Windows offers "legal" ways of DLL injection, which is presumably what Steam does, and this article isn't about those methods.

I suspect this is where Windows backwards compatibility bites them a bit. I've got a very old tool [1] that uses WriteProcessMemory and CreateRemoteThread to create a thread in the command process that launched it to remotely change the directory in that process.

It works to this day, despite looking exactly like what malware would do. My tool is nothing in the grand scheme, but I suspect I'm not the only one doing these sort of shenanigans, and no doubt some big important app is doing it and can't be bothered to fix itself, so MS is stuck supporting it.

[1] https://github.com/seligman/ccd

If the Windows API provides those functions in the first point, I guess there are good reasons to use them. Of course if you're watching out for malware, WriteProcessMemory looks very suspicious, but it's not enough to conclude you're in presence of malware.

The people who are selling those detectors are making holistic social experiences.

It’s not complicated, if you want to buy secure software, don’t use Windows.

The whole reason this complicated method was researched is exactly because the traditional injection routes are locked down/easily monitored.

In a previous life where I had to find a way to stealthily inject Chrome (in the presence of good anti-viruses), the solution was to find an obscure type of Windows shell extension which if registered would automatically be loaded by Windows into Chrome without triggering an alert.