It happened today… or rather the potential was found today. At this moment, anyone who read the article from PC gamer knows their computer running Steam could well be at risk of hackers taking over their computer. How could the mighty 800 lb gorrila of PC gaming fall like this? Well, it’s a little more complicated then that. Let’s talk, so you know how to protect yourself, as well as understand exactly what happened.
Today, the hardware/software security firm Revuln discovered a weakness created by Steam, but oddly not carried by it. It starts with Steam’s website, which allows you to not only download their software, but to log in, buy/install/run games, and even participate in the community. Most of this still requires the software, but it will turn on the software first, and this is where the trouble starts. It is possible for a rouge website to abuse this and make Steam turn on running or installing malware to your computer.
If this sounds like Ubisoft’s disastrous plugin, it should… In fact, it’s damn near the same results… but there is a very key difference. Steam does not have a browser plug-in. That means there is no steam software calling Steam and bringing this issue about. What is happening instead, is that Steam has it’s own HTML. As a result, whenever it sees it should be loading steam:// as the start of a link, it does so by loading Steam and passing the commands across.
Since this is not a plug-in, you can NOT protect yourself by simply uninstalling something from your browser… but fear not! The good news is most people who have half a brain simply can not be hit with this… because they will realize that a web page NOT run by valve should NEVER ask them to start Steam up. You see, in the case of the biggest browsers on PC, they all ask before starting up the outside program. IE, Chrome, and Firefox all do this. The only major browser that does not, is Safari… which is really only major due to Mac users.
So in the end, how do you protect yourself? If you are on PC, pay attention to what your sites tell you as far as popups go, and do not use Safari so you are allowed to get this information. Chances are you never thought about using Safari, so that should not be an issue.
If you are a mac user, you likely have Safari as your primary browser, and have been given a good reason to use another browser… or not use Steam, which is likely to be the case since you are probably not gaming much on that machine.
Either way, use some smarts and be safe out there. The web is a dangerous place.