Kernel Anti-Cheat Is an Overreach

zdw1 pts0 comments

Kernel Anti-Cheat Is an Overreach — No One's Happy

I want to preface this with the fact that I’m not a gamer. I’m game-curious, but I often lack the time to really devote. But a close friend of mine games pretty frequently and he brought me (a bit) up to speed recently. I hobbled together a computer from various parts (and then overpaid for a GPU), I got excited about spending some liesure time playing. But during the process I realized that in order to play many of the biggest games, you are forced to install a closed-source driver and provide root access to your operating system. So I decided to do some research and found that the owners of this anti-cheating software include a Chinese firm on a US defense list, a Saudi sovereign wealth fund, and a private-equity chain.

Furthermore, it hasn’t stopped cheating. They largely moved to external hardware that bypasses kernel anti-cheat.

What “kernel anti-cheat” means

These are ring-0 drivers. They run with the same privilege level as the Windows kernel, with full access to memory, processes, loaded drivers, the filesystem, and hardware. They are closed source so no one can review them; you can only review their policies. Multiple games (and some of the largest coming soon) now also require TPM 2.0 and Secure Boot, and use remote hardware attestation to confirm your machine’s boot state before letting you play.

Who owns them

Here’s a breakdown of the most prominent systems.

Anti-cheatOwner chainControl nationalityWhen it runsPopular titlesVanguardRiot Games → Tencent (100%)ChinaBoot-start driver by defaultValorant, League of Legends, Teamfight TacticsFACEIT / ESEAESL FaceIt → Savvy → Saudi PIFSaudi Arabia (state)Kernel driver records at all timesCS2 (FACEIT/ESEA ladders), Dota 2 (FACEIT)JavelinEA → PIF / Silver Lake / Affinity (pending CFIUS)US now → Saudi (prospective)Whole game sessionBattlefield 6 / REDSEC, EA SPORTS FC 26, Madden NFL 26, F1Easy Anti-Cheat (EAC)Epic Games (Tencent ~40%, no board seats)US (Chinese minority)At game launchFortnite, Apex Legends, Rust, Elden Ring, Dead by DaylightRICOCHETActivision → MicrosoftUnited StatesAt game launchCall of Duty: Warzone, Black Ops 6/7, Modern Warfare IIIDenuvo Anti-CheatIrdeto → MultiChoice → Canal+ (Bolloré)FranceVariesThe Finals, ARC Raiders*BattlEyeBattlEye Innovations (Bastian Suter)GermanyLaunch only, inert otherwisePUBG, Rainbow Six Siege, Destiny 2, Escape from Tarkov, DayZ<br>* ARC Raiders runs EAC plus Denuvo AC (added May 2026 after The Finals rollout), and Vanguard covers all Riot titles via the shared client.<br>Specifics:

Vanguard is owned outright by Tencent. [1] In January 2025 the US Department of Defense added Tencent to its list of “Chinese Military Companies.” [2] Vanguard’s vgk.sys is a boot-start driver that loads before most of Windows and stays resident whether or not you’re playing. [3]

FACEIT and (pending) Javelin both trace to Saudi Arabia’s Public Investment Fund, chaired by Mohammed bin Salman. PIF already owns FACEIT via Savvy Games, and FACEIT’s kernel driver records continuously. [4][5] The EA buyout ($55B) is still under US CFIUS review — the sticking point is player data — with an outside date of September 28, 2026. [6][7]

EAC is Epic’s, and Epic is roughly 40% Tencent, though Tencent gave up its board seats after a US antitrust objection. [8] EAC ships in 180+ games, which makes it the one most people are running without knowing it. [9]

RICOCHET (Call of Duty) is Microsoft’s, the most accountable owner here.

Denuvo Anti-Cheat now traces to France’s Canal+ (Vincent Bolloré), which acquired its parent, MultiChoice/Irdeto, in December 2025 — a chain often still misreported as Tencent-linked. [10]

BattlEye is the only one with no corporate or state parent — a German sole proprietorship. [11] It’s also the least invasive: it loads with the game and is otherwise inert. It is proof that a purpose-limited kernel anti-cheat is possible; the others simply chose differently.

Ownership matters because of what a controlling entity can be forced to do with that access. Under China’s 2017 National Intelligence Law (Article 7), organizations must “support, assist, and cooperate” with state intelligence work — and keep it secret. [12] Saudi Arabia offers a demonstrated precedent rather than a statute: in 2019 the US charged former Twitter employees with spying for the kingdom, using insider access to unmask anonymous dissidents, several of whom were later imprisoned. [13]

The United States has compulsion tools of its own — the CLOUD Act, FISA — so Microsoft is not beyond government reach either. The difference is oversight: these run through published law, warrants, and adversarial courts, and companies can report them in aggregate transparency reports, so US compulsion leaves a trail and can be challenged. [14]

What they collect

Independent analysis (ARES 2024, “If It Looks Like a Rootkit…”) tested these drivers: [15]

All of them exfiltrate system information.

EAC generates a...

anti kernel cheat games tencent faceit

Related Articles