Breakfast Topic: What are you doing to protect your account?
by Kelly Aarons 
Jan 16th 2010 at 8:00AM
Now, any moderately-savvy internet user would just scoff, and say that they take all necessary precautions -- what's there to worry about? Fair enough, but what about those who, well, don't?
Blizzard has said time and time again about safe-guarding your account information, yet people still jump onto those fake Cataclysm betas and fancy new mount prizes. Make something idiot-proof, and they'll build a better idiot, eh?
That being said, what are you doing to protect your prized polygons? Do you have a good anti-virus installed? A malware scanner? If you don't have an authenticator, how come? It's only about the price of a grande Starbucks drink, and will provide a longer-lasting effect of happiness and joy to your life.
Discuss amongst yourselves!
Filed under: Breakfast Topics, Account Security
Reader Comments (Page 1 of 10)
sikon Jan 16th 2010 8:05AM
Yes, I use an antivirus. It's called Ubuntu.
Unexpected EOF Jan 16th 2010 8:12AM
Linux has a virtually non-existent security model. The only reason attacks are so rare is because nobody uses it.
Knob Jan 16th 2010 8:53AM
Hilarious that someone thinks they're safe because they use Linux without understanding why there are less number of attacks on that platform. And no, it's not because it's more secure.
As for myself, a hardware router, standard Windows 7 firewall, NOD32 antivirus, Firefox+Noscript and an Authenticator to boot.
dragondestiny69 Jan 16th 2010 9:14AM
Are you serious? Windows 7 default firewall? It's complete crap grab something with real protection that is constantly updated like Comodo.
Unexpected EOF Jan 16th 2010 9:16AM
It really isn't crap. The only thing it doesn't do is offer a comprehensive white/blacklist system.
Knob Jan 16th 2010 9:34AM
@dragon: Care to tell me why it's crap? Or do you just assume that because it's there by default? Like I said, I use a hardware router to blacklist anything that I don't want and I don't really need a software firewall. I use it just because it's there.
I do find it interesting that you suggest Comodo though, considering that particular software firewall causes compatibility issues with quite a few apps out there.
j.greg.k Jan 16th 2010 10:22AM
Linux has a much better security model than windows; even windows 7 which has a lame attempt at SELinux ("is it ok to compromise your account now? (y/n/c")
Linux also understands the concept of privileged separation, has well designed firewall (iptables but granted most users will not be able to do alot with iptables as opposed to say ZoneAlarm unless they are very experienced in VI and netfilter).
You can run apps in sandboxes (any sandbox can be jailbroken but still...), install apps without needing root (unless the app wants to bind to a priveledged port), restrict commands using sudo on a per user basis etc etc.
Now with all of that said, a user not familiar with Linux that grabs Ubuntu or CentOS or RedHat that thinks they are magically protected from all the internet ills is sadly mistaken. Linux needs patches just like windows and users unfamiliar with securing a system and defensive internet use can damage/rootkit a linux system just like a windows one.
Lifefire Jan 16th 2010 11:21AM
@Unexpected EOF
Please, enlighten us to how Linux has a "Non-exsistant" security model.
I have a Bachelor's of Science in Computer Networking and systems administration with a specialization in Unix systems, and network security. I am currently employed by the government at a research lab. I am saying this all so that when I say BS in response to your statement, you understand my background.
Linux as a whole, has no set in stone security policies. What you get depends mainly on the distribution. Standard configuration for Fedora 12 (what I'm running) comes set up with iptables firewall and SELinux on by default. Also you are unable to log in as root (for you Windows people this is Administrator). Thus it requires that you type in your root password any time you install anything (ie a keylogger). SElinux is mainly there to make sure nothing on the system that is of value should change (it can be a real pain about it). As I understand it, Ubuntu follows the same standard security setup.
What do I myself use to secure my home system?
I am running Fedora 12 as I said on my main system running WoW under crossover. SELinux enabled, and with iptables firewall. I also have a separate security server running openbsd. This server runs snort, and AIDE. Snort is used for detecting break in attempts on the network that pose a threat. AIDE is a program that scans a system to basically make sure that nothing has changed. Note you need to configure both Snort and AIDE yourself to exactly what you want. Finally I run a old beat up Sonicwall as my primary firewall to the outside.
This is not really in place to protect my WoW account. It's more of a side hobby.
Wither Jan 16th 2010 12:32PM
There are additional reasons why Linux is more secure, apart from it's security model.
1) As it is not a dominant platform for gaming, it is very rarely targeted by malware. Malware evolves, each new trojan / keylogger is usually based on a previous variant. The malware on Windows is quite far down the "evolutionary" chain, so it's simply not worth the investment of time to try to compromise Linux. There are tools for finding security holes in Linux systems, but the information in how to use them is still the domain of experts, whereas tools for finding holes in Windows is plastered all over the internet.
2) A large part of many unix-systems is based on an open source model. It is generally regarded that open-source software is more secure.
That said, Windows users are in the vast majority. They have to pay for the operating system and usually for most of the security tools on it (firewall, malware detector, anti-virus detector, etc). It's only natural that Windows users will justify this cost to themselves by trying to argue that it pays for the most secure system. It doesn't. When you buy Windows, you get a lot of advantages, but having the most secure system is sadly not one of them.
Wither Jan 16th 2010 12:40PM
Also... most people accept that Windows is a far more user-friendly operating system than Linux. As such Linux is adopted by those who are usually more tech-savvy (not always, but often). If the user-base is more clued up, it means they are less prone to phishing and other social engineering scams that exploit inexperience.
Neirin Jan 16th 2010 2:07PM
Not to be mean or anything, but all the security in the world won't do you any good if you give someone your account info and don't have an authenticator. Even a windows machine w/o any security updates or antivirus with the firewall off and running IE as the primary browser is more secure than an idiot.
Mr. Tastix Jan 16th 2010 2:34PM
Unfortunately with Linux is that because it generally isn't designed with gaming in mind (this doesn't mean you can't play games on it, it just means you have to be patient and take the necessary means to find out how to) many gamers won't bother with it (I experiment with Linux out of pure interest, not really to do anything in particular).
Linux has protection against hackers and viruses just like the Mac or Windows does. Just because you don't know how to get those tools doesn't mean they don't exist, some distros even come preinstalled with those tools on them (I've used Ubuntu which has it's own security on it).
Personally, I find it foolish for people not to target Linux users if they're going to hack. If you're going to say Linux has no security/protection then at least grow the balls to prove it.
toddcore Jan 16th 2010 4:09PM
The only thing any of these overly pedantic "look at me!" posts are saying is that any operating system is only as secure as the user makes it, and even then the weakest link will always be the human being using it. Windows right out of the box: Not very secure. Linux right out of the box: Not very secure.
Arguing over operating systems like sports teams just because you've picked a favorite is counterproductive and doesn't help anyone, though it does obviously provide a good opportunity to brag about your amazing bachelor's degree as if it were going to win you the internets.
Chiroptera Jan 16th 2010 5:49PM
Linux does not protect you from social engineering and standard password phish attempts - feeling overly secure in your tower of LINUX may make you more succeptable to basic ways of getting your warcraft account details without compromising your computer
DarkWalker Jan 17th 2010 11:26AM
My own take:
- Ubuntu (with an up-to-date antivirus and regular virus scans, plus knowledge on system administration and good practices).
- Unique (as in not used anywhere else) password for my Battle.net account, fairly long and using lower case and upper case letters and numbers, in an almost random way. I also don't have it jotted down anywhere (still need to test if I can use the space bar and special characters such as ć, ß, ¼½¾, etc).
- Only logging into the game, it's official forums or my eMail accounts from my own computer. If I absolutely must log from a different computer I change the password as soon as I get back to my computer.
- Firefox with NoScript, FlashBlock, AddBlock, and safe browsing habits.
- Different (and slightly hardened) Wine directories for any windows-based programs I run (plus never reusing Wine directories). This mostly makes my system immune to any trojans that are not linux-aware, even if I do run them.
- Casual research into social engineering methods, cracking, etc, so as to know (and recognize) potential attack vectors.
- On top of that, a mobile authenticator (with a cloned backup in case I lose my phone).
Things I should be doing, but didn't gather enough patience to tackle:
- Having a unique email (as in not used for anything else) for my Battle.net account. My current arrangement of using a single email for trusted site accounts seems good enough for now, but having unique emails would be better.
- Regular password changing. A weekly Friday morning password change would twart most crackers that like to sit upon account details until the perfect time, at least if your PC and eMail are not compromised.
SOber Jan 17th 2010 3:37PM
@DarkWalker
Nice that you use upper and lower case password. But its useless. The Blizzard password is not case sensitive. So Password, PASSWORD and password are all the same to the Blizz auth system. Try it some time and you'll probably want to change your password again. Its perhaps the dumbest security system around. No wonder folks get hacked all the time.
Gamer am I Jan 16th 2010 8:05AM
I have an authenticator, and I am proud to say it. I have invested too much time and effort into my account to do anything less to protect it.
John Jan 16th 2010 10:16AM
Authenticator = Core Hound Pup
do we need to say anything else?
(yes I know export restrictions, shipping costs, etc. are a hindrance to many people - I feel for you)
Vandersveldt Jan 16th 2010 11:31AM
Mark me down if you will, I believe I have a valid point when I say, where the heck is my free authenticator? You really can't afford to lose half the profit off of just one month that I pay you to ship these out?
cendrekai Jan 16th 2010 2:47PM
My authenticator is being shipped to me as we speak :D