So after the recent rash of hackings, I decided to put together a list of a few basic things that you can do to keep your computer secure.
I've been hacked before, and computer security is something I've taken a big interest in recently, so I have some experience doing this stuff.
There are a lot worse things in the world than losing your WoW account: identity theft, financial theft, etc, so having an authenticator isn't an excuse for engaging in risky behavior.
Mind you this is not a panacea for security, but should hopefully keep you secure.
* Ditch Internet Explorer. Most of the security vulnerabilities out on the web involve holes in Internet Explorer. A recent "0-day" flaw (which means something that was just discovered and unknown to Microsoft) has been floating around which has been used in several high profile hacks. Get rid of it off your desktop, your toolbar, etc. Just pretend it doesn't exist.
IF YOU ABSOLUTELY HAVE TO USE INTERNET EXPLORER, GET INTERNET EXPLORER 8.
* Use Firefox (or some other alternative browser; Google Chrome or Safari are good alternative choices). I recommend Firefox due to it's plugin capabilities.
* Install the following plugins into Firefox:
NoScript is a bit of a pain in the ass -- you have to configure it to allow scripts on specific sites (by default, it blocks most if not all). I highly recommend you do this, but even if you turn off the script protection (allow scripts globally), it still includes some basic protections against XSS attacks.
Adblock will prevent ads from being loaded from virtually every every ad provider out on the internet. A lot of these hacks have been done by posting an ad with code in it to exploit vulnerabilities in Adobe Flash.
* Update, update, update! Microsoft typically releases security updates on the 2nd Tuesday of the month. Use that day to run Windows Update to get your computer updated to the latest patches released from Microsoft. If you're using a hacked version of Windows XP, Vista, or 7, you're pretty much out of luck on getting security updates, and you're just asking for trouble.
Install the latest version of the extensions your browser uses, including:
Most of the security holes in the past have involved Adobe Flash, so this is probably the most critical thing in the list, since Flash is so ubiquitous now.
There have been a few recent security exploits involving Adobe Reader as well.
* Retire Windows XP. It's almost 10 years old. It's time to move on. Get Windows 7. OEM copies of Windows 7 can be obtained for around $100.
* Know your computer! Most of the time, if your computer has been compromised, it'll start acting differently:
Things start going slower.
Things starting to happen for no reason or explanation.
If you suspect something is wrong, then assume your computer is compromised and not secure until you can prove otherwise. Have an expert look at it.
* Install anti-virus / anti-spyware / firewall software! I recommend Kaspersky Anti-Virus. It's completely comprehensive, and it doesn't suck a whole lot of computer resources. Others are out there, but I have no firsthand experience with them. I know a lot of people in the past have gone out and purchased one of these programs, fired up a game, and seen their computer slow down and subsequently turn them off, which defeats the purpose of having it installed and running.
* Use a Mac. They are "relatively immune" to the malware floating around the internet -- but doing the operating system and Flash updates are needed.
* Password diversity: Don't use the same password on your WoW account as on your E-mail account (ideally, every password that you have should be unique.)
* Password complexity: Use symbols, upper case letters, and numbers in your password. Make your password 8 characters or longer. Do not use common words in your password.
* Don't install shit on your computer unless it's absolutely necessary, and it comes from a reputable software vendor. Be suspicious of everything. If you have doubts about a program, do a Google search on it. Assume everything everyone sends you is designed to compromise your computer unless you have concrete proof otherwise.
* Keep your computer physically secure. If your computer is accessible to other people (ie: you have a roommate), keep it logged out or session locked when you're not at it. Who knows what bullshit people pull up in web browsers when you're not around.
*Turn off password memory on any browser you use and set up auto deletion of cookies at least weekly.
I'll add to this post as I remember things, but I think this should cover everything.
Please let me know if you have any questions or if you think there's something I missed.
It's not my writing and unfortunately I don't remember who wrote it. It's useful though, so read the post.
Last edited by Sangrey on Mon Jul 11, 2011 4:08 pm; edited 1 time in total