One of my guild‘s members’ accounts was hacked this week. This led to a lot of buzz in guild chat, and I figured it would be a good idea to briefly write about some of the myths and misconceptions that came up.
- The account was hacked by a brute force attack, so there’s nothing that I could have done to prevent it.
While it is certainly possible that the account was brute-forced, it is more likely that the user logged on to a machine that was somehow compromised by spyware which logged the user’s keystrokes and phoned home with them. The best thing you can do in the case of a brute force attack would be to have a strong password, which is 8+ characters long, and contains a mixture of upper case, lower case, numeric, and non-alphanumeric (think “cartoon swearing”) characters. See this post on some ideas for picking strong passwords. - I have a firewall, so I am safe from this sort of attack.
In brief: there are many types of “scary things” on the Internet which can compromise your PC. Viruses, which usually propagate via email, are not stopped by a traditional firewall. A firewall’s job is to block active attacks made against your system’s public IP address, such as worms, port scans, and brute-force attacks. A traditional firewall does nothing to stop malware and viruses, which usually get introduced via email or web sites. Note that something like the Astaro Security Gateway*, and other firewalls which include spam, virus, and content filters for web and email traffic, do combat these additional threats. Also note that a brute force attack would likely be directed at Blizzard’s servers, not at your home PC on which you play WoW. - I run WoW on a Mac|Linux, so I am safe.
- There are many potential issues with these statements. First, if you run WoW under Bootcamp on a Mac, you are no safer by virtue of being on a Mac, as you are actually running MS Windows with all of the fun side-effects – you just happen to be running it on hardware sold by Apple.
- If you are running WoW under Parallels or VMware Fusion, your Mac partition and its data and apps are much safer, but any applications within Windows, including WoW, are still subject to hijacking. Consider your Parallels session as a separate Windows computer. That virtual computer is just as vulnerable to compromise as any other Windows PC. Also, “bad guys” are known to be researching ways to escape virtual machines and be able to attack the host PCs. Very scary.
- As for WINE and Linux, I would argue that yes, you are safer overall from automated attacks, but WINE has demonstrated “bug for bug” compatibility with Windows on many occasions, so even though you don’t have a full-blown copy of MS Windows, you are susceptible to many of the same exploits as real Windows, and anything that targets WoW, say, an add-on, is likely going to run just fine under WINE.
- In my experience, virtual machines on desktop PCs (eg: Parallels) don’t have anti-malware software installed on them, so they are even more vulnerable to compromise.
What Can You Do?
Most compromises that I have encountered have been caused by spyware, viruses, or worms that a single PC contracted, usually by user-contributed actions. What are said actions? Here are some examples:
- Don’t open suspicious emails. Here’s a rule of thumb: If you don’t know the sender, and it looks like junk, do not open it! Delete it. If you receive an email from someone you know, but weren’t expecting, with an attachment, check if they actually sent it to you, or just delete it. If it’s important, ask them to resend it.
- Don’t visiting “naughty” web sites. (You know the ones to which I am referring…) Yes, due to scripting technologies (which are enabled by default on every modern web browser) any web site can contain active code which tells your browser to do some really scary things. The same technologies which were developed to make pages more intelligent and useful has made them more dangerous. Despite over a decade of work to secure web browsers, there are vulnerabilities out there which can compromise your entire computer’s security just by visiting a web site. Scary? Yes. And true.
- Another big problem I see frequently is people having out of date anti-malware software. That is to say, they bought a computer with a 60-day trial of McAfee or Norton Antivirus, and never bothered to renew the subscription when it expired. This is only one step away from having no anti-virus protection at all! Anti-malware software must be kept up to date, or it’s practically no good. Check out this post for some options for antivirus and antispyware programs. Note that we are currently recommending AVG’s family of anti-virus and anti-spyware products at Paradigm*.
- Get a hardware firewall. It doesn’t have to be anything fancy, but get one. Any <$100 router from Linksys, D-Link, or Buffalo can do the job, and give you more security from active attacks than plugging directly in to your cable or DSL modem.
- Also, many security holes which are exploited by viruses and worms are caused by unpatched vulnerabilities in your operating system. The fix? Turn on automatic updates and install them! By default, current versions of Windows, Mac OS X and most Linux desktop distributions I’ve used have this option enabled by default, or at least prompt you to enable automatic updates. Do it. Yes, rarely an update will be released which causes some problems, but the vast majority of the time, these updates simply fix problems and keep you safer, so you want these.
- Don’t install a lot of extra stuff on your machine. Bluntly stated, every program you install on your computer is a potential security hole. World of Warcraft itself is a security hole. Every add-on your download is a security hole, but this doesn’t apply to just Warcraft – any program you download is a risk. Even if you are downloading software from a known software repository, sometimes even high-profile distribution points get compromised. Two recent examples include Seagate, the world’s largest hard drive manufacturer, who shipped hard drives with viruses on them in November of 2007. More recently, a popular open-source webmail application’s repository was compromised, resulting in people downloading infected code. While neither of these directly relates to World of Warcraft, they go to show that you can never be too paranoid when it comes to downloading and installing programs. Before you install anything on your computer, ask yourself “Do I really need this?” Then ask yourself again. Then ask yourself again. If you answered “yes” all three times, then ask yourself once more if you really need it.This goes especially for add-ons to WoW. When you download an add-on, you are downloading a program which modifies the way WoW behaves. This program has access to all sorts of stuff in your game, and can very well be written with malicious intent. Be sure to check up on add-ons before downloading and installing them, and to scan them with anti-malware programs prior to installation.
- Don’t share your account information, specifically passwords, with anyone else. Thisi applies to “leveling services” and anyone besides the Blizzard web site or the WoW login screen who asks for your username and password. Possible exceptions to the “share with no one” rule include your spouse and child. Other than that, don’t do it. Period.
- Don’t run as an administrator or root account on your system. Log on as a limited user, and only log on as an administrator when you need to install software or perform system maintenance.
Note: World of Warcraft, unlike Warcraft III, does not require you to log on as an admin, so don’t do it. How can you tell if you’re an administrator? Comment on this post and I’ll tell you how, or wait for a follow-up post, because I’m out of time right now! - Regardless of whether your account is an admin equivalent or not, assign it a password.
I could go on for a long time with ways to secure your PC and your online gaming experience, and will either amend this document or post follows as time allows, so check in if you’re interested in a dose of paranoia to keep yourself safe.
* Note that my company, Paradigm Consulting Co., is a reseller of Astaro and Grisoft AVG anti-malware products. Also note that both of these vendors supply products which are free for non-commercial, personal (ie: home only) use. Should you wish to purchase their commercial products, please contact me and reference this blog post, and I will give you a discount off MSRP.