Security for Linux games may not seem like a big deal right now, but it will be in the future.
Gaming on Linux and Reddit have both talked about how the Steam Deck has a security problem with the version of Firefox it uses, which is pretty old. Reports say that Valve has promised to fix the problem, but it won’t happen until the next SteamOS update. That’s not the best.
The latest version of the popular browser that doesn’t use Chrome is 102.0.1, but the version on SteamOS is 96.0.3, which is six months old. You don’t have to go to the Def Con hacking conference every year to know that you shouldn’t use an old web browser, especially one that stores your passwords for, I don’t know, social media sites, banking sites, or even Steam. (Also, don’t keep passwords in your browser. That’s why you need a password manager.)
The last major SteamOS update from Valve came out on May 26, and there have been many client updates since then. But none of them changed the build of Firefox from January. The next OS update also has a beta version, but you have to choose to use it, and it isn’t the final version. That beta also doesn’t have the latest version of Firefox, and switching to a beta build of an operating system isn’t usually a good way to make yourself safer.
Kotaku has asked Valve what they think about it.
Even though I’m not a security expert, I don’t think it’s a good idea to make a big deal out of this one problem. However, it does bring up a problem with SteamOS and Linux gaming in general.
Based on the results of the most recent hardware and software survey on Steam, only 1.18 percent of its users are Linux users. A very small amount, but one that is growing as the Linux-native Steam Deck becomes more popular. People who usually use Linux operating systems are more than capable of keeping them safe, but what happens when the number of SteamOS users grows to the point where it becomes an attractive target for taking advantage of security flaws and spreading malware? Since the Steam Deck is being advertised to everyone, not just hackers, the “dos and don’ts” of keeping a Linux machine safe will only become more important.
If you’re used to Windows, the way Linux instals apps may seem strange, with words like “Flatpak,” “Snap,” and “repository” being thrown around. Linux has its own way of doing things, which is a little more complicated than just double-clicking a setup.exe file. There’s also no “Linux Defender” to always ask “Are you sure you want to install this?” Steam Deck’s “Desktop Mode” might look like Windows or macOS, and I trust that Valve has put security first, but adding the wrong repository by grabbing random commands from the internet to do something as simple as getting Epic Games Store or GOG games to show up in Steam can easily get you into trouble if you aren’t sure how to keep your machine safe.
For many, the Steam Deck might not just be their first Linux gaming device, but also their first experience with Linux (Android doesn’t count). As Steam Deck and SteamOS continue to gain users, many will be more interested in getting their games to run correctly with as little trouble as possible than in learning how to safely manage a Linux OS from the ground up. Most “noob Linux gaming questions” are answered right now by kind, helpful fans, not by bad people. But it’s not hard to think of someone with bad intentions and the know-how to take advantage of situations like outdated software to take advantage of users who don’t know, for example, how dangerous it is to run random scripts.