How to Improve your Account Security

As you will have noticed, there’s a widespread account hacking activity going on at the moment, and many people, me included, aren’t exactly happy about the customer service options currently provided by Blizzard.

However, to be perfectly clear about one thing, keeping your PC secure isn’t anybody but your own business. And as this story from BRK’s guild shows, when you’re an officer and have guild bank access, you are a particularly fat goose to pluck and just changing the account password without cleaning up your computer first leaves the door wide open for an account thief to get back and start over.

We aren’t computer security experts, though, and some of the things may appear daunting and complex. Further, there’s little to no way to stop a really determined cracker to get in. There are however a couple of measures to take to ensure the casual fishing expeditions will come out empty, and they are tied both to tools and behaviour.

So without further ado, here are a couple of recommendations to tighten up your (windows-based, sorry Mac and Linux users) PC:

1. Get a decent personal Firewall. The default Microsoft one is pretty much worthless. If you don’t know where to start, I recommend either ZoneAlarm or Comodo Personal Firewall, which are both free for private use. Or just check out various tests and reviews and pick what gets the best mix of useability and security. If you’re reading independent test reviews, make sure to also check out feedback they got by various firewall producers, and you’ll probably do best to stay clear off these where the manufacturer blames the testing methodology.

2. Get an antivirus software. This should actually be as natural as protecting yourself during a certain type of real world encounters, but if you actually have no antivirus installed, go and get the free AVG antivirus from Grisoft. Install it, update it, then run a full scan

3. If you haven’t done so already, switch away from Internet Explorer, and use for instance Firefox. If you pick that one, also get the NoScript addon.

4. Get a spybot / adware cleaner, and run that one too. I’m personally partial to Ad-Aware but there’s plenty of decent ones out there too.

You should have a pretty much clean slate at this stage. Regarding the firewall, make sure that you set it so that it asks you before authorizing an application to reach the internet, and be wise about what you let go out. If you’re not sharing a printer between several computers, for instance, the Microsoft Spooler doesn’t need internet access. The default windows Explorer (not the browser)? Why does this even want to access the internet? Use caution. If something with a strange name requests access to the net, google for it before deciding.

5. Now we switch to user behaviour. Keyloggers are the most widespread tool used to gain control of your account. Now if you don’t type in your username when you log onto WoW, the only thing a hacker can get is your password. So remember to check the option to have the logon screen remember your username from now on.

6. If you are more than one player to access WoW on the same box, the best option to keep your accounts separate is to first have each of you using a separate windows user account, and second, to actually create multiple WoW installation folders. Yes, it’s a disk space hog, but that’s the safest way to ensure that if the worst came to worst, only one account is actually compromised

7. The simplest way a cracker will try to get you to download a keylogger or other malware is through AddOns. Here you should be extremely cautious in what you get from where.  Always run a virus check on any package you downloaded before you install it. Don’t hesitate to scan the content of an addon folder either – normally the legit files will be limited to .lua, .toc, .xml and some graphical files. Anything else may be fishy. Learn to know who maintains your most popular addons, read the comments from other users off the addon download site, and fundamentally distrust a new major version popping up out of the blue from someone who you never heard of. Read the patch and release notes, if you’ve been using Titan Panel 2.x for a year and suddenly Titan 3 gets released by someone other than the previous maintainer, there should be enough changes in there that there’s actually a difference. If you want to go further, open the new package and compare the different .lua files to the previous one, if basically only the .toc got changed but the main addonname.lua file is the same size, something might be fishy.

In general, err on the side of paranoia.

Now if you have been hacked, once your account has been locked, before you do anything else, do the following:

  • Get a Linux Live CD image and burn it to a CD. Yes, I know, you’re on windows and that’s complicated stuff. Just do it, for instance Knoppix does the trick
  • Boot from the Live CD, locate the browser (it’s called Konqueror on Knoppix for instance)
  • Do all your WoW account administration from here, in particular the password changes
  • Once you reboot, redo a full virus and spyware scan. If nothing has been found at all, consider your PC still compromised. Reinstalling the OS may be painful but your fastest option
  • Only when you are positive that your PC is clean can you return to the game.

Yes, it’s complicated, and it’s not funny, but get used to it or get used to be hacked (and distrusted with guild bank access). That’s, unfortunately, pretty much the price for safety.

Other basic security rules: make sure you get an unique and reasonably complicated password for WoW – if you use the same username and password than for everything else, your computer but potentially also your blog, your guild web site and your forums may get compromised. Did I say err on the side of paranoia?

For Guild Masters, make sure there’s a procedure in place allowing to remove guild bank access from a hacked member, even when you’re not around. If it’s a top officer nobody but you can demote in your absence, make it clear that you only promote people mature enough to /gquit once they return ingame, to get reinvited at a lower rank without bank access for a “security period” of two to four weeks.

This entry was posted in tools and tagged , , . Bookmark the permalink.

9 Responses to How to Improve your Account Security

  1. KT (3 comments) says:

    I disagree with point 5. If they have a keylogger installed, then they can have _anything_ installed and it’s rather trivial to pull your account name out of the WoW\WTF folder; not only is your account name used as a directory, if you’re using “Remember account name”, the account name is stored in the config.wtf file.

    - KT

  2. Someone (31 comments) says:

    Pretty nice guide with one main exception: Add-ons, in and of themselves, are 100% safe. Period. I’m making this comment because you seem to imply that add-ons are can be dangerous when in fact they CAN’T.

    What you need to be suspicious about (and generally err on the safe side as well), is of those add-ons that don’t come as a ZIP or RAR file. There are a couple exceptions, but for 99.99% of the add-ons, they don’t require an external program to do their job. So don’t trust INSTALLERS or EXEcutables. If the add-on needs those, maybe it’s time to consider whether you’re willing to take the risk: it has happened that some of those carried virus/trojans/keyloggers and the add-on sites didn’t find them at first taking a few days to find them infected and meanwhile, they had been downloaded/installed by users.

    I personally only use AceUpdater, but that’s a risk I’m willing to take as I keep my system fairly secure (I’m a programmer so I know my way around computers). If in doubt, DON’T run any add-ons that require EXEcutables: as long as it’s a bunch of LUA/TOC/Graphics/Sound files, you’re fine and safe.

    Also, if you HAVE been infected, and you’re not a computer expert, then DON’T try to fix it yourself: some recent trojans/keyloggers/etc are a challenge even for seasoned computer experts so you may think you removed it and are safe only to find out the truth too late. Play it safe and ask a friend: surely you know someone or someone’s friend who is a computer expert and can help you securely remove that trash.

    Overall, nice guide.

    BTW, and for the record: I use Firefox with No-Script and AdBlock Plus, Norton Anti-Virus and ZoneAlarm configured to block pretty much every program’s internet access and allowing only those I’m 100% sure that they NEED to, such as WoW.

    I don’t run a spyware program as those tend to give a false sense of danger (maybe to make the user happy for running them!) by calling everything under the moon a problem, from cookies to whatever and most have this annoying trend of “forcing” the users to upgrade to paid versions to even have access to basic functions such as being able to select a single drive to scan rather than the whole system…

    Also, being a computer expert myself, I have my set of trusty command-line or small windows utilities and even Knoppix, to use when I want to check my system.

  3. Matticus (15 comments) says:

    I don’t know about that, Someone. I got burned by an XPerl installation several months ago (The results of an AVG scan showed a trojan in that folder).

    Gwaen, I’m not sure if you’re a Mac authority or not but do mac users need to be worried about keylogging at all?

  4. Someone (31 comments) says:

    @Matticus: it depends on whether you downloaded a ZIP file and extracted the contents yourself or downloaded some self-extracting (aka: EXEcutable) file and ran that. If it’s a ZIP file and you extracted the files yourself without running any .EXE, then you’re perfectly fine.

    Of course, even if you download a ZIP file and extract the files yourself, it MAY still carry a virus of keylogger! But unless you MANUALLY run that .EXE, it can stay on your system for YEARS without it being even slightly compromised! There’s no way for the script .LUA files to launch an external program, so as long as you don’t double-click that .EXE, your system is 100% safe, even if there’s a VIRUS, TROJAN, KEYLOGGER or whatever in there!

    The fact that AVG detected a virus, doesn’t mean that it was ACTIVE: it simply detected an infected file. As long as YOU don’t run that file, you’re 100% safe.

  5. Gwaendar (217 comments) says:

    @KT – point taken. However we’re no longer talking about a “simple” keylogger, and anything more complex has also a bigger footprint and may raise the chances to get intercepted by an AV’s real time scanner component.

    @Matticus: Heh, it’s been 20 years or so since I have been an authority on Macs, sorry :)

    @Someone: The payload in an addon package could be triggered by a readme.html included in the package, though.

  6. Flaime (4 comments) says:

    Two thoughts:
    Ad Aware isn’t perfect (nor do they claim to be), so I use both AdAware and Spybot Search and Destroy (do a search for Spybot S&D – the link that takes you to safernetworking.net or something like that is the one you want).

    The whole guild bank thing is, as far as I know, still bugged in that people who are invited to a guild (new or same) who were previously officers, can still have officer access, even if they aren’t an officer rank.

  7. Pingback: The Lords of Nordrassil » Blog Archive » WoW Account Security

  8. Pingback: Safely Change your Passwords with a Linux Live CD | Altitis

  9. Pingback: Hacking … - Le Repaire de Sellia