Is this deterrence? —
High-level security driver allegedly only runs when games are active, server-side protections also included.
Call of Duty’s comprehensive new anti-cheat system includes a potential olive branch for security-conscious players: It can’t access your PC’s private files—or so publisher Activision claims.
Announced Wednesday via the Call of Duty blog, the developers’ new suite of cheat-deterrent tools (called the Ricochet Anti-Cheat initiative) includes a kernel-level driver for PC that the publisher is claiming will only run when a Call of Duty game is active, as well as a host of server-side tools that the Call of Duty security team will use to monitor player behavior and respond accordingly. The Ricochet system will be required to play Call of Duty: Warzone and the upcoming WWII-based Call of Duty: Vanguard once the software is implemented in each game.
Assuming the publisher’s claims are true, the kernel driver—slated to be added to Warzone later this year—only performs active checks on software that tries to interact with or otherwise change its files when the game application is open and will turn off when players close out. Data from the driver will be used to analyze suspicious behavior and “assist in the identification of cheaters, reinforcing and strengthening the overall server security,” the blog says.
In other words, it allegedly won’t be constantly running in the background whenever your PC is on and can’t monitor or report data unrelated to Call of Duty files.
An implementation like this would be a significant shift away from the operating-system-wide, high-level security permissions seen in other kernel-level anti-cheat programs, like the Vanguard software (not to be confused with Call of Duty’s period-era sequel Vanguard), which Riot uses for Valorant. While the Vanguard anti-cheat client component also only operates while the game is running, it uses a “kernel-mode driver” that runs in the background as soon as you load Windows. (And even with Vanguard’s client component handling the majority of operations, an always-on kernel-level driver still hands the developer high-level security access to your PC and would leave you at the mercy of an exploit-savvy attacker until Riot’s security team could patch any breach, a process that could take hours.)
The blog post states that the Ricochet driver has been tested ac