0

I've already seen on Windows what kind of information the Steam application is sending online: time, place and device of the connection, time passed playing the games, payments, mail, numbers, etc. All this data looks related to the use of that precise application.

However, what is preventing any desktop app from sending any arbitrary file stored in my computer to an online server? From my newbie point of view, once you installed an application, there could be a script which just reads all my files and sends them to the servers.

What prevents my apps from reading all the logs locally stored in my PC?

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 2
    Nothing. When you install software on most desktop OS you're giving it full access to your user account. Mobile OS is notably different in that apps are sandboxed. There have been some attempts to introduce sandboxed apps on desktop OS, e.g. Windows Store apps are sandboxed. Reality is that all common desktop OS (Windows, Linux, Mac) have a security model based on mainframes that doesn't properly reflect modern use. – paj28 Dec 12 '19 at 22:25
  • ...What? That's terrible. The fact that any application gains full access to all the personal files is outrageous in my opinion. I guess not even manual file encryption is a solution because the system - as the app itself - still has to use them continuously. –  Dec 12 '19 at 22:38
  • 1
    Awareness is the first step – paj28 Dec 13 '19 at 09:43

1 Answers1

0

Any application inherits the permissions of the user who runs it or gets the permissions assigned to it. So, if you install it as a user who has access to your files or the logs, then it has that access.

That's why you need to segregate your data and permissions. Windows system logs are usually only readable by a user with admin rights. And this is why granting a user local admin rights is such a bad idea.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • "Steam application" suggests a home computer, as it's a game distribution platform. Granting a user local admin rights is pretty much a given there.Typical software installations are "system-wide" which means they are done with admin permissions, too. – MSalters Dec 13 '19 at 10:24
  • @MSalters yes, I know what Steam is (I'm running it right now, by coincidence). And your comment does not modify my statements. Home installs of Windows often makes the first user local admin. And that's a bad idea. – schroeder Dec 13 '19 at 12:05
  • I'm installing Steam on Linux now - new OS, new life - and that's why I'm searching information on this security topic. Don't wanna fall in error again. I'm currently trying to build a very strict permission system by sandboxing the application (with Firejail, if you know that program) but setting it to be _strict_ enough doesn't seem as easy as expected. –  Dec 13 '19 at 19:12