모든 토론 > Steam 포럼 > Suggestions / Ideas > 제목 정보
이 토론은 잠겼습니다.
Kerry 2022년 11월 16일 오후 1시 32분
2
Remove all Discord CDN links
The chat program Discord is a known dumping ground for malware and malicious bots, and is widely used for command and control of serious malware including credential stealers, ransomware, and other things. Some malware can even use Discord to crash other players' games.

Sophos, an anti-malware publisher and research group, reports that the greatest amount of malware they've found on the Discord Content Distribution Network is, quote: "credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs."

This means software that steals bank account info and Steam account info.

So by allowing games that link with Discord to run on Steam, ValveCorp is inadvertently putting their users and all the games on this platform at serious risk of catastrophic loss.

I believe that these games should be sanctioned or heavily restricted in their capability to link with Discord, and all links that lead to a Discord server should be considered a direct link to malware.

Source: https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse/

EDIT: I will not allow this thread to be derailed by any method. Attempts to bring up previous threads are obvious attempts to derail a thread and will be treated as such.

Each creator who makes a post that attempts to derail this thread will result in one singular chain of action:

Mute, block, report. You're not worthy of my time if you keep trying to derail the thread and troll me. You're not going to get a rise out of me.

EDIT: I'm sick and tired of some people (not naming names) being so stuck-up and closed-minded that they cannot admit that other people have different experiences.

The technically-impossible happens all the time. Just because YOU haven't seen it happen, doesn't mean weird crap doesn't happen!
Kerry 님이 마지막으로 수정; 2022년 11월 17일 오후 4시 44분
< >
599개 댓글 중 121-135개 표시
Leonardo Da Pinchi 2022년 11월 16일 오후 3시 13분 
Kerry Freeman님이 먼저 게시:
Leonardo Da Pinchi님이 먼저 게시:
Steam's automated message? Part of it is flood control, the other part is it scans against known websites on the whitelist vs known blacklisted sites.

It's not a malware scan. That's why most trade sites are censored, despite most of them not having actual malware on them.

Show some proof please, proof of it being a blacklist/whitelist thing.

If it was as you state, then Discord would be blacklisted because it's known to have viruses on it.
No, Discord is a community tool. Just because it's USED maliciously doesn't mean the program is malicious in and of itself. Especially since the program itself, isn't malicious.

And to prove it, all you'd need to do is make website that allows downloading but don't actively link to the download URL.

Steam doesn't just sit there and download every URL that's linked, and run a huge comprehensive virus scan. It blocks download URLs, and URLs of known/reported malicious sites.


Example would be youtube for example, I can freely link youtube videos, but still have malicious links in the video's description.
#121
Kerry 2022년 11월 16일 오후 3시 16분 
Leonardo Da Pinchi님이 먼저 게시:
Kerry Freeman님이 먼저 게시:

Show some proof please, proof of it being a blacklist/whitelist thing.

If it was as you state, then Discord would be blacklisted because it's known to have viruses on it.
No, Discord is a community tool. Just because it's USED maliciously doesn't mean the program is malicious in and of itself. Especially since the program itself, isn't malicious.

And to prove it, all you'd need to do is make website that allows downloading but don't actively link to the download URL.

Steam doesn't just sit there and download every URL that's linked, and run a huge comprehensive virus scan. It blocks download URLs, and URLs of known/reported malicious sites.


Example would be youtube for example, I can freely link youtube videos, but still have malicious links in the video's description.

Pardon me - Discord CDN links would be blacklisted.
Kerry 님이 마지막으로 수정; 2022년 11월 16일 오후 3시 16분
#122
Leonardo Da Pinchi 2022년 11월 16일 오후 3시 16분 
In fact, Steam doesn't censor many download URLs or host sites either. It allows mediafire links. Lol
#123
Kerry 2022년 11월 16일 오후 3시 17분 
Leonardo Da Pinchi님이 먼저 게시:
In fact, Steam doesn't censor many download URLs or host sites either. It allows mediafire links. Lol

True. Still though, all that does is prove my point - it's not blacklist/whitelist, otherwise mediafire, github and Discord CDN links would be blacklisted.

Also, Discord's CDN is used as a command, control, distribution and obfuscation tool.
Kerry 님이 마지막으로 수정; 2022년 11월 16일 오후 3시 20분
#124
Leonardo Da Pinchi 2022년 11월 16일 오후 3시 19분 
Kerry Freeman님이 먼저 게시:
Leonardo Da Pinchi님이 먼저 게시:
In fact, Steam doesn't censor many download URLs or host sites either. It allows mediafire links. Lol

True. Still though, all that does is prove my point - it's not blacklist/whitelist.
Actually, it is. Because, well, going by your standards. Since malware can be published easily on mediafire and linked to. It should be blocked completely, just like ALL discord links.
#125
Tito Shivan 2022년 11월 16일 오후 3시 19분 
Kerry Freeman님이 먼저 게시:
Yep! I'm also saying Steam should remove all Discord links in all threads as a matter of safety policy.
When talking security one has to be careful not to cut their whole arm because you broke your wrist.

Steam already includes a warning when following links to most outside sources. So people don't blindly follow harmful URLs.

Forbidding discord links won't stop the links from being shared, it just turns it into a game of cat and mouse (I know quite well after years of trying to keep the discussions clean of actual malware and scam URLs) And there comes the part of security hampering utility.

If we went the whole nine yards we'd be forbidding all form or hyperlinking from the discussions, because links to malware are at their core, well, links.

Discord is just the actual toy of choice. And the problem of fixing it relies on Discord itself, everything else are just bandages.
I'm old enough as to have seen malware being delivered from IRC links, to MSN messages, Skype chats, Steam chats and posts, Youtube videos, TeamSpeak messages, Tweets and now Discord chats.

Completely locking down the ability to refer to those services sacrifices way more utility than the level of protection it can provide. And it doesn't fix the problem of the service's responsability to clean house.

Kerry Freeman님이 먼저 게시:
Explain how I got hacked then, despite following every basic cybersecurity rule in the book.
You probably made a mistake you didn't even notice. It happens to the best. It only takes a single mistake and it's all downward from there.
#126
Leonardo Da Pinchi 2022년 11월 16일 오후 3시 21분 
Tito Shivan님이 먼저 게시:
Kerry Freeman님이 먼저 게시:
Yep! I'm also saying Steam should remove all Discord links in all threads as a matter of safety policy.
When talking security one has to be careful not to cut their whole arm because you broke your wrist.

Steam already includes a warning when following links to most outside sources. So people don't blindly follow harmful URLs.

Forbidding discord links won't stop the links from being shared, it just turns it into a game of cat and mouse (I know quite well after years of trying to keep the discussions clean of actual malware and scam URLs) And there comes the part of security hampering utility.

If we went the whole nine yards we'd be forbidding all form or hyperlinking from the discussions, because links to malware are at their core, well, links.

Discord is just the actual toy of choice. And the problem of fixing it relies on Discord itself, everything else are just bandages.
I'm old enough as to have seen malware being delivered from IRC links, to MSN messages, Skype chats, Steam chats and posts, Youtube videos, TeamSpeak messages, Tweets and now Discord chats.

Completely locking down the ability to refer to those services sacrifices way more utility than the level of protection it can provide. And it doesn't fix the problem of the service's responsability to clean house.

Kerry Freeman님이 먼저 게시:
Explain how I got hacked then, despite following every basic cybersecurity rule in the book.
You probably made a mistake you didn't even notice. It happens to the best. It only takes a single mistake and it's all downward from there.
Good old days of mIRC DCC and limewire.exe
#127
Kerry 2022년 11월 16일 오후 3시 22분 
Tito Shivan님이 먼저 게시:
Kerry Freeman님이 먼저 게시:
Yep! I'm also saying Steam should remove all Discord links in all threads as a matter of safety policy.
When talking security one has to be careful not to cut their whole arm because you broke your wrist.

Steam already includes a warning when following links to most outside sources. So people don't blindly follow harmful URLs.

Forbidding discord links won't stop the links from being shared, it just turns it into a game of cat and mouse (I know quite well after years of trying to keep the discussions clean of actual malware and scam URLs) And there comes the part of security hampering utility.

If we went the whole nine yards we'd be forbidding all form or hyperlinking from the discussions, because links to malware are at their core, well, links.

Discord is just the actual toy of choice. And the problem of fixing it relies on Discord itself, everything else are just bandages.
I'm old enough as to have seen malware being delivered from IRC links, to MSN messages, Skype chats, Steam chats and posts, Youtube videos, TeamSpeak messages, Tweets and now Discord chats.

Completely locking down the ability to refer to those services sacrifices way more utility than the level of protection it can provide. And it doesn't fix the problem of the service's responsability to clean house.

Kerry Freeman님이 먼저 게시:
Explain how I got hacked then, despite following every basic cybersecurity rule in the book.
You probably made a mistake you didn't even notice. It happens to the best. It only takes a single mistake and it's all downward from there.

Agreed. To all of this.

But even bandages help in some ways. It's a constant tug of war between malware and anti-malware.
Kerry 님이 마지막으로 수정; 2022년 11월 16일 오후 3시 24분
#128
Kerry 2022년 11월 16일 오후 3시 23분 
Leonardo Da Pinchi님이 먼저 게시:
Kerry Freeman님이 먼저 게시:

True. Still though, all that does is prove my point - it's not blacklist/whitelist.
Actually, it is. Because, well, going by your standards. Since malware can be published easily on mediafire and linked to. It should be blocked completely, just like ALL discord links.

And? You just proved my point AGAIN. If it were blacklist/whitelist, then ALL mediafire and Discord CDN links would be blocked completely.
Kerry 님이 마지막으로 수정; 2022년 11월 16일 오후 3시 24분
#129
Leonardo Da Pinchi 2022년 11월 16일 오후 3시 24분 
Kerry Freeman님이 먼저 게시:
Leonardo Da Pinchi님이 먼저 게시:
Actually, it is. Because, well, going by your standards. Since malware can be published easily on mediafire and linked to. It should be blocked completely, just like ALL discord links.

And? You just proved my point AGAIN. If it were blacklist/whitelist, then ALL mediafire and Discord CDN links would be blocked.
No, because neither have been reported as malicious. Funny that, huh?
#130
Kerry 2022년 11월 16일 오후 3시 26분 
Leonardo Da Pinchi님이 먼저 게시:
Kerry Freeman님이 먼저 게시:

And? You just proved my point AGAIN. If it were blacklist/whitelist, then ALL mediafire and Discord CDN links would be blocked.
No, because neither have been reported as malicious. Funny that, huh?

Can't imagine why that is - they're known malicious delivery systems.

Discord's CDN is the worst of these, because it's used as a command, control, distribution and obfuscation tool.
Kerry 님이 마지막으로 수정; 2022년 11월 16일 오후 3시 28분
#131
Leonardo Da Pinchi 2022년 11월 16일 오후 3시 28분 
Kerry Freeman님이 먼저 게시:
Leonardo Da Pinchi님이 먼저 게시:
No, because neither have been reported as malicious. Funny that, huh?

Can't imagine why that is - they're known malicious delivery systems.

Discord's CDN is the worst of these, because it's used as a command, control, distribution and obfuscation tool.
Steam itself can be considered a malicious delivery system. In fact, any system that lets you post links could be.

So, ban everything! Remove chat altogether!
#132
Kerry 2022년 11월 16일 오후 3시 29분 
Leonardo Da Pinchi님이 먼저 게시:
Kerry Freeman님이 먼저 게시:

Can't imagine why that is - they're known malicious delivery systems.

Discord's CDN is the worst of these, because it's used as a command, control, distribution and obfuscation tool.
Steam itself can be considered a malicious delivery system. In fact, any system that lets you post links could be.

So, ban everything! Remove chat altogether!

Steam doesn't allow uploads above a certain size. It also actively scans for malware in links, making it more secure.

Additionally, you can't use Steam chat to command, control and obfuscate malware like you can with Discord.
Kerry 님이 마지막으로 수정; 2022년 11월 16일 오후 3시 31분
#133
Leonardo Da Pinchi 2022년 11월 16일 오후 3시 31분 
Kerry Freeman님이 먼저 게시:
Leonardo Da Pinchi님이 먼저 게시:
Steam itself can be considered a malicious delivery system. In fact, any system that lets you post links could be.

So, ban everything! Remove chat altogether!

Steam doesn't allow uploads above a certain size.
No but it allows me to post URLs that link to sites that then link to malicious URLs.

Hell, those sites might even let me hyperlink so I can mask the URL as text.
#134
Mad Scientist 2022년 11월 16일 오후 3시 31분 
Kerry Freeman님이 먼저 게시:
Mad Scientist님이 먼저 게시:
You don't get hacked on Steam.

You willingly give away your account information; signing into 3rd party sites, "skin", "gambling", "trade" sites; all of them pretend to be legitimate in order to phish data, get the API Key onto your account, and steal users inventories randomly.

Else, you followed instructions from a scammer pretending to be someone, affiliated/with someone etc.

Again, You do not get "hacked" on Steam.
You're responsible for your accounts security.

I did none of those things. So again, explain how my first account got stolen.
User error if not on the above list.

Malware is a huge chance for those doing questionable downloads or clicking on questionable links, but most people blindly defend the sites I listed as "legitimate" even though they've become filtered from usernames half the time and are overly known to do exactly as stated.

Again You do not get "hacked" on Steam.
Without being able to check your drive(s) it is merely pointing out user error, like almost all compromised accounts.

Hacking isn't worth it when you can get gullible/greedy users to click stuff or download things.
#135
< >
599개 댓글 중 121-135개 표시
페이지당 표시 개수: 1530 50

모든 토론 > Steam 포럼 > Suggestions / Ideas > 제목 정보
게시된 날짜: 2022년 11월 16일 오후 1시 32분
게시글: 599
새로운 토론 시작

토론 규칙 및 지침