Exactly. This is not a type I need. My kernel does not need to be invaded. It’s literally enabling spyware and you’d never know it.

Do I believe it? I don’t know. But it’s possible and I’d never know, so fuck that.

1. ESEA Bitcoin miner incident (2013) In April 2013 ESEA (a third-party matchmaking + anti-cheat service) had a built-in bitcoin-miner component in their client. It was discovered by users in May. � XDA Developers +1 Because the ESEA client ran with high privileges (as a driver/anti-cheat style client), the mining component was harder to detect and harder to remove compared to normal user-mode software. � XDA Developers The company settled for a $1 M payout. � Lesson: Granting deep OS access to a client means if it goes rogue (or is malicious) you get real damage (mining, rootkit-like behaviour, etc). XDA Developers
2. Riot Vanguard (for VALORANT) and related complaints Vanguard is the kernel-level anti-cheat used by Riot Games in VALORANT. � Wikipedia +1 It has drawn criticism for its always-running behaviour (some users report it loads at boot even before the game). � Gist +1 Some users report system instability (blue screens) after installation. � Lesson: Even if the anti-cheat isn’t malicious per se, because it’s so deep, any defect or compatibility issue can cause system-wide pain (crashes, instability). XDA Developers
3. Theoretical/privacy risk: drivers acting like rootkits Academic work (“If It Looks Like a Rootkit…”) analyses KLAC and finds that some solutions behave very similarly to rootkits: intercepting kernel calls, hiding modules, monitoring broad system activity. � arXiv Articles note that allowing game companies to insert drivers at boot time that monitor “outside the game” sets a “potentially dangerous precedent”. � Lesson: Even when everything is “legal”, the architectural model has intrinsic risk: trusted code has extremely high privileges; if trust is misplaced (malicious dev, insider threat, compromise) you have huge exposure. How-To Geek
4. Example of “residual services” / bad uninstall behaviour A Steam forum post (for game “Delta Force (2025 video game)”) reported that the anti-cheat driver “ACE-BASE / AntiCheatExpert” remained active even after game uninstall, caused conflicts, etc. � Lesson: When kernel-level drivers aren’t cleanly managed/uninstalled, they can linger as “shadow” privileged components, increasing risk surface. Steam Community
5. Corporate/State concerns & data-privacy An article points out that KLAC by its nature has full system visibility (“what this means is that this type of spyware can exfiltrate sensitive information…”) and calls out potential misuse—especially worrying when combined with acquisitions or state-influence (e.g., the purchase of a KLAC-provider by a sovereign entity). � Lesson: Beyond just “can it crash my PC”, there’s question of what else the driver could observe (system activity, other processes, telemetry) and whether user has meaningful control.