It’s not sarcastic. That’s exactly how most of these platforms work behind the scenes. They run automated, dynamic and static analysis against all the app code looking for potentially harmful signatures.
Dumb take. There are many ways to scan software without needing access to the source code.
Do you think retail antivirus providers approach every developer of every program version to request a copy of their source code for review before they can verify it’d safe?
Steam could easily gave automation the installs and runs games in a sandbox. Then watches what they do. The things it needed to do to steal the crypto should be vastly different than what a game should be allowed to do.
This isn’t foolproof. A lot of malware these days is resistant to analysis because they can detect that they’re running in a sandbox and refuse to run the malicioua code.
I chose not to spell out the full test. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
There are so many ways malware could get through that. What if it waits for a specific date or a certain amount of progress in the game? This automated sandbox probably wouldn’t be smart enough to beat the game, certainly not with as many games as they have.
I chose not to spell out the full test. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
I didn’t say it was easy. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
Malware creation and detection are billion dollar industries playing an eternal cat and mouse game with each other. These programs don’t just instantly try to steal every file the second they run.
I am decently versed in the game of cat and mouse. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
It had a password protected zip file in an update that hid the payload. That is pretty damn basic and would not have gotten past any retail antivirus program’s heuristic detection.
Chances are that Valve is treated as a ‘trusted publisher’ by Microsoft Defender and thus it bypassed the scan. The malware even payload explicitly checks that no retail antivirus was installed, and that Microsoft Defender was active, prior to attempting to extract and run its payload.
(See comments about for explicit details regarding the malware)
AwesomeLowlander@sh.itjust.works 2 weeks ago
Why so? Assuming this is the 1st complaint against the game, what was steam supposed to do in the past month?
kbobabob@lemmy.dbzer0.com 2 weeks ago
Obviously, Steam is supposed to vet the source code of every game thoroughly before it ever gets put up for sale.
AwesomeLowlander@sh.itjust.works 2 weeks ago
I wonder how many people are taking your statement at face value without recognising the sarcasm…
KuroiKaze@lemmy.world 2 weeks ago
It’s not sarcastic. That’s exactly how most of these platforms work behind the scenes. They run automated, dynamic and static analysis against all the app code looking for potentially harmful signatures.
pulsewidth@lemmy.world 2 weeks ago
Dumb take. There are many ways to scan software without needing access to the source code.
Do you think retail antivirus providers approach every developer of every program version to request a copy of their source code for review before they can verify it’d safe?
Modern_medicine_isnt@lemmy.world 2 weeks ago
Steam could easily gave automation the installs and runs games in a sandbox. Then watches what they do. The things it needed to do to steal the crypto should be vastly different than what a game should be allowed to do.
dafta@lemmy.blahaj.zone 2 weeks ago
This isn’t foolproof. A lot of malware these days is resistant to analysis because they can detect that they’re running in a sandbox and refuse to run the malicioua code.
Modern_medicine_isnt@lemmy.world 2 weeks ago
I chose not to spell out the full test. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
Die4Ever@retrolemmy.com 2 weeks ago
There are so many ways malware could get through that. What if it waits for a specific date or a certain amount of progress in the game? This automated sandbox probably wouldn’t be smart enough to beat the game, certainly not with as many games as they have.
Modern_medicine_isnt@lemmy.world 2 weeks ago
I chose not to spell out the full test. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
dogs0n@sh.itjust.works 2 weeks ago
It isn’t easy as you say.
If they could let us run games in a sandbox/virtualised area that would be amazing though. That’s a very big ask though.
I do know that xbox consoles run games in their own hyper-v vm which gives extra protections to us from most malicious code.
Obviously this would be hard for Steam to implement, but it would be a very nice measure.
Modern_medicine_isnt@lemmy.world 2 weeks ago
I didn’t say it was easy. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
ryathal@sh.itjust.works 2 weeks ago
Malware creation and detection are billion dollar industries playing an eternal cat and mouse game with each other. These programs don’t just instantly try to steal every file the second they run.
Modern_medicine_isnt@lemmy.world 2 weeks ago
I am decently versed in the game of cat and mouse. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
Nibodhika@lemmy.world 2 weeks ago
Have you seen the malware? It would have passed that test.
pulsewidth@lemmy.world 2 weeks ago
It had a password protected zip file in an update that hid the payload. That is pretty damn basic and would not have gotten past any retail antivirus program’s heuristic detection.
Chances are that Valve is treated as a ‘trusted publisher’ by Microsoft Defender and thus it bypassed the scan. The malware even payload explicitly checks that no retail antivirus was installed, and that Microsoft Defender was active, prior to attempting to extract and run its payload.
(See comments about for explicit details regarding the malware)
Modern_medicine_isnt@lemmy.world 2 weeks ago
Clearly it passed thier test. But it was not undetectable.