Posted November 04, 2018
How many users have a dedicated user profile just for games - and dedicated user profile to work with their data? Thats also a hint for OP, if he/she is troubled.
Not if it's running privileged. This is precisely what the OP is complaining about: it's privileged. Otherwise, doing something that Nixos does like hash-based atomic system with explicit declarative linking of its components for every program, would secure the static post-boot OS part (breaking hooks), but requires full OS redesign. And if its not opensauce (Windows's been all-proprietary since its birth), so I bet it will roll out own set of headaches in the process...
GOG could however split the Galaxy in "install/update" and "chat/achievement" parts. I don't know how Galaxy does this, if it constantly stays resident as privileged process, - because, you know, there is no Galaxy for linux.
The bigger problem is that it should have separate EXEs for this task if you're worried about security. Linux kinda works the same way, too: when the program is run, it runs privileges based on the user level (usually either root if sudo was used, or the user himself), it doesn't constantly ask for new permissions (except of the OS, but this is transparent to the user, and the attack vector would be to use the same permissions that were given to galaxy to make a higher level hijack [for example, using file writing permissions to overwrite galaxy, one of it's files, or a common and popular game with a poisoned version which then proceeds to stage another attack so if it gets caught the game or galaxy gets blamed]), so ultimately you have a similar issue, but since linux is designed much differently, this is much more complicated on linux.GOG could however split the Galaxy in "install/update" and "chat/achievement" parts. I don't know how Galaxy does this, if it constantly stays resident as privileged process, - because, you know, there is no Galaxy for linux.
