Is Steam is no longer safe?

[Helstrom]

After the release of the HL2 source code, which contained the Steam source code as well, I will not use Steam again until which time I feel that VALVe has secured it sufficiently, and I sure as hell won't buy anything on it.

It's easy for me to make this decision, as I only play CS once in a while but I fear for the people who play CS all the time and are forced to play it through Steam. I might just be paranoid but until VALVe comes out with the offical HL2 game I won't trust Steam for jack squat.

;(

 

[soman]

I am not using it at the moment at all. The source code or parts of it atleast are out for anyone to view. This is a very easy way to see where you can use for malicious reasons.

I dont think anyone will spread viruses but my CC details wont be going to Steam.

 

[-AnthraX-]

We will soon find out if its safe or not m8, but i hope it is nice and secure, even if its not, i'm sure VALVe will fix it

 

[Typhon]

if it was truelly a risk, valve would shut it down. I know that sounds extreme, but they would be negligent if the risk was there and they didnt.

 

[Epsi]

If all the Steam source code (most importantly the server code) was leaked with HL2, then that doesn't necessarily make it more insecure. As long as it was programmed in the first place to withstand buffer overflows etc. It should be as secure now as it was before.

As an example, have a look at the apache/php/linux server combination. That's all open source, but you can still run secure servers with it.

 

[Spacemonkey]

Alot of Dx9 and Dx8 code was in the source. Code I have not seen in the Directx SDK's. I can only assume its priopreity code form microsoft. Also in the code was alot and I mean ALOT of previous quake engine code.

So if your worried about steam. Worry about any game on the quake engines. And also worry about any game using directx.

*puts tinfoil hat on*

Now I am going to ramble cause this place needs some.... less ignorance.

Software security used to be about security through obscurity. No-one would see the source, all they get is the compiled version, so you could write very loose code and get away with it. However with the internet and a faster computers and greater interconnectivity nothing is very "obscure" anymore. Most software development in most fields is focusing on tighter code than obscurity for security.

However with gaming the issue is latency. You have a server and a client. To make you ping low games are coded so they client is actually allowed to do more calculation than secure software would let happen. Normally the server does everything thats needs to be secure so the client cant touch it. Letting the client do it for gaming is great, takes load off servers and gives you less latency.

Since the client is doing alot of work which can be easily hacked the security of games is still very much through obscurity. This obscurity has been lost with the source leak.

It sucks but yes security is a very big issue that arises from this source leak. It is concievable that a virus could be written to exploit flaws in the code, much in the same way that outlook and ie. have virii. Or hackers could use exploits to take control of your system.

/end rant

 

[The Bear]

Well I'm still using Steam because even if my comp did crash I have nothing on it of value.... I'd just reninstall HL and be back on track

 

[XtAkm4p]

sure, use steam.... just dont buy anything from it

 

[vacs]

Originally posted by Typhon
if it was truelly a risk, valve would shut it down. I know that sounds extreme, but they would be negligent if the risk was there and they didnt.

that's the problem with steam currently. Valve cannot shut it down even if it is dangerously compromised. Valve has been working 4-5 years on Steam and spend many millions on it. If there is a security problem due to the leak source code they will certainly keep it quiet and fix it even more quietly.

For my part, I haven't used Steam once since the initial HL2 source code leak and I won't used it again until after valve has made a clear statement that Steam is save to use... and even then I not quite sure if I can trust them.