That’s not analyzing the code. Also almost assuredly steam does that. Finally that wouldn’t catch this since it was a back door, as long as the attacker didn’t use it it would not be detected by any automated means.
It’s not sarcastic. That’s exactly how most of these platforms work behind the scenes. They run automated, dynamic and static analysis against all the app code looking for potentially harmful signatures.
Nibodhika@lemmy.world 12 hours ago
KuroiKaze@lemmy.world 4 hours ago
That’s called cloaking and you are right that it’s not easy to find which is why you have to trip the payload with varied approaches. Reverse engineers generally are tipped off by suspicious code artifacts then start diving in. I guess the lesson here is that people really overestimated steam’s capabilities at keeping out bad stuff and you should definitely never install any game that you’re not familiar with.
AwesomeLowlander@sh.itjust.works 22 hours ago
Pretty sure Steam already does that. And no automated (or even manual) analysis is going to be 100% foolproof, or we wouldn’t be worrying about supply chain attacks in Linux. So that puts us back at square one.
KuroiKaze@lemmy.world 21 hours ago
Yeah that’s literally what I said. Seems like the previous guy didn’t understand that. I don’t know why anyone would downvote me for just explaining how it works.
AwesomeLowlander@sh.itjust.works 21 hours ago
I think because in the context of the discussion, you’re (probably unintentionally?) making it sound like Steam is at fault for not catching the malware.
KuroiKaze@lemmy.world 20 hours ago
I mean that’s explicitly what the document above says. They call it a colossal failure of valve to allow such incredibly brazen and malware to exist on their store. If you read the forensic analysis, the writers definitely are very much blaming valve for the breach.