Account Security and Theft Prevention

Since it seems there is a rise in fellow guildies having their accounts hijacked I thought I'd take a little time to write a post about the subject. Hopefully this will aid some of our fellow guildies and anyone else that reads this and prevents their account from being stolen...

 

 

Part 1: How WoW Helps Prevent Account Theft

I do not know how many players have bypassed the game launcher and made a link directly to the WoW.exe in the installation folder to launch the game directly however that is highly advised against doing. When the game launcher (Launcher.exe) was first introduced in the 1.8.3 patch on 11/08/2005 there was a specific section of the patch notes that should have been made much more noticable.

 

"In some regions, the Blizzard Launcher also scans for Trojan viruses and third party cheat programs and notifies you if it has located any on your machine. In addition to providing you with the benefits of additional anti-virus protection, the scan that the launcher conducts represents another security measure to protect your World of Warcraft account information and gameplay experience."

 

Basically, the launcher itself scans any running programs on your machine and immediately terminates any programs that are known to steal account information. Now this doesn't mean it is fool-proof but it does provide additional security to your vital account information from being stolen. I have never been prompted by the launcher that it has found anything on my machine, however I do know that it does what it was designed to do based on my conversations with others.

 

 

 

Part 2: Software Based Firewalls

Also, using software based firewalls such as Norton Internet Security (NIS), Mcafee, and Zone Alarm will further reduce the threat of your account being compromised. For those that do not know what a software firewall does, there are generally two pieces to each. It will monitor ports (or connection points) that your computer has open and stop outsiders from accessing them. Some of the more advanced firewalls will also monitor programs on your computer that are trying to access the network or internet and block them from accessing the network. The additional security provided is a vital to protecting viruses from transmitting your information over the internet to another computer waiting for your account information.

 

Personally, I like NIS. I've been using it for a while and it is highly configurable for different network zones. Also, whenever a new program tries to access the internet it prompts me to determine what it should do. I'm not telling anyone to go out and buy anything, however ensuring that the information stored on your computer remains secure should be a valid concern for anyone.

 

 

 

Part 3: Antivirus Scanning

I know everyone has had this beaten down to death by now, however there are some simple steps to make sure that your antivirus software keeps you safe from internet predators. There are a lot of different virus scanning programs out there these days which is a good thing. However, there are some things you need to be aware of and ensure you do as a user to ensure your private information stays private.

 

1) Make sure that your AV software can update itself and keep the virus definitions up to date. A lot of the newer scanners update themselves whenever your computer is started or daily.

 

2) When your computer is being scanned by the software do not click the stop button because your game speed is being slowed down. I'm guilty of this one and I'm sure others are as well. If you need to, reschedule the scan so that it runs while you're eating dinner or some other time where you're not sitting at the machine trying to use it.

 

3) Ensure that your AV software will monitor email and get an email client that it can check. This one is a major problem. Many of the newer viruses that transmit information are sent via email under various "phishing" methods to entice the user to install the software, screen savers, or other neat things that people find interesting due to a hobby they have.

 

 

 

Part 4: P2P Software

P2P software is about the largest security risk in the world right now. There is no validation that anything is what it claims to be and there is absolutely no way that any antivirus software will be able to determine if the file you downloaded is what it claims to be. Theoretically someone could write a trojan, make a few dozen copies of it and name it differently. Within about 2 hours that file could potentionally be on hundreds of thousands of computers connected to whatever P2P network they are using. Limewire, Bearshare, Kazaa, and all of these things are just a way of asking to get your computer broken into.

 

 

 

Part 5: Password Security

Now I know just about everyone in this guild is friends with each other and for that I applaud all of you! Finding a guild like this has been a very long journey for a lot of us. No where else will you find so many people that know each other IRL. Yet there still are some concerns you need to think about before telling people your password...

 

You've done all of the steps I talked about earlier and you know your computer is like Fort Knox. There is absolutely no way any idiot with their l33t hacker skillz is going to break into your computer. You've spent hundreds of dollars buying expensive software to protect your computer against this sort of thing. But what about your buddy you told your password to? How can you ensure that their machine is just as secure as yours is? What happens when they go to one of their friends' houses and login to your account from there?

 

The LAN parties we all love to attend pose an even greater security concern. However this does not mean you cannot be safe while still having a great amount of fun with each other. What would happen if one of those machines had a trojan on them and wasn't inspected before the LAN was to take place? People randomly grab an open computer and don't think that something could be on it. I mean hey, we're at a friend's house... what could go wrong? It would be awesome to do a manual update and a full system scan of all computers that will be made available for a LAN before it was to take place. That would immensely help reduce the threat of account theft.

 

 

Glossary of Terms:

Trojan: A trojan is a computer program designed to run silently on your computer and steal information, hook into your keyboard and monitor keys being pressed, and send the information back to another computer across the internet waiting for data. They are easily written and not easily detectable by AV software unless the AV software already knows about it. Trojans are capable of anything the developer that wrote it can think of not including remote control of your computer.

 

---------------

 

All of the points I've made above are all equally as important to keeping your account safe and prevent it from being stolen. Granted there are always going to be lapses in security and that can't be stopped. All you can do is protect yourself as well as possible and do your best at preventing this sort of thing from happening to you.

 

Also, if anyone that actually reads this has ANY questions about this sort of thing I will happily do everything in my power to assist you. You are all friends to me, and your account getting stolen is just as much of an attack on me as it is to you. If this little thread helps keep one of us safe then the time spent was well worth it.

 

<3 FP

well done Zedek

Thanks Zed!! very useful info, I'll make sure to keep those things in mind =)

<3 Zedek.

 

+1

yay! thanks =]

Thanks Zed!

One more thing to take note with the AV scanners, is many of the viruses out there have built-in functionality to kill the AV processes (IE killing realtime scanning), part of how I got nailed. So you need to make sure you manually perform a scan periodically to ensure everything is getting caught.

One more thing to take note with the AV scanners, is many of the viruses out there have built-in functionality to kill the AV processes (IE killing realtime scanning), part of how I got nailed. So you need to make sure you manually perform a scan periodically to ensure everything is getting caught.

 

Yeah I know there are viruses out there that kill the AV process to get through to the machine. I've had to deal with a couple worms that have done that at work before and caused a tremendous amount of problems for the business I worked for at the time. Many of the newer AV software out there actually have countermeasures built into them to prevent the process from being manipulated by other processes.