Activision has finally revealed Ricochet: the long-awaited anti-cheat software that they’ll use to battle Call of Duty: Warzone‘s small army of hackers and cheaters.
While millions of gamers are celebrating this announcement, many others are already raising concerns regarding the privacy and security of Richochet and the implications of its kernel-level design.
You’re going to be hearing a lot of talk about Ricochet and what the anti-cheat software means for the future of Call of Duty, Warzone, and anti-cheat software in general, so let’s just take a step back and take a broad look at what the Ricochet anti-cheat controversy is about and whether or not you should be concerned.
When is Ricochet Launching For Call of Duty: Vanguard and Warzone?
Here is what Activision has to say about Ricochet’s launch:
“RICOCHET Anti-Cheat’s backend anti-cheat security features will launch alongside Call of Duty: Vanguard, and later this year with the Pacific update coming to Call of Duty: Warzone. In addition to server enhancements coming with RICOCHET Anti-Cheat is the launch of a new PC kernel-level driver, developed internally for the Call of Duty franchise, and launching first for Call of Duty: Warzone…The kernel-level driver will subsequently release for Call of Duty: Vanguard at a later date.”
The wording of that statement is a bit odd, but it basically sounds like at least some of Richochet’s anti-cheat features will launch alongside Vanguard on November 5. However, it seems like the “full” anti-cheat software won’t be available until closer to the time of Warzone‘s Pacific update, which doesn’t currently have a release date but is scheduled to be released sometime after Vanguard launches.
From there, it seems that the full version of the Ricochet software will later be made available for Vanguard.
What is Kernel Level Anti-Cheat Software?
Simply put, “kernel” is a somewhat loose term for the heart of your computer’s operating system. It’s basically the security and access permission seed from which the rest of your OS grows. It’s the foundation, the basis, the core, the highest level of access…really, it’s whatever word you want to use to help sell how fundamental it is to the operation of your OS and PC.
For our current purposes, though, what you really need to know is that granting anyone or anything kernel-level access to your computer is a potentially big deal. In theory, you’re essentially handing over the keys to your OS to whatever application you grant kernel-level access to. It’s the highest level of fundamental security access you can give to an outside program short of just handing your computer and all of your passwords over to someone (which, to be clear, would obviously be a worse move from a security perspective).
Despite the rising popularity of kernel-level anti-cheat software in recent years, kernel-level access is usually limited to a very specific series of programs that your PC typically depends on for base-level performances and functions. It’s still somewhat unusual for third-party, retail applications to request and be granted kernel-level access.
Now, I can already hear what you’re saying regarding that kind of doomsday perspective, and we will address those concerns in a second. However, there’s one thing we need to talk about first…
Why Does Ricochet and Other Anti-Cheat Software Use Kernel Level Access?
Let’s say you’re away on vacation and decide to hire a security guard to watch your house. However, you only grant them permission to stand outside the front door. Their presence may chase away some potential burglars, and nobody would be able to utilize the most obvious path into your home, but someone could still use the backdoor, sneak in through a window, etc.
The idea behind kernel-level anti-cheat software is that you’re instead granting that guard access to the interior of your house as well as granting them access to a variety of tools designed to help monitor as much of the house as possible. In theory, anti-cheat software with kernel access can see hacking software coming from any direction simply because it is able to at least have eyes on everything requesting permission to access your computer. In that sense, it’s more like having a security guard that exists from within the foundation of your home.
Does that sound great? Well, it can be a great thing, but it’s not a perfect solution. Not only is there no such thing as a 100% effective level of anti-cheat software (which we’ll get to in a bit), but there are inherent concerns with granting anyone or anything that kind of access to something that is valuable to you.
Why is Kernel Level Anti-Cheat Software a Security Concern?
Well, to be clear, it might be more accurate to say that kernel-level anti-cheat software is a potential security concern. Anytime you grant any outside element that level of access to something that’s important to you, you’re potentially exposing yourself to an increased level of risk. However, it doesn’t mean that you’re absolutely going to have a security problem.
Even if you’re relatively comfortable granting a company like Activision (or anyone else) that level of access, the fact is that a lot of people are not. Beyond being a simple trust concern, there’s also the idea that this level of anti-cheat software is, fundamentally, overkill and that it just opens the door to too many risks that are more significant than in-game hackers. Yes, people want to prevent hackers and cheaters, but there’s a debate over whether or not blocking hackers and cheaters is really worth granting an application that kind of access and even running the risk of making your computer more vulnerable to more malicious activity. Others just don’t want any third-party program to have that level of access at any time.
Besides, those concerns are more than hypothetical. In 2013, the ESEA revealed that a rogue employee was using their kernel-level software to turn users’ computers into Bitcoin mining machines. Valorant‘s Vanguard anti-cheat software was unintentionally blocking certain outside programs that shouldn’t have been blocked. Studies have also suggested that this kind of software could still be exploited by outsiders in order to turn a user’s OS against them or access sensitive information in other ways. We know that it is possible to exploit this kind of program.
Of course, that just brings us to the big question at the moment…
Is Call of Duty’s Ricochet Anti-Cheat Software Dangerous?
First off, nobody outside of Activision has gotten to use or properly analyze Ricochet yet, so pretty much everything we know about it at the moment is what we’re being told by Activision.
Having said that, it’s clear that Activision is aware that kernel-level anti-cheat software is a security concern in the minds of many. That’s why they went out of their way to promise that the “driver is not always-on” and that the “software turns on when you start Call of Duty: Warzone and shuts down when you close the game.”
Furthermore, they’ve noted that “the kernel-level driver only monitors and reports activity related to Call of Duty.” They’re clearly trying to reassure people that this software is not constantly monitoring your activity, isn’t always running, and doesn’t extend beyond Warzone (and, eventually, Call of Duty: Vanguard). It sounds like they’re really trying to do all the right things with this software or are at least saying all of the right things.
However, it must be said that the fact those security concerns are being addressed so openly is just verification of the fact that there are inherent security concerns that have to be addressed whenever you’re dealing with this kind of software. Activision even notes that “once the kernel-level driver is deployed; it will be required to play Warzone,” which really strikes at the heart of these general security concerns. Warzone is a free-to-play game that is about to hypothetically grant Activision kernel-level access to a lot of computers on some level for some amount of time on even some basic level. It’s important to realize that this is not the same as just giving your computer to Activision, but playing Warzone without this software enabled and with this software enabled are two very different prospects in a lot of ways.
Whether or not anything terrible will actually result from this software being implemented remains to be seen. However, this is a big step forward in terms of how comfortable we all might have to get with the idea of playing games with this kind of anti-cheat software enabled. There may be quite a few games that already use similar software, but Activision embracing kernel-level anti-cheat software in a free-to-play game that is as popular as Warzone really changes the conversation and opens this debate up to a new audience.
Will Ricochet Prevent Hackers From Cheating in Warzone?
Well, unless there is some incredible flaw in Richochet that we simply don’t know about yet, it really does seem like the software will “solve” the worst of Warzone‘s cheater problems. It will undoubtedly make hacking in Warzone significantly more difficult if not outright impossible for many.
Warzone is a cheater’s paradise at the moment. Yes, Activision and the CoD teams have made progress in that area and have banned quite a few cheaters over the years, but the fact is that Warzone was launched with some fundamental security vulnerabilities, and those vulnerabilities were always going to be there until Activision decided to implement some kind of anti-cheat software.
There is going to be a debate over whether or not they’ve compensated a bit too much by going this route, but it’s going to be especially fascinating to see whether or not Warzone‘s many hackers will find a way to fundamentally exploit this software or even just ignore it. Again, we’re talking about a large population of dedicated hackers who will almost certainly find a way around this software if they’re at all able to do so. Activision may have pulled out the biggest weapon they could use against hackers, but this move won’t necessarily end that war and could indeed lead to a much more significant battle.