How exactly does Vanguard work?
The Vanguard anit-cheat software starts at the deepest layer of the operating system, the so-called kernel – or core. It forms the central interface between hardware and software and thus has the highest privileges (access rights) in the system.
With this Vanguard virtually accesses the heart of your PC. In the hierarchy of a system, as shown in the picture below, the kernel (which itself already contains basic system drivers) is followed by the most important specialized device drivers (e.g. for graphics cards).
Why does Vanguard use the kernel?
Especially more complex and mostly paid cheat programs, such as ArtificialAiming, penetrate just as deeply into the system and are loaded when the kernel is started. In short: They modify the kernel to remain undiscovered. If handled correctly, such programs are virtually undetectable for normal anti-cheat systems.
To keep up with such hacking tools, there is virtually no other way than to attack even at the lowest level and load the anti-cheat at system startup.
Riot himself explains this aggressive approach by saying that this is the best way to fight cheats. Furthermore, the system is safe, because nothing is scanned on the PC, it does not communicate with the Riot servers and it can be removed at any time. RiotArkem, the anti-cheat lead of Valorant, writes about this on Reddit:
The Vanguard driver does not collect or send any information about your computer back to us. Any cheat detection scans will be run by the non-driver component only when the game is running.RiotArkem
The Vanguard driver can be uninstalled at any time (it’ll be “Riot Vanguard” in Add/Remove programs) and the driver component does not collect any information from your computer or communicate over the network at all.
However, uninstalling Vanguard might be rather impractical in everyday life. Who wants to reinstall the anti-cheat system before every start of Valorant, reboot the system and at the end, the same
thing in the opposite way.
cause for concern?
This leads directly to concerns among the players. Every third-party program that starts at the kernel has risks and you are forced to trust the assertions of the provider – in this case Riot.
However, since Riot Games is a subsidiary of the Chinese group Tencent, many doubt its noble intentions. Some also see organisational problems.
The fact that hackers could try to use Vanguard or similar systems as a so-called “rootkit”, i.e. as a way to obtain comprehensive access rights, cannot be denied.
Much depends on the competence of the developers.
Is Vanguard the best or the worst solution?
So how good or bad is Valorant’s anti-cheat system? The concerns of many players have their justification, because the security of systems should always be the top priority. Trusting third party vendors is not necessarily the same as using security software sensibly.
On the other hand, Riot’s argumentation is equally understandable. Cheaters are an enormous problem in shooters. In order to fight them effectively, you need equality of arms. And this in turn only seems to be possible through far-reaching measures like Vanguard.