The Security of Online Game Management Services

Today, I was asked to give my opinion and technical know-how on Steam.

My 15-year-old is quite the computer lover.  Among other things, enjoys playing some games on “Steam” (owned by ‘Valve’), and talking to a couple friends via Steam’s server.

My wife is very concerned about our home computer’s security, specifically that outside parties can hack into our computer via Steam.  Are her concerns legitimate?

What follows will possibly be overly complicated, but should give you a general concept into what can and cannot happen via Steam or any other legitimate (EA/OriginImpulse) online game management service.

Steam functions primarily as a storefront and product licensing operation, with downloadable content (games) which can be managed by the user, and have a social network of friends.

From the licensing perspective, purchases are for the lifetime of the user.  As in, what you buy in Steam, you own.  Forever.  And it’s not tied to your one computer.  You get a new computer, you can install the Steam client, and get all of your games back, and, with some newer games, saves from those games.  The downside is, if you have multiple users for that computer, who have different Steam accounts, they cannot play your already downloaded games unless they have purchased them for themselves.

The “social network” of Steam is limited, and can be completely ignored if you don’t want to deal with it..  It’s nice to have an achievement page (which is automatically generated with an account), and you can share that page via other social networking services (like Facebook), but it’s more for that personal “warm and fuzzy” feeling.  You can add friends to a list, and chat with them, join games with them (depending on the game), and see what they’re playing.  But overall, the social part of Steam is useless.

In the face of malicious hackers, have a long, and complicated password.  Uppercase and lowercase, and throw in a ! or any other special character to make it near impossible to guess, and take hours to brute force.  Just in case, DO NOT ALLOW YOUR CREDIT/DEBIT CARD TO BE STORED ON THE ACCOUNT!

There are other measures you can use to protect your computer from the strange and wild Internet.  One that I use is PeerBlock, which stops outside sources that even look shady from getting in (and likewise for things going out!).  Additional lists of addresses can be added manually, or by importing a .p2p file (I find I-Blocklist is useful, as others have done the work already, in the case of the Steam blocklist).  Some items are good (the Allow type) and some items are bad (the Deny type).  Steam would be in the Allow, for me.

Within Steam, there are no Parental Controls.  M rates games can be blocked only by the user account birth date.  To help with this, there are other tools that can be used instead.  Windows 7 has Applocker (tutorial), and a variety of other applications out there.  I will not post any here, as many of them come with key logging functions, which I will NOT abide by.

Essentially, Steam is a safe application to be running.  Don’t post anything you wouldn’t tell a stranger, and you’ll be fine.


As for Origin or Impulse, I haven’t had the pleasure (or displeasure) of working with those applications in many years (in the case of Impulse, never for Origin, though I’ve heard horror stories).  I would guess something like Steam, and still apply the rules above to these as well.

Posted in Workings and tagged , , , .