Since the dawn of competitive multiplayer games, cheating has remained one of the biggest issues in the space that continues to haunt both the devs and the players to this day. While many prominent video game companies have tried to battle cheaters by constantly implementing new and more advanced anti-cheat measures, they often find themselves engaged in an endless game of cat and mouse with cheat devs.
The introduction of Riot Games’ Vanguard in April 2020 marked a paradigm shift in the war against cheaters. The new anti-cheat system, which was developed for Valorant and later adopted by League of Legends as well, leveraged kernel-level access on users’ PCs to detect and prevent cheating much more effectively than traditional anti-cheats.
However, its always-on nature and intrusive design sparked controversy among the gaming community, with users throughout the globe expressing concerns over privacy, security, and system performance.
But was the tradeoff worth it? Does the improved effectiveness of Vanguard in combating cheaters outweigh the privacy concerns and deep system access that the software demands?
The War Against Cheaters
Whether you’re playing first-person shooters like CS2 and Valorant or top-down MOBAs like Dota 2 and League of Legends, the existence of a single cheater in your game is certain to ruin the experience for all the participating players. By giving themselves unfair advantages like aimbot, wallhacks, and map hacks, cheaters ruin the competitive integrity of games in hopes of improving their own rank.
This is why effective anti-cheat measures are crucial in competitive games to maintain the game’s integrity and provide a fair gaming environment to everyone. However, most prominent competitive games in the past have struggled to keep up with the constantly evolving cheats and the sophisticated methods employed by cheat developers. Despite one ban wave after another, cheaters have always found a way to circumvent anti-cheat measures set by VAC and other popular anti-cheat software.
With the initial release of Valorant in 2020, Riot Games claimed to be “committed to achieving the highest competitive integrity” in their games. By running at the highest level of system access, Riot’s Vanguard can initialise itself at system startup and prevent cheats from launching before the game itself is launched, while also blocking unauthorized drivers and exploits used by cheaters.
Consequently, Vanguard was more successful than most other anti-cheat software at the time in curbing the problem of cheaters. While cheaters appearing in Valorant games is definitely not unheard of, it’s still a rare occurrence when compared to other titles in the genre.
How Vanguard Works
Despite being largely successful in the battle against cheaters, Vanguard was still met with mixed reactions from gamers around the world.
To understand the reasons behind the widespread criticism of Vanguard, we first have to take a look at its technical aspects and how it functions.
While traditional anti-cheat systems like Easy Anti-Cheat (EAC) and BattleEye typically run at the user level (Ring 3), Riot’s anti-cheat system Vanguard operated at the kernel level (Ring 0), making it much more difficult for cheaters to bypass detection by hiding behind deeper system privileges
By running at kernel level—the highest level of system access—Riot’s Vanguard can:
- Prevent cheats from launching before the game starts.
- Detect low-level system manipulations that traditional anti-cheat systems can easily miss.
- Block most unauthorized drivers and exploits.
Additionally, unlike most anti-cheats that start only when a game is running, Vanguard runs at the same privilege level as operating system drivers and operates continuously in the background of your PC. It starts when the system boots up, and closing it requires a complete system restart before you’re able to play Valorant again.
Privacy Concerns and Controversies
This intrusive nature of Vanguard raised some serious concerns about constant system monitoring and its implications for user privacy.
The biggest concern of the community revolved around the potential vulnerabilities of Vanguard and how an anti-cheat running at kernel level could easily be exploited to not only collect user data, but also to take complete system control.
Several prominent YouTubers and content creators also made videos on the topic, highlighting the issues associated with Vanguard, and some even went as far as discouraging players from downloading Valorant altogether.
Riot Games officially addressed the community’s concerns through a blog post in April 2020, reassuring players about Vanguard’s security. “We would never let Riot ship anything if we weren’t confident it treated player privacy and security with the extreme seriousness they deserve,” the company said in a statement.
The devs further claimed that Vanguard “does not collect any information about your computer,” adding that its sole purpose is to detect and prevent cheating in Valorant. To further alleviate the concerns of the Valorant player base, Riot introduced some transparency measures, such as allowing players to disable or uninstall Vanguard—though doing so would prevent them from launching Valorant.
Despite these reassurances, some amount of skepticism surrounding Vanguard still remained, with some players and cybersecurity experts questioning whether a kernel-level anti-cheat system could truly avoid potential security risks.
The Player Perspective
Within the next few months, Riot’s Vanguard became a hot topic of discussion in online forums, with some players voicing their support to the company for developing a robust anti-cheat while others continued to express concerns over user security and privacy.
A portion of the community commended the devs for creating a fair matchmaking environment for players to participate in, with many players on social media noting how rare it is to encounter cheaters in Valorant.
However, these posts were few and far between compared to the overwhelming number of users expressing their discontent with Riot Games’ anti-cheat solution. Alongside the software requiring kernel-level access, the lack of transparency from the devs and Riot’s ties to Tencent also became a cause of concern in the community.
“While they assure players that their privacy is respected, the nature of kernel-level software means that users have no real way of knowing how their data is being used, or whether any potential vulnerabilities exist in the software,” Reddit user Alcsaar said in a post on the platform. “Lets not forget as well that Tencent owns Riot wholly, and Tencent is beholden to Chinese laws, and Chinese laws explicitly state that at any point if China requests data from or access to Vanguard, Riot cannot refuse.”
Ultimately, the debate over game developers requiring kernel-level access to users’ PCs to develop effective anti-cheat solutions centers on the balance between security and privacy. While supporters argue that deep system access is necessary to combat the constantly evolving cheats, critics worry about the potential misuse and security vulnerabilities that can easily lead to users losing control over their own systems.
Unlike standard anti-cheats running at user level, kernel-level software can, in theory, be exploited, potentially compromising data privacy and system integrity. A lot of players fear that this sets a dangerous precedent, where companies prioritize anti-cheat enforcement over their users’ freedom, making invasive security measures the industry norm.
The Future
In a November 2024 blog post, Microsoft stated that they were trying to develop new Windows capabilities that will allow security product developers to build products outside of kernel mode.
“This means security products, like anti-virus solutions, can run in user mode just as apps do,” David Weston, Vice President Enterprise and OS Security at Microsoft, said. “This change will help security developers provide a high level of security, easier recovery, and there will be less impact to Windows in the event of a crash or mistake.”
Riot Games has also stated that they’re planning to make an anti-cheat solution that won’t require kernel-level access from users, but will rely on leveraging Windows’ security features to maintain fair play instead.
“A future will eventually arrive where we can rely on the security features of Windows to protect its own kernel, instead of protecting it from boot with a driver,” Riot said in a statement. “This will allow us the opportunity to start our anti-cheat services when the game client runs, provided the end-user has opted into all of these features.”
This will not only ease the concerns of players regarding the invasive nature of Vanguard, but may also encourage those who previously avoided games like Valorant and LoL due to privacy concerns to finally give it a try.
Fans can expect to receive further updates on the future of Vanguard from its dev team later this year.
Verdict
Despite its highly intrusive nature, it’s undeniable that Riot’s Vanguard has been a bold step forward in combating cheaters. It has set a new standard for security in competitive gaming, and it has been largely successful in the unending battle against cheaters. By operating at the kernel level, it effectively prevents most forms of cheating that have plagued FPS gamers and game devs for years.
However, concerns about the ring 0 system access and potential vulnerabilities still remain.
As the esports industry continues to evolve, the question lingers: Should players accept intrusive security measures for a fairer game, or should companies find better ways to balance security and privacy?