• We have updated our Community Code of Conduct. Please read through the new rules for the forum that are an integral part of Paradox Interactive’s User Agreement.

NovHak

Second Lieutenant
7 Badges
Jul 16, 2010
142
0
  • Cities in Motion
  • Europa Universalis III Complete
  • Heir to the Throne
  • Europa Universalis III Complete
  • Europa Universalis III Complete
  • 500k Club
  • Mount & Blade: Warband
Hi all,

While I see many complain about Steam, I rarely see one argument which is imho one of the most important ones : security. I mean your computer's security.

Back in the end of the 90s, Windows 98 was ruling the home PCs world (much to my dismay btw :) ), and the security model was weaker than nowadays (and the same applied to Apple's MacOS 9) : no privilege separation, no filesystem ACLs, to mention only these. When things changed with Windows XP, it took some time before most game developers, including MS Game Studios, finally adapted their games (MS Flight Simulator 2002 is an example).

The "new" (new in the home computing world only) security model boils down to two rules :

  1. shared program files are read only for unprivileged users
  2. privileged users should do administrative tasks only

Failure to take that into account will make the program unable to run correctly, as long as the rules are enforced. While many game developers made the shift, some still didn't change their habits which is why some games didn't run as a non-admin user on XP. MS took that into account in their next OS version, Vista, where unprivileged attempts to write to the shared program files directory are transparently redirected to a per-user directory. Hence the... let's call it "unadapted" program still works, while the rules remain enforced. While MS said : "Developers must not rely on virtualization being present in subsequent versions of Windows", this method (called "User Account Control Virtualization" or UACV) is still used in Windows 7. Thanks to UACV, it remains possible to play, say, Heroes of Might and Magic III, or Europa Universalis III on Vista/7 without having to be an administrator (eventually if the program is installed outside C:\Program Files, UACV won't work by default and has to be activated explicitly on additional directories).

Time to come to the point now... There are different ways to react to rules, including security rules : accept them, ignore them, attack them. Steam chose the latter, actively breaking the two rules mentioned above, by :
  1. explicitly modifying the filesystem access control lists to grant "Full control" to everyone, no matter privileged or unprivileged
  2. creating a service (a program running with administrator privileges) listening to administrative requests coming from the unprivileged side of the force, bypassing the usual and necessary security checks
That brings us back to W98 in terms of security model.

That's why I installed Steam on my computer... and carefully removed it when I discovered this, and won't install it until this issue gets fixed. I don't have problems with DRMs as long as they don't spy on me and otherwise slip beyond their domain, and provided I can play my legitimately acquired games and other software... I perfectly understand the need for anti-piracy measures, and pay for all my games... but THIS, I won't accept.
 

NovHak

Second Lieutenant
7 Badges
Jul 16, 2010
142
0
  • Cities in Motion
  • Europa Universalis III Complete
  • Heir to the Throne
  • Europa Universalis III Complete
  • Europa Universalis III Complete
  • 500k Club
  • Mount & Blade: Warband
Haha, hell no, but they surely weaken the operating system by attacking its security model. Because of this, cybercriminals have a higher chance to go deep into systems where Steam is running. If nothing changes, considering its success, chances are that this will be exploited sooner or later, which will ring inside quite a few heads as a tomorrows's hangover...
 

delra

Master of Orion
34 Badges
Jan 27, 2008
26.138
543
  • Europa Universalis IV
  • Victoria 2
There's a rumour out there that Facebook might buy Steam...
 

Shams

Corporate Paladin
70 Badges
Nov 9, 2009
1.509
113
  • 500k Club
  • Magicka
  • Heir to the Throne
  • Majesty 2 Collection
  • Hearts of Iron III
  • Divine Wind
  • Europa Universalis III Complete
  • Victoria 2: A House Divided
  • Victoria 2
  • Crusader Kings II
  • Victoria: Revolutions
  • Leviathan: Warships
  • The Kings Crusade
  • Europa Universalis III Complete
  • Majesty 2
  • March of the Eagles
  • Europa Universalis III Complete
  • Naval War: Arctic Circle
  • Prison Architect
  • Rome Gold
  • The Showdown Effect
  • Teleglitch: Die More Edition
  • Semper Fi
  • Sengoku
  • Ship Simulator Extremes
  • Sword of the Stars
  • Sword of the Stars II
  • Supreme Ruler 2020
  • Europa Universalis III
  • Arsenal of Democracy
  • Cities in Motion
  • Cities in Motion 2
  • Crusader Kings II: Legacy of Rome
  • Crusader Kings II: The Old Gods
  • Crusader Kings II: The Republic
  • Crusader Kings II: Sons of Abraham
  • Crusader Kings II: Sunset Invasion
  • Crusader Kings II: Sword of Islam
  • Darkest Hour
  • Dungeonland
  • Lead and Gold
  • Europa Universalis IV
  • Europa Universalis IV: Conquest of Paradise
  • For The Glory
  • For the Motherland
  • Gettysburg
  • Hearts of Iron III: Their Finest Hour
  • Impire
  • A Game of Dwarves
  • King Arthur II
There's a rumour out there that Facebook might buy Steam...

There is no chance in hell that FB could afford Valve.

/s
 

Teurlinx

Wicked
73 Badges
Feb 4, 2007
1.953
535
  • Crusader Kings III: Royal Edition
  • Stellaris: Federations
  • Crusader Kings III
  • Hearts of Iron IV: Expansion Pass
  • Cities: Skylines - Natural Disasters
  • Hearts of Iron IV: Field Marshal
  • Hearts of Iron IV: Colonel
  • Stellaris
  • Cities: Skylines - Snowfall
  • Cities: Skylines - After Dark
  • Stellaris - Path to Destruction bundle
  • Rise of Prussia
  • Pride of Nations
  • Hearts of Iron: The Card Game
  • Cities: Skylines
  • 500k Club
  • 200k Club
  • Rome: Vae Victis
  • Stellaris: Apocalypse
  • Stellaris: Lithoids
  • Stellaris: Ancient Relics
  • Prison Architect
  • Victoria 2: Heart of Darkness
  • Hearts of Iron IV: Expansion Pass
  • Hearts of Iron IV: Death or Dishonor
  • Heir to the Throne
  • Hearts of Iron III: Their Finest Hour
  • Hearts of Iron III
  • For the Motherland
  • For The Glory
  • Divine Wind
  • Europa Universalis III: Chronicles
  • Europa Universalis III
  • Europa Universalis III Complete
  • Deus Vult
  • Darkest Hour
  • Crusader Kings II: Sword of Islam
  • Crusader Kings II
  • Cities in Motion
  • Hearts of Iron II: Armageddon
  • Arsenal of Democracy
  • Europa Universalis: Rome
  • Victoria 2: A House Divided
  • Victoria 2
  • Sengoku
  • Semper Fi
  • Rome Gold
  • Victoria: Revolutions
  • Europa Universalis III Complete
  • Magicka
There is no chance in hell that FB could afford Valve.

/s

The only thing I could find was a 2011 estimate by Forbes of about $2 - $4 billion. How much did Facebook raise at their IPO again?

Still, couldn't even find a single rumour of Facebook interest in Valve / Steam.
 

comsubpac

Banned
76 Badges
Jul 23, 2009
12.176
3
  • Hearts of Iron II: Armageddon
  • Victoria 2: A House Divided
  • Victoria 2: Heart of Darkness
  • Semper Fi
  • Rome Gold
  • Victoria: Revolutions
  • March of the Eagles
  • Magicka
  • Hearts of Iron III: Their Finest Hour
  • Hearts of Iron III
  • For the Motherland
  • Divine Wind
  • Deus Vult
  • Crusader Kings II
  • Arsenal of Democracy
  • Darkest Hour
  • Europa Universalis 4: Emperor
  • Europa Universalis IV: Cossacks
  • Rome: Vae Victis
  • Europa Universalis IV: Rights of Man
  • Crusader Kings II: Reapers Due
  • 500k Club
  • Cities: Skylines
  • Hearts of Iron IV: Colonel
  • Hearts of Iron IV: Cadet
  • Crusader Kings II: Holy Knight (pre-order)
  • Stellaris
  • Europa Universalis IV: Mare Nostrum
  • Europa Universalis IV: El Dorado
  • Crusader Kings II: Way of Life
  • Pillars of Eternity
  • Europa Universalis IV: Common Sense
  • Cities: Skylines - After Dark
  • Europa Universalis IV
  • Crusader Kings II: Legacy of Rome
  • Crusader Kings II: The Old Gods
  • Crusader Kings II: Rajas of India
  • Crusader Kings II: The Republic
  • Crusader Kings II: Sons of Abraham
  • Crusader Kings II: Sunset Invasion
  • Crusader Kings II: Sword of Islam
  • Europa Universalis III
  • Victoria 2
  • Europa Universalis IV: Art of War
  • Europa Universalis IV: Conquest of Paradise
  • Europa Universalis IV: Wealth of Nations
  • For The Glory
  • Heir to the Throne
  • Naval War: Arctic Circle
  • Europa Universalis IV: Res Publica
Haha, hell no, but they surely weaken the operating system by attacking its security model. Because of this, cybercriminals have a higher chance to go deep into systems where Steam is running. If nothing changes, considering its success, chances are that this will be exploited sooner or later, which will ring inside quite a few heads as a tomorrows's hangover...

using a browser or even reading emails is as dangerous or most likely even more dangerous. does that stop you from using the internet?
i wouldn't be to concerned. no system is absolutely secure but as long as you keep your system up to date it is a negligible thread. its like driving a car: you know you could die and thats why you are driving carefully but you are still driving.