Curse

Fril Estelin · Apr 23, 2008, 01:29 PM // 13:29

Quote:

Originally Posted by fenix

Actually, having more than one anti-virus is very counter-productive. You only want one running at a time, two can leech a lot of CPU power, and also can conflict with each other a lot.

This is an urban myth, most AV companies know how to deal with other "serious" AVs (I hate the magazines with "free security suites" based on free AVs which add nothing to what other AVs can do). It's not necessary at all, unless you have very sensible stuff on your comp, but it works.

As Ctb said, Firefox is a good first step (I'd also advise plugins like NoScript) but you need to be very carefull all the time, but not paranoid. And be careful about email addresses, they sometimes look very similar.

(today in the BBC news, they announced that UK Internet Fraud amounted in 2007 to 500 millions pounds)

Etta · Apr 23, 2008, 01:39 PM // 13:39

Would "Stop going to the porn sites" help as well?

Fril Estelin · Apr 23, 2008, 02:12 PM // 14:12

I moved question 7 to 8, and added a new question 7:

7) Do you regularly back-up your sensible data?

Quote:

Originally Posted by Etta

Would "Stop going to the porn sites" help as well?

No it wouldn't help IMHO, because: a) it'd be insulting to the many people that don't frequent these sites; b) it'd derail the thread even further; c) if you know the general principle, you'll adapt to any situation (including the one you mention, though I don't see it often mentioned in the security field, I'm not even sure that these sites/companies want to hack their "customers").

Tamuril elansar · Apr 23, 2008, 03:03 PM // 15:03

i'm to lazy to install MCafee, got CD etc but can't be bothered.

Dylananimus · Apr 23, 2008, 03:07 PM // 15:07

Quote:

Originally Posted by fenix

A good way to stop all of this, is by using Firefox. Let's face it, Internet Explorer sucks. It is only the main browser because it comes packed with Windows. Firefox has less bugs, is more stable, and can have addons. This has been mentioned before, but you can get addons to do almost anything. Anything.

QFT. Though obviously as has been said...it doesn't protect you from everything. You need to have anti virus, firewall, and spyware programs running at all times.

Cautionary tale follows....

I just got a new computer. It's all shiny and fast and has Vista. First thing I did was put Firefox on it, then obviously anti virus software. I stuck with Windows Defender for the spyware, and didn't put on a firewall. I was thinking I'd be ok with my router firewall and the windows firewall enabled. It had always been fine on my old comp.

How wrong I was.

Yesterday I did a routine scan and discovered I already got two trojans. Trojans designed to steal passwords, especially of online games the user plays. Yikes!

The anti virus software dealt with them, and I checked my system to make sure it didn't actually do anything. As far as I can tell the virus hadn't had chance to do it's nasty stuff. Right away I installed another spyware program to run with Windows Defender (as I've been told it's ok to run more than one spyware program at a time). I also downloaded and installed a firewall, and disabled the Windows one, as basically...it seems to be crap.

The reason I think I got a Trojan at all? I was on IE for like 10 mins yesterday before I did the scan. I'd followed a link from some HP gaming stuff that came free with the comp (which I've since uninstalled), to a free game. It opened IE automatically instead of Firefox.

Moral? Put everything you possibly can on your computer to keep it safe...and DO NOT forget to scan every day. Yes, every day. Especially if you use IE.

Ctb · Apr 23, 2008, 03:11 PM // 15:11

And, I know there are some DNS purists who get all pissy about doing it (and they're wrong since the HOSTS file is the original "DNS"), but I really like to use those big hosts files full of known baddies on machines I don't directly maintain. That and Privoxy keeps people out of a lot of craptastic sites, and nobody is going to come and complain to you that they couldn't get into some Russian site they found in Google after they searched for... uh.. yea...

Quote:

Put everything you possibly can on your computer to keep it safe...

No.

Adding extra chotchkies increases the probability of exploitation by increasing the complexity of the machine. Use 1 of each of the following:

- A reliable firewall, hardware or software
- A reliable AV
- A reliable patch service or tool

Windows XP onward includes an acceptable firewall and auto-updates. Slap on a decent A/V tool (and kill that stupid Norton trash that your vendor installed...) and you're good to go.

I don't condone normal users having things like Spybot and Ad-Aware, or tools that supposedly keep registries clean. There are false positives in those sorts of things and their logs need to be scrutinized by someone who knows what they're doing to ensure that benign programs aren't damaged.

I would also recommend, however, turning off caching, saved passwords, saved form fields, etc. in your browser. I have Firefox set up at home so that, basically, every time I close the browser it wipes out all saved information - browsing history, address bar history, saved form fields, passwords, cookies - all gone. Having to always log in to everything all over again every time you close your browser isn't really as terribly annoying as you might think.

People need to remember also that they're not defending state secrets on Pentagon computers here. You're going to keep out most, if not all, automated attacks just with Windows firewall and an up-to-date AV tool, and the manual attackers that are capable of breaking through your firewall and A/V probably aren't motivated enough by your collection of baby pictures to waste their time doing it.

Dylananimus · Apr 23, 2008, 03:17 PM // 15:17

Quote:

Originally Posted by Ctb

No.

Adding extra chotchkies increases the probability of exploitation by increasing the complexity of the machine. Use 1 of each of the following:

- A reliable firewall, hardware or software
- A reliable AV
- A reliable patch service or tool

Ummm, the above you mentioned was what I was talking about -_-

But I would not use Windows firewall, it's basically craptastic.

Also, like I said...the Trojan I got was designed to steal passwords. Not state secrets I know, but still...not very nice I think you'd agree

Especially if they're going to steal your GW password /

Ctb · Apr 23, 2008, 03:22 PM // 15:22

Quote:

But I would not use Windows firewall, it's basically craptastic.

It's "sufficient" for most users, which is all it needs to be. It's no very robust, and it's not very good at protecting you from internal threats trying to get out (e.g. "phone home" applications and viruses), but it's definitely sufficient for keeping out the majority of common internet threats to Windows machines, which is "good enough" for most people's machines.

Remember: on a home machine, your primary concern is saving yourself the hassle of having to rebuild and recover after an exploit. You should primarily be protecting yourself against inconvenience (read: you shouldn't be saving your damn bank info and taxes on an unencrypted drive on a home PC), so you have to balance the level of protection and scrutiny you give the machine and the likelihood that the attack you're defending against will ever happen.

Yea, someone MIGHT xmas scan you, then dig through 30 years worth of stolen driver code to find an exploit in your version of your network card's driver utilities and then launch that attack.... but probably not.

Selket · Apr 23, 2008, 03:25 PM // 15:25

I totally have maximum security, I run GW in WINE ofc.

Malice Black · Apr 23, 2008, 03:26 PM // 15:26

Hacking home PC's just doesn't happen. Most viruses/trojans gain access due to owner/user being a dumb ass.

-Sonata- · Apr 23, 2008, 03:28 PM // 15:28

Another great secure browser is Avant browser that runs on the IE platform.

It's what I run and have for years now and is a very secure alternative to IE while still running the platform. I've had zero virus issues and high risk spyware on my systems since using it.

Picking up another security tip though, especially for gaming to keep on topic with the forum; While it may seem like common sense to many of us, the truth is this happens a lot more than realized. Don't share your accounts and the information with anyone. Treat your information as though it's your most prized posession. Don't share it with your best buddy, your Brothers, your sisters, your parents, your penpal in Siberia....Just keep it to yourself at all costs. No matter how complex your passwords are, if you blabber it to a "buddy" you might as well just make your passwords the same as your login.

Again, I know it sounds obvious, but it does happen more than some realize. It's pretty scary how "friends" just exchange passwords and logins for games.

Dylananimus · Apr 23, 2008, 03:43 PM // 15:43

Quote:

Originally Posted by Malice Black

Hacking home PC's just doesn't happen. Most viruses/trojans gain access due to owner/user being a dumb ass.

Hmm, don't know if you could call me a dumbass for following a link to a game, that was installed on my computer by HP. It was amongst a whole host of games designed to eventually persuade the user to make an account with HP Games. Obviously, I trusted HP...and was burned for it.

All in all you just can't be too careful, and I think (name calling aside) we all need to remember that.

Thank you for the pretty name though

enxa · Apr 23, 2008, 04:19 PM // 16:19

Over the years ive learned which sites to be cautious with, which stuff not to install, which e-mail messages not to open. I did use to be paranoic and have antivirus and firewall software, and several antispyware apps and did regular checks, but they are no longer needed.

1. I dont have an antivitus, i dont need one. Windows Firewall is on.
2. see 1.
3. Dont have any antispyware software besides the Windows Defender that came with my Windows Vista. I do not regularly use it because its a waste of time.
4. yes
5. Like i said, im carefull about what i install.
6. Paswords are strong for stuff that is important, like e-mail and GW account.

7. No not really.
8. Besides teaching them to use Firefox, nothing much. Cant be bothered to waste my time. I learned everything i know on my own, cant see why other people cant do that.

and

Quote:

Originally Posted by Malice Black
Hacking home PC's just doesn't happen. Most viruses/trojans gain access due to owner/user being a dumb ass.

is so true.

Painbringer · Apr 23, 2008, 04:26 PM // 16:26

If norton internet security doesn't cover it I am screwed. And I usually update it daily

Inde · Apr 23, 2008, 04:29 PM // 16:29

Guess what... we still don't allow you to mention ad blockers on this site

Second off, I am honestly not trying to derail this thread but I have MORE problems with firefox then any other browser. From randomly not being able to copy and paste, it randomly shutting down on me, freezing, etc. Am I the only one who is starting to despise Firefox?

Good suggestions all of them Fril. As for this one:

Quote:

7) Do you regularly back-up your sensible data?

I had my hard drive die on me 2 months ago and it's been painful since I had not done a back up for a month before that. BACK UP YOUR DATA.

Fril Estelin · Apr 23, 2008, 04:38 PM // 16:38

Quote:

Originally Posted by Malice Black

CCleaner - Check

I forgot about that one (in this thread but not in a different security guide I wrote), and I'll add it just in case, though I think it's not a critical element, albeit a very practical little tool.

Quote:

Originally Posted by Dylananimus

Cautionary tale follows....

snip

Moral? Put everything you possibly can on your computer to keep it safe...and DO NOT forget to scan every day. Yes, every day. Especially if you use IE.

Very nice of you to mention it, there is actually a very well-know fact that any computer with the default XP install would be infected in 15 minutes max (stat from a year ago). I guess Ctb's example of uninfecetd comp was either the luckiest in the world, had no program on it or was behind a security wall

.

Quote:

Originally Posted by Ctb

And, I know there are some DNS purists who get all pissy about doing it (and they're wrong since the HOSTS file is the original "DNS"), but I really like to use those big hosts files full of known baddies on machines I don't directly maintain. That and Privoxy keeps people out of a lot of craptastic sites, and nobody is going to come and complain to you that they couldn't get into some Russian site they found in Google after they searched for... uh.. yea...

Thanks for your contributions Ctb, but I'd advise you IMHO to change the level of technicality so as to ensure maximum impact. I would like the geek language and the nitty-gritty details out of this thread, as far as humanly possible. Privoxy seems like a very useful tool!

Quote:

I don't condone normal users having things like Spybot and Ad-Aware, or tools that supposedly keep registries clean. There are false positives in those sorts of things and their logs need to be scrutinized by someone who knows what they're doing to ensure that benign programs aren't damaged.

Generally true (it's about the question 5 and trusting applications), but I can mention at least one exception: CCleaner, very nice, reliable little tool, quite conservative in its cleaning policy.

Quote:

I would also recommend, however, turning off caching, saved passwords, saved form fields, etc. in your browser. I have Firefox set up at home so that, basically, every time I close the browser it wipes out all saved information - browsing history, address bar history, saved form fields, passwords, cookies - all gone. Having to always log in to everything all over again every time you close your browser isn't really as terribly annoying as you might think.

I wouldn't say this, you're on "very high privacy settings here" and most people will not go that far. People use single-sign-on cookies for convenience and even me whoe has no problem typing would be annoyed retyping things (or more exactly clicking the password from PasswordSafe) all the time (because I close Firefox often). Using CCleaner weekly seems like a more reasonable trade-off, unless your computer is full of sensitive data or essential to your job.

Quote:

People need to remember also that they're not defending state secrets on Pentagon computers here. You're going to keep out most, if not all, automated attacks just with Windows firewall and an up-to-date AV tool, and the manual attackers that are capable of breaking through your firewall and A/V probably aren't motivated enough by your collection of baby pictures to waste their time doing it.

You're stepping over the line of deciding policies for people. You have no idea what they've got on their computer. Credit card details are no secret data in the governmental sense, but they have exactly the same level of secrecy from the point of view of a normal user. We're talking about a community of online gamers here, and this community is under fire. Notice that already someone mentioned switching off AV/FW when playing? Look at this too:
http://eu.plaync.com/eu/about/pressr...sana_security/

As I said before, there's no "common sense" out of the blue, you need to make people understand what you mean by that. I know a lot of "geeks" (in a non-insulting sense, I consider myself one) have a lot ot share, but they usually can't be understood because of their lack of pedagogy and their obtuse language.

Re Firewalls, I agree with you that the normal user should stick with XP's one, unless he: a) has things to protect; b) has already been under attack. Then an outgoing firewall is advised (I used Kerio a long time ago, but it was too resource-consuming).

Quote:

Originally Posted by Malice Black

Hacking home PC's just doesn't happen. Most viruses/trojans gain access due to owner/user being a dumb ass.

Wrong (we're going here one step deeper into the underground). All professional hackers hack "normal users'" PC for the sake of creating a botnet, a network of PCs that they control and can use to launch Denial-of-Service attacks (asking all the PCs in their botnet to connect to the same website at the same time with the goal of either slowing/crashing the server, or preventing anyone else to connect to it). At the same time, they scan all sorts of documents (including word and pdf) for Credit card and bank accounts details. I even read about some corporate data being stolen and sold to competing companies.

Quote:

Originally Posted by -Sonata-

Another great secure browser is Avant browser that runs on the IE platform.

Good advice, as IE is still needed for a few sites, even for Firefox users. And I don't personally like mono-culture, even for Linux and Firefox.

Quote:

Picking up another security tip though, especially for gaming to keep on topic with the forum; While it may seem like common sense to many of us, the truth is this happens a lot more than realized. Don't share your accounts and the information with anyone. Treat your information as though it's your most prized posession. Don't share it with your best buddy, your Brothers, your sisters, your parents, your penpal in Siberia....Just keep it to yourself at all costs. No matter how complex your passwords are, if you blabber it to a "buddy" you might as well just make your passwords the same as your login.

Indeed, it's the "social engineering" aspect of security, that I wanted to address later (but now is as good a time as ever). One example of why this is bad is the case where a hacker contacts a member of your family pretending to be a close friend and revealing a few information they gathered on you (or not) to "force" them to reveal your password.

Quote:

Again, I know it sounds obvious, but it does happen more than some realize. It's pretty scary how "friends" just exchange passwords and logins for games.

I think that in GW that also happens: a) for people using RMT, when the bad guys find excuses to ask the naive gold-buyer to reveal his password; b) people selling in-game services (powerlevel ling); c) friends of a friend.

enxa · Apr 23, 2008, 04:43 PM // 16:43

Quote:

Originally Posted by Inde

Second off, I am honestly not trying to derail this thread but I have MORE problems with firefox then any other browser. From randomly not being able to copy and paste, it randomly shutting down on me, freezing, etc. Am I the only one who is starting to despise Firefox?

I use it since version 0.8 and never had any problem of such nature. Only when i was testing nightly builds.
I also use AutoCopy and copy/pasting is still not broken for me.

rick1027 · Apr 23, 2008, 04:51 PM // 16:51

Quote:

Originally Posted by Inde

Guess what... we still don't allow you to mention ad blockers on this site

Second off, I am honestly not trying to derail this thread but I have MORE problems with firefox then any other browser. From randomly not being able to copy and paste, it randomly shutting down on me, freezing, etc. Am I the only one who is starting to despise Firefox?

i've been using firefox even before it was called firefox had so such problem

Fril Estelin · Apr 23, 2008, 04:54 PM // 16:54

Quote:

Originally Posted by Dylananimus

Hmm, don't know if you could call me a dumbass for following a link to a game, that was installed on my computer by HP. It was amongst a whole host of games designed to eventually persuade the user to make an account with HP Games. Obviously, I trusted HP...and was burned for it.

All in all you just can't be too careful, and I think (name calling aside) we all need to remember that.

Thank you for the pretty name though

You actually did the right thing, no doubt about it. You shall not be asked to change your behaviour because the problem does not lie in you. It's HP's business (I can tell you they are "trustworthy" because I'm working with them

but this does not mean that you can blindly follow whatever they show you, assess the situation before acting).

Quote:

Originally Posted by enxa

Over the years ive learned which sites to be cautious with, which stuff not to install, which e-mail messages not to open. I did use to be paranoic and have antivirus and firewall software, and several antispyware apps and did regular checks, but they are no longer needed.

snip

8. Besides teaching them to use Firefox, nothing much. Cant be bothered to waste my time. I learned everything i know on my own, cant see why other people cant do that.

I've seen this behaviour a lot of times, from people who self-taught computer.

Quote:

is so true.

No it is not, not at all, read my reply to Malice above. You can believe internet users (who are entitled to their opinion of course!) or more professional" people. There are some very stupid users (a BBC poll revealed that a majority of people would be ready to give away their password for chocolate ... how stupid is that?) but that does not mean that the problem is always "stupidity". Computer applications and developpers are not doing a good job either (see Dylananimus example above).

Quote:

Originally Posted by Painbringer

If norton internet security doesn't cover it I am screwed. And I usually update it daily

A lot of people in the security field say that Norton is far away from being good. You may be much safer with one of the free AVs: Antivir, avast!, AVG. Or invest a little bit of money into NOD32 or Kaspersky.

Quote:

Originally Posted by Inde

Guess what... we still don't allow you to mention ad blockers on this site

And I haven't!

If necessary, I'll open a new thread about financial data on running a server such as GWG, people don't realise how much it costs (and I'm not even talking about the staff like you, who work for free! well-deserved kudos to you!) and believe it's like "Linux" or "Firefox" or any other computing program, basically free.

Quote:

Second off, I am honestly not trying to derail this thread but I have MORE problems with firefox then any other browser. From randomly not being able to copy and paste, it randomly shutting down on me, freezing, etc. Am I the only one who is starting to despise Firefox?

I know you're not (just delete the post from anyone who would say otherwise

). I also had a few problems and crashes with Firefox a little while ago and I solved the issue by totally desintalling it (i.e. first desintall all plugins, then desintall via "Add or Remove software", then delete the Mozilla folders in "Program Files" and "Documents and Settings"). Hope this helps you. Are you using Linux or Windows?

Quote:

I had my hard drive die on me 2 months ago and it's been painful since I had not done a back up for a month before that. BACK UP YOUR DATA.

There are more and more free web-backup services out there, I don't know of a good one but it's a good idea. And nowadays, everyone can burn 4 to 17Go of data on a DVD in a few minutes (I do it every 2 or 3 months with the GW.dat file to avoid having to redownload everything with -install). If you start doing it, make sure you put "dates" and organise your backups. Loosing your hard disk can be even worse than having a virus, because recovery can be impossible (though I can tell you that it's always possible as I've seen the problem when a previous department where I was working in was destroyed by a huge fire and they called on a company that worked with NASA that receovered 90% of data ... unbelievable).

Fril Estelin · Apr 23, 2008, 05:01 PM // 17:01

Added as new question 7:

7) Do you regularly clean your browser and application data (such as caches, saved passwords)? (weekly)
Look at the very usefull tool CCleaner for this job.

More: does every one know the command "Clean Private Data..." in the Help menu of Firefox? You can use it every time you close Firefox by going into the Options, then Privacy and at the bottom in the "Private Data" category you'll find the "Always clear my private data when I close Firefox" (which can be tweaked with the button next to the option).

I personally deactivate the password features in the "Security" tab of the options and make sure that all the update options are checked in the "Advanced" tab.