I mean it's definitely top 3 anti-cheats, I'd say BattleEye > EAC > Vanguard. But it's not like the actual anti-cheat is doing all of the work, Valorant is also very well moderated from what I've heard, least in comparison to CS2.

Loading your cheat "before" Vanguard is not going to make it undetected, I don't think you have a very good understanding of these things. That sort of logic would mean you can run your cheat before any EAC game opens and be perfectly fine lol.

Overwatch is a good example when it comes to the handling of cheaters, they have a rather basic usermode anti-cheat but encryption which makes cheat development a pain in the ass combined with some really good moderation. If you rage cheat in Overwatch you're going to get banned pretty damn fast especially if you're in competitive.

Call of Duty is a good example of awful cheat prevention. They use their own in-house kernel AC which is impressively garbage (you can use an open-source driver and be perfectly fine), They also never ban unless it's done by the anti-cheat, they just temporarily shadow-ban you based on reports or your stats which gets a lot of legit players hit in the cross-fire.

引用自 Graduate：

I mean it's definitely top 3 anti-cheats, I'd say BattleEye > EAC > Vanguard. But it's not like the actual anti-cheat is doing all of the work, Valorant is also very well moderated from what I've heard, least in comparison to CS2.

Loading your cheat "before" Vanguard is not going to make it undetected, I don't think you have a very good understanding of these things. That sort of logic would mean you can run your cheat before any EAC game opens and be perfectly fine lol.

Overwatch is a good example when it comes to the handling of cheaters, they have a rather basic usermode anti-cheat but encryption which makes cheat development a pain in the ass combined with some really good moderation. If you rage cheat in Overwatch you're going to get banned pretty damn fast especially if you're in competitive.

Call of Duty is a good example of awful cheat prevention. They use their own in-house kernel AC which is impressively garbage (you can use an open-source driver and be perfectly fine), They also never ban unless it's done by the anti-cheat, they just temporarily shadow-ban you based on reports or your stats which gets a lot of legit players hit in the cross-fire.

FYI - Overwatch, and Blizzard as a whole, is known for having one of the worst AC on the market. Overwatch is just extremely easy to hide cheats bc of the games mechanics (see # of LoL cheaters who for years got away with it). The ex employee Thor bragged about banning 2M cheaters in 7 YEARS. That's 300k a year and even worse than current garbage VAC.

引用自 local microwave：

few things wrong with this,
1. "however, all a hacker needs to do to circumvent Vanguard is to write another kernel level blob of code that loads before Vanguard"
to so this they would first need to develop a kernel driver which isn't easy as you would need to have test signing on, for it to even work
most anticheats however will not let you run their games if test signing is on
2. if you want to run a driver without test signing you will need to get it signed by microsoft which both takes time, money and they review the drivers to make sure they're secure

No signing from Microsoft is required, Test Signing mode on Windows is spoofable (I won't link because it's probably a bit of a grey area that I can get banned for but it's the first result on DuckDuckGo if you type "windows test signing spoof")

引用自 local microwave：

3. vanguard (unlike VAC) actually works enough of the time that it at least allows for peace of mind that you probably just have a skill issue

Yeah, I guess you're right here, a kernel level anti-cheat so powerful that it could act as a rootkit to computers of anyone playing with you on the same server kind of gives off good placebo vibes, but I'd rather make myself think that it's just a skill issue without it. Unless they're rage hacking of course.
Oh and also Vanguard slowed down my PC a lot, even after I uninstalled it. Only Windows reinstall helped. (but now my PC is broken xD)

引用自 elite outsider：

can't the cs2 userspace code detect when other processes read/write its memory?

Not without some exploits that allow that I believe
It might not be related but, as an example, if you run CS2 as an admin, and Discord as a user, you won't be able to use Discord's global keybinds while CS2 is focused. It's an API call but same logic.
Cheat Engine has to be launched as an admin to modify other processes running with admin privileges.

引用自 Raffi：

引用自 kabanod1m #NotoToxicity：

not very safe due to the increased risk of potential vulnerabilities

Specifically which "vulnerabilities" are you talking about? Are you just parroting?

Bugs in software, such as classic memory buffer overflows, that allow you to take control of the system as if you were that software.

引用自 Raffi：

All of the evidence shows that vanguard is significantly better than VAC currently is and even was during VAC's prime. VAC ban stats have been public for nearly a decade and Riot has published their vanguard stats showing a how much more. Vanguard is banning thousands of players a day, VAC barely manages to ban 50.

VAC in it's prime was doing ~800k bans a year which was split up into 4 manual ban waves throughout the year. At best 3 cheaters would spend 3 months ruining hundreds of games and then after a ban wave just buy a new acct and repeat the cycle every 3 months.

<...>

You essentially did some "research" into the technical difference of VAC and Kernel AC without actually understanding what you're reading and ignoring the very public ban rates.

That's because VAC's database isn't being manually updated and Valve aren't seeking out cheats on the Internet manually. How do you think the most popular private cheat, that appears a lot in Premier leaderboard's names, commonly abbreviated as two capital Latin letters, is still not detected? They even have a popular channel on youtube where they explain how cheat functions work.
Currently the real reason that is causing the difference in ban amount between VAC and Vanguard is the amount of manual labor put into seeking out cheats.

引用自 Raffi：

The entire point of anti-cheat is to have the highest possible ban rate in the shortest possible time.

I agree with this though. I, too, think that they should continue updating VAC's database while they are developing a new anti-cheat solution.

引用自 Raffi：

Do you think the entire AAA gaming industry adopted Kernel AC and pays $$$$ to AC companies because it's "the same"? You don't think AAA devs evaluate the difference to consider kernel AC over VAC?

Because it's marketing. People like you hear "kernel-level anti-cheat" and think that it's better. This person gets it:

引用自 oldirty`：

Thhe awnser is very simple and disappointing. Good marketing. Thats it.

引用自 Raffi：

You guys love to complain about Kernel AC and how Kernel access = vulnerability while you gobble down every game and software made by devs all around the world who could get instant access to everything or brick your entire PC from one malicious or oopsie update. There is no more or less vulnerability between vanguard and any of the software you install.

That's why I have auto update off everywhere.

引用自 Graduate：

Loading your cheat "before" Vanguard is not going to make it undetected, I don't think you have a very good understanding of these things. That sort of logic would mean you can run your cheat before any EAC game opens and be perfectly fine lol.

Of course it won't if your cheat is detected manually. It's the same with VAC.

引用自 Graduate：

Call of Duty is a good example of awful cheat prevention. They use their own in-house kernel AC which is impressively garbage (you can use an open-source driver and be perfectly fine), They also never ban unless it's done by the anti-cheat, they just temporarily shadow-ban you based on reports or your stats which gets a lot of legit players hit in the cross-fire.

That's disgusting..

VAC is much better, Vanguard isn't good, Vanguard is basically a spy tool cuz it is being executed in ring 0.

引用自 akiuara：

VAC is much better, Vanguard isn't good, Vanguard is basically a spy tool cuz it is being executed in ring 0.

I won't agree or disagree, I'll just add this, very good video on the topic (although, as somebody pointed out in the comments, it's not the entire picture, XMPP and RTMP requests are not captured and shown)
https://www.youtube.com/watch?v=1pjfm8RsxCQ
It's very inconclusive as to whether it's spyware or not. But it's definitely a big timer bomb to sit on for no reason except from placebo.

引用自 kabanod1m #NotoToxicity：

引用自 akiuara：

VAC is much better, Vanguard isn't good, Vanguard is basically a spy tool cuz it is being executed in ring 0.

I won't agree or disagree, I'll just add this, very good video on the topic (although, as somebody pointed out in the comments, it's not the entire picture, XMPP and RTMP requests are not captured and shown)
https://www.youtube.com/watch?v=1pjfm8RsxCQ
It's very inconclusive as to whether it's spyware or not. But it's definitely a big timer bomb to sit on for no reason except from placebo.

I don't play riot games, playing their games is basically putting yourself in a virtual monitoring, it is like you're being put up in the interpol watchlist, everything that you do is under surveillance, they taken the anti-cheat measures too far, I won't risking my data over a video game, it is just funny, I prefer 1 tapping my opponents using my ROG. gaming chair in CS2, it is more fun.

The game devs who are using kernel's, are the most lazy ones.

引用自 Raffi：

FYI - Overwatch, and Blizzard as a whole, is known for having one of the worst AC on the market. Overwatch is just extremely easy to hide cheats bc of the games mechanics (see # of LoL cheaters who for years got away with it). The ex employee Thor bragged about banning 2M cheaters in 7 YEARS. That's 300k a year and even worse than current garbage VAC.

My entire point was that Overwatch's anti-cheat is bad but their moderation carries. You can definitely effectively rage cheat with heroes like McCree but you never see that happen because how well moderated the game is, of course as you said it's easy to closet cheat but I feel like that'll happen on every game so it's not a huge deal, the main enemy is blatant cheaters who are make the games unplayable imo. The best combination would be an effective anti-cheat AND moderation but I've yet to see that done.

For the numbers, I just wouldn't trust that. If the ban numbers were that low then you would see a LOT of blatant hackers like you do in CS.

引用自 kabanod1m #NotoToxicity：

引用自 Graduate：

Loading your cheat "before" Vanguard is not going to make it undetected, I don't think you have a very good understanding of these things. That sort of logic would mean you can run your cheat before any EAC game opens and be perfectly fine lol.

Of course it won't if your cheat is detected manually. It's the same with VAC.

You have literally no idea what you're talking about...

引用自 Graduate：

引用自 kabanod1m #NotoToxicity：

Of course it won't if your cheat is detected manually. It's the same with VAC.

You have literally no idea what you're talking about...

Mind explaining then?
Or you admit you just came here to hate on me for not blindly agreeing with you?

Any seperate program anticheat makes me remove the entire game.

引用自 kabanod1m #NotoToxicity：

引用自 Graduate：

You have literally no idea what you're talking about...

Mind explaining then?
Or you admit you just came here to hate on me for not blindly agreeing with you?

What you're saying just doesn't make sense to any degree, why would a cheat running sooner than an anti-cheat prevent their core checks from working and only allow for detecting cheats they've already sigged? It doesn't make ANY sense. You're just saying ♥♥♥♥ to say ♥♥♥♥, if that was possible then anti-cheats wouldn't be doing ♥♥♥♥♥♥♥♥ since sigging is not reliable to any degree.

引用自 Raffi：

引用自 kabanod1m #NotoToxicity：

not very safe due to the increased risk of potential vulnerabilities

Specifically which "vulnerabilities" are you talking about? Are you just parroting?

引用自 kabanod1m #NotoToxicity：

and just overall not sounding very trustworthy (who knows what else it is doing?)

There's the real reason :laughing_yeti:

引用自 kabanod1m #NotoToxicity：

it really isn't that much better than VAC... Vanguard is already completely on par with VAC... they are not that far away from each other.

All of the evidence shows that vanguard is significantly better than VAC currently is and even was during VAC's prime. VAC ban stats have been public for nearly a decade and Riot has published their vanguard stats showing a how much more. Vanguard is banning thousands of players a day, VAC barely manages to ban 50.

VAC in it's prime was doing ~800k bans a year which was split up into 4 manual ban waves throughout the year. At best 3 cheaters would spend 3 months ruining hundreds of games and then after a ban wave just buy a new acct and repeat the cycle every 3 months.

The entire point of anti-cheat is to have the highest possible ban rate in the shortest possible time.

You essentially did some "research" into the technical difference of VAC and Kernel AC without actually understanding what you're reading and ignoring the very public ban rates.

Do you think the entire AAA gaming industry adopted Kernel AC and pays $$$$ to AC companies because it's "the same"? You don't think AAA devs evaluate the difference to consider kernel AC over VAC?

You guys love to complain about Kernel AC and how Kernel access = vulnerability while you gobble down every game and software made by devs all around the world who could get instant access to everything or brick your entire PC from one malicious or oopsie update. There is no more or less vulnerability between vanguard and any of the software you install.

Bigger problem is that EVEN once banned they will just hop on under different account and circle repeats itself.

Now, Valve does not use hardware bans as people claim that it is "easy" to bypass it.
Well, guess what RIOT did:
https://x.com/AntiCheatPD/status/1796609553104015767

引用自 kabanod1m #NotoToxicity：

Apart from just being a closed-source kernel level blob of code, which is by itself already not very safe due to the increased risk of potential vulnerabilities, and just overall not sounding very trustworthy (who knows what else it is doing?), it really isn't that much better than VAC.

Its main difference from which it benefits is the fact that it starts pretty early compared to everything else on your system. However, all a hacker needs to do to circumvent Vanguard is to write another kernel level blob of code that loads before Vanguard, and in this situation Vanguard is already completely on par with VAC! (Write "I read the post thoroughly" at the start of your comment if you read up until this point) The only thing it can do at this point is to trust that nothing extraordinary happened so far (like modification of Vanguard itself, or some spoofing, anything really!) before it loaded and maybe check other kernel drivers for whether they match some known cheating software or not, like VAC has been doing for all these years.

Vanguard might be better because they find more cheats to add to their known cheating software database, but technologically — they are not that far away from each other.
And I did try researching this, despite both systems being pretty secretive about their inner workings (as they should be).

I am, however, open to explanations, especially if a hacker (not a cheater) experienced with both anti-cheats comes by and at least points into the right direction.

引用自 Tomico.：

Bigger problem is that EVEN once banned they will just hop on under different account and circle repeats itself.

Now, Valve does not use hardware bans as people claim that it is "easy" to bypass it.
Well, guess what RIOT did:
https://x.com/AntiCheatPD/status/1796609553104015767

Hardware bans lead to the problems with market of used hardware. A lot of people couldn't afford a brand new hardware, so they buying used one. Imaging you are a kid, building your first PC, and then realized, that your hardware is banned. That's why you would never ban by hardware, if you care about your users. Also, this is not possible without kernel, and kernel is the most lazy way to deal with cheaters, which could lead to a big security holes.