Rust, Steam, and Security Problems

[Kyrian007]

Recently I started up Steam and (like it does quite often) Rust pulled an update. The update download paused, and my antivirus (I use Kaspersky) flagged some files and deleted them. Rust update incomplete... Rust unplayable.

Now I know, 99% sure Kaspersky picked up on some anti-cheating measure and this is a false positive. But here's my issue, not with the situation itself... it happens. But my problem is with some of the response on the Steam forums (and a few others.) People asking questions and starting convos about the issue (some of them, true are fairly new to pc gaming) are getting responses like "That's why I don't use (insert x brand antivirus here)" or even "I don't bother with antivirus at all, it just slows down my rig." Also seeing a lot of "I trust Steam more than (antivirus) so I just allow all from Steam."

And I think that kind of attitude is monumentally stupid.

Well, without hyperbole it isn't bright. Yes, I'm almost completely sure there isn't any serious issue here. But is RUST worth the chance? Is it IMPOSSIBLE that Facepunch has ONE dishonest person doing coding, or perhaps had a security breach of their own? Is an early access game (pretty bare bones, neat but still very much beta) worth ANY amount of risk. It wasn't necessary, but I uninstalled Rust (just to keep it from nagging me about updates and constantly trying to download files my antivirus has issues with.) In all likelihood I'll cue it up for a download in a week or 2 and the devs will have gotten their ducks in a row and fixed the problem. And every time I saw this on a forum I advised the original poster to do the same as I did.

So I guess that's the question. Is an early access game worth the chance of compromising your security, even if the chances are slim? Hell, is any game worth it? I got lots of games, if one isn't working or poses a potential risk I CAN just play another until the problem is fixed. Every forum has its share of dim people... and every game has its super-fanboys... but I was seeing a real lack of good sense in the responses.

 

[Andrew_C]

But it's wasn't a problem with Rust, It was a problem with the Anti Virus software. It's Kaspersky who need to get their ducks in a Row, not the Rust devs.

While I certainly agree that running without antivirus is stupid, 9 out of 10 files that get flagged by Anti Virus for me are flagged for matching the signatures of viruses that haven't been active for years, I've even gotten files flagged as matching DOS viruses. You just need to use your judgement and report false positives to the Anti Virus developers, although some of them make that extremely difficult.

But I tend to take more security precautions than your average user and use a limited user account, which avoids what makes Windows so attractive for malware, which is everyone running as admin by default, so I have a smaller target area. Which is not to say I'm immune to malware, just a harder target. If everyone ran as a limited user, Windows would be almost as secure as OSX and Linux.

Having said that, I would say that a small indie developer has a higher likelyhood of getting a virus infection than Valve, for example, although I'm pretty sure Valve check stuff before they upload it to Steam (don't know about Steam Workshop, though). There have been cases in the past where developers and publishers and the CD pressing plants they use have gotten virus infections, EA and Activision spring to mind for some reason, and I recall reading of an indie dev who lost several months of work on a game because of a virus infection and not keeping regular backups.

 

[Smooth Operator]

Well if you are that worried about security I advise you don't install anything, and especially don't let anything download directly.

For the average user however security is important to the point where it's an inconvenience, I'm happy to have one lock on my door however that obviously isn't as secure as ten locks... but I'm never going to want 10 locks to deal with.
Also AV is great when it finds really dangerous stuff, but the sweeps are general and it will act on anything that might fall into the same type of code which means malware flags with any software that does extensive system operations. Many AV programs now also sit on all major system calls, which means that yes they can be a gigantic hindrance when every operation is doubled up with AV scans.

And no it's not a good thing to trust blindly, but that goes both ways. Them saying they allow Steam to do anything without checking is just as dim as you allowing Kaspersky to remove everything without double checking why it wants to do so.

 

[Wasted]

Most mainstream antivirus programs are bloated messes that give a ton of false positives and do little to actually protect your PC. They constantly spam you with messages giving you the false impression that the program is working. I have never used Kaspersky, but I have used McAfee and Norton and both were garbage. In the very rare chance that I feel I obtained malware (it's been like 6 years) I feel better just reformatting my PC.

I would highly recommend using many of the free and very good anti-virus software available. I personally use Microsoft Security Essentials plus NoScript. Those two plus common sense is all you really need. Besides, the vast majority of viruses comes from actually installing an .exe, which no antivirus will prevent.

 

[Imperioratorex Caprae]

Common sense, experience and a few minor tools is all one really needs, but all of that in combo is rare so most people need an anti-virus to hold their hands, so be it.
There's a small percentage of us who know the truth about the words "security" when it comes to networks and things of that nature. There's no such thing as security, unless you're not plugged into any other computer, do not bring in outside data ever or ever install anything new.
Might as well start coding your own games and operating system if you want "security".
Or just be smart and accept that there's always a chance your system will be compromised and don't store passwords anywhere, do regular checks for easy finds like keyloggers and whatnot... don't visit any sites that aren't regular traffic, meaning if it looks like its address is sketchy stay the hell off it.
*shrug*
And accept if you use a virus scanner, its going to false flag files so ensure its not auto-deleting anything important.