Curse

Fril Estelin · Apr 23, 2008, 09:12 AM // 09:12

The question I'm asking may be simple, but it's actually quite complex. I'll first send a few links with info on the scale of the attack problem:
http://www.massively.com/2008/04/22/...aintream-news/
http://www.technewsworld.com/story/6...ome=1208940847
MMORPGs are becoming the next big thing to hack, because there's a load of money to make for them.

__________________________________________________ ____________________________
Now for the more concrete stuff:

1) Do you have an antivirus and a firewall running at all times (even when playing games)?

2) If so, are they automatically and regularly updated? (daily to hourly)

3) Do you run regularly anti-spyware software, such as Lavasoft AD-Aware and Spybot Search&Destroy (S&D)? (weekly or monthly)

4) Do you regularly update your Operating System and all applications? (possibly using the automated features such as Windows Automatic Updates)

5) Do you make sure that applications you install can be "trusted" (whatever this exactly means, e.g. you read reviews in a professional magazine or a reliable website, a knowledgeable friend recommended it to you, it's a paying app with customer support, etc.)?
See for example the list of 3rd party app that Anet lists:
http://wiki.guildwars.com/wiki/Guide...-game_graphics

6) Most importanly, do you have strong passwords and do you make sure not to use the same passwords for different site/applications?
To test your password strength, try these sites:
http://www.microsoft.com/protect/you...d/checker.mspx

http://www.securitystats.com/tools/password.php

http://rumkin.com/tools/password/passchk.php

7) Do you regularly clean your browser and application data (such as caches, saved passwords)? (weekly)
Look at the very usefull tool CCleaner for this job.

8) Do you regularly back-up your sensible data? (monthly)

9) What do you do to raise awareness about security and trust around you (e.g., other people using your PC, members of your family, friends, guildies, Alliance members, colleagues)?
__________________________________________________ ____________________________

If you answered NO to any of these questions (except 8), there may be something to do to strenghten your computer security.

The reason why I'm creating this discussion is to try to improve the overall situation of GW players' security. Individually, we may be fine, but as we say "security is as strong as the weakest link". If you're secure but someone connected to you and that you trust is not, you may end up with security problems. It's only by raising the security standards for each and every GW player that we're better protected individually. That's why question 8 was added.

Feel free to contribute in any constructive way you see fit.

Hyper.nl · Apr 23, 2008, 09:53 AM // 09:53

1) Do you have an antivirus and a firewall running at all times (even when playing games)?

> Yep. My Eset Smart Security is always watchful.

2) If so, are they automatically and regularly updated? (daily to hourly)

> Sure.

3) Do you run regularly anti-spyware software, such as Lavasoft AD-Aware and Spybot Search&Destroy (S&D)? (weekly or monthly)

> Yep, my security suite has anti-malware protection integrated in it. (Part of background scanning and on-demand-scan.

4) Do you regularly update your Operating System and all applications? (possibly using the automated features such as Windows Automatic Updates)

> Yes, I regularly download and install updates. Manually. I used to do this automatically but because MS Update rebooted my PC while playing a GW mission I had to turn it off...

5) Do you make sure that applications you install can be "trusted" (whatever this exactly means, e.g. you read reviews in a professional magazine or a reliable website, a knowledgeable friend recommended it to you, it's a paying app with customer support, etc.)?
See for example the list of 3rd party app that Anet lists:
http://wiki.guildwars.com/wiki/Guide...-game_graphics

> Not always. While I don't use 3rd party add-ons for GW I do download other software from the internet. Mostly from trusted sources but also from unknown sources. Everything does get scanned tho.

6) Most importanly, do you have strong passwords and do you make sure not to use the same passwords for different site/applications?

> Sure, I upgraded my personal password policy a few years ago and I think it's good now.

Fril Estelin · Apr 23, 2008, 10:09 AM // 10:09

Quote:

Originally Posted by flubber

yea, too bad that this is the wrong place to tell people what they should know

-1 post because the truth ain't worth it...right?

On the contrary, this is exactly the right place to do this job. It's much easier to advice people to "buy this AV or turn on this feature", it's much more difficult to raise awareness about the problem of security.

This is exactly what I'm trying to do, I've got no problem discussing security at a technical level, but what I'm aiming at is "spreading the word around" and reach the places where security is "low". This is where hackers will earn money and users will loose big time.

I'm a strong believer that a collective effort is the only way forward and everyone can contribute collectively, while individually you're only responsible for yourself and I can't do anything to help you if you don't want to. While it's easy to biggyback this problem onto education, I think that a more relaxed approach like discussing it is more efficient and will reach these people that are not aware or don't care about it.

Spread the word around you.

Thanks to the mods for the cleaning!

P.S.: if you have constructive criticisms, I'm all ears!

Anarkii · Apr 23, 2008, 10:11 AM // 10:11

I don't have an antivirus or firewall(XP firewall turned off) or anti-spyware.

.

Divinity Sword · Apr 23, 2008, 10:13 AM // 10:13

Just because it's newer, doesn't mean it's better. Good post for "teh nubz" though. Props.

Miska Bow · Apr 23, 2008, 10:31 AM // 10:31

YES to all. Running an unsecure PC is playing the E-version of russian roulette.

MoriaOrc · Apr 23, 2008, 10:37 AM // 10:37

No on 1-3 and yes on 4-6.

I used to do the others in the past, but #1 is a waste of cycles I'd rather be using, #2 is more of an N/A without #1, and #3 never found anything but the same old tracking cookies (all blocked now). I still set up new computers for others with 1-4 and encourage practice of 5 & 6, but I've found that I'm usually good enough at #5 that I don't need the automated tools to catch it.

I do have the tools around if I'm dealing with suspicious stuff, though. I just don't need to use it that often, especially since my current OS install is very "settled" and doesn't see a lot of new installs.

Stolen Souls · Apr 23, 2008, 10:40 AM // 10:40

1) Do you have an antivirus and a firewall running at all times (even when playing games)?

Yes, always.

2) If so, are they automatically and regularly updated? (daily to hourly)

Yup

3) Do you run regularly anti-spyware software, such as Lavasoft AD-Aware and Spybot Search&Destroy (S&D)? (weekly or monthly)

Yup...Ad-Aware scan every Friday

4) Do you regularly update your Operating System and all applications? (possibly using the automated features such as Windows Automatic Updates)

Yup...again, every Friday.

5) Do you make sure that applications you install can be "trusted" (whatever this exactly means, e.g. you read reviews in a professional magazine or a reliable website, a knowledgeable friend recommended it to you, it's a paying app with customer support, etc.)?

Well I don't really install a new app per day or anything like that...I'm not one for having a bajillion applications installed on my PC. I only have installed, stuff that I need. But yes, when I do need to install something I check it out first.

6) Most importanly, do you have strong passwords and do you make sure not to use the same passwords for different site/applications?

I try to use passwords that are as strong as possible and can't be guessed easily, but also that I can remember without having to write every one of my passwords down, or realizing "dang...*clicks the I forgot my password button*". I also have multiple email addresses, one of which is dedicated only to my Guild Wars account, which I do not give out to anybody, or use to register anywhere else.

Fril Estelin · Apr 23, 2008, 10:45 AM // 10:45

I added a seventh question:

7) What do you do to raise awareness about security and trust around you?

Kamatsu · Apr 23, 2008, 11:20 AM // 11:20

Please keep to the topic at hand. If you have any queries about deleted/missing post's then please PM a mod of this forum, or a forum Admin (such as Inde), and it will be looked into. Making public commentary about a mod's action's is against the Forum rules.

Please take the time to read the Forum rules:

http://www.guildwarsguru.com/content...nes-id2030.php

If you have any comments or suggestion's for the site, please either pm Inde or post in the site Feedback forum:

http://www.guildwarsguru.com/forum/f...splay.php?f=15

I MP I · Apr 23, 2008, 11:25 AM // 11:25

1. Yes. Though I do shut off certain functions while playing games.
2. Yes. If I bother to turn my pc on.
3. Weekly.
4. Yes.
5. Yes.
6. Yes.
7. No. I'm the only person that uses the pc.

MirkoTeran · Apr 23, 2008, 11:35 AM // 11:35

1. FW yes. AW no.
2. Yes.
3. Weekly (Scheduled).
4. Yes.
5. Yes. See *.
6. Yes.
7. For my home network - yes. I couldn't care less about the others. Their problems. Heck, I even get payed to fix them sometimes.

*But the first and the best point that is missing on your list is not to act like a idiot. With just a bit of common sense you can avoid 99% of the possible problems.

fenix · Apr 23, 2008, 11:43 AM // 11:43

NOD32 covers me for everything virus/firewall wise (although, haven't needed a firewall...), updates itself all the time etc etc.

Don't scan Spybot until I think something is wrong, which is rarely.

And I have a brain, so that about covers me for security. I think really NOD32 and brain are all I need, apparently reading things helps when you want to stop viruses and spyware. Oh, and I spose not installing everything without looking at it.

Pleikki · Apr 23, 2008, 11:52 AM // 11:52

Yes to all.. .. ... ^^

Fril Estelin · Apr 23, 2008, 11:57 AM // 11:57

Quote:

Originally Posted by MirkoTeran

not to act like a idiot. With just a bit of common sense you can avoid 99% of the possible problems.

Quote:

Originally Posted by fenix

And I have a brain, so that about covers me for security. I think really NOD32 and brain are all I need, apparently reading things helps when you want to stop viruses and spyware.

It's just too simply to piggyback the problem on "brains" and "idiocy", so long as you haven't made yourself the effort (with your brain) to understand why people are not "getting it". "Common sense" does NOT exist until you've made it explicit and explained what a majority should think, rather than what it does think. Put aside the lazy ones (because I or you can't go behind their screens and push them), how would you contribute to this thread to educate people? Define rules, behaviours and concrete steps on how to do that.

I'll go one step further than what I said before: security works like anti-virus body protection, where you need to be strong and healthy (eat 5 a day, vitamins, a bit of sport, room temperature, etc.) at your individual level but you also need good habits on how to behave in society (put your hands in front of your mouth when sneezing, wash your hands, etc.). Our security is dependent on others' and doctors try to raise awareness about these collective factors every day. Unless you live in a cave, with heavy walls (good technical knowledge), you can't escape this problem (many security professionals have been hacked).

(I'll put aside social engineering and risk calculation for the moment)
Thanks for your contributions!

MithranArkanere · Apr 23, 2008, 12:11 PM // 12:11

Of course. I have a friend and we test each other computers, looking for vulnerabilities. The first one finding one wins and the other must treat to a beer net time we meet.

This system works wonders.

fenix · Apr 23, 2008, 12:13 PM // 12:13

Okay, I'll give some tips. Just saying 'I have a brain' is a little simple.

On the most part, don't trust the internet. Don't trust popups, don't trust ads (unless they are on a site you trust, like Guru [<3 Inde]).

One good tip from me to you, is don't trust most of what is on Google page 2 and onwards. If you cannot find what you are searching for on Page 1, don't try the rest. It becomes further and further from what you want, and as you go, the content becomes seedier and seedier. Think of internet searches as an alleyway. For the most part, if you can't see what you want in the alley from the road, you stay away from it. Same goes for searches. If you can't see what you're after on page 1, don't go further.

This will stop a lot of the spyware/adware/malware from getting onto your computer.

Another good one, is don't ever open email attachments, unless you know for a fact that it's from a friend/colleague/etc. If the person sending it has physically told you "this is my email address", it's fine. Most of everything else isn't. I find that a lot of people are too trusting with email, but realistically...try to be the opposite.

A good way to stop all of this, is by using Firefox. Let's face it, Internet Explorer sucks. It is only the main browser because it comes packed with Windows. Firefox has less bugs, is more stable, and can have addons. This has been mentioned before, but you can get addons to do almost anything. Anything.

The best tip, is get a good anti-virus, that also has extra (handy) features, such as anti-spyware, or similar. I have used many over the years, and from experience, I would recommend the following;

1) NOD32. By far the best you can get, out of every anti-virus ever made.
2) Avira AntiVir. Free, 99%+ detect rate, and low CPU usage.
3) AVG. Free, 95%+ detect, average CPU, but lots of features.

Haven't tried any others, except Vet (bleh), as I did my research and those 3 were the best I felt I could get. Now that I have NOD32, I laugh at viruses.

I've come to recognise when Spyware is on this computer, as things start to slow down, and the internet can be affected. Unless you know the warning signs, I recommend getting Spybot Search & Destroy. It will detect almost every kind of spyware/adware/malware/etcetc, and is pretty fast too. It has some good features, such as the Immunize feature, which (god forbid) if you are using IE, it will automatically stop you from accessing something like 80,000 'bad' files, that contain the above 'wares'.

Aside from that, regarding my 'brain' comment, really make sure you're using it when you use the internet. Most people just assume things are safe, and mindlessly click through without thinking. Don't do that :P

Ctb · Apr 23, 2008, 12:32 PM // 12:32

I ran an XP Pro 32-bit machine for about a year and a half with no AV, no firewall, and never checking for junk. When I finally got around to it, I had one thing: a malicious java class. That always failed to launch.

Not doing obviously stupid things on the interwebs ftw.

Quote:

Another good one, is don't ever open email attachments, unless you know for a fact that it's from a friend/colleague/etc. If the person sending it has physically told you "this is my email address", it's fine. Most of everything else isn't.

I don't know what you're getting at here... just because it says it's from [email protected] doesn't mean it really is, because the only thing SMTP actually REQUIRES for successful delivery is the To: address (obviously). You can put whatever garbage you want in every other header field, and almost every machine on the planet has a telnet program, so almost every machine is capable of connecting to a mail server and doing just that.

Unless you were EXPECTING an attachment, you shouldn't open it. Besides... unexpected attachments are usually annoying and stupid anyway.

Quote:

A good way to stop all of this, is by using Firefox.

Absolutely false. Firefox is a good step, of course, but it won't save you from WINDOWS exploits that are accessed through the browser, bugs in other systems (image rendering, malicious flash ads, etc.), and it has shared a number of problems with IE throughout its history.

It's a good step, but don't give the false impression that it's a final one.

I always like to recommend Privoxy. It filters a lot of junk out and isn't terribly hard to get set up. I also like the big "blackhole" HOSTS files. Some purists whine about it, but the whole point of HOSTS is for a single machine to control its own idea of what is where on the network, so it's not breaking any standards, and unless you have a really old machine, the performance hit of loading all those entries isn't really a concern anymore.

Furthermore, simply turning on the Windows firewall is sufficient for 99% of home users. It's simple, it's fairly effective, and it stays out of the way for the most part.

JeniM · Apr 23, 2008, 12:57 PM // 12:57

1) Do you have an antivirus and a firewall running at all times (even when playing games)?

Yes, According to the Uni network safety tool I have 6 different anti-virus/spyware

2) If so, are they automatically and regularly updated? (daily to hourly)

Daily

3) Do you run regularly anti-spyware software, such as Lavasoft AD-Aware and Spybot Search&Destroy (S&D)? (weekly or monthly)

They all run between 3am and 6am on automated scans

4) Do you regularly update your Operating System and all applications? (possibly using the automated features such as Windows Automatic Updates)

I have SP3

5) Do you make sure that applications you install can be "trusted" (whatever this exactly means, e.g. you read reviews in a professional magazine or a reliable website, a knowledgeable friend recommended it to you, it's a paying app with customer support, etc.)?
See for example the list of 3rd party app that Anet lists:
http://wiki.guildwars.com/wiki/Guide...-game_graphics

My anti-spyware deletes TexMod every day so I have to re-download it alot, and I always check the mirror I use is the FileFront one. I avoid things like rapid share like a plague

6) Most importanly, do you have strong passwords and do you make sure not to use the same passwords for different site/applications?
To test your password strength, try these sites:

Strong, according to the microsoft one

7) What do you do to raise awareness about security and trust around you (e.g., other people using your PC, members of your family, friends, guildies, Alliance members, colleagues)?

Not alot actually

fenix · Apr 23, 2008, 01:14 PM // 13:14

Quote:

1) Do you have an antivirus and a firewall running at all times (even when playing games)?

Yes, According to the Uni network safety tool I have 6 different anti-virus/spyware

Actually, having more than one anti-virus is very counter-productive. You only want one running at a time, two can leech a lot of CPU power, and also can conflict with each other a lot.