Beyond The Dark was removed from Steam after it was discovered to contain malware designed to steal personal data and cryptocurrency.
    • scholar@lemmy.worldEnglish
      2 hours

      Every program ideally should be in a sandbox and if it wants permission to access something it should have to ask for it.

      • Default Username@lemmy.dbzer0.comEnglish
        1 hour

        Kind of like Android or iOS.

        Flatpak tries to accomplish this on Desktop, and it works, but isn’t as comprehensive as something like Android or iOS.

        On the extreme side, there is QubesOS, which runs every app in a dedicated virtual machine, including the networking stack.

        • Kairos@lemmy.todayEnglish
          12 minutes

          Flatpak also doesn’t ask for permissions. If an app requires a new one does it just add it upon update?

  • [object Object]@lemmy.caEnglish
    3 hours

    Once wasm 64 bit deploys more, we should migrate as much as possible to it.

    That at least will make it harder to access random files and keys from disk due to the sandboxing.

    Sandbox escapes are still possible, but that’s an additional level of control we can enforce.

    • Thaurin@lemmy.worldEnglish
      3 hours

      Proton does not protect you from harm. It’s not a sandbox.

      • db2@lemmy.worldEnglish
        2 hours

        No but it also doesn’t have windows on the other side, someone would have to target a proton setup to get much of anything.

          • demonsword@lemmy.worldEnglish
            47 minutes

            Yeah, it’s slowly gaining market share, but it’s still a minuscule size of the user base

    • alakey@piefed.socialEnglish
      2 hours

      Would that even help? Windows malware can run on Linux precisely thanks to Wine and Proton.

        • altkey (he\him)@lemmy.dbzer0.comEnglish
          27 minutes

          My uneducated guess is that it would run inside the prefix but would have troubles with basic Windows dependencies not availiable/running, prefix’s folder structure being cut down to the most basic components and barebones, and that nothing actually runs like in Windows but is rather translated from Linux commands to Windows one and back? Meaning there’s no processes or services like in a VM, no way to run cmd or powershell scripts, nothing to steal without leaving containment? Am I wrong somewhere?

          I recall there was a wave of dread about Proton leaving host system easily accessible and not implementing any security measures as they are out of scope, but if we assume it’s a virus targeting Windows, I’m half sure it would have troubles doing anything the usual way.