I recently saw the game called “Bongo Cat” on Steam which monitors yours keystrokes and accordingly plays the bongo drums. I saw that it was not working properly on Wayland because it does not allow the game to record keystrokes from other apps.
This got me thinking; how does Steam Valve protect us from malware? I was searching for “steam games malware” on DDG and found out that there were a few incidents regarding this.
I understand that Steam probably has a robust mechanism for understanding game behavior but it’s kind of a black-box for us.
Is there any independent vulnerability checker for games? How paranoid should one be before downloading games from steam?
PS: I know that as Linux users, most attack vectors don’t work for us but it’s good to be aware just in case.
Edit: I need to clarify. I know Steam is just a game-launcher, it’s not supposed to protect the user after the game is installed. I meant to say how does Valve protect the user from malicious games? Is their mechanism known?
Thanks for the detailed response.
I guess if I’m not using Flatpak, the games have access to my entire home directory. Sounds a bit risky, but I trust that Valve is testing the games before releasing the game to the store.
But this seems like a single point of failure.
I have no idea whether they try to audit for malware, but even if they do, it would be difficult to identify malware from just invoking a binary. It’s not uncommon for malware to only become active under specific conditions, precisely to make it harder to identify.