I recently saw the game called “Bongo Cat” on Steam which monitors yours keystrokes and accordingly plays the bongo drums. I saw that it was not working properly on Wayland because it does not allow the game to record keystrokes from other apps.
This got me thinking; how does Steam Valve protect us from malware? I was searching for “steam games malware” on DDG and found out that there were a few incidents regarding this.
I understand that Steam probably has a robust mechanism for understanding game behavior but it’s kind of a black-box for us.
Is there any independent vulnerability checker for games? How paranoid should one be before downloading games from steam?
PS: I know that as Linux users, most attack vectors don’t work for us but it’s good to be aware just in case.
Edit: I need to clarify. I know Steam is just a game-launcher, it’s not supposed to protect the user after the game is installed. I meant to say how does Valve protect the user from malicious games? Is their mechanism known?
The default setting (at least for KDE) is to only send Meta, Control, Alt and Shift as well as any key you type while they are held.
There is also an option to disable it completely or send everything.
Aha OK. That’s better than I expected then! Thanks for that. Running KDE Plasma here and I know CTRL works because I use it as PTT in several apps over XWayland. I just assumed they allowed them all.
Cosmic has the same options.