> The issue is that software running in the kernel can unintentionally enable vulnerabilities
You're not wrong, but there is some strong irony there regarding Vanguard. When it first launched its driver would block certain other drivers from loading, because those other drivers had known vulnerabilities that cheats (or anything else) could use to escalate from usermode to kernelmode without touching any of the standard entrypoints that are monitored by anticheats.
Would you be surprised to learn that the main response was for gamers to get angry at Vanguard for breaking their RGB keyboard driver, rather than get angry at the manufacturer of their RGB keyboard for shipping a buggy driver with critical security vulnerabilities? And Microsoft ended up adding a very similar driver blacklist to Windows itself later, because it's a good idea.
You're not wrong, but there is some strong irony there regarding Vanguard. When it first launched its driver would block certain other drivers from loading, because those other drivers had known vulnerabilities that cheats (or anything else) could use to escalate from usermode to kernelmode without touching any of the standard entrypoints that are monitored by anticheats.
Would you be surprised to learn that the main response was for gamers to get angry at Vanguard for breaking their RGB keyboard driver, rather than get angry at the manufacturer of their RGB keyboard for shipping a buggy driver with critical security vulnerabilities? And Microsoft ended up adding a very similar driver blacklist to Windows itself later, because it's a good idea.