Activision claims Call of Duty’s new anti-cheat system won’t look at your files

  News
image_pdfimage_print
Activision claims Call of Duty’s new anti-cheat system won’t look at your files

Call of Duty‘s comprehensive new anti-cheat system includes a potential olive branch for security-conscious players: it can’t access your PC’s private files, or so Activision claims.

Announced Wednesday via the Call of Duty blog, the developers’ new suite of cheat deterrent tools (called the Ricochet Anti-Cheat initiative) includes a kernel-level driver for PC that the publisher is claiming will only run when a Call of Duty game is active, as well as a host of server-side tools the CoD security team will use to monitor player behavior and respond accordingly. The Ricochet system will be required to play Call of Duty: Warzone and the upcoming WWII-based Call of Duty: Vanguard once the software is implemented in each game.

Assuming the publisher’s claims are true, the kernel driver—slated to be added to Warzone later this yearonly performs active checks on software that tries to interact with or otherwise change its files when the game application is open and will turn off when players close out. Data from the driver will be used to analyze suspicious behavior and “assist in the identification of cheaters, reinforcing and strengthening the overall server security,” the blog states.

In other words, it allegedly won’t be constantly running in the background whenever your PC is on and can’t monitor or report data unrelated to Call of Duty files.

An implementation like this would be a significant shift away from the OS-wide, high-level security permissions seen in other kernel-level anti-cheat programs, like the Vanguard software (not to be confused with CoD‘s period-era sequel Vanguard), which Riot uses for Valorant. While the Vanguard anti-cheat client component also only operates while running the game, it uses a “kernel-mode driver” that runs in the background as soon as you load Windows. (And even with Vanguard’s client component handling the majority of operations, an always-on kernel-level driver still hands the developer high-level security access to your PC and would leave you at the mercy of an exploit-savvy attacker until Riot’s security team could patch any breach, a process that could take hours.)

The blog post states that the Ricochet driver has been tested across a wide variety of PC setups to ensure broad stability and will continue to be tested and updated after launch. However, it does not specifically address granular details or provide proof of how the driver has kernel-level access without the ability to turn itself on outside of a Call of Duty application or whether it can prevent attackers from activating the software when a game isn’t running.

The developers haven’t addressed whether any methods will be put in place to report observed issues with the driver itself, either, though they encourage players to continue reporting cheating incidents encountered online and to enable two-factor account authentication for their accounts. Representatives from Activision did not immediately respond to questions by press time.

The blog did not go into much specific detail about how Ricochet’s backend tools will work, but it did state that the system will use machine-learning algorithms to examine game data on the server, using it to identify suspicious trends and implement appropriate security measures as needed.

Ricochet will be added to Warzone alongside its WWII-themed Pacific map update later this year, with Vanguard support coming sometime after.

https://arstechnica.com/?p=1803962