I recently saw the game called “Bongo Cat” on Steam which monitors yours keystrokes and accordingly plays the bongo drums. I saw that it was not working properly on Wayland because it does not allow the game to record keystrokes from other apps.
This got me thinking; how does Steam Valve protect us from malware? I was searching for “steam games malware” on DDG and found out that there were a few incidents regarding this.
I understand that Steam probably has a robust mechanism for understanding game behavior but it’s kind of a black-box for us.
Is there any independent vulnerability checker for games? How paranoid should one be before downloading games from steam?
PS: I know that as Linux users, most attack vectors don’t work for us but it’s good to be aware just in case.
Edit: I need to clarify. I know Steam is just a game-launcher, it’s not supposed to protect the user after the game is installed. I meant to say how does Valve protect the user from malicious games? Is their mechanism known?
Rare time seeing the Wayland Feature protecting you from keystrokes.
Won’t protect you from a steam game, that runs in XWayland, which allows global hotkeys (and effectively I guess key monitoring). But yes, overall it’s a nice security feature.
Xwayland doesn’t have all keystroke access, though Plasma does have a feature that lets you do just that.
The default setting (at least for KDE) is to only send Meta, Control, Alt and Shift as well as any key you type while they are held.
There is also an option to disable it completely or send everything.
Oh yeah,I forgot about xwayland apps.
I saw that it was not working properly on Wayland because it does not allow the game to record keystrokes from other apps.
I did not know Wayland did this. That’s awesome.
Yeah, Wayland has a lot of security related things that makes your previous solutions not work. X11 was open and allowed you to do anything, but Wayland is secure, and we trade convenience for security.
Communication with other applications and system wide monitoring was easy for scripts in x11.
I understand that Steam probably has a robust mechanism for understanding game behavior
I mean maybe they run your game in a monitored environment and record what kinds of things you do behind the scenes, but that’s a lot to ask for for every game uploaded. I honestly very much doubt it.
As I understand it, Steam has a report feature on their store page for reporting games. Presumably that goes to a person that looks at it.
I think to upload games to Steam you also need to prove your identity. Which means if you do upload malware, then it’s easy to track you down.
Of course, that takes time and things can slip through the cracks. Steam games are still full programs that run on your computer and can do anything a regular program can do, there’s no sandboxing.
Treat them like you would apps on the Google Play store; assume that they’re mostly safe but also give additional scrutiny to ones with low review counts or AI generated images.
