[thomascgalvin]

I suspect that this is always going to be the case. There are a lot of people literate enough to operate a computer, but not literate enough to understand the risks they're taking by running something they download off of scammers.ru. Exploiting these people will always be easier than actively circumventing OS-level security.

[inanutshellus]

I was going to say "Desktop apps need permissions like Android apps" that ask your permission to access resources and then was immediately reminded of the "I'm a Mac" commercials mocking Windows for doing exactly that... /Le sigh/...

I used to use this software called Clean Slate that would watch all the changes you made to your computer and undo them when you restarted. Maybe it's time for Grandma to get her own Docker instance.... :-)

[greggman2]

Is Steam a big vector? Gamers download hundreds of apps, all get installed as admin. You have to trust every dev of the game and the devs of every library they use. Not just trust that the devs weren't actively trying to be evil but also that their is no bugs in their networking code (https://momo5502.com/blog/?p=34) nor any bugs in their deserialization code for mods

[freeflight]

> Is Steam a big vector?

I've never heard of something like that happening, and I've been using Steam since day 1.

Trying to find something on Google about that only turns up the usual "Hijacked accounts spreading malware to friends" scheme [0] and vulnerabilities in the client itself [1], but nothing about Steam distributing malware hidden in games.

Which is kinda unexpected, I probably just didn't dig deep enough?

[0] https://www.hackread.com/hacked-steam-accounts-spreading-mal...

[1] https://thenextweb.com/apps/2019/03/21/valve-steam-vulnerabi...