I'm not a security expert so I was actually hoping for more information regarding the Ring 0 thing, but I've been reading as much as I can about the stuff people are saying. I also am not for or...
Exemplary
I'm not a security expert so I was actually hoping for more information regarding the Ring 0 thing, but I've been reading as much as I can about the stuff people are saying. I also am not for or against the game at this time since I'm still trying to collect information before I make a decision.
I'll try to summarize the important points/concerns (note that I'm not 100% sure on some of these and they aren't all directly related to Vanguard):
Vanguard runs on Ring 0
Other games that use anti-cheat also run on the kernel-level like BattlEye, Easy Anti-Cheat, ESEA, FACEIT
Not all of those anti-cheat systems run on Ring 0, some of them run only on Ring 2 (not sure about this, only read one comment that mentioned this)
ESEA had an incident which involved one employee implementing a bitcoin miner
Being on Ring 0 leaves you open to a back door or other vulnerabilities for malicious hackers. I probably need an expert to weigh-in on this bullet-point
Vanguard runs the moment you start your computer and is always on
RiotArkem's (anti-cheat lead for Valorant) detailed answer regarding this. See below for some of the important points.
Vanguard may impact the performance of or cause problems with other games (mixed answers from people regarding being unable to start certain games or FPS issues. The most used example video of stuttering in World of Warcraft before and after uninstalling Vanguard
Riot is owned by Tencent who has involvement with the Communist Party of China
Wanted to note that there is at least one group intentionally spreading anti-Vanguard propaganda according to this
There are concerns regarding the moderators of the Valorant subreddit being employees of Riot itself and potentially censoring anti-Valorant posts/comments
Riot Arkem's response:
We've had multiple external security research teams review it for flaws (we don't want to accidentally decrease the security of the computer like other anti-cheat drivers have done in the past)
We're also following a least-privilege approach to the driver where the driver component does as little as possible preferring to let the non-driver component do the majority of work (also the non-driver component doesn't run unless the game is running).
The Vanguard driver does not collect or send any information about your computer back to us. Any cheat detection scans will be run by the non-driver component only when the game is running.
The Vanguard driver can be uninstalled at any time (it'll be "Riot Vanguard" in Add/Remove programs) and the driver component does not collect any information from your computer or communicate over the network at all.
I can't read this and take it seriously when I hear "ring 0". I'm fairly conflicted though. It looks like overall they're doing things as correctly as you can ask them to, and their response was...
We're also following a least-privilege approach to the driver
I can't read this and take it seriously when I hear "ring 0".
I'm fairly conflicted though. It looks like overall they're doing things as correctly as you can ask them to, and their response was excellent overall. But urgh, requiring such a high level of permissions on a personal computer for an anticheat in a game is IMO going too far.
Really makes you wonder if technological anti-cheat is even worth it. I've toyed around with the idea of open source MMOs too, and the thought of an open-source anti-cheat that doesn't overreach...
Really makes you wonder if technological anti-cheat is even worth it. I've toyed around with the idea of open source MMOs too, and the thought of an open-source anti-cheat that doesn't overreach just seems infeasible. All it takes is a cracked version of the kernel module that says "all is fine" whenever you ask it - for all I know.
I wonder how we'll do anticheat in the future. My bet is on making account creation sufficiently difficult that any ban will actually stick. If you asked for govt. ID for example (not that I endorse that), you could make sure a banned person stays banned. Sprinkle in some hierarchical community moderation for example, and you have yourself a reasonably solid system.
Sure. That's where file verification comes in. The way I see it, you shouldn't be allowed to play an MMO (or any other multiplayer game) with an edited engine or any of its components. If you can...
All it takes is a cracked version of the kernel module that says "all is fine" whenever you ask it - for all I know.
Sure. That's where file verification comes in.
The way I see it, you shouldn't be allowed to play an MMO (or any other multiplayer game) with an edited engine or any of its components. If you can verify all files using, say, hash (but not MD5, which is known to have critical security issues) at launch. Sure, it's gonna take time per launch – which is annoying, but something you as a player can live with if in return it gives you cheater-free gameplay.
Then again, I might be talking out of my ass here.
The easy way around that is to just have the hash algorithm always return the right checksum. Say I'm evil. I build this software and record all the file integrity checksums. Then I make my...
The easy way around that is to just have the hash algorithm always return the right checksum.
Say I'm evil. I build this software and record all the file integrity checksums. Then I make my modifications and edit the checksums to say "all is fine" anytime someone asks - that is: just hard-code the pre-recorded checksums into there. Bonus: It loads faster than anyone else's.
I'm currently unconvinced anything can be done to allow someone to run software on their own hardware and then trust that said software is authentic. All I can convince myself of is that you can demand and verify proof that the user is in possession of the authentic software - not that that's what they're running.
This is only tangentially related, but I thought it was fascinating: You can interleave multiple checksums to make it harder to modify any single one, which is what was done for the Spyro: Year of...
This is only tangentially related, but I thought it was fascinating: You can interleave multiple checksums to make it harder to modify any single one, which is what was done for the Spyro: Year of the Dragon copy protection:
multiple checksums were applied to the same data. Each checksum used a different start offset into the data, and stepped through the data by different amounts. This meant that overlapping and interleaved sections of data were checksummed at different points, making it almost impossible to alter anything and still have all the checksums add up.
That said, even that was eventually cracked -- as you say, there is likely nothing that can be done to prevent user modifications once they are in possession of the binary.
Far as I can tell, that only really helps you if you're not just lying about the replies of the checksum algorithm, and only if the checksum algorithm is broken to begin with. A secure checksum...
Far as I can tell, that only really helps you if you're not just lying about the replies of the checksum algorithm, and only if the checksum algorithm is broken to begin with. A secure checksum algorithm will read all the data, compute the checksum and you won't be able to produce a different code that has the same sum, nevermind producing one that allows you to cheat.
What I'm proposing looks more like hacking the function that determines the checksum. So you'll have a function hash(section or slice or whatever) -> hashcode. I'll just write a variant that for every section simply has the correct code hard-coded. If we're talking always-online stuff, the server might ask you to initialize the hash with a random number, in which case you're going to have to replicate the computation. But that's no good either, because I'll just install a clean version and point the hash function to it.
Alright, but what if we run the hash on the representation of the program as it currently exists in RAM? Either the part of the representation we're looking at is static (in which case, precompute the hash or compute them from a dead copy on disk) or it is dynamic, in which case we're going to have to run a different install in parallel to extract the hashes from. But that also means the server has to have the same representation in its memory. That's likely to duplicate work. It also has to compute a lot of hashes itself. And we still have a way in, it just got a tad costlier.
Maybe I'm missing something, but I don't think there's a way.
You're right, there is no bulletproof way (as I already conceded), but I thought interleaving the checksums was a neat technical trick -- cracking that is not as simple as returning pre-recorded...
You're right, there is no bulletproof way (as I already conceded), but I thought interleaving the checksums was a neat technical trick -- cracking that is not as simple as just stubbing out all the call-sites with dummy returns returning pre-recorded hashes. (Edit: I realized that stubbing out all the call-sites -- assuming you can find them -- would accomplish a crack...)
What I'm proposing looks more like hacking the function that determines the checksum.
The Gamasutra article I linked talks about that. The point is that the checksums cross-check each other so you can't modify one checksum calculation (to make it lie about the checksum) without modifying all others too, because they'll detect the modification of the first one. It's not bulletproof, but it takes time to crack.
File verification doesn't matter for a lot of types of cheats. For example, a lot of them access games' memory directly while the game is running and extract or manipulate data that the game...
File verification doesn't matter for a lot of types of cheats. For example, a lot of them access games' memory directly while the game is running and extract or manipulate data that the game itself would hide or not allow changing.
A lot of online games have issues with "position hacks" because the movement logic is all in the game itself and the server trusts the game client to tell it where the player moves. But if there isn't constant verification of player movement on the server side, a cheat can find the memory locations that correspond to the player's position/speed/etc. and modify them so the player can fly, move much faster than should be possible, walk through walls, etc. None of the game's files need to be modified for that, only values in memory while the game is running, and it's very difficult to monitor for values changing in ways they shouldn't be able to. Other cheats analyze or inject packets into the game's network traffic, or various other techniques that affect the game but don't need to touch its files.
That's exactly why they need to keep trying to get more privileges for anti-cheat, because then they can do things like monitor whether other applications are accessing the game's memory.
Do you think a technological solution is even worth it beyond the absolute basics? I.e. is it worth it for a game dev to participate in this arms race?
Do you think a technological solution is even worth it beyond the absolute basics? I.e. is it worth it for a game dev to participate in this arms race?
I think, like most security/abuse topics, it really depends on context and trying to find an appropriate balance of effectiveness for the amount of effort you put into it. It's inherently an arms...
I think, like most security/abuse topics, it really depends on context and trying to find an appropriate balance of effectiveness for the amount of effort you put into it. It's inherently an arms race, and there will almost always be some way of cheating for someone that's really determined to. So it depends how impactful the cheating is on the game (e.g. is it a competitive game? Does it ruin the game for other players?), as well as whether there are some relatively easy preventions you can do that will stop "casual" cheating and try to deal with the more sophisticated cases manually.
Someone correct me if I'm wrong, but calling this a 'kernel level driver' is extremely generous. This is malware and IMO should be referred to as such. I get that preventing cheaters is an ever...
Someone correct me if I'm wrong, but calling this a 'kernel level driver' is extremely generous. This is malware and IMO should be referred to as such.
I get that preventing cheaters is an ever evolving arms race, but this is just fucked up and an unacceptable move. Find another way. And if there isn't another way then take the L. Hacking your own fucking users is unacceptable.
"This isn’t giving us any surveillance capability we didn’t already have," Riot noted in its blog post (using language that isn't exactly comforting on its own). "If we cared about grandma’s secret recipe for the perfect Christmas casserole, we’d find no issue in obtaining it strictly from user-mode and then selling it to The Food Network. The purpose of this upgrade is to monitor system state for integrity (so we can trust our data) and to make it harder for cheaters to tamper with our games (so you can’t blame aimbots for personal failure)."
What the actual fuck?
A few days ago I was mildly curious about Valorant, but with this I'm leaning more toward 'never trust Riot again because they lack a fundamental respect for their own customers'
I've been following this story for a while and I am mostly confused about the things I keep hearing. An app working on a kernel level access doesn't sound good at all but I've never seen an...
I've been following this story for a while and I am mostly confused about the things I keep hearing. An app working on a kernel level access doesn't sound good at all but I've never seen an explanation of how bad this would be. In fact I even saw some comments on the internet comparing it to hardware drivers we've been using all the time. Which makes me curious about this driver even more.
Could someone explain to me how would someone be able to get this driver infected and how big would the severity of it would be? Like, if there was a zero day exploit, would someone in my game press a button to infect my computer with whatever malware they're planning to use on or would it require the user to click on phishing mails etc? In addition to this, how is this driver any different than any other anti-cheat system or hardware drivers and could someone also infect them in the same way vanguard could be affected?
I'm not a cyber security expert by any measure, but I do know some things. But not all my knowledge is 100% current, so it'll be good if an actual expert chimes in. There's a concept within cyber...
I'm not a cyber security expert by any measure, but I do know some things. But not all my knowledge is 100% current, so it'll be good if an actual expert chimes in.
There's a concept within cyber security called the 'principle of least privilege'. It's typically applied to people but the basic idea is that you only give people the minimum permissions they need in order to do their job. If someone is a regular user, they don't need to be able to manage the network firewall. Basically it comes down to trust and damage control. Do you trust your people with access to the system? Both in terms of their motives, but also in terms of their competence. And if something goes wrong, how bad is it? For example imagine your company has a super computer. If anyone can run anything they want on it with no oversight, your least tech savvy employees could cause a great deal of problems. But if only your highly trained specialists can use it, it's much less likely they're going to screw something up.
Basically it's sort of like the inverse of "With great power comes great responsibility" becomes "If you don't have great responsibility, you don't need great power".
Riot preventing cheating isn't some great and necessary task in the grand scheme of things. It just makes a video game more fun to play, and so the risk they're creating by doing this is disproportionate to the benefits. As opposed to the hardware drivers you're talking about that absolutely do need that level of access. The companies that work on hardware drives specialize in those sort of things and how to keep them secure. And even then they're not perfect and problems still arise.
As far as what it could do, that really depends. Assuming you trust Riot (more on that in a bit), you would only be worried about a 3rd party discovering an exploit. But not all exploits are the same in terms of how they can be exploited and what you can do with them. My understanding is that in the absolute worst case scenario, if someone discovered the right vulnerability, your game wouldn't even need to be open in order for them to take advantage of this and it could let them take full control of your system in a way that would be nearly impossible to detect or recover from. Other anti-cheat mechanisms run with much lower permissions, so even if they figured out an exploit, the damage would be much more limited.
As an analogy you have information in real life that you only trust to certain people. Like your social security number or your bank account information. If a Bad Person got their hands on that information, it could cause you real problems, but you do occasionally need to give it to people you Trust. For example, your bank knows both of those things and you Trust them to keep that information safe. Now imagine you hired a magician for your kids birthday party. That magician insists they need your bank account and social security number for [whatever made up reason, it's not important], but don't worry, they insist that information is safe with them. Do you give it to them? Fuck no. Because even if they are 100% on the level, even providing that information means that if they don't safe guard it, say they get robbed or they lose the notebook they wrote it down in, who knows who could end up with your personal information. It's just not worth the risk.
I hope that analogy made sense.
Now Riot specifically is owned by Tencent. I don't know about you, but I absolutely do not trust Tencent. So imagine back in our analogy that the magician we were talking about had a history of identity theft. You really, really wouldn't trust him with your personal info.
Odds are it'd be a way for privilege escalation, same as what happened with Sony's anti-CD-ripping rootkit. You get normal user-space malware that then exploits the anti-cheat's existence to gain...
Odds are it'd be a way for privilege escalation, same as what happened with Sony's anti-CD-ripping rootkit. You get normal user-space malware that then exploits the anti-cheat's existence to gain full control over your computer.
Not a ITSec guy either, but my hunch is that lower-level access primarily gives it more direct access to hardware. Any malware with that level of access can 1) put copies of itself into places...
Not a ITSec guy either, but my hunch is that lower-level access primarily gives it more direct access to hardware. Any malware with that level of access can 1) put copies of itself into places where it's hard to get rid of or even detect. and 2) directly manipulate hardware like malware usually couldn't. Maybe that includes physically break things? 3) Interfere with anything that runs with less privileges.
By what definition is it malware? There are probably lots of apps you use that rely on kernel modules that load during boot, Steam being one of them if you use Steam Link. Not to mention other...
By what definition is it malware? There are probably lots of apps you use that rely on kernel modules that load during boot, Steam being one of them if you use Steam Link. Not to mention other anti-cheat solutions.
People are now reporting that Vanguard is disabling all sorts of software and drivers on players' computers, including sound drivers, drivers necessary for their mouse and keyboard to work ("soft...
People are now reporting that Vanguard is disabling all sorts of software and drivers on players' computers, including sound drivers, drivers necessary for their mouse and keyboard to work ("soft bricking" their PC since they can no longer control it), fan-control software (with the potential to cause hardware damage), and more.
I'm not a security expert so I was actually hoping for more information regarding the Ring 0 thing, but I've been reading as much as I can about the stuff people are saying. I also am not for or against the game at this time since I'm still trying to collect information before I make a decision.
I'll try to summarize the important points/concerns (note that I'm not 100% sure on some of these and they aren't all directly related to Vanguard):
Riot Arkem's response:
I can't read this and take it seriously when I hear "ring 0".
I'm fairly conflicted though. It looks like overall they're doing things as correctly as you can ask them to, and their response was excellent overall. But urgh, requiring such a high level of permissions on a personal computer for an anticheat in a game is IMO going too far.
Really makes you wonder if technological anti-cheat is even worth it. I've toyed around with the idea of open source MMOs too, and the thought of an open-source anti-cheat that doesn't overreach just seems infeasible. All it takes is a cracked version of the kernel module that says "all is fine" whenever you ask it - for all I know.
I wonder how we'll do anticheat in the future. My bet is on making account creation sufficiently difficult that any ban will actually stick. If you asked for govt. ID for example (not that I endorse that), you could make sure a banned person stays banned. Sprinkle in some hierarchical community moderation for example, and you have yourself a reasonably solid system.
Sure. That's where file verification comes in.
The way I see it, you shouldn't be allowed to play an MMO (or any other multiplayer game) with an edited engine or any of its components. If you can verify all files using, say, hash (but not MD5, which is known to have critical security issues) at launch. Sure, it's gonna take time per launch – which is annoying, but something you as a player can live with if in return it gives you cheater-free gameplay.
Then again, I might be talking out of my ass here.
The easy way around that is to just have the hash algorithm always return the right checksum.
Say I'm evil. I build this software and record all the file integrity checksums. Then I make my modifications and edit the checksums to say "all is fine" anytime someone asks - that is: just hard-code the pre-recorded checksums into there. Bonus: It loads faster than anyone else's.
I'm currently unconvinced anything can be done to allow someone to run software on their own hardware and then trust that said software is authentic. All I can convince myself of is that you can demand and verify proof that the user is in possession of the authentic software - not that that's what they're running.
This is only tangentially related, but I thought it was fascinating: You can interleave multiple checksums to make it harder to modify any single one, which is what was done for the Spyro: Year of the Dragon copy protection:
(Source)
That said, even that was eventually cracked -- as you say, there is likely nothing that can be done to prevent user modifications once they are in possession of the binary.
Far as I can tell, that only really helps you if you're not just lying about the replies of the checksum algorithm, and only if the checksum algorithm is broken to begin with. A secure checksum algorithm will read all the data, compute the checksum and you won't be able to produce a different code that has the same sum, nevermind producing one that allows you to cheat.
What I'm proposing looks more like hacking the function that determines the checksum. So you'll have a function hash(section or slice or whatever) -> hashcode. I'll just write a variant that for every section simply has the correct code hard-coded. If we're talking always-online stuff, the server might ask you to initialize the hash with a random number, in which case you're going to have to replicate the computation. But that's no good either, because I'll just install a clean version and point the hash function to it.
Alright, but what if we run the hash on the representation of the program as it currently exists in RAM? Either the part of the representation we're looking at is static (in which case, precompute the hash or compute them from a dead copy on disk) or it is dynamic, in which case we're going to have to run a different install in parallel to extract the hashes from. But that also means the server has to have the same representation in its memory. That's likely to duplicate work. It also has to compute a lot of hashes itself. And we still have a way in, it just got a tad costlier.
Maybe I'm missing something, but I don't think there's a way.
You're right, there is no bulletproof way (as I already conceded), but I thought interleaving the checksums was a neat technical trick -- cracking that is not as simple as
just stubbing out all the call-sites with dummy returnsreturning pre-recorded hashes. (Edit: I realized that stubbing out all the call-sites -- assuming you can find them -- would accomplish a crack...)The Gamasutra article I linked talks about that. The point is that the checksums cross-check each other so you can't modify one checksum calculation (to make it lie about the checksum) without modifying all others too, because they'll detect the modification of the first one. It's not bulletproof, but it takes time to crack.
File verification doesn't matter for a lot of types of cheats. For example, a lot of them access games' memory directly while the game is running and extract or manipulate data that the game itself would hide or not allow changing.
A lot of online games have issues with "position hacks" because the movement logic is all in the game itself and the server trusts the game client to tell it where the player moves. But if there isn't constant verification of player movement on the server side, a cheat can find the memory locations that correspond to the player's position/speed/etc. and modify them so the player can fly, move much faster than should be possible, walk through walls, etc. None of the game's files need to be modified for that, only values in memory while the game is running, and it's very difficult to monitor for values changing in ways they shouldn't be able to. Other cheats analyze or inject packets into the game's network traffic, or various other techniques that affect the game but don't need to touch its files.
That's exactly why they need to keep trying to get more privileges for anti-cheat, because then they can do things like monitor whether other applications are accessing the game's memory.
Do you think a technological solution is even worth it beyond the absolute basics? I.e. is it worth it for a game dev to participate in this arms race?
I think, like most security/abuse topics, it really depends on context and trying to find an appropriate balance of effectiveness for the amount of effort you put into it. It's inherently an arms race, and there will almost always be some way of cheating for someone that's really determined to. So it depends how impactful the cheating is on the game (e.g. is it a competitive game? Does it ruin the game for other players?), as well as whether there are some relatively easy preventions you can do that will stop "casual" cheating and try to deal with the more sophisticated cases manually.
Cool, so let's solve one venue of game engine exploitation and move onto others, no?
Someone correct me if I'm wrong, but calling this a 'kernel level driver' is extremely generous. This is malware and IMO should be referred to as such.
I get that preventing cheaters is an ever evolving arms race, but this is just fucked up and an unacceptable move. Find another way. And if there isn't another way then take the L. Hacking your own fucking users is unacceptable.
What the actual fuck?
A few days ago I was mildly curious about Valorant, but with this I'm leaning more toward 'never trust Riot again because they lack a fundamental respect for their own customers'
I've been following this story for a while and I am mostly confused about the things I keep hearing. An app working on a kernel level access doesn't sound good at all but I've never seen an explanation of how bad this would be. In fact I even saw some comments on the internet comparing it to hardware drivers we've been using all the time. Which makes me curious about this driver even more.
Could someone explain to me how would someone be able to get this driver infected and how big would the severity of it would be? Like, if there was a zero day exploit, would someone in my game press a button to infect my computer with whatever malware they're planning to use on or would it require the user to click on phishing mails etc? In addition to this, how is this driver any different than any other anti-cheat system or hardware drivers and could someone also infect them in the same way vanguard could be affected?
I'm not a cyber security expert by any measure, but I do know some things. But not all my knowledge is 100% current, so it'll be good if an actual expert chimes in.
There's a concept within cyber security called the 'principle of least privilege'. It's typically applied to people but the basic idea is that you only give people the minimum permissions they need in order to do their job. If someone is a regular user, they don't need to be able to manage the network firewall. Basically it comes down to trust and damage control. Do you trust your people with access to the system? Both in terms of their motives, but also in terms of their competence. And if something goes wrong, how bad is it? For example imagine your company has a super computer. If anyone can run anything they want on it with no oversight, your least tech savvy employees could cause a great deal of problems. But if only your highly trained specialists can use it, it's much less likely they're going to screw something up.
Basically it's sort of like the inverse of "With great power comes great responsibility" becomes "If you don't have great responsibility, you don't need great power".
Riot preventing cheating isn't some great and necessary task in the grand scheme of things. It just makes a video game more fun to play, and so the risk they're creating by doing this is disproportionate to the benefits. As opposed to the hardware drivers you're talking about that absolutely do need that level of access. The companies that work on hardware drives specialize in those sort of things and how to keep them secure. And even then they're not perfect and problems still arise.
As far as what it could do, that really depends. Assuming you trust Riot (more on that in a bit), you would only be worried about a 3rd party discovering an exploit. But not all exploits are the same in terms of how they can be exploited and what you can do with them. My understanding is that in the absolute worst case scenario, if someone discovered the right vulnerability, your game wouldn't even need to be open in order for them to take advantage of this and it could let them take full control of your system in a way that would be nearly impossible to detect or recover from. Other anti-cheat mechanisms run with much lower permissions, so even if they figured out an exploit, the damage would be much more limited.
As an analogy you have information in real life that you only trust to certain people. Like your social security number or your bank account information. If a Bad Person got their hands on that information, it could cause you real problems, but you do occasionally need to give it to people you Trust. For example, your bank knows both of those things and you Trust them to keep that information safe. Now imagine you hired a magician for your kids birthday party. That magician insists they need your bank account and social security number for [whatever made up reason, it's not important], but don't worry, they insist that information is safe with them. Do you give it to them? Fuck no. Because even if they are 100% on the level, even providing that information means that if they don't safe guard it, say they get robbed or they lose the notebook they wrote it down in, who knows who could end up with your personal information. It's just not worth the risk.
I hope that analogy made sense.
Now Riot specifically is owned by Tencent. I don't know about you, but I absolutely do not trust Tencent. So imagine back in our analogy that the magician we were talking about had a history of identity theft. You really, really wouldn't trust him with your personal info.
Odds are it'd be a way for privilege escalation, same as what happened with Sony's anti-CD-ripping rootkit. You get normal user-space malware that then exploits the anti-cheat's existence to gain full control over your computer.
Not a ITSec guy either, but my hunch is that lower-level access primarily gives it more direct access to hardware. Any malware with that level of access can 1) put copies of itself into places where it's hard to get rid of or even detect. and 2) directly manipulate hardware like malware usually couldn't. Maybe that includes physically break things? 3) Interfere with anything that runs with less privileges.
By what definition is it malware? There are probably lots of apps you use that rely on kernel modules that load during boot, Steam being one of them if you use Steam Link. Not to mention other anti-cheat solutions.
Where is this quoted from? Please could we have the source?
The article you're in a thread for :P
And if that's not what you mean, then the article got it from here.
Yes that's the one, thank you - my fault for skim reading I really need to stop that.
What does that mean?
Take the loss. I assume they mean that Riot should remove Vanguard and try a different anti-cheat method.
Yeah, sorry. You're correct. The price is just too high to use this method. Do something else, even if it doesn't work as well.
Why capitalize the letter? Is there a superstition against mentioning loss in business circles?
No, it's just a phrase.
It's just slang but it tends to be capitalised when most people use it.
People are now reporting that Vanguard is disabling all sorts of software and drivers on players' computers, including sound drivers, drivers necessary for their mouse and keyboard to work ("soft bricking" their PC since they can no longer control it), fan-control software (with the potential to cause hardware damage), and more.
Riot made an official post today with more info: A Message About Vanguard From Our Security & Privacy Teams
Here's the HackerOne bounty page for Vanguard.