Wowpedia

We have moved to Warcraft Wiki. Click here for information and the new URL.

READ MORE

Wowpedia
Don't have an account?
Register
Advertisement
Register
Wowpedia
Wowpedia
274,795
pages
in: Outdated articles, Articles to clean up, Merge candidates, Guides
This article needs to be cleaned up.
It has been suggested to merge this page with Basic account security.
This article is outdated.

Security guide

Revision as of 12:37, 21 May 2009 by Tequima57047@legacy41576161 (talk | contribs) (→‎Keep Your Computer Updated: Added section on "Other software to update" and reference to security on Vista not being as good as claimed)
Sign in to edit


Introduction

Whilst the WoW game itself is relatively safe, there are several things you can do to protect your account, and information you have on your PC, from people want to steal it. WoW accounts sell for a considerable sum on the black market[1]. Thieves do not care that you spent five years getting a full set of T7 gear on every character[2] - they will sell it for the few pieces of gold they can get and transfer the money to gold farmers to make real world money[3].

Some of the things you can do to protect yourself are:

  • Keep your computer updated with the latest security patches from your operating system provider (typically Microsoft or Apple)
  • Install Blizzard Updates via the Launcher or from a machine you know has been scanned by a reliable virus checker
  • Install good security software including anti-virus, firewall and spy-ware checkers
  • Run a daily virus scan and on ANY file you download from the internet or from a friend's CD or USB stick or similar and turn off auto-run
  • Run a spyware scan at least once a week
  • Surf the web safely: Check web page links before you click on them; check the link matches that listed; use anti-phishing addons; use NoScript for FireFox
  • Buy a Blizzard Authenticator
  • Create a low-privilege account on your PC that does not have administrator rights. Use this for everything except when you need to update WoW or your other programs, or to run a full virus scan.
  • Password-lock your administrator account
  • Never, ever, share your account details as this could result in a permanent ban[4]

If this seems like a lot of effort, remember how long it took you to get all the gear you now have. Note also that it can take up to three weeks to get an account banned for botting and spamming (by the hacker) back. Some of your gear may never be retrieved completely.

Keyloggers will also have been after your log-in details to payment sites (such as PayPal), shopping sites (such as Amazon) and your bank and credit card details, so you may lose money in real life too.

The information on this page will never mean that your are 100% safe, as criminals are always coming up with new ways to "beat the system". However, like the camper who stopped to put on running shoes when his friend was already running from the bear, if you follow at least some of this advice, you will have a better chance.

Keep Your Computer Updated

Computer programs are complex things, written by fallible human beings. As such they may contain unintended flaws. One of the most frequently used ways of getting malware onto a computer is to exploit one of these flaws.

As a consequence the companies, or, in the case of Unix and Linux, the communities, who offer these operating systems (literally the programs that operate your PC), have to issue updates (patches) to fix them. These may address urgent security flaws, that could allow a criminal to craft a web page that could install malware (malicious software[5]) on your PC. Or they may be fixes to things like drivers (pieces of code that drive a piece of hardware to do something) for your peripherals (such as your monitor or printer) or internal hardware (such as your graphics card or hard disk) that make your game go wrong.

Malware used to be typically written to show off a cracker's skills, or cause damage by corrupting or deleting a user's files [6]. However, as broadband access became widespread, criminals realised that it was much easier to spy on a persons computer as they typed passwords into their banking website than to rob a physical bank [7].

Though it is often claimed in forums that Apple and Linux users are "safe", this is increasingly being challenged as criminals realise that these users have grown accustomed to being lax about security[8]. Vista's claim to be "more secure than previous versions" has also come into dispute in a recent survey of malware infestations [9].

Consider using software such as the free Secunia Personal Software Inspector to check all your other software is up to date. A full scan from a security suite such as Kaspersky Internet Security will also advise you of software with known vulnerabilities.

Windows Updates

Microsoft tend to issues weekly on "Patch Tuesday" but may release urgent fixes to address serious flaws at any point. If you trust Microsoft to get fixes right most of the time, or cannot be bothered with security stuff, then set Windows to automatically update with the latest patches as follows:

  • Log on to the account with administrator privilege
  • Click on Start (the windows button in the bottom left of your screen)
  • Windows Update (if it is not here, try Control Panel > Windows Update)
  • Click on Change settings
  • Select Install Updates Automatically, Every Day and choose a time when your computer will be logged on, but it will not affect game-play (such as 7 in the morning if you power up your computer then to check e-mail)
  • Check the boxes to "Include recommended updates" and "Use Microsoft Update"

If you are less trusting of Microsoft's ability to generate fixes that work and do not break something else[10], then you can choose a different setting.

Mac OS-X Updates

Mac OS X has a software update tool:

  • Click on the apple logo in the top left hand corner of the screen
  • Click on Software Update

For help on updating your Apple Mac, including how to set it to run automatically, see the Apple website "Mac OS X 10.5 Help".

Linux

If you are running WoW on Linux, you are probably technical enough to know how and why to update it. Otherwise, contact your Linux provider for information on how to download and install updates.

Other Software to Update

If you do not have version checker software, then check regularly for updates to:

  • Security software (preferably set to update daily)
  • Browser software such as IE, FireFox, Chrome and Safari
  • Portable document format readers such as Adobe or Foxit
  • Web content add-ons such as Adobe Flash, Real Player, NoScript and Silverlight
  • Office software such as Word, Excel, Lotus or Open Office
  • any other software installed on your computer such as games

Typically the software will have an option under Help to "Check for updates".

Install Blizzard Updates via the Launcher

Blizzard have supplied a launcher which should automatically download and install updates for you. This is particularly useful when there is a large patch as they typically make it available in sections which can be downloaded over several days, thus reducing the impact on your PC and their server. More information is at the Blizzard Background Downloader FAQ and Blizzard Downloader FAQ.

However there are times when the background downloader does not work. This seems to be an issue with Windows Vista users who allowed Blizzard to automatically create the Public > Games > World of Warcraft directory, though it also occurs with Windows XP users. Blizzard believe it could be conflicting background applications[11], though its advice on closing background services requires more technical knowledge of Windows XP[12] or Vista [13] to carry out safely than most non-expert PC people have. The advice on updating Windows is relatively sound. Or it could be a problem with security software conflicts, or the downloader itself[14]. One option to try is to backup the entire directory to a removable hard drive, delete the original and create a new c:\users\public\games\World of Warcraft directory from the administrator account. There are other issues and solutions scattered through the US and EU support pages and EU Technical Support Forum.

If you find you are still unable to download the patches, having followed all the forum advice, then the best option is to copy the WoW-n.n.n.nnnn-to-m.m.n.mmmm-enGB-downloader.exe file from a computer or user you trust to have a "clean" PC. Run your own virus checking software on the download media or email before your copy it across. Running this should download the patch direct. There are many mirror sites listed (including those on WoWwiki) but these have frequently been attacked by crackers, with the purpose of installing malware to capture account information. Use these only as a last resort, and check any listed URL by copying it and running a Who-Is query at a reputable site, such as Network Tools.com. Note that you may have to remove the "http://" part if the site requires it and leave just the first main part (up to and including, for example .com or .org or .co.uk). The second complication is obfuscated URLs[15]. If the URL contains the "@" character or "%40" then it will redirect you to the site after those characters. In short, if you are not sure it is safe, do not use it and contact Blizzard Technical Support for help.

Install good security software

Whilst free security programmes offer a bit of protection against some known viruses, like the difference between free plastic bags and the strong re-usable shopping bags, the paid-for software on the whole will work better in the long run. For gamers, the paid-for software tends to run faster (with some notable exceptions) and be less intrusive, often with an option to run in "game mode" that is not available with free software.

Necessary Software

As a minimum you will need:

  • Anti-virus - this checks files on your computer and that you download from the internet or media like USB sticks for software that should not be there and will cause your computer harm
  • Firewall - this sits between crackers and your computer and checks that the request to access your computer is legitimate

Ideally you should also have something to check for spyware, which, though it may not harm your computer, tends to send more personal information than you have authorised back to the company that created it. In the worst-case scenario, it may cause system instability [16], steal your email address resulting in spam[17], or result in Identity Theft[18] (where someone pretends to be you and opens bank accounts in your name, or even redirects your post). Anti-spyware will also check for ad-ware which slows your computer down and intrudes by popping up windows to their adverts. Typically these anti-spyware software are free, but they do require you to run and update them manually unless you buy a paid-for version.

If you think your computer is secure, and you do not need the hassle, try this tests:

Antivirus

As the best software changes annually, see Anti-virus for an up-to-date list and reviews.

You may want to look for anti-virus software with a games mode, such as BitDefender GameSafe[19]. Whilst these will not afford as much protection as a full anti-virus suite, they are designed to minimise the impact on game play. For example, when gamer mode is switched on, pop-ups will be disabled, and the update to virus signatures will be postponed.

Firewalls

As the best software changes annually, see Wikipedia - Firewall for an up-to-date list and reviews.

Anti-Spyware

Two of the best programs[20] are also free:

For a fuller list of anti-spyware and reviews, see 2-spyware.com project - Anti-spyware comparison.

Surf the Web Safely

The internet has been likened to the Wild West[21], travel at your own risk. So how do you protect yourself better?

Look Where You are Going

Not all web page links point to where you think they are heading. Take for example Thís Link to a joke.

Hands up if you clicked on it?

Always:

  • check in the status bar, or when you hover over it that the link matches the site it says it lists
  • watch out for unusual characters like í instead of i

Get a Look-Out

Consider installing anti-phishing software[22] that warns you if a link may lead to a known "dodgy" page. Examples include:

  • IE or FireFox: Netcraft toolbar (free)
  • McAfee SiteAdvisor (free) or SiteAdvisor Plus (paid for)
  • FireFox: NoScript add-on to prevent cross-site scripting

Beef up Your Browser

Consider changing to another web-browser that has a better record of preventing and fixing issues than Internet Explorer, the default browser supplied with your PC. Examples are Mozilla FireFox for Windows and Linux and Camino for Mac.

For e-Mail and newsgroups, you may want to look at Mozilla Thunderbird, or SeaMonkey which will also integrate your instant messaging.

Internet Explorer

If you must use IE, make the following changes to IE to improve on the default security[23]:

  • Open IE
  • Go to Internet Options > Security > Internet, then press "Default Level", then OK.
  • Press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

From now on, you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.

Sites that you are sure are safe can be moved to the Trusted Zone in Internet Option > Security. Though as servers can be hacked and defaced, it is better NOT to add any sites to this zone, but always prompt.

Check that Instant Message

Apply the same caution when using instant messaging.

How do you know it is your friend on the other end, and not his spiteful kid brother who is using his logged in account whilst he is out, or your worst enemy who has found out the password, or even a hacker from Russia or China? One of the most successful social engineering hacks is being carried out by a "Rasputin bot" or "SlutBot", that pretends to be a lovelorn human male or female[24].

When using Instant Messaging software (IM, Yahoo! Messenger, IRC, mIRC, ICQ, AIM, WLM etc):

  • Configure it using Tools > Options (or similar) to require contacts to be approved
  • Share the minimum of personal data (especially your birthdate) with "everyone"
  • Set it to prompt you to check links, approve video requests etc
  • If you use IM on any other computer, change your password when you return [25], as you don't know that your friend, or neighbourhood internet cafe, has not unknowingly installed a keylogger. (This is also good advice if you play WoW at a friend's house, change the password when you get home).

You may prefer to switch to a different multiple-access IM (readers are strongly advised to check for security issues and reviews before installation!) and change all your passwords regularly. These include:

References

  1. ^ 'Vuln left me naked and penniless' - http://www.theregister.co.uk/2007/04/10/wow_hijackings/ - The Register, April 2007
  2. ^ "Guild Member Hacked and Banned" - http://forums.wow-europe.com/thread.html?topicId=9036454824&sid=1, WoW Europe Forums, May 2009
  3. ^ "Cursor hackers target WoW players" - http://news.bbc.co.uk/1/hi/technology/6526851.stm BBC News, April 2007
  4. ^ "*IMPORTANT* - Battle.net Account Security" - http://eu.blizzard.com/support/article.xml?articleId=36070&searchQuery=log%20out&pageNumber=1 - Blizzard Support
  5. ^ Malware - http://en.wiktionary.org/wiki/malware - Wiktionary, March 2009
  6. ^ Malware - http://en.wikipedia.org/wiki/Malware - Wikipedia, 2009
  7. ^ Virtual Criminology Report - http://www.mcafee.com/us/local_content/misc/mcafee_na_virtual_criminology_report.pdf - McAffee, July 2005
  8. ^ World's first Mac botnet - http://www.guardian.co.uk/technology/blog/2009/apr/16/apple-macoxs-botnet - Guardian newspaper, April 2009
  9. ^ "Vista security credentials tarnished in malware survey" - http://www.theregister.co.uk/2008/05/09/win_malware_survey/ - John Leyden, The Register, May 2008
  10. ^ "Problem with KB951748 XP Update in Windows Update" - http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windowsupdate&tid=75c56160-fcbc-4a2e-a28b-ed738c12bc76&cat=en_US_56d1dd45-de9e-4fc5-9bc1-2d1d0de6daee&lang=en&cr=US&sloc=&p=1 - Windows Community Forum, July 2008
  11. ^ "Does your Blizzard Downloader fail to launch?" - http://us.blizzard.com/support/article.xml?articleId=21624&searchQuery=background%20downloader&pageNumber=1 - World of Warcraft Technical Support, May 2009
  12. ^ "Turn Off Unnecessary Windows XP Services" - http://www.jasonn.com/turning_off_unnecessary_services_on_windows_xp - Jason A. Nunnelley, April 2005
  13. ^ "Tweak Windows Vista services the right way" - http://blogs.techrepublic.com.com/window-on-windows/?p=720 - Greg Shultz, June 2008
  14. ^ "Download todays patch over and over" - http://forums.worldofwarcraft.com/thread.html?topicId=16473141623&sid=1&pageNo=1 - Neerdia of Rising Storm, April 2009
  15. ^ How to Obscure Any URL - http://www.pc-help.org/obscure.htm - PC Help, January 2002
  16. ^ "Spyware Effects and Behaviours - http://en.wikipedia.org/wiki/Spyware#Effects_and_behaviors - Wikipedia, May 2009
  17. ^ "Anti-spam bots - http://www.auditmypc.com/freescan/antispam.html - Audit My PC, May 2009
  18. ^ "Spyware Identity Theft and Fraud - http://en.wikipedia.org/wiki/Spyware#Identity_theft_and_fraud - Wikipedia, May 2009
  19. ^ "BitDefender - GameSafe Antivirus Defence review" - http://www.itreviews.co.uk/software/s680.htm - IT Reviews, November 2008
  20. ^ Spyware - Remedies and Prevention - http://en.wikipedia.org/wiki/Spyware#Remedies_and_prevention - Wikipedia, May 2009
  21. ^ "Internet is becoming as lawless as the Wild West, report peers" - http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article2231564.ece - Times Online, August 2007
  22. ^ "Netcraft Toolbar" - http://reviews.cnet.com/internet-security-and-firewall/netcraft-toolbar/4505-3667_7-32329363.html - CNet Reviews, Feb 2007
  23. ^ "How did I get infected" - http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I - Geeks to Go, May 2009
  24. ^ "Beware the CyberLover that Steals Personal Data" - http://www.pcworld.com/article/140507/beware_the_cyberlover_that_steals_personal_data.html - Sandra Rossi, Computerworld Australia, 2007
  25. ^ "Password Stealers Sit on Popular Download Sites" - http://www.pcworld.com/article/163033/password_stealers_sit_on_popular_download_sites.html - Erik Larkin, PCWorld

{Everything below this line needs checking and updating for accuracy and completeness}




Safe Browsing

COOL! I can go to all the websites in the world, now!
I guess you can do that, but you’re putting yourself at more risk than you should be. You should still exercise some restraints. Don’t go to websites that you know nothing about. More importantly, don’t view/go to .exe files or pictures like .scl. You should be given a notification on these forums when going to websites. Other than that, know most of the safe websites. For pictures, Imageshack.us, Photobooth, and Photobucket are usually the most widely used. For movies about World of Warcraft, a lot of people will use Youtube.com, video.Google.com, or Warcraftmovies.com. If you’re looking for quest information or the likes, you can go to Allakhazam.com, Thottbot.com, Wow.Stratics.com, WoWHead.com, WoWvault.IGN.com, and wow.Warcry.com. There are probably more, but these are the most secure ones. (As a note, you should NEVER go to a Tinyurl.com link. You do NOT know where this is going, and can compromise your computer! Also, don't forget to use the Blizzard Launcher! It can tell you if you have a key-logger and the likes! It's very useful!)

A Word from Blizz

I don’t trust you! I want an official post about this sort of stuff!
Ok.. I like you, too! It just happens that Kaone from the Customer Service Forum Team has made a post about key-loggers a while after my original post, which can be found at (http://forums.worldofwarcraft.com/thread.html?topicId=27963528&sid=1). He has some programs that I don’t have, and I have some that he doesn’t have. The programs listed by both of us are protective, though.

Routers

I’m looking for something more! I just don’t know what!
A lot of people prefer to use routers. Routers are basically, what most people define, a hardware firewall. It allows you to block certain ports and the likes. If you want some additional security, then you should buy one. There currently isn’t a way to just make one… At least, not one that would be easy to create. You can find an array of different types of routers online at websites such as Amazon.com, Circuitcity.com, and Wal-Mart.com. A friend of mine recommends using NetGear.

File Extensions

Why do I have a picture that says IKILLEDYOU.jpeg in my World of Warcraft folder, but other file extensions aren’t shown?!
Quite simply, this is probably a virus. For slightly more advanced users, you’ll want to enable file extensions so that you’re able to view them. You don’t want to click on a file that is secretly IKILLEDYOU.jpeg.exe, now would you? In order to show file extensions for all files/folder, go to My Computer, click on Tools, go to the View tab, and click on the box that says “Hide extensions for know file types”.

What File Is It?

So… What’s this file that I found in my computer?! What’s this process in my process tree?! I’m so confused!
Well, it’s impossible for me to tell you what all of these are and what they do. Part of the information you can find off of Google.com. However, there are a few websites that I like that can provide information into .dll’s and such that may ease your mind. I like spyware-net (http://www.fbmsoftware.com/spyware-net/SearchComponentResults.aspx?af=2&searchtype=1) and their database. It has a lot of knowledge and is pretty good. It’s not perfect, but it should give you a general idea. As far as processes go, most people like to use (http://www.processlibrary.com/) or (http://www.liutilities.com/products/wintaskspro/processlibrary/). These are free, and safe.

Latest News on Viruses?

Hey, you! I want to know about the latest viruses and what’s affecting most systems! I also want to know where I can find a good amount of information about viruses affecting my system!
Fair enough. I found this link while going through the WoW Technical Support Forum to (http://www.viruslist.com/). It’s powered by Kaspersky Lab. It’s a very good website. Find a virus on your computer? Just go there, type it in, and it’ll give you information about it. Want to know the most viruses for each month identified by Kaspersky? Go there. It’s an awesome website, with tons of information available.

Upgrade to Vista

Dude, I got a computer for Christmas, and I just love Windows XP!
That’s great that you’re enjoying your new computer, but if it’s available for download for free, you’ll probably want to upgrade to Windows Vista. This is the most secure version of Windows that has ever been released, and I know of only security issue with thus far. However, it required remote access to the computer, so it wasn’t a major security issue like there has been with previous versions of Windows. Please refer to (http://en.wikipedia.org/wiki/Windows_Vista) for more information about Windows Vista and to see if you’d like to upgrade to it.

Pop Ups & WIM

I have this annoying pop-up message all the time! I don’t know where they come from! And what’s this Windows Messenger?!
Windows Messenger is a program that comes pre-installed in Windows that has a lot of security flaws. I’ve gotten a virus from it before, merely because my computer wasn’t safe because of it. This was a long time ago, before it was updated, but you’ll want to remove it. It’s just a horrible program that you can live without. (It should be noted that Windows Live Messenger and MSN Messenger is perfectly fine. You don’t have to remove these, unless you want absolute security.) In order to remove Windows Messenger, follow these steps: Start -> Run -> Type in (or copy/paste) RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove and click OK. This will remove it. If you want another method, try going to (www.google.com) and type in Windows Messenger Removal. Most have pop-ups, so I won’t link to them.

Belarc Advisor

I’m pretty computer savvy and I know my computer is protected more than anyone else’s computer!
(As a note, please do not download this program if you’re an inexperienced user. The suggestions from this program can mess your computer up if you’re not familiar with how computer work.) Well, is that so? Well, there’s a free program called Belarc Advisor that provides a lot of information about security for those who want their computer to be the most secure in the world, and know how to operate their computers. Inexperienced users such as me shouldn’t attempt the suggestions given. Please visit (http://www.download.com/Belarc-Advisor/3000-2094_4-10636466.html) for a download. It has a lot of great suggestions for users who know a lot about computers.


Source

This is a guide that Molotos initially created at:
http://forums.worldofwarcraft.com/thread.html?topicId=14513725&postId=145040217
for users who have key-loggers on their computer and are unsure of how to delete them.
I am revamping the initial guide, into this one, so that it is cleaner and easier to follow. Any suggestions are appreciated.
(It should be noted that this information is meant for basic users with limited knowledge of computers and their protection)

Other Links

Community content is available under CC BY-SA 3.0 unless otherwise noted.
More Fandoms
Advertisement

Fan Feed

More Wowpedia