They already scan all submitted games with malware scanners. Manual approval wouldn’t be any different, they weren’t doing binary analysis or source code review before. Their AV scanners back then would have given them the same result as their AV scanners now.
The thing is, Valve could go back to their old model where they review and approve 100% of new games on Steam. It would be significantly more expensive than it used to be for them, but they have more than enough money to staff a team for this process. They could do this, and they would still be plenty profitable. They just choose not to because they have no financial reason to do so, and they would rather keep that extra money as profit. Unfortunately, their choice to leave Steam as an unmoderated hell scape has had real consequences in the real world on real people.
t3rmit3@beehaw.org 3 weeks ago
theangriestbird@beehaw.org 3 weeks ago
that’s fair! maybe I am overestimating, IDK. I just think that if such a process still existed, the approval process would be lengthy enough that people wouldn’t even bother with trying to sneak by malware submissions.
KairuByte@lemmy.dbzer0.com 3 weeks ago
This would be expensive, time consuming, and utterly useless.
Automated scans are going to be just as useful, if not more useful, than manual auditing. Not to mention, manual auditing is useless in 99% of cases unless you’re also submitting source code. And even then, if you offer any sort of streaming of assets, you can simply not turn on the exploit download until after the review process. That isn’t even mentioning the issues with uploading source code.
The idea that you can just throw money at the problem is laughable.
Blisterexe@lemmy.zip 3 weeks ago
Except that wouldn’t prevent a lot of scams like that, what if the game’s cryptodrainer only activates like 2h in
TehPers@beehaw.org 3 weeks ago
While this would be nice, it’s not that hard to design malware that hides itself in certain environments. It’s actually extremely common for more advanced malware to disable itself in sandboxes, for example.
For other reasons, that might be nice though. It at least enforces some level of quality and playability.
bless@lemmy.ml 3 weeks ago
For the curious, stuxnet is a prime example of software altering behaviour under different environments en.m.wikipedia.org/wiki/Stuxnet
t3rmit3@beehaw.org 3 weeks ago
What people overlook is how Valve removing those barriers to listing directly brought about the indie revolution that’s happened.
Blisterexe@lemmy.zip 3 weeks ago
Exactly, greenlight was good for the time but sucks compared to what we have now