Is this deterrence? —
High-level security driver allegedly only runs when games are active, server-side protections also included.
Steve Haske
–
Call of Duty’s comprehensive new anti-cheat system includes a potential olive branch for security-conscious players: It can’t access your PC’s private files—or so publisher Activision claims.
Announced Wednesday via the Call of Duty blog, the developers’ new suite of cheat-deterrent tools (called the Ricochet Anti-Cheat initiative) includes a kernel-level driver for PC that the publisher is claiming will only run when a Call of Duty game is active, as well as a host of server-side tools that the Call of Duty security team will use to monitor player behavior and respond accordingly. The Ricochet system will be required to play Call of Duty: Warzone and the upcoming WWII-based Call of Duty: Vanguard once the software is implemented in each game.
Assuming the publisher’s claims are true, the kernel driver—slated to be added to Warzone later this year—only performs active checks on software that tries to interact with or otherwise change its files when the game application is open and will turn off when players close out. Data from the driver will be used to analyze suspicious behavior and “assist in the identification of cheaters, reinforcing and strengthening the overall server security,” the blog says.
In other words, it allegedly won’t be constantly running in the background whenever your PC is on and can’t monitor or report data unrelated to Call of Duty files.
An implementation like this would be a significant shift away from the operating-system-wide, high-level security permissions seen in other kernel-level anti-cheat programs, like the Vanguard software (not to be confused with Call of Duty’s period-era sequel Vanguard), which Riot uses for Valorant. While the Vanguard anti-cheat client component also only operates while the game is running, it uses a “kernel-mode driver” that runs in the background as soon as you load Windows. (And even with Vanguard’s client component handling the majority of operations, an always-on kernel-level driver still hands the developer high-level security access to your PC and would leave you at the mercy of an exploit-savvy attacker until Riot’s security team could patch any breach, a process that could take hours.)
The blog post states that the Ricochet driver has been tested across a wide variety of PC setups to ensure broad stability and will continue to be tested and updated after launch. However, the post does not address granular details or provide proof of how the driver has kernel-level access without the ability to turn itself on outside of a Call of Duty application or whether it can prevent attackers from activating the software when a game isn’t running.
The developers haven’t said whether any systems will be put in place to report issues with the driver itself, either, though they encourage players to continue reporting cheating incidents encountered online and to enable two-factor authentication for their accounts. Representatives from Activision did not immediately respond to questions by press time.
The blog did not go into detail about how Ricochet’s backend tools will work, but it did say the system will rely on machine-learning algorithms to examine game data on the server, using the data to identify suspicious trends and implement appropriate security measures as needed.
Ricochet will be added to Warzone alongside its WWII-themed Pacific map update later this year, with Vanguard support coming sometime after.