Prof.Jackie eredeti hozzászólása:

And you sure can give an example of the games with infected downloads, right?

Still waiting...

Prof.Jackie eredeti hozzászólása:

Prof.Jackie eredeti hozzászólása:

And you sure can give an example of the games with infected downloads, right?

Still waiting...
:profgenki:

there is none as nobody realizes steam screens games multiple times a day a dev nearly got his game removed because a glitch occurred inside of the game, the code was supposed to just play an ad for his newest project but it made it seem like it was malicious (this was after it got approved for upload) he quickly and swiftly fixed the issue

Even with my very limited knowledge about how tech and/or games work, I`m old enough to realize Steam wouldn`t last a hot minute if this were a fact. Kinda like oh, Elon saying "I`m making a Tesla that one can recharge with their cell phone. While, going down the road;-) wth?
just sayin

mathaniel eredeti hozzászólása:

Even with my very limited knowledge about how tech and/or games work, I`m old enough to realize Steam wouldn`t last a hot minute if this were a fact. Kinda like oh, Elon saying "I`m making a Tesla that one can recharge with their cell phone. While, going down the road;-) wth?
just sayin

That's it right there. Anything that is so completely illogical that it doesn't even make sense to anyone is obviously not true. Steam can't possibly distribute anything with a virus. The entire suggestion is completely absurd.

davidb11 eredeti hozzászólása:

espirito51 eredeti hozzászólása:

In the past two weeks downloading a game from STEAM is like Russian Roulette, you don't know if that game will also have a VIRUS attached. My computer has caught THREE attached to Steam Games. so customer beware. I've been with Steam for years and never had this problem before, but now apparently, their game screening is defunct.

I'm assuming this is a joke, because that is literally impossible.

Steam checks every file against 30 anti-viruses, and their HOSTING server checks it again, against even more anti-virus.

Please do not claim an impossible thing.

Viruses only come form other places.

How impossible is impossible by your standards?
Because incidents like https://www.eurogamer.net/cities-skylines-players-warned-to-check-for-malware-after-malicious-code-is-discovered-in-mods actually did and do happen.

davidb11 eredeti hozzászólása:

kingjames488 eredeti hozzászólása:

who says I'm talking about a glitch? there are "games" on steam that allow you to just run random code in them due to their design... and there aren't really any sort of checks in place as to if that code is malicious or not...

THat is not how games work.
Or any program works.
EVER.

No one would code that bad of a program.
It would be suicide.

It can be. It can be.
They could and would.
And it isn't.


The reason the Dark Souls multiplayer servers were taken down is because malicious clients could forge network requests that allowed them to execute arbitrary commands including opening up a command prompt on other clients on which they used the games' invasion mechanic.
Do you think people are angry at From software for exposing their machines to a massive back door? No. They're angry at them for taking the servers offline and preventing that back door from being used.


An example from further back in the past,
People originally gained access to the Nintendo Gamecube for homebrew purposes by sending forged network responses to the Phantasy Star Online game. PSO would execute an unchecked, unsigned binary blob download from the internet as a form of hot-patch.

It's actually not an uncommon design. Games like the Borderlands series use this type of hot-patching as well, iirc.


Or maybe you prefer an example hitting close to home and targeting Valve itself:
https://arstechnica.com/information-technology/2023/02/game-mode-exploits-high-severity-flaw-that-went-unpatched-in-dota-2-for-months/

mathaniel eredeti hozzászólása:

Even with my very limited knowledge about how tech and/or games work, I`m old enough to realize Steam wouldn`t last a hot minute if this were a fact.

Absolutely true.

mathaniel eredeti hozzászólása:

Kinda like oh, Elon saying "I`m making a Tesla that one can recharge with their cell phone. While, going down the road;-) wth?
just sayin

Well, to be honest... isn't that roughly the jist of all the stuff that Elon has been claiming over the last 10 years or so? ;) It sounds amazing, it has cool CGI and then 5 years later you suddenly realize... nothing happened.

Rio, none of those were ACTUAL games THEMSELVES as Viruses.
I will concede those events happened.

Mad Hatter eredeti hozzászólása:

I... the coding happens in the game right? I'm not sure how he thinks that creates vulnerabilities. I guarantee that the dev's response of "don't install shady sofware" was a soft response to him essentially admitting to getting the game from an unofficial source.

Start_Running eredeti hozzászólása:

Even if it did use Java script.. keep in mind the capabilityies of java script are limited to what the browser it runs in supports, There's not a whole lot Java script can do to your system./ Now if it was JAVA well that's another story.

And yeah I guess the dev did flag them for an jolly roger.

The capabilities of JavaScript are limited to the capabilities of its runtime environment.
Node.js and Electron are JavaScript runtimes that give unbridled system access at the same level as any normal native application.

If the game naively uses a full-fledged JavaScript runtime environment like Node.js and doesn't take the prerequisite steps to prevent said runtime from having access to e.g. the file system, then yes: that definitely opens up a few cans of worms.

Mainly wrt to being tricked into entering malicious code into the game's prompts as a copy&pasted solution to some in game problem.

Note that the developer told them: "people shouldn't run untrusted code," not "don't install shady software." Not running untrusted code can also mean not arbitrarily copying & pasting 'solutions' to ingame puzzle or challenges from others when you don't understand what their code actually is doing.

davidb11 eredeti hozzászólása:

Rio, none of those were ACTUAL games THEMSELVES as Viruses.
I will concede those events happened.

Moving the goalposts, I see.
Whether or not they are viruses or not themselves, is irrelevant to refuting the two claims you made.

Your first was that it is impossible for a game with a virus to land on Steam because Valve scans everything. Evidently that is not the case, because workshop mods can be infected with the equivalent of a trojan dropper and not raise red flags. (The Cities Skylines case was only found out about, because the developer themselves started investigating the modder in question for other reasons.)

Your second was that no game ever is created to allow executing arbitrary code. That they just don't work that way. And that if developers ever did do it, they would not get away with it.

And that is what the other examples refute.

RiO eredeti hozzászólása:

The reason the Dark Souls multiplayer servers were taken down is because malicious clients could forge network requests that allowed them to execute arbitrary commands including opening up a command prompt on other clients on which they used the games' invasion mechanic.
Do you think people are angry at From software for exposing their machines to a massive back door? No. They're angry at them for taking the servers offline and preventing that back door from being used.


An example from further back in the past,
People originally gained access to the Nintendo Gamecube for homebrew purposes by sending forged network responses to the Phantasy Star Online game. PSO would execute an unchecked, unsigned binary blob download from the internet as a form of hot-patch.

It's actually not an uncommon design. Games like the Borderlands series use this type of hot-patching as well, iirc.


Or maybe you prefer an example hitting close to home and targeting Valve itself:
https://arstechnica.com/information-technology/2023/02/game-mode-exploits-high-severity-flaw-that-went-unpatched-in-dota-2-for-months/

Exploits are not the same as viruses.

OP states he's downloading games and he's finding enough viruses being downloaded from games as to say it's a 'russian roulette'. It's not a case of 'someone made a malicious mod' (Anyone old enough to remember Garry's Mod knows about LUA scripting)

🦊Λℚ𝓤ΛƑΛᗯҜᔕ🦊 eredeti hozzászólása:

mathaniel eredeti hozzászólása:

Even with my very limited knowledge about how tech and/or games work, I`m old enough to realize Steam wouldn`t last a hot minute if this were a fact. Kinda like oh, Elon saying "I`m making a Tesla that one can recharge with their cell phone. While, going down the road;-) wth?
just sayin

That's it right there. Anything that is so completely illogical that it doesn't even make sense to anyone is obviously not true. Steam can't possibly distribute anything with a virus. The entire suggestion is completely absurd.

well steam is not perfect some will slip through which is why steam employees do test the games multiple times as well watching for any reports of sus activity effectively its unnoticeable you would have a very low chance of actually finding a virus filled game your more likely to get a bug that acts like a virus then a real one i am not disagreeing with everything its just more or less detailing steams own process

RiO eredeti hozzászólása:

It can be. It can be.
They could and would.
And it isn't.


The reason the Dark Souls multiplayer servers were taken down is because malicious clients could forge network requests that allowed them to execute arbitrary commands including opening up a command prompt on other clients on which they used the games' invasion mechanic.
Do you think people are angry at From software for exposing their machines to a massive back door? No. They're angry at them for taking the servers offline and preventing that back door from being used.


An example from further back in the past,
People originally gained access to the Nintendo Gamecube for homebrew purposes by sending forged network responses to the Phantasy Star Online game. PSO would execute an unchecked, unsigned binary blob download from the internet as a form of hot-patch.

It's actually not an uncommon design. Games like the Borderlands series use this type of hot-patching as well, iirc.


Or maybe you prefer an example hitting close to home and targeting Valve itself:
https://arstechnica.com/information-technology/2023/02/game-mode-exploits-high-severity-flaw-that-went-unpatched-in-dota-2-for-months/

We found the Epic Games Employee trying to say negative things about Steam to make steam look bad. Just as I forewarned in a previous post. And yet here you are blatantly doing exactly what I warned about. And they said no one would do that. But yet here you are. Doing exactly that. Just a suggestion for the future: If you write comments trying to slander Steam you might want to be a little less obvious in the way you write your words.

Alex eredeti hozzászólása:

well steam is not perfect some will slip through which is why steam employees do test the games multiple times as well watching for any reports of sus activity effectively its unnoticeable you would have a very low chance of actually finding a virus filled game your more likely to get a bug that acts like a virus then a real one i am not disagreeing with everything its just more or less detailing steams own process

Nope. It is not possible for any actual game on steam to ever "slip through". There are too many protections at play to prevent exactly that from happening. Steam never has and never will directly distribute any actual game with any virus in it. It is not human-checked. It is all automated to remove the human factor from possibly permitting something to go through.

RiO eredeti hozzászólása:

Mad Hatter eredeti hozzászólása:

I... the coding happens in the game right? I'm not sure how he thinks that creates vulnerabilities. I guarantee that the dev's response of "don't install shady sofware" was a soft response to him essentially admitting to getting the game from an unofficial source.

Start_Running eredeti hozzászólása:

Even if it did use Java script.. keep in mind the capabilityies of java script are limited to what the browser it runs in supports, There's not a whole lot Java script can do to your system./ Now if it was JAVA well that's another story.

And yeah I guess the dev did flag them for an jolly roger.

The capabilities of JavaScript are limited to the capabilities of its runtime environment.
Node.js and Electron are JavaScript runtimes that give unbridled system access at the same level as any normal native application.

If the game naively uses a full-fledged JavaScript runtime environment like Node.js and doesn't take the prerequisite steps to prevent said runtime from having access to e.g. the file system, then yes: that definitely opens up a few cans of worms.

Mainly wrt to being tricked into entering malicious code into the game's prompts as a copy&pasted solution to some in game problem.

Note that the developer told them: "people shouldn't run untrusted code," not "don't install shady software." Not running untrusted code can also mean not arbitrarily copying & pasting 'solutions' to ingame puzzle or challenges from others when you don't understand what their code actually is doing.

davidb11 eredeti hozzászólása:

Rio, none of those were ACTUAL games THEMSELVES as Viruses.
I will concede those events happened.

Moving the goalposts, I see.
Whether or not they are viruses or not themselves, is irrelevant to refuting the two claims you made.

Your first was that it is impossible for a game with a virus to land on Steam because Valve scans everything. Evidently that is not the case, because workshop mods can be infected with the equivalent of a trojan dropper and not raise red flags. (The Cities Skylines case was only found out about, because the developer themselves started investigating the modder in question for other reasons.)

Your second was that no game ever is created to allow executing arbitrary code. That they just don't work that way. And that if developers ever did do it, they would not get away with it.

And that is what the other examples refute.

rio he did't move the goal post the goal post was at games and alot of what you are talking about is irreverent modding and exploiting are completely different those aren't on steam those more on devs and trusting modders, because when you are modding you should always know this modding is always going to be dangerous and its harder to screen then an entire game because it has more freedom not only that the people who are going to take advantage are skilled enough to know how to mod it in a way that's hard to detect on certain passes

Alex eredeti hozzászólása:

rio he did't move the goal post the goal post was at games and alot of what you are talking about is irreverent modding and exploiting are completely different those aren't on steam those more on devs and trusting modders, because when you are modding you should always know this modding is always going to be dangerous and its harder to screen then an entire game because it has more freedom not only that the people who are going to take advantage are skilled enough to know how to mod it in a way that's hard to detect on certain passes

Steam workshop is a thing that is on steam, hosted by steam. Mods in the steam workshop are downloaded from steam's servers. To be clear also: That blog they quoted earlier in this thread and the actual mods in question never had a virus in them. They only did other behaviors which violated the steam rules and that's why they were canned.

🦊Λℚ𝓤ΛƑΛᗯҜᔕ🦊 eredeti hozzászólása:

RiO eredeti hozzászólása:

It can be. It can be.
They could and would.
And it isn't.


The reason the Dark Souls multiplayer servers were taken down is because malicious clients could forge network requests that allowed them to execute arbitrary commands including opening up a command prompt on other clients on which they used the games' invasion mechanic.
Do you think people are angry at From software for exposing their machines to a massive back door? No. They're angry at them for taking the servers offline and preventing that back door from being used.


An example from further back in the past,
People originally gained access to the Nintendo Gamecube for homebrew purposes by sending forged network responses to the Phantasy Star Online game. PSO would execute an unchecked, unsigned binary blob download from the internet as a form of hot-patch.

It's actually not an uncommon design. Games like the Borderlands series use this type of hot-patching as well, iirc.


Or maybe you prefer an example hitting close to home and targeting Valve itself:
https://arstechnica.com/information-technology/2023/02/game-mode-exploits-high-severity-flaw-that-went-unpatched-in-dota-2-for-months/

We found the Epic Games Employee trying to say negative things about Steam to make steam look bad. Just as I forewarned in a previous post. And yet here you are blatantly doing exactly what I warned about. And they said no one would do that. But yet here you are. Doing exactly that. Just a suggestion for the future: If you write comments trying to slander Steam you might want to be a little less obvious in the way you write your words.

Alex eredeti hozzászólása:

well steam is not perfect some will slip through which is why steam employees do test the games multiple times as well watching for any reports of sus activity effectively its unnoticeable you would have a very low chance of actually finding a virus filled game your more likely to get a bug that acts like a virus then a real one i am not disagreeing with everything its just more or less detailing steams own process

Nope. It is not possible for any actual game on steam to ever "slip through". There are too many protections at play to prevent exactly that from happening. Steam never has and never will directly distribute any actual game with any virus in it. It is not human-checked. It is all automated to remove the human factor from possibly permitting something to go through.

again as someone who's been reading into programming this false infact there has been clear cases were steam had missed something steam is not perfect you can't exactly perfect the impossible its always an arms race to see who can get there first (hence why we have people that try to [legally] find vulnerabilities and report them to the correct authorities so they patch that out and even then something is going slip through to some degree of severity)

Alex eredeti hozzászólása:

infact there has been clear cases were steam had missed something

Please provide us with a direct link to a source on the internet showing a steam game that contained a virus. If you are going to claim something then back it up.