It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Hi,

So I heard a while back the GOG Galaxy has been compromised (in some technical way that I don't really understand) that gives a third party admin control of the computer the platform is installed on.

Can anyone confirm this? Is it safe to use the platform?

Thanks,

Andrew
low rated
Best launcher you can get because it’s optional.Yes safe
low rated
Is it safe to breathe the air?
Relevant threads that I assume are being alluded to:

https://www.gog.com/forum/general/0day_found_in_the_galaxy_client_news_is_spreading_on_the_web/page1

https://www.gog.com/forum/general/gog_galaxy_security_issue_cve202024574/page1

I say read the threads and see what people have to say, then make up your own mind. Personally, I say to just use the offline installers which can be downloaded via the browser (they are, imo misleadingly, labeled as "backup offline installers).
low rated
This galaxy is not safe.
low rated
No!, it's not safe, especially if you eat too much of it. Too much chocolate makes you fat and you could end up with type two...
Well, apparently it's not safe to ask a question because all the immature morons come out of the woodwork to troll. But then again, it's the internet. Home of emotionally stunted man-children who have nothing going for them and can only find self-worth is being abusive.

Thank you to the individuals who answer the question instead of acting like narcissistic shitlords.
low rated
avatar
Ajax1983: Is it safe to use the platform?
It depends on what you mean by "safe."

If you mean "100% safe," then I believe the answer to that is no, it isn't, because AFAIK, the technical problems with the vulnerability in Galaxy that you are asking about has not been fixed.

However, GOG is an extremely niche, tiny store, with a very small userbase. Therefore, the chances of a hacker taking the time and energy to publish a virus that they would need to have written specifically to take advantage of this vulnerability is extremely low, since they'd need to distribute their hacks on sites that chances are no GOG user would ever happen to visit, given that there are so few GOG users, relatively speaking.

The hackers would know that, and hence they probably wouldn't bother putting in the effort to write such a virus which would most likely never give them any return on their time & energy investment.

So, the point of all that being, even though Galaxy is not technically 100% safe, in practical real-life terms, you'd probably be fine and never receive any viruses that were caused by your usage of Galaxy.

But if you want 100% definite safety, then you'd have to avoid using Galaxy.
Post edited February 24, 2022 by Ancient-Red-Dragon
Galaxy is safe, but there's no real reason to use it if you're so worried.
Personally, I didn't get much out of Galaxy. I stopped caring for trophies/achievements. I also avoid purchasing newer releases, which are more likely to get frequent updates, thus benefit from automatic updates.
Post edited February 25, 2022 by SpaceMadness
low rated
avatar
Ajax1983: Is it safe to use the platform?
avatar
Ancient-Red-Dragon: It depends on what you mean by "safe."

If you mean "100% safe," then I believe the answer to that is no, it isn't, because AFAIK, the technical problems with the vulnerability in Galaxy that you are asking about has not been fixed.

However, GOG is an extremely niche, tiny store, with a very small userbase. Therefore, the chances of a hacker taking the time and energy to publish a virus that they would need to have written specifically to take advantage of this vulnerability is extremely low, since they'd need to distribute their hacks on sites that chances are no GOG user would ever happen to visit, given that there are so few GOG users, relatively speaking.

The hackers would know that, and hence they probably wouldn't bother putting in the effort to write such a virus which would most likely never give them any return on their time & energy investment.

So, the point of all that being, even though Galaxy is not technically 100% safe, in practical real-life terms, you'd probably be fine and never receive any viruses that were caused by your usage of Galaxy.

But if you want 100% definite safety, then you'd have to avoid using Galaxy.
If galaxy and gog is that tiny and small please share a statistic which backs your assumptions ups
Post edited February 24, 2022 by Wheezyyyy
You can always set up a sandboxed virtual machine and run Galaxy only there. Then you can delete that VM if it becomes compromised.

Just make sure you do nothing else in the VM besides running Galaxy. Don't do your online banking or email, or visit your favorite pr0n sites, from there.

Also don't play your games there, but on your Nintendo Switch because it is totally safe. If you want to be fully sure, run your Nintendo Switch also in a virtual machine.
Post edited February 24, 2022 by timppu
avatar
Ajax1983: ...
The vulnerability, while real, is only in very specific circumstances, as in you need to use Galaxy AND download another compromised program that will then try to use Galaxy flaw... but if that happens chances are that if you are downloading the "compromised" program in question then you already have a big issue regardless of whenever you are using Galaxy or not and that this program will probably access your system on it's own without relying on whenever or not you use Galaxy.

So either you only download trusted software in which case Galaxy won't really represent any extra risk or you download "un-trusted" software in which case you have others bigger risks than Galaxy.
It's safe, but as a launcher it isn't great.
Its missing a lot of convenient features that you'd expect it to have and the UI is a little rubbish. It's not as bad the Epic Launcher (it's been a while since I used that one, mind you), but it's still not really good.

It's great that it's optional and you can download back up installers, but then again you could do that before Galaxy.

avatar
Ajax1983: ...
avatar
Gersen: The vulnerability, while real, is only in very specific circumstances, as in you need to use Galaxy AND download another compromised program that will then try to use Galaxy flaw... but if that happens chances are that if you are downloading the "compromised" program in question then you already have a big issue regardless of whenever you are using Galaxy or not and that this program will probably access your system on it's own without relying on whenever or not you use Galaxy.

So either you only download trusted software in which case Galaxy won't really represent any extra risk or you download "un-trusted" software in which case you have others bigger risks than Galaxy.
That's a new one, what's the compromised program?
Post edited February 24, 2022 by CthuluIsSpy
avatar
CthuluIsSpy: That's a new one, what's the compromised program?
As in "malware" created with the sole purpose of taking advantage of Galaxy flaw.