Defend yourself against Key-Loggers
By Thundgot 17 years ago, last updated 6 years ago
This article is really old. Formatting may be broken as a result. If this article is un-readable please report it.
This is from a World of Warcraft player :)
I hope you like what she has wroten:
First of all, sorry for my rude way of saying this, but why on earth should Blizzard even care about the security on your personal computer? Did the keyloggers come from World of Warcraft? No, It's your computer, it's your account and also your very own fault if you manage to get infected by any of these keyloggers.. I've seen some people suggesting that PIN codes are added to your bank, so you must use your mouse to open your bags. This won't really solve anything and even if they can't steal your gold or epics, your computer is still compromised and things like your e-mail can easily be hijacked.
After reading about this and seen a lot of friends suffer from these keyloggers, I decided to write a little guide with some tips on how to improve your security a bit. Some steps might be a bit overkill, but most of them are very simple and helps you a lot.
Some security improvements for your computer:
1 - As Blizzard suggests, always use the Launcher to start World of Warcraft. The Launcher will improve your security against known trojans, keyloggers, etc and provide you with information about how to remove them if you're infected.
2 - Keep your passwords safe, make sure you use strong passwords and change them regulary. Your password should be at least 8 characters long and contains uppercase, lowercase and numeric characters. Also, if the system you're using your password on manage to handle ascii characters, do it.
3 - Use another browser instead of Internet Explorer. I personally is a big fan of Mozilla Firefox and I know a lot of people which also recommends Opera. (see: http://en.wikipedia.org/wiki/List_of_web_browsers)
4 - If you for some reason decide to use Internet Explorer, make sure you don't install any unsigned ActiveX applications and never click "Accept" or "Yes" on any popup window just to "remove" it, take your time and read what it is, or else you will end up with a lot of strange things on your computer. Also, make sure to apply the latest VML patch. (see: http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx)
5 - Show file-extentions in your filebrowser to avoid filenames like me.jpeg.exe, etc.
a, Open a folder (doesn't matter which), go to Tools -> Folder Options.
b, Click on the View tab.
c, Uncheck the Hide extensions for known file types box.
6 - Keep your computer clean of viruses and spyware. If you're like me and can't afford buying a antivirus program or for some other reason don't have one installed, there are plenty of nice and free online scanners for both viruses and spyware.
Free virus/spyware scanners:
http://housecall.trendmicro.com/ (online antivirus scanner)
http://www.avast.com (online antivirus scanner)
http://free.grisoft.com/doc/1 (antivirus scanner)
http://vil.nai.com/vil/stinger/ (limited antivirus scanner)
http://www.spybot.info/en/ (spyware scanner)
http://www.lavasoft.com/ (spyware scanner)
7 - Some viruses/trojans are known to spread over the MSN network. I prefer using Miranda IM instead of the normal MSN client, as it's security history is far from pretty. (see: http://www.miranda-im.org/)
8 - When you download software, always download it from the official website and always keep your software up-to-date! (see: http://www.versiontracker.com/windows/ and http://secunia.com/) Never trust or use a mirror unless you have valid MD5 checksums for the files or even better; PGP/GPG signatures.
9 - Make sure you don't have any trojans, viruses, spyware or any other suspicious junk on autorun.
a, Run start -> run -> msconfig.
b, Click on the Autorun tab.
c, Simply uncheck all junk you don't need.
d, Restart your computer.
Note: On a fresh installation of WIndows, this list is completly empty. Though, something that you should be careful of removing, is if your video/sound drivers have installed anything that needs to be started. Though, if you disable it and realize so after the reboot, just enable them again and it's solved. If you're curious what a program does, visit http://www.liutilities.com/products/wintaskspro/processlibrary/ to look it up.
Once you're done and you're happy with your changes, you can completly remove the records manaually from the register:
a, Run start -> run -> regedit.
b, Browse your way to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and remove the ones you've disabled in msconfig.
Further, more advanced security improvements:
10 - If you have an old computer laying around doing nothing ("233Mhz and 128Mb"-ish) , get two network cards in it and install Linux/BSD and use it as a firewall between your modem and your computer. Make sure to block all incoming and outgoing traffic on TCP/UDP ports 135-139 and 445. These ports are used for NetBIOS (sharing files, printers, etc). Though, they're probably the biggest reason why viruses and worms like Nimda, Code-Red, Blaster, etc could spread so fast and easily. Though, If you use a router, then check the handbook for your router (or see http://www.portforward.com/) in order to know how to filter traffic on certain ports. I'm personally against software firewalls (the ones you install on your workstation) as they can easily get compromised and modified by the virus itself. However, here is a list of recommended firewalls: http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp, http://www.clarkconnect.com/, http://smoothwall.org/ and http://m0n0.ch/wall/.
11 - If you did step 10 and got your Linux/BSD-machine up and running, then make sure your ISP allow you to run your own servers at home. If they do, then I suggest that you take some time off and read up on how to install your own mailserver. I personally suggest postfix as it's very easy to setup and yet a very scaleable and secure mailserver. (see: http://www.postfix.org) Now forward your other e-mail account(s) to your personal mailserver and use ClamAV (see: http://www.clamav.net) to scan any incoming and outgoing mail for viruses. Also, make sure you have freshclamd (which comes with ClamAV) running to always have your virus definitions up-to-date.
12 - Also, some paranoia never hurts.. Don't click on every single link you find on the net without actually checking where they're going to. Never run an executable you've been sent from anyone unless it's been scanned and checked.
I hope this will help you when the next wave of trojans, viruses or worms comes. Viruses will always be around so stop complaining at Blizzard for your poor security. Though, I would love if Blizzard could add support for more operating systems so I can run my World of Warcraft under Linux/FreeBSD.. ;-)
Added the link to http://www.portforward.com/ (thanks Rauko)
Added more links to good antivirus/antispyware websites. (thanks Kanock, Anomis and Korena)
Added a few tips on how to pick strong passwords. (thanks Khalroar)
Added a link to wikipedia instead of mozilla.com and opera.com (thanks Vaneras)
Added a link to the latest patch against the VML vulnarbility in MSIE.
Rewrote some of the suggestions regarding password management. (thanks Athunt)
Fixed some typos.
Added a few links to recommended firewall programs/scripts. (thanks Kanock, Kaminari and Corlyn)
Added a few more links to websites providing useful tools. (thanks Schwick)