I recently saw the game called “Bongo Cat” on Steam which monitors yours keystrokes and accordingly plays the bongo drums. I saw that it was not working properly on Wayland because it does not allow the game to record keystrokes from other apps.
This got me thinking; how does Steam Valve protect us from malware? I was searching for “steam games malware” on DDG and found out that there were a few incidents regarding this.
I understand that Steam probably has a robust mechanism for understanding game behavior but it’s kind of a black-box for us.
Is there any independent vulnerability checker for games? How paranoid should one be before downloading games from steam?
PS: I know that as Linux users, most attack vectors don’t work for us but it’s good to be aware just in case.
Edit: I need to clarify. I know Steam is just a game-launcher, it’s not supposed to protect the user after the game is installed. I meant to say how does Valve protect the user from malicious games? Is their mechanism known?
There are two cases.
When you run a game, the game is allowed to monitor your input (up to some configuration), so you shouldn’t e.g. open a game and do online banking at the same time.
When the game installs a malicious software such that your input is monitored even when you’re not running the game, then you can only rely on the additional defense mechanism. However, this is similar to all other software.
I mean, once you invoke a game once outside a sandbox, all bets are off from that point on. It can modify your environment to do whatever from that point on. Like, it could, oh, modify your
~/.bashrcto invoke some keylogger binary that it drops off somewhere in your home directory. Just closing the game isn’t going to be a reliable mechanism for preventing malware in a game from dicking with the system after that point.One needs to trust a game like any other proprietary software. That seems like a good rule of thumb.