1
This topic is locked
Readme: Before repplying please make sure your post is civil and adds something positive to the thread, please refrain from any kinds of hate/flame kind of posts. Keep in mind that while to some those things may be common sense and obvious for others it may be stuff they've never thought about it or for those who think that internet thefts are something unheard of and it is more of an apstract term. As always constructive posts, discussions, questions, additional informations are welcome.
Lets start off by some basic manual things that you can do to improve your account's security.
0. Authenticator:
The Battle.net Authenticator is one of the best ways to secure your Battle.net account. It is available both as a small piece of hardware you can hang from your keychain with a button that generates a code, and as an App on Android and iPhone/iPad/iPod devices. Recently it has gained a new usability feature, when logging in from the same computer you will be asked to enter the Authenticator at most once per week.
The actual hardware authenticator is not vulnerable to a Man-in-the-Middle attack and is available for a one time purchase of $6.50.
To find out more about the Battle.net Authenticator, please visit http://us.blizzard.c...NFAQ&rhtml=true or http://eu.blizzard.c...articleId=28152 , depending on your region.
1. Copy pasting password:
2. Account sharing:
Do not share your account details with others unless if they share the same knowledge about account security with you. While they may be your best friends/family their computers still may have a virus/keylogger/spyware wich could result in your account having characters in underware.
3. Cyber/Internet caffe's:
Try avoiding Cyber/Internet caffe clubs like black plague, those places are usually having poor maintainance and security and are a nest of infections. Logging in from such places is highly risky. If you are however forced to do so make sure you apply the tip #1.
4. Installing add-ons:
Its been several cases where hackers used add-on's/add-on pack's as a mean of inserting a virus or spyware into your computer.
If you take a moment to open random .RAR folders from your downloaded addons you'll see that they contain only scripts. If the add-on(s) contain .EXE files those are compromised and should be deleted asap. Also you should run a quick scann of your newly downloaded add-on's, if you're making a new UI put them all in one folder then scann the folder as a whole instead of doing one at a time.
5. Registering on forums/web sites:
Forums, websites you register to should always have a different email adress than the login you have for WoW, also never have the password on such sites to be the same as WoW one.
Do not, under any circumstances do NOT give out any informations that could be related to your account(s). If you are buying gold make sure they only know your character name/server at most, same e-mail that you use as your login or let alone password = big no no.
6. Fishy/Scamm e-mails and web sites:
6a. Lately I've had many people asking me "is this mail legit or fake?", I've also noticed an increased spamm in my inbox with fake junk. 99.99% of them are FAKE and scamm attempts trying to get your account details. As the "tip" on the loading screen says Blizzard will never, ever, EVER ask you for your account informations unless if you've been hacked and you need to confirm that you're the legit owner.
All Blizzard emails will come from a domain @blizzard.com, there are several other sub domains like @e-mail.blizzard.com or @enews.blizzard.com, but the address will always end with the blizzard.com domain.
For more info about "scamm" or "phishy" emails check out http://en.wikipedia.org/wiki/Phishing
6b. Another trick used in phishing/scamming e-mails is to replace the original source address with an email address that looks as though it came from Blizzard. In situations like this it is important to check the header information of the e-mail as this will reveal the true history of that e-mail:
Any e-mails sent from Blizzard will come from a @blizzard.com address, you may see additions such as @e-mail.blizzard.com or @enews.blizzard.com, but the address will always end with the blizzard.com domain.
Most email clients will allow you to view more details on the email than are normally shown that will identify the true origin of a mail. For example, Hotmail have instructions on how to do this in Microsoft’s first help article on the left here:
http://help.live.com...rd&query=Header
Gmail have instructions on how to view the headers here:
http://mail.google.c...y?answer=22454#
Please check the support of your email provider or software client for information on how to view the header of mails you receive. A genuine header from Blizzard should contain the following lines:
X-SID-PRA: noreplyeu@blizzard.com
or
Return-Path: <noreplyeu@blizzard.com>
Received: from smtp01.eu.worldofwarcraft.com ([XX.XXX.XXX.XXX]) by…
Received: from … by smtp01.eu.worldofwarcraft.com …
for <Your Email Address>; Tue, 29 Jan 2008 10:46:05 GMT
From: noreplyeu@blizzard.com
To: Your Email Address
Although the mail may come from another address than noreplyeu@blizzard.com, it should always end with blizzard.com and the X-SID-PRA or Return-Path should always match the From address.
It should also always be Received: from a domain ending in worldofwarcraft.com, wow-europe.com or blizzard.com.
(6b line was quoted from Blizzard's technical support)
6c. Since I already mentioned the list of safe email domains here's a list of official Blizzard web site domains:
- Blizzard.com
- Battle.net
- WorldOfWarcraft.com
- WoWArmory.com
- StarCraft2.com
- Diablo3.com
In adition if you're using Mozilla Firefox you can enable a filter for Fishy/Scamm web sites.
1. Open FireFox.
2. Click on Tools, click on Options, and then click on Security.
3. Ensure that Warn me when sites try to install add-ons, Block reported attack sites, and Block reported web forgeries are all checked.
4. Go on Advanced tab and check "Warn me when web sites try to redirect or reload the page".
7. Web site offers, alpha/beta testings:
If you've recieved an e-mail and you're being redirected to a random web site its 100% fake. Only ways of getting into one of those testings is by insering a valid CD-Key on a official Blizzard's web page. No web site has the access to "add" or "modify" content that's owned by Blizzard. (with the exception of UDE trading card company "I think" tho not 100% sure)
8. Account password:
While creating your password make sure its something long, hard to guess and stupid. I usually make it a combination of letters and numbers where numbers replace the letters that look somewhat similar, for example:
New password: ilikeboobies
How would my password look like: 1l1k3b0o81e5
Lately it became a trend that people not only get their WoW accounts hacked but also their MSN, Skype, Facebook, E-mail accounts. Why? Because people tend to use the same passwords in multiple places, keep all your passwords DIFFERENT.
I would also recommend you to change your password every few days, or at least once a week.
9. Windows processes:
Since my computer is junk and about 6 years old I'm basically forced to shut down every process that isn't needed, wich is not necessarily a bad thing for everyone to do.
First thing I do is use GameBooster (downloaded at http://www.iobit.com/gamebooster.html), it has a wonderfull big button called "Switch to Gaming Mode" where you'll have an option to disable some programs that aren't needed for gaming, after you make your picks the program will in adition shut down all unneeded Windows Services.
Second thing I do is go to start menu>run>type "msconfig", there you can also disable programs and processes when your computer is turned on each time, I usually shut down 99% of the junk there.
Third thing I do there is manually turn off some programs/processes via Task Menager, CTRL-ALT-DEL and remove programs that weren't shut down by the two methods written above.
Now you should have twice as less processes running on your PC, press CTRL-ALT-DEL and go processes. Every process that looks weird or one that you haven't seen before you can simply go google "what is 1l1k3b0ob1e5.exe" and you'll get about 20 pages with the answer. If you get a result that you have a virus/trojan/spyware/keylogger/something you simply go scann your PC and get rid of it.
Over time you should learn all processes that are running after you do those two things and it'll be cake easy to spot new/unknown processes that could be fatal.
-
I believe that most of the security tips that can be handled manually have been covered above, lets proceed to software usage.
1. Windows updates:
While they may sound insignificant they oftenly add security changes aswell as modifications that could boost your performance.
All of those can be found at: http://windowsupdate.microsoft.com
2. Adobe Flash Player:
Adobe Flash Player has been known to have security leaks every now and then, to avoid those make sure you always have the latest version of it wich can be downloaded here:
http://get.adobe.com/flashplayer/
3. Spyware.
Spyware is a general term for a class of software that monitors the actions of a computer user. This software falls into a number of categories: Software that may be installed legitimately to provide security or workplace monitoring, software with relatively benign purposes that may be associated with marketing data collection and software that is maliciously installed, either as a general violation of a user's privacy or to collect information to allow further attacks on their computer or online transactions (e.g. "key logging" to gain passwords).
In general, spyware can affect the performance of the computer it is installed on, as quite often this software will attempt to send any gathered information to a host server. This can affect latency or may greatly reduce the speed of your internet.
For more informations regarding Spywares feel free to check http://en.wikipedia.org/wiki/Spyware
Here's a list of few free anti-Spyware programs:
Ad-aware SE - http://www.lavasoft.com/
Spybot - Search and Destroy - http://www.safer-net...rg/en/download/
Windows Defender - http://www.microsoft...re/default.mspx
Spyware Blaster - http://www.javacools...areblaster.html
MalwareByre (Suggested by Mobb) - http://download.cnet....html?tag=mncol
My choice is Spyware Doctor, however that one is not free.
http://www.pctools.com/spyware-doctor/
Make sure to do a full Hard Disk scann once a week after you've done installing either of the above mentioned anti-spyware programs.
4. Viruses, Trojans and Rootkits:
4a. Virus, a virus is a program written to cause mischief or damage to a computer system. The majority of viruses do damage, whether to your files, your registry, or even your hardware. Viruses are hard to detect, easy to propagate, and difficult to remove. The most common way to be infected by a virus is via e-mail and downloaded attachments.
4b. Trojan is a simple piece of software which may perform a certain action or appear to perform a perfectly normal action but in fact performs another, usually malicious function. They are not viruses but are often used to open a so called ‘back door’ into your computer system that will allow viruses to enter. A Trojan cannot replicate like a virus can but just as difficult to detect often masquerading as similarly named system files or programs, most often these programs will start up when the computer does and as such will keep performing it’s malicious functions.
A list of known Trojans that will compromise your account's security can be found here: http://eu.blizzard.c...articleId=19644
If you click on any Trojan from that list you'll find a list of options that you can chose in order to remove it from your system.
Here's a list of some of the most popular anti-virus programs:
Avast - http://www.avast.com
AVG - http://www.grisoft.com
Kaspersky - http://www.kaspersky.com/trials (Trial)
My personal choice is Kaspersky anti-virus. I've tried Avast, AVG, Kaspersky all 3 worked perfectly except that Avast is a huge memory hog, aswell as the fact that you cannot completely shut it down makes it bit annoying.
4c. What is a Rootkit?
A rootkit is a program that is designed to take control of a computer without the authorisation of the systems owner, typically rootkits are difficult to locate and can only often be discovered if you use specific software to search for them. Rootkits can also act like Trojans and as such can present similar risks should you have any on your machine.
Rootkits can sometimes be installed for legitimate purposes, but they often represent a security risk as they can be exploited by virus writers or other malicious individuals for their own purposes.
Here's some free Anti-Rootkit Sofwares:
AVG - http://free.grisoft....s/frt/0?prd=arw
Gmer - http://www.gmer.net/files.php
F-Secure - http://www.f-secure....blacklight.html
SysInternals - http://www.microsoft...itRevealer.mspx
5. Web browsers and cookies:
5a. Web browsers are one of the main "gates" of malicious softwares in your computers. I've read endless posts about Internet Explorer being broken and being a gigantic entry for things-you-don't-want on your PC. I've always been using Mozilla Firefox wich can be downloaded at http://www.mozilla.com/en-US/firefox/
5b. Another handy tool are Mozilla Firefoxx addons. Those below were posted by Tangles and are a must have:
AdBlock - https://addons.mozil...efox/addon/1865
Blocks adds on sites, you can add exceptions if you want for sites that you like such as Arenajunkies.com because blocking all adds kills a sites revenue stream if its users are not loading adds.
FlashBlock - https://addons.mozil...refox/addon/433
Flashblock will block all embedded flash objects on a page, you can add exceptions for trusted flash heavy sites like Wowarmory.com and Youtube.com
NoScript - https://addons.mozil...refox/addon/722
Will project you against Javascript attacks among other things.
5c. The cookie is sent as an HTTP header by a web server to a web browser and then sent back unchanged by the browser each time it accesses that server. A cookie can be used for authentication, session tracking (state maintenance), storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing textual data.
As text, cookies are not executable. Because they are not executed, they cannot replicate themselves and are not viruses. Due to the browser mechanism to set and read cookies, they can be used as spyware. Anti-spyware products may warn users about some cookies because cookies can be used to track people or violate privacy concerns.
More can be found at: http://en.wikipedia....iki/Web_cookies
You can set the ammount of cookies that will be stored on your PC with Mozilla Firefox.
In addition cookies can be found in those folders:
X:documents and settingsadministratorcookies
X:windowstempcookies
(obviously X= the disk partition where your windows/admin folders are)
6. Firewalls:
A firewall is a hardware or software solution to enforce security policies. In the a real world analogy , a firewall is equivalent to a lock on a door - it permits only authorized users such as those with a key or access card to enter. A firewall has built-in filters that prevent unauthorized or potentially dangerous material from entering the system. It also logs attempted intrusions.
In this day and age it is very important to have some form of Firewall protection if you spend any amount of time on the Internet. There are always persons out there who are happy to exploit those who are not protected, steal information and cause harm.
More about Firewalls: http://en.wikipedia.org/wiki/Firewall_
One of the more useful features of many firewalls is the ability to alert you to any programs or files that are attempting to access the internet. This is good way to alert any user to a possible spyware infection so action can then be taken to block that file and then take the appropriate steps to remove the problem.
The following software firewalls can protect your computer from unauthorised intrusions and will warn you before applications already on the system can access the internet.
ZoneAlarm - http://www.zonelabs.com
F-Secure - http://www.f-secure.com
Comodo - http://www.personalf...all.comodo.com/
Sunbelt - http://www.sunbelt-s...sonal-Firewall/
