As reported by Gaming on Linuxand kept chatting Reddit, the Steam Deck has a small security issue regarding its rather outdated version of Firefox. Valve has reportedly promised a fix, but it won’t come until the next SteamOS update. This is far from ideal.
The current version of the popular non-Chrome browser is 102.0.1, while SteamOS carries the six-month-old version 96.0.3. You don’t have to be a regular Def Con hacking conference attendee to know that you shouldn’t be walking around with an outdated web browser, especially one that you use to store passwords for, oh I don’t know, social media- websites, banking websitesor even Steam itself. (By the way: don’t save passwords in the browser. There are password managers for that.)
Valve’s last major SteamOS update came on May 26th, with frequent client updates over the following weeks. However, none updated the January build of Firefox. There’s also a beta available for the next OS update, but you have to opt-in to it and it’s not a final build. This beta doesn’t update Firefox either, and moving to a beta build of an operating system isn’t usually a good way to improve your security posture.
kotaku asked Valve for comment.
While this particular issue might be overemphasized, it might mean making a mountain out of a molehill (to be fair, I’m far from a security expert), but it brings a challenge with SteamOS and Linux gaming in general with himself.
Status of the latest Steam hardware and software survey resultsLinux users make up just 1.18% of the Steam population. A small amount, certainly, but one that’s growing as the popularity of the Linux-native Steam Deck rises. The folks who normally run Linux operating systems are more than capable of protecting them, but what happens when the SteamOS population grows to the point where it becomes an attractive target for vulnerability exploits and malware proliferation becomes? And with the Steam Deck being promoted to the general public, not just hackers, the dos and don’ts of protecting a Linux machine only become more important.
If you’re on a Windows background, the way Linux handles app installs might seem odd, with terms like “flatpak,” “snap,” and “repository” flying around. Linux has its own way of doing things, and it’s a bit more complex than double-clicking a setup.exe. There’s also no such thing as a “Linux Defender” that would always ask you, “Are you sure you want to install this?” Steam Deck’s “desktop mode” might look similar to Windows or macOS, and I trust Valve to be on the safe side Prioritized but adding the wrong repository by fetching random commands from around the web to do things as simple as showing Epic Games Store or GOG games up in Steam can easily land you in trouble if you are not 100% sure how to protect your machine.
For many, the Steam Deck may not only be their first Linux gaming device, but also their first experience of the Linux period (Android doesn’t count). As Steam Deck and SteamOS continue to gain users, many will be more interested in getting their games up and running with as little fuss as possible than learning how to securely manage a Linux operating system from scratch. At the moment most “Beginner Linux To play Questions‘ are answered by generous, helpful enthusiasts, not bad actors. But it’s not hard to imagine that someone with malicious intentions and knowledge how to exploit situations like outdated software would step in to exploit users who are unaware of the dangers of running random scripts, for example.
Consoles are locked gaming environments for many reasons, but security certainly comes first. And while Windows security can definitely be compromised, most of us just assume that Windows Defender will save us from complete disaster. And it usually does. Valve could be right over Going all-in on Linux for the future of gaming, but security challenges will only grow as the Steam deck gains popularity. Going forward, Valve would do well to do its best to keep security considerations at the forefront, and that will require more timely updates with a view to patching potentially critical vulnerabilities as its user base grows large enough to attract nefarious interests.