Valve doesn't control all of the code for all of the games in Steam. It's nice to say "everyone should just make their code work like Vista wants it to", but we can't do that when we are shipping a game created by someone else four years ago that is no longer actively developed.
That game will most likely expect to be able to write to your "Program Files" directory. It will most likely require writing registry keys in HKEY_LOCAL_MACHINE instead of HKEY_CURRENT_USER (needs Admin privileges) both at install time and at run-time. Furthermore, placing all your configuration and data files inside your user folder isn't a good model for Steam. We are distributing large amounts of content via Steam that is intended to be shared by users across the machine. The directory layout in Vista is not really designed to support content distribution systems like this, it's designed for every single game using a seperate standard .msi installer. Vista's user model also isn't designed to support code like VAC. VAC is doing low level work to check out other running processes memory space and find cheats, some of the work it does can't occur without escalating privileges. In this respect it acts much more like an Antivirus program than anything else. And guess what? All your antivirus software is installing services isn't it? Why aren't you alarmed at that? You probably also know that PunkBuster and other similar software already does the same thing and installs a service in order to get it's job done. Yes, before we did every single one of these operations the Steam process itself could try to escalate its permissions and you as a user would be warned and asked to allow it, but the number of warnings would be painfully large and would be confusing to most users. You also can't actually escalate within a running process, you must spawn a new process because you must request admin priveleges when the process starts. Starting lots of processes for small actions can be costly when it comes to performance as well as annoying as it means many individual UAC prompts. We don't like that option. Instead we have the Steam service, you install it once and you tell Vista at that time that you trust Steam to install this piece of signed code.
Security wise all of the service executables are signed code and have a very limited set of abilities. By installing the service you are letting Steam perform some administrative operations on your machine. However, due to the security model built into the service and due to the fact that the code is signed you are not opening up your machine for just any piece of code to abuse the service and hack your machine. Letting Steam do this is just like letting a .msi installer for a game have Administrative privileges at run-time or allowing your Antivirus software to install a service. By using the service we are just saying "you only have to authorize us once", instead of causing you to be constantly prompted each time you install or run many games.
Ultimately its your choice, we cannot force you to install the service. Vista will always warn you that Steam is trying to escalate privileges when the service installation occurs. If you are unhappy with it, then don't install it. However, if you don't install it Steam and many games will be broken in subtle ways and we can't gurantee things will work as expected. The service is going to be an integral part of Steam on Vista and by choosing not to install it you are choosing to prevent your Steam installation being fully functional.
Last edited by jmccaskey: 09-13-2007 at 09:09 PM.