Account Security

Account security is becoming more and more of a common problem in the modern world, unfortunately. The worst part is that many still don’t understand the basic concept of securing their personal computers and accounts they use everyday (from gaming to forums, and even online banking details).

To anyone who has been using a computer or the internet for a long period of time then such practices don’t seem so difficult; for me, online and offline security consists mostly of common sense, but perhaps this is because I have been an internet and computer user for over half of my existence. Read more about account security after the break.

World of Warcraft accounts are compromised everyday, but I feel the problem is escalating. If you take a look at the official Technical Support forums you should notice the massive amounts of topics by people wanting an unauthorized Authenticator removed from their accounts. The authenticators are generally removed quite promptly but it’s still a problem when the first page of topics consists mostly of these requests.

So why my sudden concern with security? Well, for one, it’s not sudden. I’ve always had some passive concern over keeping my personal information private: usernames, passwords, addresses, phone numbers, credit cards, and more. All these things I want private, I don’t want somebody having unauthorized access to my account, and for good reason! My concerns have grown somewhat over the past few days when I, unexpectedly, became the victim of such an attack. My account was compromised, an authenticator was added and the large majority of my items were deleted or sold just so the attacker could make a quick buck.

But this isn’t me crying about having my account compromised, I won’t go into the details suffice to say I still have no idea how it happened (but do note that just because virus/spyware scans show nothing, doesn’t mean there is actually nothing on your PC), this is me warning you about how easy it is to become the victim, no matter how much you scoff at the idea, no matter how secure you thinkcomprehensive guide on Account Security, if you’re concerned about such a thing (and you should be) then it would be in your best interests to read it. I shall outline the points mentioned in the Security Checklist section of the above guide and give my opinions on the matter.

• “Add a Battle.net Authenticator to your account. Seriously.”

This is important. It’s a cheap (unless you live outside the States — the shipping is pretty killer) and easy method of adding an extra layer of security to your account. If you have a iPhone, iPod Touch, or an Android then it’s even cheaper and easier to use.

Do note, however, that Authenticators are not 100% foolproof and they never will be. Every piece of software and hardware has methods to exploit them, if they do not have any currently then methods will be made to “fix” that. The Authenticator, for example, can be subjected to man-in-the-middle attacks, having up-to-date computer security can prevent such attacks however.

• “Update your browser to the latest version.”

Most browsers will update automatically, as will most computer systems, but some do not and these are the ones you want to be aware of.

Microsoft’s Internet Explorer will update automatically with Windows Update, I am not sure how it updates on the Mac however. Mozilla’s Firefox and Google’s Chrome also update automatically, within the browser themselves.

For better security, don’t use Internet Explorer at all. Whilst it has improved over the years it is still the most common browser for attacks, simply because the majority of people still use it. I personally recommend Mozilla Firefox or Google Chrome. Both of these also have addons/extensions to improve the browsers functionality, but these are third-party and so they can also be infected with malware.

Personally, I recommend using Mozilla Firefox and then getting the AdBlock Plus and NoScript addons for it. AdBlock blocks adverts, it isn’t as important as NoScript but some adverts have been known to be rather malicious in nature. NoScript will block Flash, JavaScript and Java functionality in Firefox and you will have to enable them on a case-by-case basis, it’s rather worth it in the end however.

• “Activate your browser’s phishing filter.”

The Battle.net Security Guide has a topic on how to activate your browsers phishing functionality. Most of these settings should be enabled by default but it’s always a wise idea to double check, just in case something has disabled them.

• “Make sure your registered email address is secure and up-to-date.”

Before I continue, I’d like to note the link to the guide for this point is broken on Blizzard’s website. It should point to this link. Hopefully they will remedy this problem soon.

I don’t have much to say on this one except that it may be a smart idea to separate your personal email address from everything else. I, for example, have an entirely separate email address attached to my Battle.net account, it’s in no way linked or related with my normal everyday email account.

• “Make sure your computer operating system is up-to-date.”

This is another subject I can only talk from a Windows perspective, as I do not use a Mac and the way Linux handles such things varies from distro to distro.

The link the guide provides is helpful, depending on your operating system then the entire setup should be automatic anyway. For Windows XP Service Pack 2 or higher it is automated. For Windows Vista and Windows 7 it’s automatic and I can explain on how to improve the service itself.

Windows has a history of making automatic schedules as horrible as possible. Their assumption is that the average PC user has their computer running 24/7 and will be asleep between 1 and 3 AM, naturally, this isn’t always the case. Changing it is rather easy, this is from a Windows 7 perspective but the whole activity is fairly similar from Vista to 7.

Click the Start icon, type “Windows Update” in the search field, click on the Windows Update icon. A new window should open with the Windows Update screen, somewhere on that screen (generally on a sidebar) you should find the text “Change settings” or something similar, click this link. Here you’ll see some settings, most of these can be left untouched but there are a few you may want to consider altering.

The first that should be changed is the time in which your PC will scan for updates. This should be ideally everyday and at a time which your PC will be turned on (default is every day at 3 AM). I stick mine at roughly 4 PM. The second option is to make the updates automatic. The default setting will install updates automatically and this is fine, some people may prefer to pick and choose what updates they want downloaded or install however.

• “Make sure your browser plug-ins and other commonly used applications are up-to-date.”

This isn’t automatic and is incredibly important, especially for Flash and Java plug-ins which have vulnerabilities exploited frequently.

Adobe Flash can be updated here, Java can be updated here. Java does do regular scans for updates and will notify you when there is one, Flash doesn’t do the same (at least not for me).

• “Install anti-virus software.”

Blizzard’s Security Software guide is rather useful in telling you what anti-virus, anti-spyware and firewalls there are out there. Do note their is a difference between anti-virus scanners and anti-spyware scanners, some vendors have scanners that protect against both types of malware.

For those going with free software I highly recommend using Ashampoo’s FireWall or ZoneAlarm, as well as Avast’s Anti-Virus Scanner and Spybot – Search and Destroy anti-spyware scanner.

For those who can afford it, I use Kaspersky’s Internet Security, it may cost but it’s extremely worth it.

Also note that you should not use more than one firewall, anti-virus or anti-spyware scanner, as using multiple scanners can cause conflicts with each other or slow your computer to a crawl.

• “Learn to identify common types of account theft.”

A lot of these are common sense but read the guide anyway, as it’s incredibly in-depth: Don’t share your account information, be weary of phishing emails or even in-game versions of them (remember that Blizzard will never ask for your password, and if there is a promotion about a “free pet” or mount then they would post this on their official website.

Besides from being against the rules anyway, gold selling and power leveling services are prime suspects for people wanting to steal your accounts. Avoid them. As for the addons? Most are safe, there are only a few which are not. Curse and WoW Interface are trusted websites, but that doesn’t mean things can’t get by their radar. I would advise against using Curse’s client, or any other client that installs/updates addons for you, as these can be infected with malware. And be aware that most addons do not need an executable file (.exe) to run, be cautious if one uses one.

That’s it from me, I’ll wrap this post up with a link to an informative forum sticky. This topic, posted by Talrenya of Shattered Hand is a stickied topic on the official Technical Support forums and has some good tips on keeping your account and computer secure. Read it.

Tags: account security, battle.net, Blizzard, computer security, hack, world of warcraft, wow
Posted in Analysis / Opinion |
Posted on May 31st, 2010 by Xanwryn

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.