Curse

Phaern Majes · Feb 16, 2007, 04:36 AM // 04:36

I sincerely doubt that Gaile has deliberately lied to us. If anything its probably a case where she was told something, passed it on to us, and then it turned out the devs couldn't do what they thought. I mean seriously what would they get by deliberately lying to us? We already bought the game....

Meat Axe · Feb 16, 2007, 05:03 AM // 05:03

I feel sorry for your friend, especially since, this being the second time, I'm assuming she is considering leaving the game. It is a problem if you cannot change your password or email once you've linked your account to PlayNC (I don't really know much about it, I've never had any reason to link any account to another site. I'm going by what a lot of people on here are tending to have problems with).

However, I've never been hacked, and I use the same email for everything. I'm getting better in the fact that I've stopped using the same password for everything, like I did years ago when I first started joining things on the internet. Here is a list of programs you and your friend should consider getting, that I find helps a lot in keeping out spyware and potential threats to your security:

Eset Nod32 - Really great anti-virus protection. Unfortunately, you have to pay for a full license. It's never failed me though.

Ad-aware Personal from Lavasoft - It's a really great spyware and adware detection program. Just use it to scan every couple of weeks, or even every week, and it'll pick up all spyware, whether it's potentially dangerous (Trojans or key-loggers) or not (simple tracking cookies).

ZoneAlarm - This is a good little program because you can tell exactly what programs should be allowed to access the network and internet. If a program that doesn't have permission tries to access it, then it pops up with a box notifying you, and doesn't let that program have access until you've allowed it to. Sure, it blocks GW every time there is an update, but I think having to click "Allow" every time there is an update is worth the effort for that extra security. There is a free version on their website, but it's a bit hard to find. Just go into products and it should be listed somewhere.

Finally, there's the new NVIDIA firewall that I noticed when I bought my new computer and updated the drivers (I don't know if it's actually new. I haven't used NVIDIA stuff for awhile, since I've only had a laptop for the past year). It's called ActiveArmor, and it's so much better than the crappy windows firewall. It works the same way as ZoneAlarm does, blocking everything that doesn't have permission.

Using these tools could be the difference between getting hacked and not getting hacked. Never allow any programs to access the network/internet that you don't know what they are. Try not to download add ons for games, because that would be creating more risk. I won't argue that these are the best, or that I'm extremely knowledgeable when it comes to internet security (In fact, my brother suggested these as ones I should use), since I haven't tried every piece of software out there, but these are the ones I use, and have found effective. If anyone else has any suggestions as to what security programs they have found good, consider posting those as suggestions, instead of the usual "Ha, you got hacked! should have been more careful", because of the simple fact that no one knows what's best for their security until they learn.

Quote:

Originally Posted by Pwny Ride

Yea but the sad thing is how many times has Gaile said something and it turned out to be a lie? From my experience ive learned not to trust anything she says if shes not 110% sure on the matter, shes as bad as the next person.

Now finally, you can't blame Gaile if information that she provides doesn't pan out straight away. She's not lying about it, she's the community liaison officer, and she can't make a team focus on one thing more than others. She can only relay what the dev teams let her know. There are all sorts of complications that can arise when trying to implement a piece of software, or an update to one, and sometimes things can't happen overnight.

Feminist Terrorist · Feb 16, 2007, 05:29 AM // 05:29

I would strongly suggest adding Spybot Search and Destroy to your computer, in addition to AdAware. They complement each other well, just don't run them both at the same time.

Loviatar · Feb 16, 2007, 05:35 AM // 05:35

Quote:

Originally Posted by Meat Axe

It is a problem if you cannot change your password or email once you've linked your account to PlayNC

i just changed the login screen password in 2 minutes flat so ALEX WEEKES is correct that you can easily change it.

again before someone yells i repeat................

this was the login screen password not my play NCsoft account password

WRONG ON ALL COUNTS ON ADAWARE BY LAVASOFT

the latest pc magazine spyware roundup showed that it failed to either detect/remove KNOWN keyloggers on the test system

Quote:

Ad-aware Personal from Lavasoft - It's a really great spyware and adware detection program. Just use it to scan every couple of weeks, or even every week, and it'll pick up all spyware, whether it's potentially dangerous (Trojans or key-loggers) or not (simple tracking cookies).

JUST WRONG

this product DID detect/remove/disable the keyloggers as well as rootkits

http://www.pctools.com/en/spyware-doctor/

EDIT

spybot was given the nod as a backup to the MAIN spyware you use but that was it

Hockster · Feb 16, 2007, 05:45 AM // 05:45

Most keyloggers targeted at GW users are custom written. They would be extremely difficult to be detected by any spy ware/AV app. If they piggyback on another app, even many firewalls won't catch them either. Ad Aware isn't really a keylogger detector anyway, it generally only catches cookies, and a few other forms of malware. It's okay, but don't count on it exclusively. That can be said of most every system utility.

Meat Axe · Feb 16, 2007, 05:59 AM // 05:59

This is exactly why I also recommended getting a program to detect programs trying to access the internet as well as programs that are trying to access your computer. Spyware and anti-virus software don't always pick things up. It's impossible to make a program to pick everything up, what with the ever-changing way that these hacks are written. Which is why I listed a number of options.

Now, Ad-aware may be not that good. I don't know, I didn't see that article, and I only use it occasionally when I feel there's a real need to (if my computer is running slowly for no apparent reason, I'll definitely run it). So if you feel like it might not add enough protection, don't get it. But it's stupid to only get one program and expect it to stop absolutely every bit of spyware and viruses out there.

... And I just reread the end of Hocksters post, and I say this: what he said.

Gaile Gray · Feb 16, 2007, 06:09 AM // 06:09

Quote:

Originally Posted by Phaern Majes

I sincerely doubt that Gaile has deliberately lied to us. If anything its probably a case where she was told something, passed it on to us, and then it turned out the devs couldn't do what they thought. I mean seriously what would they get by deliberately lying to us? We already bought the game....

Thank you. I would never deliberately lie. We thought that some modifications would be along quite some time ago, but in fact it's taken longer than we anticipated. All of us would like to move forward on the changes, but ask for your patience for a while longer.

I do have a solid grasp on what you want in the way of security, and as I said, one of our co-founders contacted that portion of the technical team today to see if we could move forward on making it easier for you to reset your GW user name, password, and so forth, no matter whether the account is tied to PlayNC or now. I saw the email he sent, and I know the team members who will work on it. I do believe that the team will do their very best to move forward with updates to amend this situation. Our apologies, again, for the delay in making the changes.

Loviatar · Feb 16, 2007, 06:10 AM // 06:10

Quote:

Originally Posted by Meat Axe

Now, Ad-aware may be not that good. I don't know, I didn't see that article, and I only use it occasionally when I feel there's a real need to (if my computer is running slowly for no apparent reason, I'll definitely run it). So if you feel like it might not add enough protection, don't get it. But it's stupid to only get one program and expect it to stop absolutely every bit of spyware and viruses out there.

... And I just reread the end of Hocksters post, and I say this: what he said.

http://www.pcmag.com/article2/0,1895,994103,00.asp

Quote:

Ad-aware found a respectable amount of our spyware and removed most of it. On the other hand, although the program claims to remove Trojans and key loggers, it left NetBus and NetObserve intact. And although it claimed to have removed Alexa, the Alexa toolbar was functioning afterwards, apparently still sending back information.

note that the product i linked caught an NCsoft specific keylogger that targeted Lineage II on my system.

as for running it every so often by then the damage will be done.

i update SWDoctor each morning and scan the system each time before logging into GW.

i also have zonealarm pro and a router firewall as well

Meat Axe · Feb 16, 2007, 06:30 AM // 06:30

Quote:

Originally Posted by Loviatar

http://www.pcmag.com/article2/0,1895,994103,00.asp

Can I just point out that that article is over 3 years old?

But that's beside the point. Don't use it if you don't want to. And yeah, you really should do a scan pretty much every day, but I'm too lazy for that, and I forget. I mostly use ad-aware to remove harmless spyware that is slowing down my computer. Yeah, I know, it's stupid. But I've never had any hacking issues with my computer. I have had a couple of Trojans try to get in, but guess what? I did a scan with Ad-Aware and it got rid of them.

However, I strongly recommend getting ZoneAlarm. It's good if you can prevent malware getting in, but if that can't stop it, at the very least don't allow them to send the information back out.

Alex Weekes · Feb 16, 2007, 09:39 AM // 09:39

Quote:

Originally Posted by Hockster

Last time I checked on my own Master account, I incorrectly entered a password 15 times and never triggered a lock out. That was about two months ago. Fifteen attempts is way too high. It should be no more than five.

There have been a couple recent threads here where the users stated getting a huge number of the auto response email about someone attempting to access an account. If the lockout mechanism in in place it appears that it is nonfunctional.

Apologies, you are correct. I was mistaken about which stage the lock out was implemented at. I've edited my earlier. Lockouts apply to incorrect attempts to reset a password.

I'll ask our PlayNC people about the possibility of adding this to actual login attempts as well.

Alex Weekes · Feb 16, 2007, 09:42 AM // 09:42

Quote:

Originally Posted by explodemyheart

I want to change my account email, but I can't because I can't find an option anywhere to do so. Before I linked to PlayNC, I was able to and did so a couple of times. I can't do it through 'edit account', it just sends me to the PlayNC website. Once logged into my PlayNC account, I can't find anywhere to change my account email. I can change my contact info email, but for my account info and details, I can only change my password.

I think that may be part of the problem that the OP is trying to express, but I could be wrong.

Once you link to PlayNC your email that you use as a username is only ever used for that purpose - as a username. The email address can expire and someone else take it up, and your account will not be affected. It is your contact info email address that is used for all further email correspondence with you (such as changing passwords).

Having said that, we understand why the removal of an option to change your username is of concern.

Code=007 · Feb 16, 2007, 03:04 PM // 15:04

Quote:

Originally Posted by Alex Weekes

I'll ask our PlayNC people about the possibility of adding this to actual login attempts as well.

yes please...

NeHoMaR · Feb 16, 2007, 06:16 PM // 18:16

Quote:

Originally Posted by Burst Cancel

So please, take your tough-guy "you deserved to be hacked" bull**** somewhere else.

I clearly understand security must be improved in Guild Wars, some bad email services has better security features, and I prefer lose all my email accounts than my GW account.

BUT ... security start in your computer, you CAN'T be "hacked" if your are smart.

More Outrage · Feb 18, 2007, 03:02 AM // 03:02

I hope I don`t have any of the above problems, I`m changing ISPs this week and looked into changing passwords and e-mails a couple of months ago in preperation for the event. Everything seemed ok but after reading this thread I`m now not so sure.
Oh well we`ll see.

P.S. if you are using "add ons" or any other 3rd party programs it serves yourself right if you get hacked, just think yourself lucky you still have an account.

Lonesamurai · Feb 18, 2007, 03:06 AM // 03:06

Quote:

Originally Posted by More Outrage

I hope I don`t have any of the above problems, I`m changing ISPs this week and looked into changing passwords and e-mails a couple of months ago in preperation for the event. Everything seemed ok but after reading this thread I`m now not so sure.
Oh well we`ll see.

P.S. if you are using "add ons" or any other 3rd party programs it serves yourself right if you get hacked, just think yourself lucky you still have an account.

I had no issues... the Log-on email address ont eh log-on screen is just there for that, if you add the game to a PlayNC master account, which you have to to use the in game store BTW, then you can change the email address and password there, ok the log-in email address won't change, but the contact one will and if I remember correctly, if you believe someones gotten your details, its pretty hard to change the password now aswell, I remember it took me blody ages to do and most hackers aren't bothered doing that to get an account

Zonzai · Feb 18, 2007, 05:46 AM // 05:46

Quote:

Originally Posted by Shanaeri Rynale

Never use your GW user email for anything else,

Uh... yeah sure right.

I don't mean to slight you, but that's just not practical; in any way shape or form.

-EDIT- Typo.

Asrial · Feb 19, 2007, 01:30 AM // 01:30

Quote:

Originally Posted by Loviatar

i update SWDoctor each morning and scan the system each time before logging into GW.

i also have zonealarm pro and a router firewall as well

I have no anti-virus software. I have no anti-spyware software. My computer is OUTSIDE my router's protection.

I DO have ZoneAlarm Pro running.

I've NEVER had a virus or spyware infection. I've NEVER been 'hacked'.

Why?

..because I don't search for wierd files to download and infect myself with.

Look for the fishy tools and you're gonna get phished.

Antheus · Feb 19, 2007, 03:45 AM // 03:45

A little warning:

GW specific keyloggers will NOT trigger anti-virus/anti-spyware if they are even remotely well written.

Anti-virus software works for general viruses and trojans.

Anti-spyware can monitor certain behaviour, but not all.

GW specific keylogger fits into neither categories and is only interested into one thing: guild wars executable. Even more, with specific knowledge of GW it's possible to bypass even network monitors so that even general firewall doesn't trigger.

So downloading any kind of hacks, bots or similar add-ons for GW is asking for trouble. There are no working add-ons of any kind, with possible exception of GWFreaks.

Just don't download stuff that would be GW related.

Last possible attack would be spoofed PlayNC site - something completely unrelated to PlayNC, but in the same way eBay and Amazon spoofs were used to steal CC info. But that is unlikely, as any such attack has never been reported.

Also, never share passwords. Your computer might be ok, but the person you're sharing with might unintentionally expose the information.

Shmanka · Feb 19, 2007, 07:28 AM // 07:28

Quote:

Originally Posted by NeHoMaR

BUT ... security start in your computer, you CAN'T be "hacked" if your are smart.

Thank you for stating the most obvious thing everyone sadly doesnt know.

The problem here is that the "interweb" can't read the OP's mind so he complains saying there are "loopholes" when the loophole started by trusting someone else logging in on your account. Thats it, period. NCsoft security is a one time seal deal to a specific email/acount name you choose for your own security purposes. Having the option to say completely change your email would have lost your friends account long before you can even post this. Personally, I prefer it this way.

Quote:

Originally Posted by explodemyheart

If you had actually read the thread and paid attention to what his actual complaint is, you'd know you're wrong.

What you should have learnt by now is to also read between the lines. It's not everyday someone quote-unquote "best friend" gets his/her account hacked apparently "consecutively" because he did everything right and the fault is rightfully pointed to Anet.

Amy Awien · Feb 19, 2007, 11:48 AM // 11:48

Quote:

Originally Posted by Gaile Gray

If you set up your account through PlayNC, it seems to me you have an extra layer of security: PlayNC name, game user name, password. I could be mistaken, but that seems better, not worse.

An account through which security credentials of another account can be changed provides an additional opportunity to compromise the first account. It is not an extra layer of security, but just the opposite: an extra backdoor.

An extra account also adds to the (possible) confusion with the user about the different options and procedures. Confusion about, and improper handling of security related procedures are an important negative factor in maintaing security.

Quote:

Originally Posted by NeHoMaR

Solar Light, I am so sorry to say the security hole is in YOUR computer. If you use a good correctly configured anti-virus and firewall you will NEVER be hacked again EVER.

The first thing most helpdesks ask of their users is to disable firewalls and anti-virus software, while most installation software - and their instructions - requests that you disable anti-virus software.

And neither firewall nor anti-virus software will, btw, protect you from keyloggers, 'third-party-programs' that realy account login information or other malware designed to collect information, and they will most certainly not protect you from hacking attempts that use any form of social engineering.

So, before you continue to bash the OP, or anyone else, regarding computer security I'd suggest you get informed first, because it is painfully obvious that you don't have a clue.