Helios
Member
The kernel anticheat driver (vgk.sys) starts when you turn your computer on. To turn it off, you either need to change the name of the driver file so it wouldn't load on a restart, or you can uninstall the driver (it will be installed back again when you open the game).
so ya, the big issue here is it running even when players don't have the game open, from startup no less. EDIT - It runs at Ring 0 of the Windows Kernel which means it always has the same rights as administrator from the moment you boot.
For comparison, BattlEye and EasyAntiCheat both load when you're opening the game, and unload when you've closed it. If you'd like to see for yourself, open cmd and type "sc query vgk"
It has been confirmed as intended behavior by RiotArkem over at /r/VALORANT, as well as him giving an explanation about riot's stance on this:
Now look, I can understand why they do it and people wanting a better anti-cheat... but this just brings up a whole number of issues from data to vulnerability to security to trust:
so ya, the big issue here is it running even when players don't have the game open, from startup no less. EDIT - It runs at Ring 0 of the Windows Kernel which means it always has the same rights as administrator from the moment you boot.
For comparison, BattlEye and EasyAntiCheat both load when you're opening the game, and unload when you've closed it. If you'd like to see for yourself, open cmd and type "sc query vgk"
It has been confirmed as intended behavior by RiotArkem over at /r/VALORANT, as well as him giving an explanation about riot's stance on this:
Now look, I can understand why they do it and people wanting a better anti-cheat... but this just brings up a whole number of issues from data to vulnerability to security to trust:
- you have a piece of software that can't be turned off, that runs with elevated privileges non-stop on your system. If someone with malicious intent can figure out a way to use it as a rootkit... like come on, riot are not magicians creating perfect software that can't be cracked or beaten (as apparently some valorant fans think)
- let's say the ant-cheat gets compromised tomorrow, you won't know that your computer is exposed and it won't update until you start the game
- I also believe it should be made very clear that this is something that the the game does, and at the very least should be something togglable. RiotArkem is already saying you can uninstall the anti-cheat if you want to, so let this be something users can easily toggle.
- then comes the trust issue:
with the amount of backlash blizzard (rightfully) got for the blitzchung incident and how people were all over blizzard for tencent having shares in it, 5% stake... how are there ppl actually just waving off anyone with concerns of having a startup kernel on their system from a company OWNED by tencent? how are there people faulting others for caring about this issue and asking for more than just riot saying "trust us"?
It also conflicts with other games causing FPS drops and the mods over at /r/Valorant deleted the post showing this