Steam runs as a service not an app hence why it needs permissions and why it tries to repair itself.

If Steam had admin only privileges then you'd have to go through a UAC prompt every time Steam updates.

By the way, if you were security conscious you'd know that Windows 7 isn't receiving any more patches and thus is getting more vulnerable.

Hi there Kusa. Not trying to be an argumentative jackass here :) - to to clear, heh.

So.. are you saying that because it needs to update itself it needs those unsafe permissions? Because many Windows apps want to update themselves and they manage achieve that without resorting to full permissions on Steam folder. And some of these apps include an update service (e.g. Adobe Acrobat and Firefox) which allows the app to update without any need for users to deal with the Windows UAC dialog. I believe the Windows TrustedInstaller Security Principle attached to the ACL of the app's folder is big part of this.

Bottom line: If I can go in there and alter files in C:\Program Files (x86)\Steam, then what stops a piece of malware from doing so?

Safe browsing practices stops that in its tracks, believe it or not...

No s--- Sherlock :)

Serious Steam... I can't say the s--- word? Sigh.

you can go in and delete your whole ass C drive if you wanted to, what's your point lol

also, someone still on windows 7 is not the most security minded :)

Originally posted by Nish:

you can go in and delete your whole ass C drive if you wanted to, what's your point lol

also, someone still on windows 7 is not the most security minded :)

I've been without updates on my Windows 7 system for over 4 years.

Gosh: look at me, *not having any malware or keyloggers or other problems* because *I DO PRACTICE SAFE BROWSING.*

It honestly is that simple.

Sigh... I knew this would get off topic.

Originally posted by Zekiran:

Originally posted by Nish:

you can go in and delete your whole ass C drive if you wanted to, what's your point lol

also, someone still on windows 7 is not the most security minded :)

I've been without updates on my Windows 7 system for over 4 years.

Gosh: look at me, *not having any malware or keyloggers or other problems* because *I DO PRACTICE SAFE BROWSING.*

It honestly is that simple.

Ever heard of a worm?

Yup.

And they don't show up when you don't do stupid crap online.

My point is that this isn't an issue.

maybe you didn't know that legit websites ARE sometimes taken over by bad actors who then use the legit website to infect a pc.
https://www.google.com/amp/s/heimdalsecurity.com/blog/malicious-websites/amp/
76% of websites contain security flaws, 9% contain serious flaws.
ads can also be hijacked and a hijacked ad can appear on any website and a compromised website can domain shadow you.
https://us.norton.com/internetsecurity-emerging-threats-thousands-of-websites-have-been-compromised-with-malicious-code.html is something else for you to read up on and learn a bit.

not browsing dangerous sites is the most basic beginner level of keeping safe. its the starter level and your advice is water is wet level information.

your answer is incorrect because there are many ways for this stuff to infect a pc other than safe browsing and downplays the risks completely. your dismissive attitude toward security risks is dangerous.

Originally posted by Retrotronic:

Hi there Kusa. Not trying to be an argumentative jackass here :) - to to clear, heh.

So.. are you saying that because it needs to update itself it needs those unsafe permissions? Because many Windows apps want to update themselves and they manage achieve that without resorting to full permissions on Steam folder. And some of these apps include an update service (e.g. Adobe Acrobat and Firefox) which allows the app to update without any need for users to deal with the Windows UAC dialog. I believe the Windows TrustedInstaller Security Principle attached to the ACL of the app's folder is big part of this.

Bottom line: If I can go in there and alter files in C:\Program Files (x86)\Steam, then what stops a piece of malware from doing so?

Malware and viruses are designed to compromise a system. Malware gets on a system because people choose to browse the web for and download compromised software and install it.

I have used Steam for 15+ years and in all that time Steam has never been compromised neither has any Windows version and system.


My system is Windows 10 but I used Windows 7 in the past.

This is how my system was setup in 7 and now 10.

C: Windows, drivers, and any program which requires been installed on this drive.

D: Everything else including Steam.


Steam is installed in two locations.

C:\Program Files (x86)\Common Files\Steam

D:\Program Files (x86)\Steam


Located in C:\Program Files (x86)\Common Files\Steam are the following files.

secure_desktop_capture.exe - SteamService.dll and SteamService.exe.


Steam runs as a service and is set to run manually from services with the path reading:

"C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService


When you run Steam this triggers and the secure_desktop_capture.exe is invoked.

This service shuts down when you close Steam.

Originally posted by Kusa:

Malware gets on a system because people choose to browse the web for and download compromised software and install it.

if you put the word 'SOME' on the front of that you would be correct.

there is lots of ways you can get malware.

Originally posted by endrsgm:

Originally posted by Kusa:

Malware gets on a system because people choose to browse the web for and download compromised software and install it.

if you put the word 'SOME' on the front of that you would be correct.

there is lots of ways you can get malware.

I am well aware of how malware and viruses function and how they get on systems.

That still does not invalidate the point i raised.

Compromised software is the easiest way for malware and viruses to embed themselves in your system.

part of your point. but sorry, malware gets on your system in lots of ways and not just dodgy sites or downloading sketchy stuff. it's evolved wayyyy past that.

most websites (by far) have security holes exploited by bad actors. they inject malware. everyone going to that site can get it. not just gambling or porn or illegal downloads but mainstream sites that get hit.

That part of your post was very incorrect. just being on the Internet is a risk now and even edu and gov sites have been known to be hijacked and used to pass malicious code and malware.

being concerned about high permission apps and programs is completely logical.