With 14.9, Vanguard, Riot’s proprietary Anti-Cheat system will be deployed and active in League of Legends. This means that active enforcement of Vanguard will be in effect and working hard to make sure your queues are free from scripters, botters, and cheaters! We recently released a blog detailing the “why” behind bringing Vanguard to League that you can check out here. It’s a bit of a long read, but it does have some pictures.
Lilu Cabreros in the League of Legends patch notes
The basic gist is that Vanguard is a closed-source, kernel-level rootkit for Windows that runs at all times, with the supposed goal of detecting and banning cheaters from playing League of Legends. This being a rootkit designed specifically to inject itself into the Windows kernel, it won’t work on Linux, and as such, the entire League on Linux community, which has been playing League for years now and even at times communicated with Riot employees to keep the game running, is now gone.
Interestingly enough, Riot is not implementing Vanguard on macOS, which League of Legends also supports – because Apple simply doesn’t allow it.
This is probably the most invasive, disturbing form of anticheat we’ve seen so far, especially since it involves such a hugely popular game. It’s doubly spicy because Riot Games is owned by Tencent, a Chinese company, which means a company owned and controlled by the Chinese government now has rootkits installed on the roughly 150 million players’ computers all over the world. While we’re all (rightly, in my opinion) worried about TikTok, China just slipped 150 million rootkits onto computers all over the world.
One really has to wonder where these increasingly invasive, anti-privacy and anti-user anticheat measures are going from here. Now that this rootkit can keep tabs on literally every single thing you do on your Windows computer, what’s going to be the next step? Anticheat might have to move towards using webcams to watch you play to prevent you from cheating, because guess what? The next level of cheating is already here, and it doesn’t even involve your computer.
Earlier this year, hardware maker MSI showed off a gaming monitor that uses “AI” to see what’s going on on your monitor, and then injects overlays onto your monitor to help you cheat. MSI showed off how the monitor will use the League of Legends minimap to follow enemy champions and other relevant content, and then show warnings on your screen when enemies approach from off-screen. All of this happens entirely on the monitor’s hardware, and never sends any data whatsoever to the computer it’s attached to. It’s cheating that literally cannot be detected by anything running on your computer, rootkit or not.
So, the only logical next step as such forms of cheating become more advanced and widespread is to force users to turn on their webcams, and point them at their displays.
I fired up League of Legends today on my gaming computer – which runs Linux, of course – and after the League client “installed” the rootkit, it just got stuck in an endless loop of asking me to restart the client. I’ve been playing League of Legends for close to 14 years, and while I know the game – and especially its community – has a deservedly so bad reputation, I’ve always enjoyed the game with friends, and especially with my wife, who’s been playing for years and years as well.
Speaking of my wife – even though she runs Windows and could easily install the rootkit if she wanted to, she has some serious doubts about this. When I explained what the Vanguard rootkit can do, her mouse pointer slowly moved away from the “Update” button, saying, “I’m not so sure about this…”
It’s too bad Darling is so much younger and more incomplete than Wine.
I know that was said in jest, but you’d end up running the macOS version of CrossOver, which runs the Windows binary, instead of just running LoL on Proton or Wine – which I think is hilarious (the software version of a Rube Goldberg machine), but also pointless.
(Unless something has changed, and the macos version of LoL is native now – I very much doubt that.)
is this stupid? wouldn’t it be as simple as pulling the windows binaries from the mac package to get it running on wine again?
Which is no different from what Irdeto (a Duch company) is installing on the computers of millions of Chisene users in the form of Denuvo anti-cheat (yes, some forms of Denuvo include kernel-level rootkits). But it’s somehow OK when a Western company does it? Is this a “rules-based order” thing I don’t understand?
Unless you think Western governments can’t strong-arm private companies into doing the nefarious things they want them to do like the Chinese government can, in which case, I have news for you: https://en.wikipedia.org/wiki/PRISM
Which quite frankly is one of the “invisible premium quality” MacOS is offering to the user: No third-party Agent Smiths running around the kernel (from Tencent or Irdeto or whoever). Most users don’t even know what the above even means, but they do enjoy the added stability they get from the fact MacOS doesn’t allow it. Meanwhile, on Desktop Linux and Windows you can use sudo/UAC to install kernel modules with a single click (and you know users will do it to install the software they’ve bought).
And yes, it is my opinion that if you want to modify the kernel, you must boot from DVD/USB and do at least a partial re-install of the OS. This would dissuade most software vendors from requiring it (this is how Android does it, Pixel devices allow modified OS images). Or just ban it completely like MacOS does.
I remember Irdeto from the old times in STD business. We hated guts of those guys but we’ll you do what customer (TV network) wants.
?Porque no los dos?
My point is, that the whole “a Chinese company, which means a company owned and controlled by the Chinese government” bit is never brought up when discussing Irdeto (which is a Western company, controlled by Western governments). But seemingly nobody gets paranoid the same way about Irdeto, the complaints about Irdeto are usually related to system stability (which is a valid concern), not being spied on by three-letter agencies. Strange.
I think the argument is that western governments don’t do things like disappearing Jack Ma for months after he goaded the head of state.
No, they extraordinary rendition them instead.
Any recent examples of this?
Nowhere in the OP does it say “it’s okay when western companies do it” – what are you even talking about?
Does that mean it’s the same when “my” country does it, vs when some “other” country does it – no, not at all. This is one of those crazy internet things – folks love to argue in extremes. Believe it or not, multiple statements can be true at the same time:
– It’s not okay to install rootkits on users machines ever – whether you are a Chinese company (tencent), Japanese company (Sony) or American/western country (everyone else – and I’d argue Windows itself is an American company’s root kit – yeah, I said it).
– It’s more not okay when a foreign country’s state owned company does it, then when your own country’s privately owned companies do it (or a close partner) – especially when that country has made it clear they see themselves as your enemy (it literally couldn’t matter less whether you see them as an enemy.)
– Yes, you could argue many “western” companies are right wing, and anti-worker ,and have declared themselves your enemy – again, more than one thing can be true at the same time. Kind of funny how that works, right?
CaptainN- you make a really good point. These discussions don’t happen in a vacuum, we actually live in one of these regimes, it’s “ours”, with all that entails.
>– It’s more not okay when a foreign country’s state owned company does it, then when your own country’s privately owned companies do it (or a close partner) – especially when that country has made it clear they see themselves as your enemy (it literally couldn’t matter less whether you see them as an enemy.)”
I’d argue the greatest risk is when your own domestic government is somehow involved, either on their own or in combination with a company. The local, domestic government has legal jurisdiction over you and can plant evidence on you and drag you into legal proceedings and do all kinds of things to take away your rights and freedoms and property.
A foreign government halfway around the world that’s got a rootkit running on you system is a different risk. Maybe they’ll try to steal your credit card credentials and make fraudulent charges and pocket the money. The North Korean government has been accused of stealing a lot of foreigner money in this way. But a foreign government can’t really drag you into extra-territorial legal proceedings, short of an expensive and risky rendition process or a lengthy and risky extradition process.
Governments govern. I’m not some libertarian whackado that doesn’t think government has any role at all – they do. The whole idea of democracy is that we are supposed to be involved or at least provide consent to be governed by our own governments. This social contract is in constant flux, and is quite imperfect, but it’s still there in most western countries. When it comes to foreign country’s governments, no such contract is even implied. They have no responsibility to me at all, nor I to them.
>”When it comes to foreign country’s governments, no such contract is even implied. They have no responsibility to me at all, nor I to them.”
Foreign governments also have virtually no reach into your life, other than something like a credit card number that is very surface level and exposes little of yourself. Domestic governments have vast reach deep into every aspect of your life. Your disagrement with the philosophical ponderings of “libertarian whackadoos” will benefit you nothing when your local government is trying to sieze your property through eminent domain, or accuse you of a crime you did not commit, or put an inappropriate tax lien on your property. And just saying, “well, that would never happen to me”, while probably usually true, still belies the truth that this type of abuse does happen with sufficient frequency to warrant a self-protective posture.
> Foreign governments also have virtually no reach into your life,
We are discussing the appropriateness of foreign countries reaching in to your life using rootkits… Try to keep all the ideas in your head at the same time.
I say “libertarian wackados” and then you hit me with your propertarian nonsense, indicating as I suspected, that you are in fact, a libertarian wackado, probably of that “special” American variety. Good luck with that.
I’m not going to play the whataboutism game, as an American I know all too well that our government has forced companies to spy on its own citizens. The bigger issue is that Microsoft is all too willing to let governments and private companies alike have rootkit-level access to their kernel. How anyone can take any version of Windows seriously for business or high security work is beyond me. This kind of security nightmare is also allowing CCP controlled companies like Tencent to do the same. It’s not a East vs West issue, it’s a failure on the part of Microsoft to stand firm and say “no” to such requests.
Western nations at least have a legal system that provides avenues for defying unfair government demands. China does not. There is no fair legal process available to Chinese companies to defy what the state requires. There is no independent judiciary that protects the rights of citizens from being coerced into spying on behalf of the government
Drumhellar,
I don’t want to dismiss the civil oppression of Chinese dictators, which is a completely different level of government abuse. But we ought to be honest to ourselves that our justice system in the US isn’t completely fair or just, we have real issues with corruption, selective enforcement, and politically motivated persecution. The US has some of the highest incarceration rates in the world. The courts don’t always act independently, we’re not free of secret government spy programs that don’t respect the law. Our government has set up and continues to enable secret courts and special prisons that grant the government an option to sidestep constitutional rights – no right to lawyers, no presumption of innocence, held indefinitely without trial.
https://en.wikipedia.org/wiki/Guantanamo_Bay_detention_camp
The US believes certain individuals shouldn’t be entitled to rights or to defend themselves. I’ve heard people justify this because they don’t trust courts to make the “right” decisions, etc, but it gives a black eye to the sanctity of justice in this country.
https://www.nbcnews.com/feature/edward-snowden-interview/pentagon-papers-whistleblower-snowden-wont-get-fair-trial-n118561
Fair enough.
But, the the US courts do protect the rights of corporations, and if a corporation wants to stand up for their customers (Because, hey, its good publicity) then they usually get their way
IMHO, the Chinese origin has nothing to do with the fact that having third parties installing kernel extensions is a bad idea, always. If you really need windows to run League of Legends ( which you really don’t), then you need two computers, one of which is dedicated to just run league of Legends and do absolutely nothing else.
It’s a terrible idea on many levels but first and foremost it’s a national security threat. If NSI can mandate that C is no longer recommended language it for sure can ban this type of software.
I mean no disrespect, my language skills in my native language are laughed at by my elementary school kids. But, mandating …. recommended. They recommended that C not be used, which is of course a very smart recommendation that people have been saying for decades now. There is absolutely no controversy around that, and no teeth either. The only people I’ve seen upset are C/C++ devs, who don’t understand how dangerous their languages really are in the hands of even expert coders.
The government should by all means recommend safe practices for any part of our lives. its fine. Now if they had laws/regulations *preventing* things, well then its more applicable to be upset, depending on the context. I mean The government used to have a hard requirement to use ADA, so any ban of any language wouldn’t be the first one.
Obligatory, just stop using Windows post – seriously, this isn’t a problem on Linux or macOS – Microsoft could and should do something to prevent this on their platform – except, they don’t care about Windows any more, so why keep using it.
Also, Wild Rift is the better League of Legends, and everyone should stop playing the slow as molasses desktop game anyway. ;-P
Or, if you must play video games, play them on a playstation or xbox or some dedicated console. Don’t play them on the same system as you run your business affairs and financial affairs and so forth. Why does every device have to double as a game-playing device? It’s a fairly immature concept that has taken over the paradigm of modern tech device use.
The reason for that is that PC gaming is fun – and expensive, and there’s no reason you shouldn’t be able to run your games on the same general purpose computing device as your spreadsheets. In fact, you can do that on closed platforms like iOS and moderately closed platforms like Android. But you can’t do that on games consoles, where the company who sold you the hardware still behaves as if they own it. I don’t want that in my life, personally.
And since this is the obligatory “just stop using Windows” thread – you can do all these things safely on Linux. You can run games, with DRM (running in userland mostly) and run your productivity apps. There’s no need to compromise here. It’s already possible to do what we want. And just a note – this is osnews.com – it’s why we are here!
CaptainN-,
> except, they don’t care about Windows any more, so why keep using it.
Should correct to “except they can’t”
When Windows tried to strengthen the kernel against tampering, companies like Symantec ran full page ads calling them out for this:
https://www.nbcnews.com/id/wbna15104805
Because they had the right to hook into the Windows kernel directly to run their extortion, sorry security software.
After EU sided with Symantec and McAfee, or at least gave that impression, Microsoft had to give in.
And here we are today…
(where is my edit)
Anyway, we can thank EU institutions and greedy 3rd party software for the state of Windows security today.
(Free Microsoft Defender would be more than enough for 99.9999% of the people)
I thought Microsoft stood firm on that one, kicked them out of 64 bit Windows as those AV kernel extensions were a big source of blue screens, and coLinux died as collateral damage.
One thing people don’t seem to understand is that in past decade(s) high percentage of consumer goods came out of China. The idea we can somehow keep software and web services out of this equation is in my opinion rather naive one. As for Western/Chinese installed anti cheat rootkit for some game, that i guess is the reality one can’t do much about it. It’s reasonable to expect Chinese companies to utilize the same practices as Western competitors.
I could for example say all software used in Western public sectors that came out of China must be open source. But then i would quickly remember that Western public sectors did everything in their power to keep using proprietary products and to keep open source software out of public sector. So good luck with that one.
Geck,
But there is a difference.
Yes, consumer goods were coming from China, but they were not essentially Chinese products. When you buy a Surface laptop “designed in California, assembled in China” you are getting a Microsoft product, controlled by Microsoft to their best ability (yes there could be tampering).
When people buy Xiaomi(?) phones on the other hand, they are buying a Chinese product.
Except for mass market low quality low price stuff, Chinese brands have not made into the US. Except for Tencent, which piggybacked on the cash strapped gaming industry.
Yes Xiaomi is a good example, being a Chinese product and still having Google apps support whilst Huawei being a Chinese product and not having Google apps support. As for some Western company designing their products and to manufacture it in China. For the idea this product is inherently different from what you are getting from Xiaomi. The difference is much lower than some believe. In a lot of cases it comes down to different company logo sticker or case design, the rest is standard and the same for all.
Geck,
Samsung tried to do something similar.
https://www.christianpost.com/news/samsung-galaxy-s4-shows-up-on-companys-website-smartphone-to-run-tizen-os-87854/
Back in the day they wanted to switch to Tizen, which is their in-home alternative to Android. With some clever maneuvering by Google, that was avoided.
However the recent one could not (as they literally could not sell Android thanks to sanctions).
In my opinion multi national companies profited massively by utilizing FOSS on where Western countries lost massively with their hard stance of not accepting open source software in their public sectors. That is on why we currently can’t trust majority of consumer products to not have rootkits spying for some government build in them. Rise of China only exposed this short sighted strategy to its fullest as now Western countries really don’t have any other option then to use consumer products that have rootkits spying for some government build in them. As this is the model West imposed the world and now its on receiving part too.
Dear Thom,
First of all, let me express my gratitude on behalf of the community of computer enthusiasts and Linux aficionados, but also from all operating systems users, for the amount of time and dedication you’ve put into osnews.com over these many years. I’d like to offer some observations.
We’re living through challenging times. Propaganda reigns, constantly telling us what’s right and what’s wrong, what’s in fashion and what’s not. Where good lies, where evil lies.
I believe that those of us fortunate enough to have had an education before entering the workforce, born not after 2000, years marked by the brainwashing of young minds through social networks, know well that truth is never one-sided.
Osnews.com is your space, and you’re absolutely free to write whatever you want, but allow me to highlight that the Ukrainian flag on your masthead, the anti-Chinese rhetoric, and the arguments in favor of these two factions are only a part of the picture.
For years, after the fall of the Berlin Wall, we’ve seen how the West has criticized the Russians and any state that didn’t align with our views (250 military actions just after the fall of the wall out of 500 total since the end of World War II), and this also applies to China: there might be a regime that we may or may not like, but for 30 years, we’ve seen Western software installing root-kits. Surely, it can’t all be blamed on the “evil Chinese government”.
In summary: I respect your political views, but I believe that attributing reasons to only one side doesn’t fully justify and highlight the intelligence of the person you undoubtedly are. All issues are very complicated, and we simply need to understand that we Westerners need to stop bothering and exploiting everyone and start discussing honestly to save this planet and its inhabitants, be they animals or evolved bipeds.
Just to be clear what Russia is doing in Ukraine and Chinese mandating rootkits, both are horrendous things and it’s perfectly OK to have a stance against it. Witch hunting is on the other hand something that needs to be discussed too and the thing is in last decade(s) if you flipped your networking router it almost always said made in China. So obviously currently it suits political agendas to demonize it and obviously still continue to use it. Like with Chinese mobile phone brands on where we supposedly have a list of brands that can access Google Play and the one that can’t. This surely has everything to due to spying for CCCP.
1. So, the hardware cheat stops over 99% of cheaters and actually makes playing the game possible. Without it, the game becomes literally unplayable. So, what’s the solution Thom?
2. Have you actually disassembled the kernel driver/rootkit that comes with it to claim it leaks any information? Have you run Wireshark or these are just baseless accusations without _any_ hard data to back them up?
3. How do people live their lives when the entirety of Windows is closed source? And of course Windows comes with a ton of kernel drivers.
4. Do you think given the choice people will choose Linux for a game rife with cheaters or Windows where they can play peacefully and cheaters are swiftly taken care of?
5. The monitor hack you’re talking about is not wallhack/aimbot/whatever. It simply draws attention to certain stuff.
6. Hardware cheats do exist but they are inaccessible to the vast majority of people, they are often bespoke and not trivial to set up, and they are extremely unlikely to work in the LAN environment.
Wait, there’s more, https://twitter.com/porochuyeah4/status/1785756252171100641
Thom, never ever touch Windows. It’s malware.
1. Well the usual solution would be to play on console in a fully locked down environment where cheater’s don’t usually show up until the security of that console has been fully cracked towards the end of it’s run.
2. That’s hardly the issue, it can be updated whenever, and a Chinese company can’t say no to the CCCP or someone’s going to spend some time being re-educated. (Also see the shit tons of shady stuff going on with home security cameras sending data to China)
3. They don’t care and get on with their lives.
Sadly you chose not to publish an exciting OS related piece:
https://www.tomshardware.com/software/operating-systems/thousands-of-apps-ported-back-to-windows-95-twenty-eight-years-later-net-framework-port-enables-backward-compatibility-for-modern-software
https://www.youtube.com/watch?v=CTUMNtKQLl8
People who love OSes could really appreciate it.
Wait what? How come are NSI and European security agencies letting this happen? The jokes are over, cybersecurity is the new frontline of war.
I would love a good QEMU – Windows solution to this issue.
One that uses the GPU hardware (as one GPU pass-through or similar performance)
With a simple menu as the quickgui – quickemu one if it would work well enough (it does not on my arch)
I forgot to mention QEMU for MS WOS, Mac and Linux, because even Windows users would like to rootkit just a virtual machine instead of their main system.
Cheaters would love it too.
People here, high on Open Source, never have dealt with blatant cheating in games.
It’s possible to have an open source anti cheat solutions for preventing cheating in games. If provided through trusted build system one could then argue its not such an issue to install it for being able to play some game in multiplayer mode.
I don’t know if it’s been said, so this part is also important – these rootkit anti-cheat (or DRM) systems don’t even work. They cause all these problems (and more, weakened security, bugs, etc.) – and they don’t even do the one thing they claim to do well. That’s an important part of all this.
The main issue is, online games can inherently be “hacked” all the time. There is no possible prevention, unless you have 100% control over the client environment.
Even console games have cheats, where the entire software ecosystem is supposed to be locked down. This comes in many forms, like specialized controller hardware which will run macros or triggers, or plain old “unplugging the modem” when your team is losing. And it is a losing battle, as accessibility devices for disabled gamers are now valid targets to hook into the systems.
Even if Windows were finally able to lock down “Store Apps” (full on DRM, running in secure enclaves, “OS in OS” with TPM), some entrepreneuring startup will hook up a Raspberry PI to a camera module to build a virtual mouse with AI aimbot.
That is why this stuff happens even in professional competitions. And don’t get me wrong, it also happens wherever humans exist. (A famous biking champion was found to be cheating by having a hidden electrical motor assisting his wheels)
Anyways, back to topic.
Rootkits are a real concern, there is no denying that.
But gamers are “willingly” accepting this, as rampant cheating in online makes those games practically impossible to play otherwise.
sukru,
I agree. I don’t know that a professional software engineer would have the motivation to do it, but I have no doubt that an experienced programmer could use today’s AI technology to cheat without having to modify the game or operating system. Maybe it’s already being done and frankly there would be no way for even a rootkit to know. The AI skill level can be tuned down to whatever level is necessary to win rounds without triggering super-human alerts.
I’m of the opinion this is inevitable and no amount of invasive rootkits will prevent it anyway. So…since it’s futile for companies to fight the tide, I’m of the opinion that it would be better for them to make the best of AI bots by attracting those users into different competitions dedicated to AI bottles or AI versus human battles where gameplay might actually benefit from the AI bots. By creating competitions that are much more fun and challenging than beating humans, it might actually discourage cheating in human battles while making the game more fun for everyone.
Alfman,
There will always be bad actors who cherish not having their own success, but spoiling the fun of others.
Yes, as the hacking is external, it becomes very hard to prevent. There are devices that MITM the USB connector of official controllers for example. They are almost impossible to detect. And it will only get worse over time.
On university campuses, they tried to “detect AI” in student assignments. And that led to massive amount of grief. As false positives are common, since the detector cannot actually distinguish AI, but only “good writing” vs “bad writing” (they used to say the US Constitution was 100% AI, but of course they fixed that embarrassment).
What is more ironic is that, you can literally use GPT to avoid this: “please add some grammar mistakes, and use slightly worse language to avoid detection” is all you need to have it rewrite in a more “human” manner.
I would really be on board with that. Unfortunately people still want to show off to others, and somehow cheating is seen as a legitimate way of one upping the competition.
But yes, if we can at least starve off that group, and have 99% of the matches clean, that would be a great progress.
sukru,
Yeah, what everyone needs to understand is that the very same AI that’s trained to detect non-human submissions/interactions provides exactly the same kind of output that’s needed to train a regenerative AI to defeat it. Maybe you can do something to address the underlying motivations, but technically using AI to stop AI is short term at best and harmful to innocent users as they are snared by false positives, which is inevitable as the AI’s ability to mimic us improves.
If they’re determined to cheat against humans, there’s not much we can do about it, but I think there’s a lot of room to attract them to contests where those skills can be celebrated. Maybe even make a esports category for it, I’m sure there would be tons interest. I think part of the problem today is companies not acknowledging that.
Why not simply create ‘maps’ where all kind of chezting is allowed?