There is not many things in WoW more upsetting than having your account stolen, your characters strip mined for gold and possibly the entire contents of your guild bank looted. To help stop this happening to you, I've put together a quick guide showing how to minimize the risk of it happening to you. There is no silver bullet that will make you secure, but by layering on your defenses, you can make sure your not an easy target.
First up lets talk about how you get/got hacked and then I will detail some things you can do to reduce the chances of it happening (again?).
So what can be done about these things? Here is a list of things you should and shouldnt consider doing to avoid getting pwned.
- Password stealing Trojan/Malware.
There are a number of ways you could get one of these, generally though it comes from something you downloaded, either deliberately, or against your will. Using a browser that is out of date, or has a vulnerability that a website can exploit is one way. Downloading cheats/guides/bots/tools/addons(not all addons are bad) can also lead to you getting infected.
- Getting socially engineered out of your credentials.
Blizzard will NEVER ask you for your password. Any email you get that looks like it came from Blizzard asking for your details, did not come from them. No matter how convincing it looks, never give your game name/password out over email/chat, even in game.
- Using a leveling service, or buying gold.
Generally to have your character leveled, they need your login name and password. They then have access to make changes to your account that can lead to them being able to reset the password at a later date and clean you out.
Some of the above is common sense, some is not. Nothing will make you 100% secure but some of the above can certainly help reduce the chances of it being you cleaning out the guild bank while guildies franticly wonder whats up.
- Make sure your system is up todate for patches. (Windows) (Mac).
- Enable a firewall. (Windows) (Mac)
- Dont use internet explorer. (heres why)
- Use Firefox, with the "NoScript" addon.
- Only login to worldofwarcraft.com with SSL.
- Use the Blizzard Authenticator
- Info on Mobile Authenticator for various mobile phones (including iPhone) -- Blizzard Support
- Dont download porn/warez/cracks
- Becareful downloading updates for WoW from non Blizzard servers. Use their mirrors.
- Dont download addons that are not in a zip/rar format, or that contain executeables. LUA scripts dont contain password stealing trojans or have access to steal that kind of information (yet). Only download from reputable sites.
- Install a good Antivirus. Most of the free ones are better than the ones you pay for. (I like clamwin) (PandaCloudAV is free, and pretty good.)
- Install Spybot Seek & Destroy
- Get a Hijack This checkup regularly to spot weird stuff.
- Becareful where you browse.
- Dont buy gold, or use a leveling service.
if you have other tips, feel free to add them below and I will include them.
Last edited by Warwench; 01-27-2010 at 03:35 PM.
Of course, it only seems to be available for US customers. =\
Not-US: Blizzard Store
I've worked with this technology (Vasco Digipass - no I don't work for them ) in a professional capacity. It's a very good system, and well worth the six bucks. In my opinion, they should just drop an authenticator in every new-account box.
Get one. Seriously.
I use a password protection program that requires a complex password to log into to get my WoW password. I then copy that password to my clip board. Then shift insert it into the log in field. In 10 seconds the clip board is wiped clean. All a key logger would get is "shift insert" or something totally worthless.
On top of that I have the Blizzard Authenticator, Avast Anti-Virus, and Windows Defender.
I have had zero security issues with this set up and I doubt I ever will. I highly recommend Avast for a anti-virus. It allows you to do a pre-boot scan of your PC. Meaning it shuts down your PC then just before windows loads it scans your system while its still in DOS mode. This prevents nasty viruses from jumping around once they have been found to a file you have already scanned, or worse getting into your recovery drive.
There is something so appealing about backhanding someone across the face with a shield.
You can run Vista without it, and xp in admin right. "hey, come right in, i have no restriction". its one of the first reason a computer get infected, "everyone" running admin right.
Honestly, since SP1, i must get 2 or 3 UAC message in 4 or 5 hrs.
I have disabled UAC on my Vista and dont plan on ever re-enabling it. The mediocre security it provides is not worth the hassle. I am used to having to provide my root password on my Ubuntu installs when I want to do certain things but UAC was just annoying, not from having to provide the password but from the random issues it created with software that was not designed to be run with it.
UAC is not something I would recommend to anyone, regardless of the good intentions it has. It's probably very useful in particular situations but like SELinux, more of a pain in the ass than helpful most of the time.
UAC wasn't designed for anyone who has a remote idea as to what they are doing. There are alot more people out there who don't understand much, if anything, about network and computer security that people that do.
I agree with one of the things said above, just dont go to sites that would give you these bad things, dont download porn or torrent files and problem solved. Use common sense on the internet lol.
I dont use an antivirus program, I have AVG installed, but it stays disabled until I want to scan. Windows firewall, Windows Defender, Mozilla Firefox with the Script addon are all I use for protection.
Ive been doing it this way for 4 years now, and (knock on wood) I have never had any issues. The only time ive ever been screwed is when I had norton installed, and it got infected and spread to the rest of my computer back when I had windows ME.
Ill still buy the Blizz thing though, cause hell its 6 bucks, might as well.
Being careful and not clicking on sex leg links is definitely a good thing, but it's naive to assume that you can avoid them entirely that way.
exactly. quite often trusted sites can get compromised. that is why something like NoScript is a good idea.
if it gets totally owned and they are serving the script/malware up from the trusted domain, well your screwed. Thats why a layered defense is a good idea. There is no magic bullet, but you can reduce your risk dramatically by running overlapping protection on multiple layers.
and i bit down and said 7bucks is totally worth it for 1 time fee to protect my $15 dollar a month, several hundred dollars lifetime investment. i'll just keep it next to my PC so my g/f probably won't even notice it. ;P
Not to mention there was an issue recently that I read in an Irvine newspaper that said an ex blizzard employee used his high level of security to sell accounts that didn't belong to him. This is my #1 reason for grabbing the authenticator.
I don't care about the pw stealing, i'm pretty secure, and i use the copy/paste method as well. i've never had an issue with it, but if some douche bag who works at the very company i'm paying for wants to be a dick, he can and will cause me a lot of trouble in the process, much like identity theft happens a lot at restaurants because the employees will steal CC #'s
The authenticator negates just about anything anyone can do to you outside of being right next to you.
I'm just a little confused as to how it works exactly (my work has something similar for allowing us to work from home).
So you... just press the button and it gives you a temp password to login?