Hi all,
While I see many complain about Steam, I rarely see one argument which is imho one of the most important ones : security. I mean your computer's security.
Back in the end of the 90s, Windows 98 was ruling the home PCs world (much to my dismay btw
), and the security model was weaker than nowadays (and the same applied to Apple's MacOS 9) : no privilege separation, no filesystem ACLs, to mention only these. When things changed with Windows XP, it took some time before most game developers, including MS Game Studios, finally adapted their games (MS Flight Simulator 2002 is an example).
The "new" (new in the home computing world only) security model boils down to two rules :
Failure to take that into account will make the program unable to run correctly, as long as the rules are enforced. While many game developers made the shift, some still didn't change their habits which is why some games didn't run as a non-admin user on XP. MS took that into account in their next OS version, Vista, where unprivileged attempts to write to the shared program files directory are transparently redirected to a per-user directory. Hence the... let's call it "unadapted" program still works, while the rules remain enforced. While MS said : "Developers must not rely on virtualization being present in subsequent versions of Windows", this method (called "User Account Control Virtualization" or UACV) is still used in Windows 7. Thanks to UACV, it remains possible to play, say, Heroes of Might and Magic III, or Europa Universalis III on Vista/7 without having to be an administrator (eventually if the program is installed outside C:\Program Files, UACV won't work by default and has to be activated explicitly on additional directories).
Time to come to the point now... There are different ways to react to rules, including security rules : accept them, ignore them, attack them. Steam chose the latter, actively breaking the two rules mentioned above, by :
That's why I installed Steam on my computer... and carefully removed it when I discovered this, and won't install it until this issue gets fixed. I don't have problems with DRMs as long as they don't spy on me and otherwise slip beyond their domain, and provided I can play my legitimately acquired games and other software... I perfectly understand the need for anti-piracy measures, and pay for all my games... but THIS, I won't accept.
While I see many complain about Steam, I rarely see one argument which is imho one of the most important ones : security. I mean your computer's security.
Back in the end of the 90s, Windows 98 was ruling the home PCs world (much to my dismay btw
), and the security model was weaker than nowadays (and the same applied to Apple's MacOS 9) : no privilege separation, no filesystem ACLs, to mention only these. When things changed with Windows XP, it took some time before most game developers, including MS Game Studios, finally adapted their games (MS Flight Simulator 2002 is an example).The "new" (new in the home computing world only) security model boils down to two rules :
- shared program files are read only for unprivileged users
- privileged users should do administrative tasks only
Failure to take that into account will make the program unable to run correctly, as long as the rules are enforced. While many game developers made the shift, some still didn't change their habits which is why some games didn't run as a non-admin user on XP. MS took that into account in their next OS version, Vista, where unprivileged attempts to write to the shared program files directory are transparently redirected to a per-user directory. Hence the... let's call it "unadapted" program still works, while the rules remain enforced. While MS said : "Developers must not rely on virtualization being present in subsequent versions of Windows", this method (called "User Account Control Virtualization" or UACV) is still used in Windows 7. Thanks to UACV, it remains possible to play, say, Heroes of Might and Magic III, or Europa Universalis III on Vista/7 without having to be an administrator (eventually if the program is installed outside C:\Program Files, UACV won't work by default and has to be activated explicitly on additional directories).
Time to come to the point now... There are different ways to react to rules, including security rules : accept them, ignore them, attack them. Steam chose the latter, actively breaking the two rules mentioned above, by :
- explicitly modifying the filesystem access control lists to grant "Full control" to everyone, no matter privileged or unprivileged
- creating a service (a program running with administrator privileges) listening to administrative requests coming from the unprivileged side of the force, bypassing the usual and necessary security checks
That's why I installed Steam on my computer... and carefully removed it when I discovered this, and won't install it until this issue gets fixed. I don't have problems with DRMs as long as they don't spy on me and otherwise slip beyond their domain, and provided I can play my legitimately acquired games and other software... I perfectly understand the need for anti-piracy measures, and pay for all my games... but THIS, I won't accept.
