The same tinfoil hat territory that was attributed to everyone worried about the NSA programe revealed by Snowden? The tinfoil hat territory that had raised questions about Office 365 which later turned out to be true (https://alberthoitingh.com/2018/11/26/dutch-government-on-gdpr-compliance-office-365/), etc.
The same tinfoil hat territory related to security that people had when Capcom did the same thing for “anti cheat” with a driver which was then exploited
https://github.com/FuzzySecurity/Capcom-Rootkit) -
https://www.theregister.co.uk/2016/09/23/capcom_street_fighter_v/.
I am sure that previous valid concerns regarding this kind of malpractice was called tinfoil by your ilk before it was then proven to be true, or the “potential” risk became a working exploit that compromised the users.
There should be absolutely NO reason for a game to install a ring 0 driver, giving itself full access to your computer and making your system more vulnerable (Adding a larger attack surface) just so it can prevent a few people from cheating. The goal of this malware is also primarily to prevent people from cheating, the goal is not to protect the players from threats, which will also dictate where the resource usage and skillset for development will be focused.
If a cheat was released, leading to thousands of aimbots in every game, came out tomorrow, and Riot scrambled to update their rootkit because of all the crying about on the internets from players who lost matches; do you think they would focus on making sure it didn’t introduce any new flaws that could be abused by other malicious third parties, or only to make sure nobody could get a few extra kills per round?
So called “Anti-cheat” on the client attempts to achieve its goal by for example:
- Monitoring system memory (i.e. spying)
- Monitoring running applications (i.e. spying)
- Attempting to isolate the game executable from being modified/hooked by other applications (Does not require a kernel level driver)
- Blocking attempts to start the game if it finds running processes that it doesn’t “agree with”. (Based on spying)
- Reporting said (and erroneous) block attempts back to known/unknown parties for processing (Spying)
Since the the software is closed source and communicates with Riot over encrypted traffic there is no way of knowing what it sends back or which other features it will get through updates.
And since we are in tinfoil territory, I am sure that any system level driver such as this anti cheat will not cause system instability either, right?
Maybe you wanted to install a security update from Microsoft, but since you are running another piece (or several, that may conflict with each other) of spyware/rootkits MS disables the update flag (because your system is incompatible). So now you have a choice between patching your computer against 0 day exploits, or uninstalling (if possible, and working) the spyware/rootkit just so you can patch security or other flaws in your operating system - which also means you can not play the game anymore - until Riot fixes their driver… Or you can choose to continue playing and risk getting aANOTHER rootkit on your computer with even more malicious intent. Or maybe you just get stuck in an endless greenscreen of death reboot cycle.
And when you know many players will gladly offer an arm or a leg to play a game (like you advocate) we can be sure that they will NOT update, NOT get patched for a potential 0-day and you will look at thousands of computers being hijacked into yet another botnet.
Questions in the end:
- Would you agree to give every company you interact with full access to your computer and its connected devices?
- How about web sites or forums, can we be sure you are not a bot without seeing you typing in real time?