Dumb take. There are many ways to scan software without needing access to the source code.
Do you think retail antivirus providers approach every developer of every program version to request a copy of their source code for review before they can verify it’d safe?
AwesomeLowlander@sh.itjust.works 1 week ago
I wonder how many people are taking your statement at face value without recognising the sarcasm…
KuroiKaze@lemmy.world 1 week ago
It’s not sarcastic. That’s exactly how most of these platforms work behind the scenes. They run automated, dynamic and static analysis against all the app code looking for potentially harmful signatures.
AwesomeLowlander@sh.itjust.works 1 week ago
Pretty sure Steam already does that. And no automated (or even manual) analysis is going to be 100% foolproof, or we wouldn’t be worrying about supply chain attacks in Linux. So that puts us back at square one.
KuroiKaze@lemmy.world 1 week ago
Yeah that’s literally what I said. Seems like the previous guy didn’t understand that. I don’t know why anyone would downvote me for just explaining how it works.
Nibodhika@lemmy.world 1 week ago
That’s not analyzing the code. Also almost assuredly steam does that. Finally that wouldn’t catch this since it was a back door, as long as the attacker didn’t use it it would not be detected by any automated means.
KuroiKaze@lemmy.world 1 week ago
That’s called cloaking and you are right that it’s not easy to find which is why you have to trip the payload with varied approaches. Reverse engineers generally are tipped off by suspicious code artifacts then start diving in. I guess the lesson here is that people really overestimated steam’s capabilities at keeping out bad stuff and you should definitely never install any game that you’re not familiar with.