfalsifiable claims all day


It's a bit different when it's the core functionality that you selected the vendor for.

I'd never use a closed source password manager.

I don't use Microsoft for my OS, although it happens that I do generally trust them on account of their size and reputation. They have a very strong vested interest in not getting caught doing something like that.

Spying isn't the only concern. I don't generally want to grant anything unnecessary ring 0 because of the security implications. I certainly don't trust the security practices of most game studios to any great degree.


I stopped playing counter strike like 2 months ago after playing for 6 months, because I was getting paranoid about closet cheaters. My trust in the game eroded, even though cheaters are not there all the time.

Closet cheaters are cheating in subtle ways, which make it impossible to know if they're really cheating.

It's a constant analysis of "is he cheating or am I bad?", and most of the time, I could not really know. It's a psychologically toxic experience as I cannot focus on the game itself. I was enjoying the game, but that paranoia made things just unbearable.

I suspect china/russia are actively paying people to make effective cheating software, as it's also a lucrative business.

Even a few pro players are cheating. Those online FPS are rotten to the core.

Apparently valve doesn't seem to care that much, because they probably know that there is a big overlap between cheaters and people who trade skins, who are a big source of income.

Too bad!


This attitude is a bit alien to me. At the level I play games (which is in the range of like 90% of gamers), my opponents are basically anonymous, and someone obviously cheating and someone smurfing has about the same effect of ruining the fun. The points mean nothing except maybe to measure my own improvement at the game. If someone's cheating and I can't tell them from the other players, I don't care.

If you can't fully connect your results in the game to your skill (because you can't trust if the others cheated), then you can't trust you are improving (or how to adapt to maybe improve).

On an evolutionary level, the purpose of play is to improve your skill in something in a tight, enjoyable feedback loop. Cheating messes with that.

Though your approach is preferable, I do think cheating (or more broadly, not trusting that you can learn how to improve with further play) kneecaps the whole point of playing.

(I'm badly presenting an idea I learned from Jonathan Blow re: how some game design ideas, such as opaque adaptive difficulty like rubberbanding found in racing games, destroys the purpose of playing)


I don’t think these subtle cheats make a big difference in matchmaking type games anyway. It could be finding cheat-enhanced bad players, or non-cheat-enhanced good players. If the cheats are subtle, who can tell the difference?

I sincerely doubt a single person you thought had subtle hacks was hacking.

People constantly cry that the other team is hacking and reviewing the demo shows that they almost never are. The reality is they were just better. That seems to be hard for a large portion of the player base to handle. Low ranks and low trust factor are full of obvious hacks because they make an account, get banned and repeat. You don't see the decent hacks until the upper ranks because you need to be good enough at the game to hide it and would just rank up fast through the middle rankd


I can’t speak for the lower ranks, but I was mid-ish on premium this season (played from 17k to 23k then stopped iirc) but a lot of the cheaters were subtle enough that not everyone realized that they were cheating, even though they pretty blatant from my perspective. (For reference, I play lvl 10 faceit and have a decent understanding of the game.)

Point being that a ”subtle hacker” might be subtle to some and obvious to others. So OP, being a newbie with only 6 mo of experience, might suspect someone being subtle about their hacking but they might be very blatant to a more experienced player.


Or, and I'm speaking from my experience in TF2 here... they're just good.

TF2 is an interesting case study because it's a very old game with a very high skill ceiling. I have 2,000 hours now. Players with 4,000 hand my ass to me.

The difference between an aimbot and a sweaty 4,000 hour sniper is close to none. You peak the corner and within 200ms you're dead. It's easy to think they're cheating, then you open up their steam profile and no, they just have even less of a life than me.

They'll even headshot you when you got invisible on spy. Yes, really. They have so much experience their hands have remembered the movement speed and trajectory of spy. So you go invis, and then they can predict where you're going to be and headshot you. Especially so if you go for a health pack or ammo. It's really crazy stuff, but not cheating.


Honestly this sounds like you’ve just over thought it. You’ve played CS for 6 months, you are bad!

CS has a concept of "trust factor" which groups people more likely to be cheating in the same game. If you ever queue with a friend with a low trust factor (which happens a lot if they're on a smurf account), there are cheaters in pretty much every game... seeing that many blatant cheaters has really made me think there must be a lot of smarter cheaters flying under the radar in regular games. It's basically impossible to tell whether someone is wallhacking or if they have really good game sense.

I've played for many years including CS1.6, CS:S, GO, and 2. I regularly snoop profiles and overwhelmingly there are accounts with 1 game, all F2P games, short account lives, low hours (CS2, GO + account), low or no commendations, low match count, blocked stat tracking... Slews of markers that these are less-than-legit, either smurfing (IMO a form of cheating) or outright hacking. Then they coincidentally overperform for their respective rank. That's without mentioning coming across numerous individuals with [sometimes multiple] bans recorded on their accounts.

My account is 20 years old. And has several games with hundreds of hours including a couple of perfect games, not to mention a hundred or more games. Also phone verified. I don't expect everyone to have similar accounts, but it's seldom I'm matched against anything even remotely similar, say 5 year old accounts with similar playtimes in non-F2P games, though many profiles are private, which itself is - I think - also suspicious since virtually everyone leverages aliases on Steam so I can't really imagine a case for this other than obscuration, though I'm certain some people do it for privacy reasons I expect that rationale is rare.

Beyond that I would say there are a lot of suspicious individuals I've been matched against in both premier and comp . Regardless of whether or not they're smurfs it makes MM obnoxious if only because you end up matched against people who rage and ruin 45m-1h of your time by competing illicitly.

The MM algo is also just shit without these considerations lumped on top of it. I regularly play with my friends who rank lower and that draws my rank down so we get matched in low ranks, resulting in violent pubstomping. Of course I play on my only account, so I'm sure I get hackusated a lot, which would ostensibly get my trust factor drug through the mud. I suppose that's a solid incentive for smurfing on its own, especially since the system is opaque.

It's all pretty bad, frankly. Faceit is hardly better, a lot of the community is pretty toxic and obnoxious salty tryhard metabangers that aren't fun to play with.


One thing to note is that Microsoft is planning some kind of kernel anti tampering system in future that hopefully will give us user level anti cheats that actually work. Though some will very likely see this as some kind of "we don't control our computers anymore" move.

https://www.leagueoflegends.com/en-us/news/dev/dev-vanguard-...

> “On Demand” Vanguard

> "As was foretold, a future will eventually arrive where we can rely on the security features of Windows to protect its own kernel, instead of protecting it from boot with a driver. This will allow us the opportunity to start our anti-cheat services when the game client runs, provided the end-user has opted into all of these features. We’ll have more communication on this topic early next year, but if you’re on Windows 11 and on relatively recent hardware, we wanted to let you know that you won’t have to tolerate the taskbar icon forever (even though we worked very hard on Vanguard’s logo)."

https://blogs.windows.com/windowsexperience/2024/11/19/windo...

> "To help our customers and partners increase resilience, we are developing new Windows capabilities that will allow security product developers to build their products outside of kernel mode. This means security products, like anti-virus solutions, can run in user mode just as apps do. This change will help security developers provide a high level of security, easier recovery, and there will be less impact to Windows in the event of a crash or mistake. A private preview will be made available for our security product ecosystem in July 2025."


> Though some will very likely see this as some kind of "we don't control our computers anymore" move.

This is actually great because Microsoft "security" systems are notoriously easy to pwn. Workarounds will appear almost instantly.


Some of their stuff is but afaik xbox one and series x/s security model have not been broken. Obviously with those they have control of both the hardware and software making achieving it much easier.

Also with xbox one and series x/s they have the dev mode thingie lowering the interest in trying to hack the retail mode.


Secure boot is a problem for users with secondary alternative OS’s (eg Haiku). I even have a DOS tool which needs high precision timing which no general purpose multitasking OS can provide. These alternative systems are hampered by secure boot.

And speaking of up to date video drivers, these checks are a plague of usability. If I have stable driver rev 235, why would I install latest buggy version 246? Eg. AMD has 2 flavours of drivers, Adrenalin which has “optimisations”, but crashes, and the Pro drivers which are older but more stable, and have 10 bit support, more colour spaces etc. I’m done dealing with experimental drivers, give me stability 100% time. Games which insist that I run experimental drivers and secure boot can get stuffed.


This might be a terrible idea, and likely would never work for a multitude of reasons, but I was wondering if everyone in the future were gaming via streaming services that way players wouldn’t be running the game on their own hardware or software.

Very unlikely to happen anytime soon in competitive shooters like Valorant where gamers spend thousands of dollars just to get a few millisecond advantage from faster monitor, mouse, etc.

Adding an extra 5 or 10ms of delay would be a massive issue (especially bad if it is an inconsistent delay)


Part of what scares me about React Server Components is that it very directly matches the web down this path. Instead of APIs and data and a front end app, the web becomes a view screen for computetion running far far away.

The Flutter vision feels very similar, treating the web as a big canvas to draw pixels on.


It is really ridiculous that we’ve allowed all this kernel level spyware bullshit in the interest of something so frivolous as video game fairness.

Matchmaking seemed like a neat idea in, like, 2007. In retrospect, it has damaged the industry substantially. All the oxygen has been sucked out of the community server space, etiquette is non-existent, and the aforementioned spyware.


Then don't play those video games. Seems simple to me. Community servers are doing fine in games where that makes sense, Minecraft for example. Counter strike has community servers too and people cheat there all the time.

I don't and won't. But it seems fair to miss the old days of your mall and board game shop in response to the torn down remains you abandoned.

Except it's not a matter of community servers not being supported in games "because it doesn't make sense" - there are plenty of games where private community servers would be beneficial, but all we get is online matchmaking that gets shut down when the company decides it's done.

Pretty unfair to paint this as the users choice when the companies are taking our choices away.


If you think fairness in videogame competitions is frivolous then do not participate in them. Is it frivolous to not want dopers in cycling competitions?

As someone who doesn't participate in those, your comparison seems poor to me. Like my mom asked a while back if I'd get into valorant with her and my sister on weekends sometime, but I'm not going to dual boot or buy another computer just for this game. Why do they require rootkits for casual play? It'd be like bicycle manufacturers subjecting you to drug tests and access to random home inspections to ride around your neighborhood.

If you need to protect competitive play, keep it to actual competitions/make it optional for free play. I'm not giving you unrestricted access to my brokerage account, all of my files, all of my emails/text messages, etc. (which root access on my computer has) so you can prevent cheating in a Sunday night video game.


That’s fair. Don’t play then. In the meantime the overwhelming majority of us will enjoy the game with a minimal amount of cheaters, which is what we desire.

> Is it frivolous to not want dopers in cycling competitions?

There are a couple reasons to care about doping in professional sports, that don’t apply here.

First off, these matchmaking games are not real professional competitions. It is more like a pickup game; the stakes are essentially zero. Nobody cares if you dope for your pickup games or your weekend bike rides for friends (other than that that would be a ridiculous thing to do of course).

Second, professional athletes are celebrities. Abusing performance enhancing drugs sets a bad example for the kids watching. Because most people playing matchmaking games aren’t celebrities, they aren’t setting a bad example. And anyway, cheating in videogames has no side effects.

> If you think fairness in videogame competitions is frivolous then do not participate in them.

I mostly don’t. But I can spot wasted engineering effort when I see it, and will continue to call it out.


I refuse to buy a ton of games because they are hot garbage these days. Its pretty obvious what gamers want and they will shower their money at it. Look at Oblivion remastered. It had bare minimum marketing if you can even claim it had any marketing.

Tbf, a part of the issues causing since rampant cheating comes from the fact that those Riot games are indeed "what gamers want". There's definitely a divide in community between single player darlings like BGS's output and these "free" competitive service games like League or Apex or whatnot.

My point being, a lot of games seem to disable Linux due to cheating concerns. They get none of my money. Rust can sit there and gather rust in my steam library until the end of time.

Are these rootkits?

Yes. That's the point.

Not a rootkit but it does run at kernel level. If Vanguard is a rootkit then so is every anti-virus software (including Microsoft Defender which is on by default)

For example wikipedia description of a rootkit is

"A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software."

Vanguard does not mask its existence or the existence of other software nor does it get/give access to unauthorized users (you authorized it during install so by definition it is not unauthorized).

You don't manually give permissions to actual rootkits and they do their best to try and hide their existence.


It’s not extremely often, but still happens occasionally - when I click the League of Legends shortcut, rather than getting to play, I get presented with a blue screen, and a kernel exception of some kind.

But riot continues to push this narrative that Vanguard works flawlessly. It doesn’t break computers. Nobody has issues. Cheaters are being prevented.

And yet - sometimes I can’t get into a game because it crashes. And then the client complains that vanguard is unhappy and I have to reboot and so I’m late to the game and my team starts way behind.

That bug hasn’t happened in a while at least- lately the blue screens occur before getting into a match. I guess I don’t get temp banned anymore but any blue screens are unacceptable.


I just uninstalled ALL Riot Games from my Gaming Computer.

Reason: Vanguard was crashing another Unity based game I play nonstop. It also seemed to decrease system stability in general.

I will never play another Riot Game so long as this software is a part of it.


I wonder who makes that anticheat, I mean in what country.

Obviously they have so many users, they might need to fix it.

I can imagine that Microsoft might try to help them doing things right.


Vanguard is developed in the USA, though I think Riot also has security people in Dublin.

Tencent has a 100% equity on Riot Games

> Much of Koskinas and his team’s efforts stem from Vanguard having the deepest level of access to a gamer’s computer

Why would you trust anyone to do that? It's malware style access. Client side anti-cheats that need kernel level access are unacceptable, that's why I'd never play any games with such garbage.

Instead of this, let these companies focus on server side anti-cheats that detect behaviors that can be defined as cheating. Shouldn't AI be good for these kind of tasks? But of course it's cheaper for them to slap malware on user computers and call it a day.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: