How to protect your system from keyloggers [Updated]
by Dan O'Halloran 
Jun 5th 2007 at 5:00PM
It's raid night. You've farmed your mats, topped off your repair fun and loaded up on pizza and cola. But for some reason you can't log on. You're sure you typed in the right password, but no go. You IM you guildie: "Are the servers down? I can't get in." His reply sends chills down your spine: "We just saw you at the bank. Why was your toon naked?"Years of hard work gone. Someone else accessed your account and stripped your main of all his gold, bank items and tradable equipment. "But I don't give my password to anyone!" you wail. You don't have to, the keylogger program knows it anyway.
What's a keylogger? It's a small, virus-type program that can accidentally be installed on your computer. How might a keylogger be installed on your system?
- Visiting an untrustworthy web site. Some sites may have code in them that exploit your web browser and cause it to quietly install a keylogging application without your permission. (Note: even turstworthy sites can be hacked! The same hackers who are after your information can hack what you think of as trustworthy sites and add exploit code to them which could give you a keylogger.)
- Downloading addons (or other files) from an untrustworthy site. Any executable file you download could contain a keylogger or virus, so before you download a file, be sure you're downloading it from a source you trust!
This all sounds pretty scary, but don't worry -- there are ways to protect yourself from keylogging programs!
A WoW European Hunter, Eldariel, has written a great guide to defend your computer from keyloggers, spyware and viruses. Here's a run-down of what you can do to keep your computer safe and sound:
- Get a virus scanner. Grisoft provides one for free. Be sure to configure it to scan your system regularly and to check for updates. (Even the best anti-virus software won't do you any good if it doesn't know about the latest virus information -- so keep it updated!)
- Get a free anti-spyware program and run it. Spy Sweeper is a good one. As with your anti-virus software, be sure to configure it to scan your system regularly and check for updates.
- Install firewall software that prevents any unauthorized access between your computer and the Internet. Comodo is recommended. Again, its free and well regarded.
- Be sure to run the latest version of your browser software. Whether it's Internet Explorer or Firefox, keep it patched and up to date! Many exploits that hackers used have already been patched by the software vendors -- all you have to do is stay updated!
- On the subject of browsers, consider using Firefox. There's plenty of room for debate on whether it's more secure than Internet Explorer, but for now, at least, there are more viruses and exploits out there that target Internet Explorer, simply because it's more widely-used.
- Keep your OS up to date. Just like with browsers, many hackers will try to install keyloggers on your system using exploits that have long since been patched by the software vendor. If you run Windows, be sure to run Windows Update regularly -- in fact, I recommend setting it up to run automatically on a daily basis.
- Be careful downloading files! While your anti-virus and anti-spyware software should catch anything that gets installed, it's better to catch them before they get installed and have a chance to cause damage. Never download files from sites you don't trust and be wary of opening unexpected e-mail attachments.
- You can configure your WoW client to remember your user name. In this case, even if you get a keylogger installed, they'll find your password, but won't know your account name. The password is useless without the account name, and if you don't type the account name, a keylogger won't see it.
- And, of course, never share your password. You may just give it to one person, but who knows where it could go from there. (For all you know they've got it on a post-it note on their monitor where anyone can see it.)
Anybody have other hints or tips they can provide to keep their system safe?
Update: Revised the definition of "keylogger" and added a number of tips on how to keep yourself safe from them.
Filed under: How-tos, Odds and ends, Account Security
Reader Comments (Page 1 of 2)
Rock Jun 5th 2007 5:08PM
You could just buy a Mac, and play WOW in OS X. No keyloggers, no viruses... what could be better ;)
RJ Jun 5th 2007 5:09PM
NoScript http://noscript.net/
It prevents JavaScript from working unless you allow it to work, that combined with AdAware, Spybot Search and Destroy and AntiVir has kept my account nice and safe. That and not sharing my password.
gb Jun 5th 2007 5:11PM
1. Use Firefox as your web browser
Keyloggers come from a variety of sources, not just pictures on a website. Internet Explorer is the first way these things get on your system.
Use Firefox
CB Jun 5th 2007 5:20PM
Or you could stop using the Internet, don't have to worry about any viruses or keyloggers.
Oh wait a sec...
Freehugz Jun 5th 2007 5:21PM
Use Firefox, Keep your Windows updated
FireStar Jun 5th 2007 5:48PM
Use a seperate computer from playing and doing everything else. My gaming computer is dedicated to only playing WoW or whatever game I want.
Corrodias Jun 5th 2007 5:56PM
Start World of Warcraft through the launcher, which does a preliminary scan for hacks and keyloggers. Or so, at least, says Blizzard.
Leshrac Jun 6th 2007 2:15PM
LOL - get a Mac, yeah, after all - 8,000 users can't be wrong. The reason why virus writers never write to Mac is because the install base is so small. And after you get done playing some Blizzard games why you can play Quake II! Or Dungeon Keeper. My wife had a Mac, it was a wonderful machine, and OS X was beautiful - but lets face it, as a gaming platform I think I'd rather have a Nintendo 64 for gaming.
aggregate Jun 5th 2007 6:19PM
@8
If you have an Intel Mac and Parallels, it won't matter much very soon. With a forthcoming version, you can run 3D apps in a Windows "window" right on top of OS X. Whee!!
Corrodias Jun 5th 2007 6:24PM
Hang on, i don't see any free version of anything on Grisoft's (AVG's) web site. By free i mean -legally- free, mind you.
Dracula Jones Jun 5th 2007 6:25PM
@9: You mean for only double or triple the cost of a Windows PC, I can run Windows apps on top of an OS that had its support team pulled to work on the iPhone?! That sounds too good to be true!!
pyro Jun 5th 2007 6:25PM
keyloggers don't come from pictures...
and #1, there are a bunch of viruses and keyloggers for macs, but not many people bother with them when they could infect more computers with a windows virus.
Daemon Jun 5th 2007 6:26PM
Actually, someone being logged on your account will not prevent you from logging in. It will just disconnect the previous person logged on. Of course, there is nothing stopping whoever has your username and password to log back in and disconnect you from your account. Of course, they've probably changed your password by now so your best option is to head over to the website to retrieve/reset your password and start a GM ticket to recover your lost items.
Keep in mind that there is a limited number of recoveries that they can do for you (exact number is kept secret and I think it's also on a case by case basis) so if all you lost was some blues and greens, you probably shouldn't even bother with that.
Odas Jun 5th 2007 6:39PM
@#11
Go configure a Mac Pro at apple.com. Then go configure a matching (spec for spec) PC at dell.com. You'll realize that Macs are no more expensive, at all, then PC's. They just only offer higher-end hardware. They don't use any of the basic stuff you can buy to build a cheap PC.
That having been said - if all you want to do is play games, build a chap PC. If you want to do everything else better, buy a Mac ;)
Oh...and keyloggers suck and stuff.
Coherent Jun 5th 2007 6:39PM
If you're really worried about keyloggers, keep a text file on your desktop with your password in it. When you want to log in to WoW, open the text file and copy the password to the clipboard (CTRL-c) and then click the password field in WoW and press paste (CTRL-v). There, you've logged in to WoW without ever typing your password, so keyloggers can't see it.
If you're worried about your password sitting in a ordinary text file on your desktop, use Locknote ( http://sourceforge.net/projects/locknote ) to password protect the text document containing the password. The keyloggers will see you typing in the locknote password, but it won't do any good, because that won't be the password that you use to log in to WoW. You're safe!
Wolfkin Jun 5th 2007 6:45PM
@10
Free (and Legal!) AVG can be found here:
http://free.grisoft.com/
AVG is about 100 better and 100 times less intrusive than any Norton/Symantec product.
Paul Jun 5th 2007 6:45PM
Use Firefox,
http://www.mozilla.com/en-US/firefox/
nd install the firefox plugin noscript,
https://addons.mozilla.org/en-US/firefox/addon/722
as the guy above mentioned. It's a hassle the first week, because by default it blocks everything, so each website you visit (that you trust) has to be unblocked the first time you visit it after the install. After that though, it's not a hassle at all.
Another free virus program is Avast Home Edition:
http://www.download.com/Avast-Home-Edition/3000-2239_4-10680976.html?tag=pop.software
and of course there's the free spyware program Ad-aware at the CNET's download.com as well
Armath Jun 5th 2007 7:36PM
#15: A better solution is to use Password Safe, from http://passwordsafe.sourceforge.net/. It's a great utility for keeping all your passwords in one encrypted place, especially for rarely-used websites.
Btman Jun 5th 2007 7:38PM
Ok.. Everyone needs a good AV to start with... These ones are NOT free, but are recommended
1. Kaspersky www.kaspersky.com
2. Anti-Vir www.avira.com
These ones are free
1. AOL Active Virus Shield www.activevirusshield.com/antivirus/freeav/index.adp?(Uses Kaspersky's engine meaning it has the same detection rate which is fabulous but lacks features of Kaspersky)
2. Anti-Vir Classic www.free-av.com (Has left out features from the paid version)
3. Avast www.avast.com
4. AVG.. Though seriously, it misses alot of malware.
CHOOSE ONE ANTI-VIRUS, ONLY ONE.
If you want to see if you are infected I recommend trying an online scan here:
http://usa.kaspersky.com/products_services/free-virus-scanner.php
Ok... On to Anti-Spywares/Anti-Malwares...(Everyone will recommend Ad-aware and spybot... But they don't detect many SERIOUS threats like trojans, dialers, rootkits exetera... Mainly just tracking cookies which are near harmless now-a-days)
(These ones are in no order)
1. AVG Anti-Spyware www.ewido.net (Free version has no realtime protection, but still can update and scan)
2. A-Squared Free www.emsisoft.com (Free has no realtime protection, but can still update and scan)
3. SUPER Anti-Spyware www.superantispyware.com (Free has no realtime protection, but can still update and scan)
4. Comodo BOClean www.comodo.com/boclean/boclean.html (Has no scanner, is a realtime malware blocker and updates all for free... Make sure you choose one of #'s 1-3 for a scanner if you choose this one)
5. Spyware Terminator www.spywareterminator.com (Has realtime protection and Hacker Intrusion Prevention System (HIPS) all for free. Though its detection rate is a little low.. So I recommend choosing one of the #'s 1-3 for scanning if you choose this one)
You can download all 5 if you want... But only 2 will be necessary.
And yes Comodo Firewall in the original post is awesome.
btman Jun 5th 2007 7:40PM
Oh and I didn't put SpywareSweeper in the Anti-Spyware list for a reason.... It's the Norton of Anti-Spywares...
Both are system hogs and may slow your computer and WoW down.