Quoting: denyasis

Quoting: Nateman1000

Quoting: BlackBloodRum

Quoting: Purple Library Guy

Quoting: BlackBloodRumWhy is the game blurred? This developer should put their hands up and admit they failed basic computer security.

You mean . . . they're running Windows?!

That could well be true! Imagine having to use Windows every day though? The agony, the anger, the frustration, the distractions and to top it all off, you upload an infected game. :unsure:

Many think windows disease is incurable but it is very curable. So make sure to get a Linux or BSD distribution for your computer and cure this disease

This is probably ignorance in my part, but how is security better with Linux in this situation? We're (mostly) running these programs wide open out of the home drive (maybe some ppl are using flatpack or snap, but even then that's not a default requirement on most distro and people still poke holes in those sandboxes regularly). No, it can't infect "the system", but since we're executing programs out of /home, isn't that good enough? The malware is still running under the users permissions, it can still execute in /home, read data, access the network, etc.

Maybe I'm missing something fundamental with Linux security, but it seems once I log in anything within the user space can run under my permissions, malware or not? Especially if it's malware hidden in a program/game that I intentionally started?

I've used Linux a very long time, but I'm self taught.... Security is one of those Linux areas that's always been complex for me to grasp in a meaningful way.

For a typical desktop system without additional protection whatsoever, the malware may work. But consider this, what is malware trying to do, and where is it looking?

It's almost certain it'll look for typical Windows locations, which would be those provided by Proton (Wine). In the case of a Steam game running via proton for example, that means if it will find steamapps/compatdata/(gameid)/pfx/drive_c/* by default. The good news is, unlike regular wine, proton doesn't link users/steamuser/Documents to your real documents location.

So it's possible the malware will simply do nothing of harm to a Linux machine.

However, that doesn't mean you can simply forget and dismiss it! It is possible the malware has been trained to handle Linux, in which case it will try to get access to your home directory. Worst case here is your home directory gets hosed, and data which your user has permission to modify is altered, which is fairly minor.

You can prevent this situation in a couple of ways, you could prevent that access to those files using AppArmor or SELinux, you could combine that with, or use only flatpak with a proper configuration by modifying the permissions to revoke "All User/System/anything Files". It simply doesn't need it, along with disabling access to xdg-music, xdg-pictures. Steam only needs to access the locations that it is instructed to download games to (Your library), so you can specify only that directory as read/write and block everything else. It shouldn't need other directories, but if it does and doesn't need to write to them, then set it to read-only.

This advice applies to basically all flatpak apps. Only give minimal permissions. For example with Bottles, you might download your GOG games to a home directory folder like ~/Games, well bottles doesn't need to write to those GOG installers. So it can be safely set to read-only for bottles.

Oh, and the big one: Keep things updated with the latest security patches.

These are simple security measures, but it should be more than enough to prevent windows-based malware from escaping its wine prefix.

It might not however, stop a specifically targeted to you attack. A key thing to remember, security isn't something you can just say "must be like this" for. Different environments have different threat models.

Know your threat model, and adjust your security as necessary.

View this comment - View article - View full comments

Quoting: Purple Library Guy

Quoting: BlackBloodRumWhy is the game blurred? This developer should put their hands up and admit they failed basic computer security.

You mean . . . they're running Windows?!

That could well be true! Imagine having to use Windows every day though? The agony, the anger, the frustration, the distractions and to top it all off, you upload an infected game. :unsure:

View this comment - View article - View full comments

Why is the game blurred? This developer should put their hands up and admit they failed basic computer security. They compromised their customers safety, so realistically it should be public knowledge (else, a customer could be infected by their infected game and not even know it!). Even if that may only be "less than 100 Steam Accounts". I doubt this is the first incident.

They should absolutely be public about this.

View this comment - View article - View full comments

Quoting: Guest

Quoting: BlackBloodRumIt should be noted that this sale, and the charity is aimed at helping those with physical disabilities (not blindness). For example, they help try to make games which can be played by tracking eye movement. It's worth checking the charity to get a bit more info :smile:

Blindness, is a whole other issue.

oh my thanks for the clarification. Sometimes I skim too much and tend to misunderstand. I assumed since a bunch of blind accessible games were included in the sale, it was also aimed towards blind people.
Btw the game I linked in my previous post isn't included in the event.
What a terrible person I am, it looks like a just used this event as an excuse to snag a nice game for my friend :whistle:

No worries! It all helps a good cause in any case! :grin:

View this comment - View article - View full comments

It should be noted that this sale, and the charity is aimed at helping those with physical disabilities (not blindness). For example, they help try to make games which can be played by tracking eye movement. It's worth checking the charity to get a bit more info :smile:

Blindness, is a whole other issue.

View this comment - View article - View full comments

Nice! I have a friend who will love this idea! :grin:

View this comment - View article - View full comments

View this comment - View article - View full comments

Quoting: Purple Library GuyThere is still enough left of my 8 year old self to insist that that dinosaur she's riding is not a parasaurolophus.

Parasaurolophus was a duck-billed dinosaur with this big awesome crest coming up and back from the top/back of the head, that was like a hollow tube kind of thing with a round top. At the time I was a dinosaur kid, scientists thought maybe they used 'em to resonate and make really loud, resonant sounds. Like maybe it could sound like a tuba or something. It pains me to say this, because I want to be happy to see a purple dinosaur that isn't THE ONE WHICH MUST NOT BE NAMED, but Parasaurolophus was much cooler than that generic dinosaur. If they were gonna say parasaurolophus, they should have used one.

It kind of reminds me of this, you know:
https://www.youtube.com/watch?v=LK3C9IytrLI [External Link]

:grin:

View this comment - View article - View full comments

Quoting: Termy

Quoting: BlackBloodRumsince for the most part you can just follow the wiki,

You would be surprised for how many people even that poses an enormous obstacle if you take a look in the support channels xD

But yeah, you're bringing up a point that many raise against archinstall - even if manual installation is very easy indeed, it at least makes the new arch-user familiar with using the wiki (in theory).

That in my opinion, is not so much the operating system at fault, as it is the user at fault, which brings us back to the original point:

People need to exercise caution. Part of that caution is understanding what they are doing. :smile:

With enough warnings in place which could be heavily emphasised, any problem beyond that purely sits with the user that ignored them.

Ideally, we want Linux to be open and accepting for all, technical users or not. I'm not suggesting we "dumb it down" though. The geeky bits are the heart of linux! However, a few words here and there for new users shouldn't be too much, particularly where third party application sources are involved.

Quoting: Termy

Quoting: BlackBloodRumWindows is less user friendly than Linux, in my opinion

Couldn't agree more. My family-support-efforts dropped to near zero after i installed linux for my mother, aunt and so on...

Indeed, Linux just fits everywhere! Ironically my grandma, who is almost 90 now, is a Linux Mint user! She is more of a Linux fanboy than me! My aunt tried to get her to use a new MacOS computer in their home. My grandma? She just complained it's too difficult, confusing etc. Just would not stop complaining about it. Refused to use it. Wanted her Linux back. :grin:

Made me proud!

Eventually her old computer was just.. too old. So I upgraded the hardware but to keep things simple I just stuck an offline Linux Mint with the Mate desktop for her games (puzzle mostly, like hidden object etc) and family pictures. She got converted to Linux when I was a wee teen thousands of years ago. So at the time Gnome 2 was dominant, and gnome 3 hadn't destroyed gnome. So, she had used gnome 2 on CentOS 5/6 for many years. I figured it was much easier for a new computer for her to use Mate rather than messing about trying to teach her a new KDE or new Gnome etc. I configured it to look and act exactly the same, so in her mind, it basically is the same.

She uses that happily, I never get a complaint! It's an offline computer that never hits the net (I outright disabled all networking components, and she doesn't have sudo/root privileges. Just in-case another family member who visits her tries something stupid, she gets a lot of teenagers at this point.), so I can basically just forget about it and she's happy!

Meanwhile, her new iPhone my aunt got her? She is always complaining about it! :grin:

My guess would be, if it was a Windows computer, I would be having lots of complaints by now! :grin:

Linux is perfect for peace of mind, and ease of use, and it just fits in anywhere. Even my mum is on SUSE Leap on her laptop, and my stepdad is on Fedora Kinoite! There is a Linux setup for everyone, somewhere. :grin:

Anyway, I shouldn't talk too much about Linux *facepalm*, sorry for derailing the thread!

View this comment - View article - View full comments

I've debated recently about getting one of their index VR headsets lately. More from a technological point of view, to see what all the fuss is about. Since no doubt once I've played with the technical bits, it'll end up in a box in a cupboard for the rest of its life, so I'm waiting for a good steam sale on them. :smile:.

View this comment - View article - View full comments