The whole guild bank thing is, as far as I know, still bugged in that people who are invited to a guild (new or same) who were previously officers, can still have officer access, even if they aren’t an officer rank.

@Matticus: Heh, it’s been 20 years or so since I have been an authority on Macs, sorry

@Someone: The payload in an addon package could be triggered by a readme.html included in the package, though.

Of course, even if you download a ZIP file and extract the files yourself, it MAY still carry a virus of keylogger! But unless you MANUALLY run that .EXE, it can stay on your system for YEARS without it being even slightly compromised! There’s no way for the script .LUA files to launch an external program, so as long as you don’t double-click that .EXE, your system is 100% safe, even if there’s a VIRUS, TROJAN, KEYLOGGER or whatever in there!

The fact that AVG detected a virus, doesn’t mean that it was ACTIVE: it simply detected an infected file. As long as YOU don’t run that file, you’re 100% safe.

Gwaen, I’m not sure if you’re a Mac authority or not but do mac users need to be worried about keylogging at all?

What you need to be suspicious about (and generally err on the safe side as well), is of those add-ons that don’t come as a ZIP or RAR file. There are a couple exceptions, but for 99.99% of the add-ons, they don’t require an external program to do their job. So don’t trust INSTALLERS or EXEcutables. If the add-on needs those, maybe it’s time to consider whether you’re willing to take the risk: it has happened that some of those carried virus/trojans/keyloggers and the add-on sites didn’t find them at first taking a few days to find them infected and meanwhile, they had been downloaded/installed by users.

I personally only use AceUpdater, but that’s a risk I’m willing to take as I keep my system fairly secure (I’m a programmer so I know my way around computers). If in doubt, DON’T run any add-ons that require EXEcutables: as long as it’s a bunch of LUA/TOC/Graphics/Sound files, you’re fine and safe.

Also, if you HAVE been infected, and you’re not a computer expert, then DON’T try to fix it yourself: some recent trojans/keyloggers/etc are a challenge even for seasoned computer experts so you may think you removed it and are safe only to find out the truth too late. Play it safe and ask a friend: surely you know someone or someone’s friend who is a computer expert and can help you securely remove that trash.

Overall, nice guide.

BTW, and for the record: I use Firefox with No-Script and AdBlock Plus, Norton Anti-Virus and ZoneAlarm configured to block pretty much every program’s internet access and allowing only those I’m 100% sure that they NEED to, such as WoW.

I don’t run a spyware program as those tend to give a false sense of danger (maybe to make the user happy for running them!) by calling everything under the moon a problem, from cookies to whatever and most have this annoying trend of “forcing” the users to upgrade to paid versions to even have access to basic functions such as being able to select a single drive to scan rather than the whole system…

Also, being a computer expert myself, I have my set of trusty command-line or small windows utilities and even Knoppix, to use when I want to check my system.

- KT