EntropiaPlanets guide: Securing your PC and account

Discussion in 'Technical, security and bug reports' started by NotAdmin, May 13, 2010.

  1. NotAdmin

    NotAdmin Administrator

    [IMGALIGNLEFT]http://www.entropiaplanets.com/gallery/pics/1/computer_security_cartoon.gif[/IMGALIGNLEFT] It's a dangerous world out there on the Internet. Practically around every corner, bad guys are lurking and waiting for you to make a tiny little mistake. When you do, they'll try and do whatever they can to exploit the situation. They take control of your computer, try and enter your bank account, buy stuff in your name, or even steal your identity.

    That's at least what numerous anti-virus software producers want you to think, so you'll become scared enough to buy their wares. In this little guide we would like to show you some free (or cheap) ways to protect yourself and your computer from malicious attacks. In an ideal world, you would have 1 system that you only use for gaming, and another one for surfing and/or working. You would ensure you always have your software up-to-date (note: up-to-date does not neccessarily always mean running the latest patch, as a recent slipup from MacAffee proved that if there's a mistake in the new patch, things can easily get ugly), you never use the same mail account twice, and you have different passwords that you change on a regular basis.

    Not everybody has the luxury of being able to afford multiple computers, so we will focus on running a single computer. Chances are you are running a version of the Microsoft Windows Operating System (OS), for which updates can be scheduled automatically. I would advise you to have Windows Update check for new updates at least once a week (I have it set to check daily), and have it automatically install new updates. Since lots of viruses also tend to take advantage of commonly used software, you should also try and ensure that other software you instaled is kept up to date.

    Unless you already use it, I would also recommend upgrading to Microsoft Windows 7. It's the most secure version of Windows so far (unlike older versions of Windows, the default policy on Windows 7 is that the great majority of "risky" features are turned off by default, hence increasing security), and my personal experience with it so far has been great.

    Regarding web browsers, if you insist on sticking to Internet Explorer (IE), do yourself a favour and upgrade to IE8, which is more secure than IE6 (yes, this is still used by some people/companies) and IE7. After you did, in the Safety menu, turn on SmartScreen, which will prompt you if you are about to enter a website that has been known to cause trouble. After all, preventing an infection is better than battling it after the damage has been done. Alternatively, consider running a different browser like FireFox which was built to be a more secure browser than the earlier versions of IE.

    It is generallly a good idea to run a virus scanner on your machine. I dislike paying for anti-virus software as much as anyone, and after some bad experiences with the "big" names, have for quite some time been running AVG Free. Recently, however, a situation occurred where AVG missed a virus infection on my machine, causing me to look for something else. The alternative I came up with is provided by Microsoft, and is also free of charge. It's called Microsoft Security Essentials and it also comes free of charge (provided you have a legit copy of Microsoft Windows). Yet another popular choice of free anti-virus software is Avast. Take your pick, and again, ensure that your anti-virus software remains updated. New viruses come out almost daily, and keeping your virus scanner fresh can mean the difference between being safe, or getting infected. Do keep in mind that just running anti-virus software by itself is not enough, but you should also regularly have your scanner perform a scan of your system.

    [IMGALIGNLEFT]http://www.entropiaplanets.com/gallery/pics/1/dilbert2813960050912.gif[/IMGALIGNLEFT] Another recommendation I would give you is to run a firewall. A firewall can be viewed as a security guard at every exit in a building. Whenever non-standard or non-approved inbound or outbound connections are attempted to be made, the firewall can/will prompt you and ask you if the connection about to be made is approved by you or not. Typically, it will tell you which program is trying to make a connection, thus giving you valuable feedback on whether or not something fish might be going on. Windows comes with a built-in firewall, and I would recommend you to use it. In Windows 7, it can be found under Control Panel -> System and Security. Another well-known firewall is ZoneAlarm though that is not free. However, it is relatively inexpensive.

    Virus scanners are good at keeping track of viruses, worms and trojan horse software (See glossary at the bottom of the article for a quick explanation of the differences between the two). There is, however, also a lot of malware, spyware, bloatware and all kinds of other bad news. There are a good few anti-malware programs out there that can help you become the victim of malware. Since viruses/worms/trojan horses and malware typically have different technical implementations, virus scanners might not neccessarily pick up malware. Some of the free tools available to fill that gap include ad-aware, SpyBot Search and Destroy, or MalwareBytes. Again, regular updates and scans will help you be more safe and secure.

    [IMGALIGNRIGHT]http://www.entropiaplanets.com/gallery/pics/1/usererror.jpg[/IMGALIGNRIGHT] By far the best way to protect yourself in a none-technical way is by using common sense: Do not fall for mails that try to tempt you to open an attachment. If you want funny screensavers, you do not need to get them from a mail. If you did not order anything that will be delivered by UPS, do NOT open the "what looks to be a PDF but really isn't" attachment. You also did not win the lottery or will actually get any money from that nice gentleman/woman in Hong Kong who wants to help you siphon off some funds (and if you truly do believe that you need to send money to someone, please feel free to send it to me instead). Do not accept files from people unless you are expecting to be sent something. This goes for strangers, but also for people that you do know. Chances are that these people got hit by a virus and are not even aware of it. If you are in doubt, ask your contact first whether they are aware they sent you a mail with an attachment. Stay away from bittorrent/P2P networks. Yes, you might find a pirated copy of <insert expensive software/new CD from favourite artist here>, but you might also end up with more malicious crap than you can shake a fist at.

    Whenever websites out of the blue start prompting you for stuff to download, it generally is a good idea to inspect what exactly it is that they are wishing you to install. Do not just blindly click okay, as this is exactly how your machine will get hit by/with malware, and the next thing you know, you'll suddenly find your home page changed, new toolbars installed in your browser, or pages randomly opening you and bombarding you with ads.

    Lastly, if you have the possibility, use a different mail address for forums and networking sites and similar sites than you use for the game. Having different passwords for gaming and other accounts is also not a bad idea. The more you share your passwords, the easier you will make it for the bad guys in case they do manage to somehow get to you. Security through obscurity always works better than having the same key fit every possible lock.

    Should you nonetheless somehow get affected, a full scan with your virus scanner is always a good move. Then running full scans with the anti-malware product(s) of your choice will hopefully ensure you manage to clean your pest in the fastest possible way. One possibly smart thing to consider is updating the software as soon as possible, and then disconnecting from your network while the full scans run. That minimizes the risk of possible intruders catching you while you're vulnerable.

    [IMGALIGNRIGHT]http://www.entropiaplanets.com/gallery/pics/1/pcsave.gif[/IMGALIGNRIGHT]

    Oh, and for Pete's sake, if you play Entropia Universe even half-seriously, either buy the GoldCard, or deposit enough to be able to get it from MindArk for free. If you have anything of value in Entropia Universe, you have no excuse for not owning a GoldCard.


    Simplified glossary:
    Virus: A piece of self-spreading software. A virus will attach itself to a file (typically an executable file), but requires human intervention to be able to spread (running the program, or opening whichever infected file carries the virus so the virus code can execute). Famous example: "ILOVEYOU" (a virus that spread through e-mail, relying on human curiosity to open the infected attachment).

    Worm: Similar to a virus, but worms do not require human intervention to spread. Instead, it abuses loopholes that allow it to spread automatically. Think of a worm as a virus on steroids). Famous example: "Sapphire/Slammer" (A virus that abused laziness of system admins who never bothered patching their systems).

    Trojan Horse: Like the famous Greek story, a trojan horse is a program posing as something else. You *think* you are installing a useful program, but what actually happens is that a secret way into your computer is being installed. Famous examples: SubSeven / BackOrrifice.

    Malware: Short for malicious software. In short, software designed with bad intentions.

    Spyware: Software intended to register user information without the users consent.

    Bloatware: Malware that bloats/slows down a users computer.
     
  2. RAZER

    RAZER Custom title ... uh ...

    Nice info there Peter. The best thing in there if you ask me is the Common Sense bit.

    I probably do all the above things you told me not to do ;) and I have NEVER had a virus or anything like spyware, mallware or anything else.

    Sure I do run anti virus, used AVG before, but now have a SOPHOS version running from work, which you are allowed to run at home for free if you have it work to. I also have some firewall thingy set up in my router(some port forwarding or NAT or whatever you call it) and it seems to work OK.

    But still the Common sense thing is the best advise, ALWAYS read everything that pops up anywhere and asks you to choose YES or NO. and be aware that those questions can be misleading sometimes, asking the question in a way so that you click NO you actually agree to install the software.

    This can be understood wrong and you end up with some crap software you can't get rid of.
     
  3. khaos

    khaos DnB'addict

    Very helpful post ;)
    and the common sense part seems the hardest for most people
    i see it enough; at boarding school everybody just clicks everything they see without reading => computers that are 6 months old, run like 6 year old computers.
     
  4. Great article gang. This is just one of the many ways you provide a great service. :) I am glad you guys are in the community.

    I have been using (on the Spyyware side) Spyware Blaster for quite some time. Unforutunately, I am one off the yahoos that pay for some of my apps. I will try out your suggestion about MS Security Essentials.

    Again thanks for the great article.

    Flap

    PS. You might have noticed this already but some of your article links are broken . I think they are double (.../URL) tags. 'Don't know how many times I have done the same thing myself. :D
     
  5. NotAdmin

    NotAdmin Administrator

    Thanks. I somehow did overlook that. This should be fixed now :)
     
  6. It's funny how people always feel insecure by not having anti-virus program.
    I haven't had a single virus in years (I do check for them about 4 times a year.) and I've always skipped out on the firewalls and virus programs.


    With no proof to back me up but I'm almost 100% sure that the number 1 reason people get viruses is because they suck at porn surfing.
    Or go to semi-serious-russian sites.

    On the other hand, most people don't really know what they are doing on the computer, as soon as they can't install something they go bananas and call support..
    These kind of people obviously need anti-virus.
     
  7. NotAdmin

    NotAdmin Administrator

    I am tech savvy, and still use anti-virus programs. I've seen too many occassions of it go wrong (including working to remove ILOVEYOU at a site, only to have some numbskull fuck up a weekend's worth of work agian, and Slammer, which crippled my employer's network) to just risk it.

    There's a lot of stuff you might get hit by even if you do not surf to dubious sites (EF is for instance not a site I'd label as dubious, and yet, I ended up getting a virus through there).

    In my opinion, the virus scanner, firewalls, and other tools are there to protect you against things you did not think could harm you, or against something that you just have not heard can harm you yet. Other than that, the anti-malware tools are a way to both protect your privacy better, and to keep your PC in a better shape :)
     
  8. John BD

    John BD Subwoofers rock.

    exelent guide and not much to add :)

    a small paranoia tip i addition to razors reply:
    If u get some kind of question box popup thing come through its even saver to ctrl del and end session there instead of clicking anywhere near the box, if something is out to harm u then yes or no question is always yes install it.
     
  9. I agree Pete,

    It's just like insurance. You never think it's necessary or that you can afford until you end up needing it. :)

    Always better safe than sorry. :D

    Flap

     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.