Officers' Quarters: Raiding addons aren't optional
by Scott Andrews 
Oct 18th 2010 at 4:00PM
Raiding addons aren't optional. They're just not. I'm sure that many people will disagree with me in the comments below. However, I firmly believe this. I'll explain more below -- but first, here's the email that has prompted me to take this stand.
Scott,
Good news/bad news -- I've recently been promoted to co-guild leader. So now I'm in the position of resolving drama. We are a casual, positive training guild that lets people do whatever they want whenever they want. Our guild rules are basically no swearing; no begging; if you want to raid, get Vent. We are currently running ICC-10 and have just started a second ICC-10 and an ICC-25.
The problem is that our Group 1 off tank refuses to get any addons -- not Pally Power, not Deadly Boss Mods, none, zip, zero, zilch, nada. His computer is less than a year old and he is terrified of viruses and won't listen to reason that downloading from sites like Curse is safe -- and yet won't get an authenticator, either.
I soloed two toons to 80 before joining any guild and didn't even know addons existed until after I joined. So I can understand his point of view. However, now I don't know how I got along not knowing when to "run away little girl ... run awaaaaaay." We finally started a website and include links to the suggested general and class-specific addons. Is it common for guild rules to require certain addons for people that want to be part of the raid? He is doing a good job and hasn't caused any more wipes than any of the rest of us. We have several tanks who are frustrated with the other two groups and would love to be part of Group 1. Do we let him continue on, require him to at least get DBM, or give someone else a chance?
Any suggestions would be appreciated.
Rogue Tank
Rogue Tank: First, congrats on the promotion!
Before I get into the addon issue, let me talk about the phrase that sent alarm bells ringing in my head: "a casual, positive training guild that lets people do whatever they want." I'm sorry to burst your bubble, but you can't have it both ways like that. You can either be slack and let people do what they want, or you can set expectations and train your players to be good raiders. You can either hope for the best, or you can strive for it.
Training players requires discipline, and part of discipline is obeying rules. In order for people to obey rules, you have to have rules. You actually have a few now, and requiring Vent is a good place to start. However, I suggest adding a few more.
The reason for rules
Rules don't exist for officers to exert their petty and capricious dominance over members (or at least they shouldn't!). They exist so that your raiders can function as a team -- so that everyone knows what's expected and can adapt accordingly. By doing so, you can establish standards that make your players more comfortable with the other members of the team and the effort they're all putting into it. Increased comfort, as an added bonus, means a decrease in drama.
Raid guilds are defined by the amount of effort they require from their members. You can require more or less, but you have to require some. These standards will also make it easier to decide who deserves a spot in Group 1 and who doesn't.
None of this has to be negative in nature. On the contrary, you're enabling your raiders to succeed -- or, I should say, you're enabling your raiders who want to succeed to succeed.
When everyone is on the same page by following these standards, you'll have less conflict among your raiders. Those who can't or won't abide by those standards are not team players -- and they have no place on a team.
Your off tank is one such player. Prior to 4.0.1, for example, Pally Power helped every paladin to buff the raid efficiently and accurately. Pally Power wasn't just convenient for the player who downloaded it -- that addon made life easier for every paladin in the raid, and every paladin who didn't have it was making life harder for everyone else.
Choices send a message
A raiding addon such as Big Wigs or Deadly Boss Mods is a much bigger deal. It may be true that your off tank is able to overcome this self-imposed disability. I'm sure there are many players out there who feel like such addons are just a crutch for the weak-minded or even a form of cheating. If you feel that strongly about it, I suggest you start your own guild where no one uses such things. For the rest of us, these addons are not optional.
Every choice you make sends a message. In a guild like RT's, most people are using the addon. If you choose not to use it, the message you are sending is this: "I'm special and my needs are more important than the raid's needs." Every time you take more damage than you need to, every time you're a bit slow in reacting to an ability or you're slightly out of position because you had to think about what the boss is doing instead of getting an obvious reminder, you are risking a wipe. Therefore, you are breaking my Golden Rule of Raiding (GRR): Don't waste other people's time.
You could react perfectly to every boss ability, every time. That still doesn't make raiding without the addon the right choice. Everyone else is willing to risk a virus in order to help the team succeed. Refusing to do so is not just paranoid or elitist -- it's selfish.
And yes, requiring them is quite common in guilds that raid.
Structure leads to success
What I suggest you do, RT, is come up with a more formal set of rules for raiding in your guild. Announce your rules prior to Cataclysm and make it clear that such rules will be enforced when Cataclysm raiding begins.
Everyone has gotten used to things as they are now, so keep going as you have been in Wrath and 4.0.1. Unless your off tank is making obvious mistakes that an addon could have prevented, there's no reason to jump down his throat about it or replace him.
You can tailor the new rules to be more strict or more lax according to the type of guild you want to run, but you need more structure than you have now. When you announce these rules, explain the reasons for them so that people understand that this is a benefit to the guild as a whole, rather than an attempt to pick on people.
"Everyone does what they want" isn't a concept that works for a functioning team, because realistically what it leads to is this: A few favored and self-important people (like your off tank) get to do what they want and everyone else has to sacrifice and make adjustments for them. Such teams fall apart when those other people can't or won't make those sacrifices and adjustments.
Announcing the rules now will give your players time to adjust and opportunity for people to find a new home if they would rather leave than work together. With the success you'll have in Cataclysm by raiding in a more structured manner, you shouldn't have a problem replacing anyone who quits. Also, you'll be more likely to pick up team-first players instead of selfish players. It's a win/win.
/salute
Send Scott your guild-related questions, conundrums, ideas and suggestions at scott@wow.com. You may find your question the subject of next week's Officers' Quarters! Filed under: Officers' Quarters (Guild Leadership)
Reader Comments (Page 1 of 9)
Jeff Oct 18th 2010 4:07PM
I need to comment on something slightly beside the main point: The tank's apparent fear of addons because he thinks he'll get viruses.
That fear annoys me to no end. The internet really is not all that dangerous, but thanks to years of exaggeration and fear-mongering, everybody hears the word "Download" and immediately thinks they're at risk for a virus. It just doesn't work that way people. A simple lightweight Anti-virus solution and a spoonful of common sense is all you need to be safe. Even the Anti-virus isn't entirely necessary if you're confident you know what you're doing.
The sooner people can get past this baseless fear of downloading things, the better.
Knob Oct 18th 2010 4:21PM
There are still people who believe that if you keep the side panel of your cabinet open, your system will get virii, so it's not really surprising.
Oriflame Oct 18th 2010 4:23PM
Jeff - why do you think any of that is true?
Viruses are a real problem, especially for a player without an authenticator (or players with, say the same password on their battle.net acct and their email account).
Many modern viruses bypass even high quality antivirus programs regularly, are very difficult to get rid of (full OS reinstalls for everyone!) and pose a real threat to your account's security.
But I agree, fearing downloading will not solve the virus problem! You should also be running something like firefox with noscript so you don't get compromised by a trusted site that has itself been infected (yes, this is a common vector today).
I'm not saying the guy should fear downloads from curse at all, but I'm going to disagree strongly that virses aren't a problem.
TL;DR: The internet *is* dangerous, downloading from untrusted sources gets you viruses. Not running AV and having an authenticator gets your account stolen.
(cutaia) Oct 18th 2010 4:25PM
Wait...you mean I can close that panel? Wow.
Just to be clear, I still have to keep the ceremonial incense burning, though, right?
Felinae Oct 18th 2010 6:28PM
I generally don't have a fear of downloading things, and I have far more mods than I probably should be running. but that said, I did end up getting a virus off Curse a few years back in a window where some fine citizen hacked Curse and decided to upload a heap of trojan infected packages as mod updates to a number of popular mods.
It took a low level format of my machine to get rid of them in the end, and to this day I avoid Curse as a source of addons if I can, and would most definitely never use their tool which automatically updates your mods for you.
vinniedcleaner Oct 18th 2010 4:27PM
Got to agree with you, Jeff. Sounds like this guy clicked on one of those "You just won $1,000,000" popups and now thinks any download = viruses.
brian Oct 18th 2010 4:38PM
Well, the "open side panel leads to virii" thing is rooted in some form of truth, if only by association.
The reason we use the phrase "computer bug" is because of a tech who noticed something wrong with the computer, opened it up, and noticed a moth had died on one of the circuit connections. Thus, a computer that has problems has a "bug in it."
So, an open panel sure can lead to bugs in the physical sense, but you aren't going to get any malicious code. Unless the nanobot plague starts a few centuries early, of course. (Battle.net=skynet and all that jazz)
clundgren Oct 18th 2010 4:42PM
Ceremonial incense is totally optional these days, though never a bad idea, IMO. Sacrificing a chicken at least once a week, on the other hand, is still absolutely a requirement unless you want to risk getting computer cooties, hard drive hepatitis, or OS inflammation. And no, chicken nuggets don't count.
Tom Oct 18th 2010 4:43PM
Sadly, downloading from Curse isn't 100% safe. Due to my throwaway e-mail scheme, I know at some point their site was hacked and e-mail addresses were stolen. The e-mail, that only Curse knew, started getting phishing scams to try and steal my WoW account.
Curse also has had problems with key loggers on their site, installed via vulnerabilities in Adobe Flash. Need Proof? Look at curse.com, they wrote about it themselves. http://www.curse.com/articles/curse-en-news/526956.aspx
Anti-virus doesn't provide a 100% barrier. In fact, it provides a near 0% level of protection on new viruses/trojans spread via 0 day exploits in other products. It takes time for the vendor to see the signatures and to block them. Sometimes that time is measured in hours, other times days or weeks. If you visited curse.com in that window of vulnerability, then tough luck, you get screwed.
I don't mean this to be fear mongering, but it is the state of things today. Some people overreact and panic about viruses, and in the same way on the other side, some people assume they are completely safe due to running some program. The truth is somewhere in the middle.
MysticalOS Oct 18th 2010 4:49PM
crschmidt you are totally wrong. the threat has and always will be the users own inteligence and ignorance. You download stuff from good sites and you won't have problem. you keep your stuff up to date, you wn't have problems. Day 1 exploits even are only dangerous if you are dumb. example, script exploits on webpages. you're still gonna have to be dumb enough to play wow with your browser actually open and on one of these sites for them to key log you...or let this site install crap..but any smart person should be browsing smart anyways with a good adblocker/antifishing tool and somethig like click2flash (mac version of it not sure what windows vrsion is) that basically disables flash plugin on unknown websites until you give the go ahead, while allowing flash to auto load on sites you marked trusted. dont let flash run unchecked though cause flash is outright horrible unchecked..but again that just falls on the user. put simply, only download your mods from curse or wowinterface or from authors own SECURE site, not a site designed to look like their site with a phishing mod. but in most cases you are simply safe sticking with curse and wowI for your mods. they have strict approval processes for off site uploaded addons andmanually approve them after checks only, as for curseforge/svn they get checked by a packager script before tagged.
No one offers free mounts.
don't give your bnet email to anyone, not even other sites, if you sign up for a forum use some garbage gmail address, especially wow forums, cause then they will spam that email with phishing mails making it that much more obvious they aren't from blizzard cause blizzard wouldn't email your gmail/hotmail junk box they'd email your actual bnet email..etc. it's all on the user not to be dumb
steak Oct 19th 2010 8:40AM
while true its not as bad as most think, its also like going into a room full of sick people without any preventative measures. i see more people that think theres nothing on the internet all that bad than ones that are to scared to download anything,then again ive heard people blame curse for infecting there computers and thats where i get all my addons and have never encountered a virus there. guess theres always two sides to all arguments.
peace,the I.T. guy at a K-12 school dist.
Artificial Oct 18th 2010 4:59PM
@Tom: Yes, websites have been compromised in the past. This does not alter the fact that a zip file containing nothing but lua scripts cannot possibly be a vector for trojans, keyloggers, etc. Thus, your phrasing "downloading from Curse" is unsafe is misleading. Browsing any website without proper protection is unsafe. That aside, downloading from Curse is safe, as is manually installing any addons thus downloaded.
Spark Oct 18th 2010 5:33PM
-----
Jeff Oct 18th 2010 4:07PM
That fear annoys me to no end. The internet really is not all that dangerous, but thanks to years of exaggeration and fear-mongering, everybody hears the word "Download" and immediately thinks they're at risk for a virus. It just doesn't work that way people. A simple lightweight Anti-virus solution and a spoonful of common sense is all you need to be safe. Even the Anti-virus isn't entirely necessary if you're confident you know what you're doing.
-----
I want to both agree and disagree. The Internet is, in fact, a "dangerous" place. But many fears are entirely unfounded or based on mis-information and ignorance as much as concern for the real issues that make the Internet dangerous. Ignorance is amplified with aforementioned exaggeration and fear-mongering leading to irrational fear instead of due caution.
First and foremost - addons themselves are safe (in so far as anything can be safe). Addons are written in a scripting language called LUA and Blizzard only allows a subset of LUA in the WoW client. It's wrapping those addons in to self-extracting archives, helper-applications, and addon-updating applications that causes trouble. And then there's syndicated advertisements on addon sites. In short, GETTING an addon is the troublesome part.
Run an application or go to a web site and you're taking a risk. Up-to-date antivirus and common sense will mitigate that risk. Not executing javascript unless you absolutely need to for the function of a web site goes a long way as well. But at some point you have to trust the web site you're going to. And you have to trust any application you run.
The way you manage that risk shouldn't be any surprise. Run anti-virus software and keep the definitions up to date. Update your browser, plugins, OS, applications, etc. Run Firefox and Noscript (or functional equivalents) and be stingy about what you whitelist in Noscript. Limit the amount of risk you have to take to get things done.
As an aside - since the guild in question now has a web site, it might be worth putting copies of guild-endorsed addons as a service to the guild. People who are cautious of coming near addon sites can limit some of their exposure by going to the guild's site and running the same code all their guldmates are running.
Twill Oct 18th 2010 5:36PM
WHY is Oriflame downvoted?
The program he mentioned is AMAZING.
Plain and simple: If you USE THE INTERNET, you want to use Firefox, and run this:
https://addons.mozilla.org/en-US/firefox/addon/722/
It stops EVERYTHING from working that you don't allow, so it is impossible to get a virus, key-logger or Trojan, unless you download it on purpose. EVERYONE should know about this, so please don't downrate useful information, even if he is rude.
BTW - DBM, tell the ranged DPS to run into my gosh darned Efflorescense. Its 1k HPS. That Warlock wouldn't be dead... I mean Mage. Dirty Mages, making me think Warlocks have no skill. I WILL GET YOU MR. PANTS!
Eirik Oct 18th 2010 5:36PM
@artificial: Yes, zip files containing nothing but lua scripts cannot be a vector for trojans/keyloggers/etc. But zip files can contain other things besides lua scripts, and self-extracting archives, or archives with their own installers can mask such malware.
Thus emphasis should be on manually installing addons, not letting "smart installers" do it for you.
In addition, if you know how to install them manually, you have a better chance of spotting it if there's something fishy going on.
@mysticalOS: re "you are totally wrong. the threat has and always will be the users own inteligence and ignorance." Blaming the user for security faults in software they use is like blaming the driver of the Pinto for their car fireballing when you rear-end it. (If you want to blame them, blame them for not reading up on their Consumer Reports analogue before using their Pinto analogue.)
And I would certainly hesitate at calling people who fall for such things "dumb". Don't mistake education (in a particular field or otherwise) for intelligence.
On the other hand, perhaps I've gone to the other paranoia extreme: In addition to using many of the tools you mentioned, I've gone so far as to uninstall Flash/Shockwave on my "physical" computer, and only run flash on a browser VM image that I can revert.
Socialcockroach Oct 18th 2010 5:53PM
I know I am gonna be re-stating what has already been said, but here goes. It IS true that threats exist and they can infect your computer, however, it is also true that people get mugged and murdered from time to time. Does this mean that you never go outside for fear of personal harm?
I know you may think the example is extreme, but the idea is the same; if you are truly worried about your safety, stay in areas that tend to be *safer* (no where is 100% safe). Just use a little street/net smarts and you will be just fine. Also, most computer related threats are from social engineering any way (i.e. scams that convince people to willingly provide sensitive information... this also includes downloading tainted e-mails and such as well). If you honestly think something looks fishy or "too good to be true" it probably is. Use your better judgement. This does not mean to lock yourself away from the world... it just means use a little discretion.
The final thing I will cover is this; the vast majority of attacks are pointed at unsecured machines. Most of the time, lightweight viral/network threat protection will get you by. Think of it this way; if a group of petty thieves want to rob a neighbor hood, chances are, they are going to go for the home that is the easiest target. If your door is locked soundly, chances are they are going to try your windows. If they are shut tight, the thieves may try your car. All those doors locked? They are probably going to move on to the next house. Chances are, they will find a home that is a much easier target. The same thing applies in the computer world. In fact, many sys-admins have machines that are intentionally left as open targets to attract such attacks so that they can learn who is trying to intrude. This is known as honeypotting.
Will anti-vires stop all threats? No. Absolutely not. But it will work on the vast majority and that is the best you can hope for. So be smart, use a little protection, and your machine probably wont give birth to any unwanted viral problems.
Rakah Oct 18th 2010 6:29PM
The power of DBM is the ability to anticipate. You can time casts to land a heal exactly and the damage hits.
Sleutel Oct 18th 2010 7:14PM
@Oriflame:
"Viruses are a real problem, especially for a player without an authenticator (or players with, say the same password on their battle.net acct and their email account)."
Viruses and other malware are not a *major* problem for anyone who:
1.) Runs a halfway decent antivirus that's updated on a regular basis, especially one with heuristic algorithms (i.e., it's identifying threats based on behavior as well as matching definitions);
2.) Frequently updates their OS and software to patch any discovered vulnerabilities;
3.) Practices good password security (using unique passwords as much as possible, and ensuring that passwords are not susceptible to brute force attacks--preferably containing a combination of uppercase letters, lowercase letters, numbers, and symbols); and
4.) Uses their brain when deciding what sites to visit, what attachments to open, and what files to download.
*Can* you still be infected with malware while doing these things? Yes. Is it a *likely* risk? No.
Herman Oct 18th 2010 8:45PM
man, i have to protect my computer. i put a drop of my anti biotics inside everytime it slows down. i care for my computer so well. why, just the other day, when my cupholder broke off, i duct taped it back on. the double retractable cup holder was billy gateses gift from god.
pigeon Oct 19th 2010 5:53PM
Use ad blocker/flash blocker in firefox or chrome.
Not only do you get the eye-soothing awesomeness of NO BANNER ads XD you cant get keyloggers and whatnot from them.
Combined with a general virus scanner (Avast is good) - you can pretty much surf the net safely.