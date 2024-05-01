With 14.9, Vanguard, Riot’s proprietary Anti-Cheat system will be deployed and active in League of Legends. This means that active enforcement of Vanguard will be in effect and working hard to make sure your queues are free from scripters, botters, and cheaters! We recently released a blog detailing the “why” behind bringing Vanguard to League that you can check out here. It’s a bit of a long read, but it does have some pictures.↫ Lilu Cabreros in the League of Legends patch notes
The basic gist is that Vanguard is a closed-source, kernel-level rootkit for Windows that runs at all times, with the supposed goal of detecting and banning cheaters from playing League of Legends. This being a rootkit designed specifically to inject itself into the Windows kernel, it won’t work on Linux, and as such, the entire League on Linux community, which has been playing League for years now and even at times communicated with Riot employees to keep the game running, is now gone.
Interestingly enough, Riot is not implementing Vanguard on macOS, which League of Legends also supports – because Apple simply doesn’t allow it.
This is probably the most invasive, disturbing form of anticheat we’ve seen so far, especially since it involves such a hugely popular game. It’s doubly spicy because Riot Games is owned by Tencent, a Chinese company, which means a company owned and controlled by the Chinese government now has rootkits installed on the roughly 150 million players’ computers all over the world. While we’re all (rightly, in my opinion) worried about TikTok, China just slipped 150 million rootkits onto computers all over the world.
One really has to wonder where these increasingly invasive, anti-privacy and anti-user anticheat measures are going from here. Now that this rootkit can keep tabs on literally every single thing you do on your Windows computer, what’s going to be the next step? Anticheat might have to move towards using webcams to watch you play to prevent you from cheating, because guess what? The next level of cheating is already here, and it doesn’t even involve your computer.
Earlier this year, hardware maker MSI showed off a gaming monitor that uses “AI” to see what’s going on on your monitor, and then injects overlays onto your monitor to help you cheat. MSI showed off how the monitor will use the League of Legends minimap to follow enemy champions and other relevant content, and then show warnings on your screen when enemies approach from off-screen. All of this happens entirely on the monitor’s hardware, and never sends any data whatsoever to the computer it’s attached to. It’s cheating that literally cannot be detected by anything running on your computer, rootkit or not.
So, the only logical next step as such forms of cheating become more advanced and widespread is to force users to turn on their webcams, and point them at their displays.
I fired up League of Legends today on my gaming computer – which runs Linux, of course – and after the League client “installed” the rootkit, it just got stuck in an endless loop of asking me to restart the client. I’ve been playing League of Legends for close to 14 years, and while I know the game – and especially its community – has a deservedly so bad reputation, I’ve always enjoyed the game with friends, and especially with my wife, who’s been playing for years and years as well.
Speaking of my wife – even though she runs Windows and could easily install the rootkit if she wanted to, she has some serious doubts about this. When I explained what the Vanguard rootkit can do, her mouse pointer slowly moved away from the “Update” button, saying, “I’m not so sure about this…”
It’s too bad Darling is so much younger and more incomplete than Wine.
I know that was said in jest, but you’d end up running the macOS version of CrossOver, which runs the Windows binary, instead of just running LoL on Proton or Wine – which I think is hilarious (the software version of a Rube Goldberg machine), but also pointless.
(Unless something has changed, and the macos version of LoL is native now – I very much doubt that.)
Which is no different from what Irdeto (a Duch company) is installing on the computers of millions of Chisene users in the form of Denuvo anti-cheat (yes, some forms of Denuvo include kernel-level rootkits). But it’s somehow OK when a Western company does it? Is this a “rules-based order” thing I don’t understand?
Unless you think Western governments can’t strong-arm private companies into doing the nefarious things they want them to do like the Chinese government can, in which case, I have news for you: https://en.wikipedia.org/wiki/PRISM
Which quite frankly is one of the “invisible premium quality” MacOS is offering to the user: No third-party Agent Smiths running around the kernel (from Tencent or Irdeto or whoever). Most users don’t even know what the above even means, but they do enjoy the added stability they get from the fact MacOS doesn’t allow it. Meanwhile, on Desktop Linux and Windows you can use sudo/UAC to install kernel modules with a single click (and you know users will do it to install the software they’ve bought).
And yes, it is my opinion that if you want to modify the kernel, you must boot from DVD/USB and do at least a partial re-install of the OS. This would dissuade most software vendors from requiring it (this is how Android does it, Pixel devices allow modified OS images). Or just ban it completely like MacOS does.
¿Porque no los dos?
My point is, that the whole “a Chinese company, which means a company owned and controlled by the Chinese government” bit is never brought up when discussing Irdeto (which is a Western company, controlled by Western governments). But seemingly nobody gets paranoid the same way about Irdeto, the complaints about Irdeto are usually related to system stability (which is a valid concern), not being spied on by three-letter agencies. Strange.
I think the argument is that western governments don’t do things like disappearing Jack Ma for months after he goaded the head of state.
No, they extraordinary rendition them instead.
Any recent examples of this?
Nowhere in the OP does it say “it’s okay when western companies do it” – what are you even talking about?
Does that mean it’s the same when “my” country does it, vs when some “other” country does it – no, not at all. This is one of those crazy internet things – folks love to argue in extremes. Believe it or not, multiple statements can be true at the same time:
– It’s not okay to install rootkits on users machines ever – whether you are a Chinese company (tencent), Japanese company (Sony) or American/western country (everyone else – and I’d argue Windows itself is an American company’s root kit – yeah, I said it).
– It’s more not okay when a foreign country’s state owned company does it, then when your own country’s privately owned companies do it (or a close partner) – especially when that country has made it clear they see themselves as your enemy (it literally couldn’t matter less whether you see them as an enemy.)
– Yes, you could argue many “western” companies are right wing, and anti-worker ,and have declared themselves your enemy – again, more than one thing can be true at the same time. Kind of funny how that works, right?
CaptainN- you make a really good point. These discussions don’t happen in a vacuum, we actually live in one of these regimes, it’s “ours”, with all that entails.
I’m not going to play the whataboutism game, as an American I know all too well that our government has forced companies to spy on its own citizens. The bigger issue is that Microsoft is all too willing to let governments and private companies alike have rootkit-level access to their kernel. How anyone can take any version of Windows seriously for business or high security work is beyond me. This kind of security nightmare is also allowing CCP controlled companies like Tencent to do the same. It’s not a East vs West issue, it’s a failure on the part of Microsoft to stand firm and say “no” to such requests.
Western nations at least have a legal system that provides avenues for defying unfair government demands. China does not. There is no fair legal process available to Chinese companies to defy what the state requires. There is no independent judiciary that protects the rights of citizens from being coerced into spying on behalf of the government
Drumhellar,
I don’t want to dismiss the civil oppression of Chinese dictators, which is a completely different level of government abuse. But we ought to be honest to ourselves that our justice system in the US isn’t completely fair or just, we have real issues with corruption, selective enforcement, and politically motivated persecution. The US has some of the highest incarceration rates in the world. The courts don’t always act independently, we’re not free of secret government spy programs that don’t respect the law. Our government has set up and continues to enable secret courts and special prisons that grant the government an option to sidestep constitutional rights – no right to lawyers, no presumption of innocence, held indefinitely without trial.
https://en.wikipedia.org/wiki/Guantanamo_Bay_detention_camp
The US believes certain individuals shouldn’t be entitled to rights or to defend themselves. I’ve heard people justify this because they don’t trust courts to make the “right” decisions, etc, but it gives a black eye to the sanctity of justice in this country.
https://www.nbcnews.com/feature/edward-snowden-interview/pentagon-papers-whistleblower-snowden-wont-get-fair-trial-n118561
IMHO, the Chinese origin has nothing to do with the fact that having third parties installing kernel extensions is a bad idea, always. If you really need windows to run League of Legends ( which you really don’t), then you need two computers, one of which is dedicated to just run league of Legends and do absolutely nothing else.
Obligatory, just stop using Windows post – seriously, this isn’t a problem on Linux or macOS – Microsoft could and should do something to prevent this on their platform – except, they don’t care about Windows any more, so why keep using it.
Also, Wild Rift is the better League of Legends, and everyone should stop playing the slow as molasses desktop game anyway. ;-P
One thing people don’t seem to understand is that in past decade(s) high percentage of consumer goods came out of China. The idea we can somehow keep software and web services out of this equation is in my opinion rather naive one. As for Western/Chinese installed anti cheat rootkit for some game, that i guess is the reality one can’t do much about it. It’s reasonable to expect Chinese companies to utilize the same practices as Western competitors.
I could for example say all software used in Western public sectors that came out of China must be open source. But then i would quickly remember that Western public sectors did everything in their power to keep using proprietary products and to keep open source software out of public sector. So good luck with that one.