All Discussions > Steam Forums > Suggestions / Ideas > Topic Details
Matticus073 29 Jun @ 1:49am
Highlight Vulnerable / Out of Support Games
Given the increasing security threats today, I want to make sure that I only have games installed on my PC that are actively being supported with security fixes.

....

As far as I'm aware game publishers have no obligation to provide that information, but that makes it impossible to make informed decisions about games to keep installed.

I'd like to see a mandatory field that is self-reported by game developers/publishers indicating that the game is currently receiving security patches / dependency upgrades. Ideally this status would expire and need refreshing by developers/publishers, or be timestamp based indicating the EOL support period.

In the same way we get game updates, it'd be great if the steam client could then suggest that certain games should be removed as they're out of support.
< >
Showing 1-15 of 15 comments
Supafly 29 Jun @ 1:53am 
stick to games released in the last 1-2 years. Anything older than that likely won't get a single update
#1
Crazy Tiger 29 Jun @ 1:55am 
"Self-reported". OP engages in lot of wishful thinking, lol.
#2
Matticus073 29 Jun @ 2:21am 
It's easier than you'd think; self report compliance, the lack of a self report indicates non-compliance or get them to declare the support period prior to release.

I agree it's definitely a long way from the current standard. However, the European Union is pushing through legislation that enforces the declaration of support periods for software distributed within Europe.
They might make video games exempt from the Cyber Resiliency Act.
But regardless cyber security is getting more scrutiny now than ever before, so I think this is the inevitable future... That or containerised games to minimise the impact of vulnerabilities.
#3
Matticus073 29 Jun @ 2:29am 
Originally posted by Supafly:
stick to games released in the last 1-2 years. Anything older than that likely won't get a single update

That is my current approach, but I have friends that clearly don't understand the risks they're taking... They'll see a ten year old game on sale for cheap and go for it. There must be countless others like them.
#4
Yasahi 29 Jun @ 2:40am 
Originally posted by Matticus073:
Originally posted by Supafly:
stick to games released in the last 1-2 years. Anything older than that likely won't get a single update

That is my current approach, but I have friends that clearly don't understand the risks they're taking... They'll see a ten year old game on sale for cheap and go for it. There must be countless others like them.

And what's the risk in buying and playing an older single player game? Be specific and explain these potential attack vectors you seem to be so worried about.
#5
Crazy Tiger 29 Jun @ 3:42am 
Originally posted by Matticus073:
It's easier than you'd think; self report compliance, the lack of a self report indicates non-compliance or get them to declare the support period prior to release.

I agree it's definitely a long way from the current standard. However, the European Union is pushing through legislation that enforces the declaration of support periods for software distributed within Europe.
They might make video games exempt from the Cyber Resiliency Act.
But regardless cyber security is getting more scrutiny now than ever before, so I think this is the inevitable future... That or containerised games to minimise the impact of vulnerabilities.
More wishful thinking.

Games not getting updates certainly doesn't mean they're "vulnerable" for the system. 10 year old games are perfectly safe to play.

You're making up an issue that isn't there.
#6
Ferox_Stormdragon 29 Jun @ 4:02am 
lol, GOG sells games that are decades old and receive no new patches whatsoever, yet your worried about games on steam?
#7
Supafly 29 Jun @ 4:27am 
Originally posted by Matticus073:
Originally posted by Supafly:
stick to games released in the last 1-2 years. Anything older than that likely won't get a single update

That is my current approach, but I have friends that clearly don't understand the risks they're taking... They'll see a ten year old game on sale for cheap and go for it. There must be countless others like them.

Worked fine for me for over a decade. Rather be patient and wait and purchase after most, if not all, patches have been done. I have no concerns purchasing a game after developers have stopped patching it


What games require security updates?
Last edited by Supafly; 29 Jun @ 4:28am
#8
Mailer 29 Jun @ 4:34am 
If you browse the Steam Store on the web browser with the SteamDB extension, or directly through SteamDB, it will tell you how many days ago the app last had its depot updated. That could be an indicator of when it was last updated.
#9
Start_Running 29 Jun @ 4:54am 
Why would a game being not updated make it vulnerable?
Games aren't like operating systems. They are closed environments.by default.
#10
matt 29 Jun @ 5:37am 
It's good that you're thinking about computer security. It's also good that you're being conscious of what software you're installing. Back in the 90s, it was almost impossible to keep your friends' PCs free of malware. The very next day after you fixed their PC, they'd install Comet Cursor and visit the sketchiest websites in the world.

However, if you're going to worry about old games, you should probably worry about old, unpatched games that use kernel-level anti-cheat. Go look up the Sony rootkit scandal and how malware could piggyback onto that and have total access to someone's PC.
#11
blunus 29 Jun @ 5:52am 
Originally posted by Matticus073:
Given the increasing security threats today, I want to make sure that I only have games installed on my PC that are actively being supported with security fixes.

....

As far as I'm aware game publishers have no obligation to provide that information, but that makes it impossible to make informed decisions about games to keep installed.

I'd like to see a mandatory field that is self-reported by game developers/publishers indicating that the game is currently receiving security patches / dependency upgrades. Ideally this status would expire and need refreshing by developers/publishers, or be timestamp based indicating the EOL support period.

In the same way we get game updates, it'd be great if the steam client could then suggest that certain games should be removed as they're out of support.
Overprotective much?
#12
Tezzious 1 Jul @ 1:53pm 
Well, my PC must be the most vulnerable machine on the plant, i have games installed from the 70's and 80's that i play on a regular basis. just the other day i was playing the 1990 version of Lemmings, those little blighters were digging their way out of the window and infecting all my files so u nuked the lot of them.
Last edited by Tezzious; 1 Jul @ 1:53pm
#13
Reaper 1 Jul @ 2:24pm 
Aside from the fact that this will never happen, I'd like you to actually say what kind of "threat" you think downloading an old game from Steam will create.
#14
Ben Lubar 1 Jul @ 6:36pm 
Malware doesn't magically come into existence when a piece of software hasn't been updated for a certain number of days. If there's a known problem with a game that makes it vulnerable to exploits like remote code execution, it'll get pulled the same way they've always done it, voluntarily by the developer, like what happened a year (or a few years? time has been confusing this decade) ago with Dark Souls.
Last edited by Ben Lubar; 1 Jul @ 6:36pm
#15
< >
Showing 1-15 of 15 comments
Per page: 1530 50

All Discussions > Steam Forums > Suggestions / Ideas > Topic Details
Date Posted: 29 Jun @ 1:49am
Posts: 15
Start a New Discussion

Discussions Rules and Guidelines