Tech

Is Valorant Malware? An In-Depth Analysis of Riot Games' Anti-Cheat System

June 25, 2024
0 Comments
Home
Tech
Is Valorant Malware? An In-Depth Analysis of Riot Games' Anti-Cheat System


Is Valorant simply another game, or does it carry hidden risks as spyware or a rootkit? Today, we're diving deep to address these concerns definitively. We'll also explore the broader implications for similar applications and anti-cheat software in general. Are these invasive applications a risk to your security? What should you do about it?

Initial Observations

When you install Valorant on your computer, it initiates numerous connections, primarily to servers across the Riot CDN network. The data transmitted, however, is encrypted, making it challenging to discern the specifics or destinations. Most connections route to Amazon servers, but beyond that, the exact paths remain obscured.

Riot Games and Tencent

Riot Games, the company behind Valorant, is wholly owned by the Chinese conglomerate Tencent. Given Tencent's history and business interests, it’s reasonable to question whether they might engage in spying activities. While definitive answers are elusive, the ownership structure raises valid concerns.

Examining the Client

Using Process Explorer to scrutinize the Valorant processes reveals that the Riot Client Services appear safe, with no unusual DLLs. However, the real focus should be on Vanguard, Valorant's anti-cheat software.

Vanguard's Deep Integration

Vanguard's main executable, located in the Program Files directory, is merely a 3 MB notification application. The actual anti-cheat driver, Vanguard vdk.sys, operates at the kernel level, deeply embedded within your system. This kernel-mode driver, while alarming to some, is not unique to Vanguard. Similar methods are used by other anti-cheat systems, like those for Counter-Strike 2, and even by legitimate antivirus software.

Comparisons with Other Anti-Cheat Software

A key difference between Vanguard and other anti-cheat software, like Faceit's system for Counter-Strike, is operational control. Faceit's anti-cheat can be disabled and re-enabled at will, whereas Vanguard requires a system reboot to deactivate. This means Valorant players must keep Vanguard running constantly, even when not actively playing, raising significant privacy concerns.

Kernel Access Levels

Valorant requires significant kernel access, a justification often used to explain its need to load at startup. However, this explanation is unconvincing, especially when other applications manage similar functionality without constant background operation. Adding to the unease is the user license agreement, which includes forced arbitration, limiting legal recourse.

Conclusion and Recommendations

While we cannot conclusively prove if Vanguard is spying on users, the necessity of keeping it running 24/7 is questionable. Users should be cautious and consider the implications of having Tencent's software constantly active on their systems.

For those who enjoy playing Valorant, it's advisable to exit Vanguard when not in use, despite the inconvenience of needing a system reboot to play again. The principle here is to question the necessity and motives behind such persistent software behavior.

Ultimately, the critical issue isn't the kernel-level driver but the forced continuous operation of Tencent's application, potentially monitoring your system at all times. This setup aligns too conveniently with data collection interests, warranting a more skeptical view.

Final Thoughts

If you value your privacy and security, consider the risks of running anti-cheat software continuously. Let’s engage in this discussion—share your thoughts in the comments below. For more in-depth analysis, check out our security reviews on the PC Security Channel.

Sponsored Content: Malwarebytes

On a related note, if you're looking for robust security solutions, consider Malwarebytes. Their latest version offers a sleek new UI with dark mode, advanced real-time protection, and unique features like blocking penetration testing attacks, bringing enterprise-level security to your home.

Check out Malwarebytes through the link in the description for comprehensive protection against modern threats. Stay informed, stay secure, and thank you for watching.

No comments