I recently saw the game called “Bongo Cat” on Steam which monitors yours keystrokes and accordingly plays the bongo drums. I saw that it was not working properly on Wayland because it does not allow the game to record keystrokes from other apps.
This got me thinking; how does Steam Valve protect us from malware? I was searching for “steam games malware” on DDG and found out that there were a few incidents regarding this.
I understand that Steam probably has a robust mechanism for understanding game behavior but it’s kind of a black-box for us.
Is there any independent vulnerability checker for games? How paranoid should one be before downloading games from steam?
PS: I know that as Linux users, most attack vectors don’t work for us but it’s good to be aware just in case.
Edit: I need to clarify. I know Steam is just a game-launcher, it’s not supposed to protect the user after the game is installed. I meant to say how does Valve protect the user from malicious games? Is their mechanism known?
Won’t protect you from a steam game, that runs in XWayland, which allows global hotkeys (and effectively I guess key monitoring). But yes, overall it’s a nice security feature.
The default setting (at least for KDE) is to only send Meta, Control, Alt and Shift as well as any key you type while they are held.
There is also an option to disable it completely or send everything.
Aha OK. That’s better than I expected then! Thanks for that. Running KDE Plasma here and I know CTRL works because I use it as PTT in several apps over XWayland. I just assumed they allowed them all.
Cosmic has the same options.
Xwayland doesn’t have all keystroke access, though Plasma does have a feature that lets you do just that.
Oh yeah,I forgot about xwayland apps.