Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsWoW, Casually: Tips for keeping your account safe
by Robin Torres 
Feb 5th 2009 at 5:00PM
Amaxe suggested in the comments of a previous column that I cover addons for casuals, which I think is a great idea. But that will have to wait until next week, because I think that we should first make sure that you all practice safe internet use before sending you off to find addons. There are different security camps that always argue in the comments about what operating systems, browsers and browser addons are best for keeping your computer secure, but I'm going to keep this very simple and assume that you are not willing to run out and buy a new computer with an unfamiliar operating system. Here are some tips for making your account more secure.
Keep all of your software up to date
Browser, operating system, any other programs you use should all be the latest version because manufacturers are constantly filling security holes. No operating system or browser is safe, though some are safer than others. If you are on a PC, don't depend on Windows Update alone to keep you current, make sure that all of your non-windows software is recent, particularly if there is no auto-update function. Keep a set of bookmarks for sites to check for new versions and check them periodically. What I use: Firefox 3.x on a Windows XP PC.
Scan with an antivirus/antispyware program daily
It's not good enough to just have antivirus software running in the background. Many trojans can sneak by your regular detection but will be picked up in a scan. A lot of software will require you to change the settings to remove or quarantine the offending program, so even just scanning isn't enough. Make sure that the malware isn't just detected -- it must be deactivated. If the budget is tight, you don't have to worry about actually buying an excellent antivirus program. There are many free options available. Get one and set it up to scan when you're not using it. What I use: Clamwin Free Antivirus.
Don't buy gold or use powerleveling services
I can't stress this enough. I know that some of you rationalize doing this with the idea that you work hard and make good money and therefore don't have time to "catch up" to everyone, so you feel justified in using these services. But there is a whole lot of game on the way to max level that is fun -- it's not just about racing to the end. And these days, getting gold and leveling up is cake. But most importantly, you are putting yourself at risk when you give these people any of your information. It also keeps them in business, making account hacking profitable and more likely. Just don't do it.
Don't fall for phishing schemes
Phishing scares me because of how they prey on everyone from the naive and unsavvy to the competent but careless. The clever ones use logos from the actual sites and websites that are so close to the real ones that they can fool people who aren't really paying attention. Of course, phishing isn't just for WoW accounts -- no online account is safe, even banks. Just remember that no company is going to send you an email asking for every little detail of your life, particularly your account password. Carefully pay attention to where you are clicking and be suspicious of all unexpected emails asking for your personal information. Also, bookmark your favorite WoW addon and info sites rather than typing the names into your address or search bars. These crooks make websites that are just one letter off of the ones you are looking for and ask for info or load you up with keyloggers if you happen into their lair. If you find yourself in one of these places, immediately run a virus scan and don't login anywhere until your system is clean.
Get an Authenticator
There have been no confirmed account hackings if there is an Authenticator on the account., according to Blizzard. Even if that one store is true, one case out of so many sold is really good odds. If you live in the U.S., they are dirt cheap ($6.50) and are shipped for free. They are available in other countries, but the shipping is a bit steep. Still, it is an excellent investment if you plan to play regularly for a while. I just got one and it adds an extra step which is only a slight inconvenience. Also, if you play at internet cafes or on multiple machines, you can feel safer knowing that the extra step will keep you safe no matter how unsafe the system you are using.
Reports of accounts being hacked are on the rise. And don't think that only the hardcore raiders with the leet gear are the ones who have to worry. If these criminals get your info, even if you are a noob with a bunch of low level alts, they will scrape the copper from your pockets and use your characters for their own nefarious purposes. So take these simple precautions and next column, we'll talk about how to choose your addons.
For more information on account security, please read WoW Rookie: Account Security Basics and Account security mythbusting.
WoW, Casually is a column for those of us who are playtime-challenged. We had another good year last year and the new expansion has brought back a lot of players returning as casuals. If you have questions or tips about how to get the most out of your limited playtime, please send them to Robin.Torres AT weblogsinc DOT com for a possible future column.Filed under: Analysis / Opinion, Tips, Guides, WoW, Casually, Account Security
Reader Comments (Page 2 of 3)
ameretto Feb 9th 2009 2:52PM
partitioning your hard drive or installing wow on something other than C:/ will prevent all keyloggers from gaining access to your wow folder
Linden Feb 10th 2009 9:17AM
Depends on how the key logger works - they are very smart and lots of people will run from alternative drives (ie my home drive is actually the H: drive as I duel boot).
And even if this works against a keylogger the fact that you have one should incite auto computer-deep-clean (ie restart in safe mode and run virus scan etc).
If you ever suspect you have a virus etc (ie slow boot times odd windows unexpected behaviour between one day and the next) it can be a good idea to restart in safe mode - after the screen flashes up black text and before the windows logo and loading bar hold F8 and select 'safe mode'. Its also a good idea to every so often just check whats running on your computer (ctrl+alt+del) as a visual check that you don't have anything nasty - enter the name of anything that is running into google and you can normally find out what it is and what it should look like.
Blacksmithking Feb 5th 2009 5:43PM
I ordered an authenticator on a lark, and my accounts were compromised two days later, about a week before the authenticator arrived. Talk about timing.
The thieves changed the passwords on my accounts and picked my toons clean. My main was on a joy ride when I regained control of the account and booted the farmer. At SusanExpress pricing of $20/1,000 gold, my toons were worth about $30. That's pretty good money for about 15 minutes of work.
Blizzard restored most of my missing items within two weeks. The point here is that an authenticator will be the best $6 you've ever spent.
Blacksmithking Feb 5th 2009 5:50PM
Blizzard bought the tokens from a company called Vasco. They bought so many that the unit price dropped to about $6-7.
I find it curious that I have stronger security now on my WoW accounts that my online bank account. When I mentioned that to Vasco, they said that people in the US generally don't want to be saddled with tokens, although they've made some inroads into the financial sector.
The Elitist Jerk Feb 5th 2009 5:54PM
So basically, everything you've suggested can be boiled down to one sentence:
"Use your brain".
butler Feb 5th 2009 5:56PM
While we're debunking myths...
AN ADDON CANNOT STEAL YOUR PASSWORD.
Addons are not loaded during the login screen. They cannot capture your password. Even if it could somehow figure out your password, addons cannot communicate over the network. Nor can they write files. They would have to save your magically stolen password in the savedvariables, hope that you shut down wow cleanly and it's saved, and then have SOME OTHER malware read your wow savedvariables and upload it somewhere online.
No matter what, the only way to have your password sent somewhere is by running some executable code that you shouldn't have. In example, if you download questhelper.EXE and run it, guess what? It's an executable trojan/virus/whatever, NOT a wow addon. Wow addons are plain text lua script files.
Houston Feb 5th 2009 6:05PM
average computer user... whats an exe/veriable/malware?
I think you (way) overestimate the computer knowledge of the average person.
I just got my authenticator last week. Best peace of mind ever for only 7 and change.
mirilene Feb 5th 2009 6:04PM
Got an authenticator at blizzcon last year. I reluctantly put it on, expecting it to be a huge hassle. Within a week i got over it and its great. Many of my buddies have had account issues. I doubt i ever will now.
It's making me wonder why i dont have something like this for my bank accounts!
jurandr Feb 5th 2009 6:24PM
For anybody that bothers to read enough comments to see this, here's a pretty nice wowinsider post about account security myths.
http://www.wowinsider.com/2008/12/31/account-security-mythbusting/
Osi Feb 5th 2009 6:42PM
Thats like saying dont drive, cuz someone will hit you with their car ... bad advise all around.
Cadychan Feb 5th 2009 6:58PM
'Avast!' antivirus is another excellent free anti-virus software; I've been using it for years with not a single problem (knock on wood).
Stupid question - anyone know if I can order an Authenticator from Canada? If I just have to pay shipping, that's cool.
Etinfall Feb 5th 2009 7:09PM
exe is an execution file. Basically a file that will "run" when you open it. The file extension will more than likely be .exe.
I find it funny when people say things like, "it's simple, use your brain!" People get hacked not cause they are stupid but because they get relaxed for a moment. The hackers only need to be right once, we need to be right all of the time.
I recently switched to my PC from my Macintosh. Oh how I miss not worrying about getting hacked. I spend so much time worrying about hacks now it isn't funny. But the authenticator helps me not worry so much about WOW getting hacked.
Oh, the post saying to use No Script with Firefox is dead on. But have you noticed how many scripts WoWInsider has on their blog? At first it will say I am allowing 7 of 9 scripts and I will try to temporally allow all, and then is says 12 of 14. Temp allow all again and it comes back saying 16 of 19. It never ends!!!!
slimj091 Feb 6th 2009 4:11AM
"I recently switched to my PC from my Macintosh. Oh how I miss not worrying about getting hacked."
if you thought you were safe from getting your account hacked while playing on a mac. you are sadly mistaken. mac's are just as vulnerable as PC's to key loggers.
Etinfall Feb 6th 2009 1:13PM
I know there are keyloggers and hacks out for the mac, but they are few and far between. I have been using macs since 1987 and have never been hacked. Macs do not have a registry and it is more difficult to target. My brother and sister, who have always used PCs, are continuously having problems with malicious software on their machines.
Now saying that, I AM using a PC now, for a reason. My mac broke. I had it since 2002 and it ran fine for me till it finally stopped working. I could not afford another Mac, so I built a PC. And it runs WOW 100% better than my Mac ever did.
My point was that there are just not very many hackers out there targeting Macs compared to PCs. And getting an authenticator was one way to have a better peace of mind about hacks on your comp.
Linden Feb 10th 2009 9:11AM
You might want to utterly rethink that...
There is *NO* system that cannot be hacked and the closest to that is a linux system purely because they are reasonably diverse and rare
anecdotal evidence is here:
http://www.ditii.com/2008/03/19/which-is-the-easiest-box-to-hack-windows-vista-ubuntu-or-mac-os-x/
for those that don't want to read it a hack-con organised a game in which the first to hack the machine got to keep it the 3 machines were a macbook air (OSx -leopard), Vista (ultimate) and ubuntu - only ubuntu remained after 3 days (most likely again to being less common) the macbook went first. None of them went to OS vulnerabilities, more website script attacks and app attacks.
and just incase it isn't clear you *can't* get hacked via an addon BUT any program that is more than an addon (things like glider) or any bundle that contains an exe can potentially hack you. As can any script files so anything you download scan it (you can right click and select scan for virus).
the number one way people 'hack' is by getting people to click things without thinking.
alvl Feb 5th 2009 7:57PM
(shh. don't tell any one... my code is 404915)
Olicon Feb 5th 2009 8:00PM
You know, writing a familiar sentence in l337 seems to work really well for me. Picking a string of random things for password never worked for me--I either forget it, or if the site has a checker, it will say my password is weak and won't let me use it.
Mullen Feb 5th 2009 11:06PM
Easier way:
1) Get a Mac
2) Get Firefox
3) Get Authenticator
Enjoy rest of life!
Some one Feb 5th 2009 8:56PM
All hints are very useful, except the last one because it's just unnecessary if you follow the rest of the steps. Usually you're the only person who knows your login information. So keep it that way.
Keeping your virus/trojan software up to date isn't that hard. If you check your system frequently (daily costs far too much time), you ensure yourself that your system is clean. Only visit sites you thrust and don't download (illegal) stuff from (torrent) sites. This should be enough. At least I never had any problems with viruses or trojans and won't expect any in the future.
The Blizzard Authenticator causes problems if he gets lost or broken. And personally, I don't want to enter a key every time I log in.
Minidrake Feb 5th 2009 9:53PM
but... you already enter a code every time you log in...