I recently saw the game called “Bongo Cat” on Steam which monitors yours keystrokes and accordingly plays the bongo drums. I saw that it was not working properly on Wayland because it does not allow the game to record keystrokes from other apps.
This got me thinking; how does Steam Valve protect us from malware? I was searching for “steam games malware” on DDG and found out that there were a few incidents regarding this.
I understand that Steam probably has a robust mechanism for understanding game behavior but it’s kind of a black-box for us.
Is there any independent vulnerability checker for games? How paranoid should one be before downloading games from steam?
PS: I know that as Linux users, most attack vectors don’t work for us but it’s good to be aware just in case.
Edit: I need to clarify. I know Steam is just a game-launcher, it’s not supposed to protect the user after the game is installed. I meant to say how does Valve protect the user from malicious games? Is their mechanism known?
In general steam is going to run a .exe for a game, and as such that’s really going to be able to do anything a user process can do under windows (or linux if it has a dedicated linux binary). Steam doesn’t run games inside a sandbox. That includes prompting the user to elevate the process to admin, and if the user clicks yes, being able to do anything an admin level process can.
There may well be some pass/fail testing before they will list a game, and for sure if there were reports showing a game was doing something malware/illegal they would certainly investigate/remove games that breach this.
But, steam is not a protection in and of itself.
Forgive me as I haven’t used Windows to game in years, but people have to allow admin access to play games?
Usually not on every launch, but a lot of first time launch installers require it.
I would argue most don’t need it. But my point was that steam don’t (maybe cannot?) stop it. They run the .exe. If the exe asks for admin and the user grants it, they have admin. So a malicious “game” could definitely do this.
I guess… But maybe people shouldn’t grant admin access to the game they launched through Steam.
Then again, basic computer literacy seems to be at a premium these days…
Also windows shows that prompt way too often. Most people I know just click yes without thinking.
Mostly very old games and those with anticheat.