I keep hearing stories about WoW players getting their accounts hacked, and each time I hear one I get increasingly more nervous–especially when a couple of them were people who should have known better. The one thing I have a hard time finding, though, is information about how keyloggers work and how to thwart them.
Currently, I’m running WoW on a Mac, which I hope makes me less vulnerable (partly because most keyloggers are Windows-based (right?) and partly because you have to type in your administrator password before you can run anything on a Mac.)
I have changed my password to something harder to figure out than my original password (which still wasn’t that easy) and instead of typing it in, I have a little file on my machine from which I copy and paste the username and password into the appropriate fields. I have given up posting to the in-game forums since I changed my password, and I never use it for anything else.
I do still occasionally visit Wowhead (which was known to have a problem embedded in one of its banner ads a couple of months ago, but it was adware, not a keylogger–since then I avoid even mousing over the ad banners). I don’t visit the other two “big” WoW database sites, Thottbot and Allakhazam, anymore. I usually visit only the same small handful of websites, and never go to weird WoW sites, porn sites, or similar. I have only a few addons that I need for raiding. Needless to say I have never bought gold or engaged in any other activities that violate the WoW TOS.
What I don’t have is an antivirus program (though I think my ISP, Earthlink, does). I’ve usually found them to be more trouble than they’re worth, as they tend to cause problems with other programs. I keep up to date on my Mac security updates from Apple.
How safe would you say I am? Is my cut-and-paste strategy just giving me a false sense of security, or can it really prevent a theoretical keylogger from grabbing my username and password? Are there any other things I can do to ensure that my account won’t get hacked?
If an application can log keypresses, it can also collect other types of information, including data that is copied and pasted. Once you have malware running on your system, you’re hosed.
Since you use a Mac, you’re less of a target. If you only install software from known, trusted, and traceable sources, you’re pretty safe. I wouldn’t worry about it if you practice safe computing. I don’t think the Mac has enough of a virus/malware problem to make it worth installing antivirus software that is likely to cause more problems than it solves.
When I surf questionable sites, I open up FireFox and turn off plug-ins, java and javascript.
You may have a similar option.
Another option might be running all your web browsers in a virtual machine of one description or another.
Using Firefox is a good start (not sure how Safari matches up). I know Allahkazam had a problem a while back with stuff embedded in their banners as well, but I think only IE was vulnerable to it. As far as the WoW forums go, they should be safe to browse, but don’t click on links that take you away from the site, as it is not uncommon for such links to contain keyloggers and the like.
Good passwords are your #1 protection. Dont use your account name or things like that.
Alot of the people crying “I got hacked” are also the ones who tried using a power leveling service and were shocked to find out that the fine citizens of the phillipines helped themselves to everything on their charachter.
The Acclaim games I play lets people make more than one account, (You make an account there, and sign up for the games you want to play with it.) and I have a seperate “forum only” account so I can post on the forums, and that way if a keylogger captures my account info…well, no biggie. Blizzard doesn’t allow you to have a forum ID that isn’t your account or main character name? ETA: I play 9Dragons, 2Moons, and Bots. ETA2: What I was asking is, your forum ID is tied to your game account, and you have no choice?
Exactly. Your forum username and password are the same as your game username and password. It’s stupid, and many people wish they’d change it, but so far they haven’t.
Too true, but there are also genuinely innocent people who get hit too. As long as you’re not using those services, I’d say your best defense is to avoid sketchy links from WoW-related sites. If a key-logger gets on your system, you’re screwed no matter what your password is.
Truthfully the most harm a hacker can do to you is delete a toon–gear can be replaced, and if you catch it soon enough you may be able to get Blizz to restore some or all of your lost items. But it’s a pain to start from nothing when you’re at max level, and plus since they often sell everything on you or in your bank (or worse, your guild bank now that that feature is finally in), quest rewards may be gone for good.
Doesn’t matter how good your password is if you have a keylogger on your system.
To the OP avoid using any third party apps/mods for WoW and you should be fine. If you must check the WoW forums and only go for those that have been in use a good while and deemed ok by the community at large (still taking a risk though).
Never heard of a keylogger hitting your system by mousing over a banner.
Make sure you have good AV/antispyware software on and up to date. Scan regularly.
ETA: I play 9Dragons, 2Moons, and Bots. ETA2: What I was asking is, your forum ID is tied to your game account, and you have no choice?