Two things I usually mention, but for some reason forgot to
1) Your friend needs to log into his computer on an account that does not have administrative rights. That will reduce his risk exposure ten fold.
2) If he has no idea how to surf safely, he should create a virtual machine on his computer and do all of his web surfing there. Make sure to set the virtual machine to not save changes on exit.
Both take a bit of effort and know how, so they are not options for everyone.
Something else that can happen is that malware can be installed from a completely extraneous source. There was a case last year where USB Digitial Photo frames were infected with malware designed for stealing WoW login information. No bull...
In general, here are some good tips for avoiding problems:
Use good firewall and AV software - a hardware firewall is better, but very few people have them, so use a good software firewall, at minimum. Btw, no - the Windows firewall is NOT a good firewall...
Don't surf porn/warez sites
Don't be fooled into downloading that ZOMGWTFBBQSAUCE add-on that promises to give you invulnerability or one-shot PvP wins - seriously, don't be a chump
If you get a pop-up on your system telling you your "PC is at risk" or some such nonsense, ignore it. Don't just install whatever piece of crap they're pushing, because chances are it's designed to actually cause the problem it allegedy fixes...
Two things I usually mention, but for some reason forgot to 1) Your friend needs to log into his computer on an account that does not have administrative rights. That will reduce his risk exposure ten fold. 2) If he has no idea how to surf safely, he should create a virtual machine on his computer and do all of his web surfing there. Make sure to set the virtual machine to not save changes on exit.
Both take a bit of effort and know how, so they are not options for everyone.
First, most games won't run with reduced privileges. I don't know about WoW, but its anti-cheat snooper might complain about the limited rights. With other games, you're usually running into other problems like missing rights to the HKLM tree of the registry or lacking the rights to start and use their copy protection drivers. Games aren't really known for their ability to play nice with the system. Unfortunately, the practice that everyone runs everything with Admin privs anyway plays into the hands of game makers too lazy (or stupid, take your pick) to actually produce games that don't require them. More often than not, you even read simple statements like "must be run with an Admin account" in the manual (I use the term loosely, today, the "manual" is often just some PDF file on the DVD), without any explanation whatsoever why a simple, stupid GAME needs privileges that should be limited to the times when you're actually changing system critical things. Something a game simply and plainly has no business in.
But since people would rather play the OMFGWOWZOMG superspecialawesome game than be safe, they get away with this practice.
The virtual machine is by itself a very good idea, unfortunately there are already some POCs that show it is possible to break out of it. It's neither trivial nor in any way in widespread use, so for now it's safe. It's just no foolproof way to avoid an infection for now and forever.
Just to put my 2 cents in, In my 8 years of Mmo's , I have never had any account compromised also I have never bought gaming currency, never used leveling services and never used any mods and I have zero , I mean zero protection on my pc ( other then common sence ) . Sounds like Op's friend ( possibly op ) has tried to bend the rules a lil .
Most likely these people that have hacked your friend 4 times, somehow know his Secret Question/ Answer. Basically if they know that along with the Account name, your screwed. All they have to do is contact Blizzard and request to change the Email info, and password reset. If they know the SQ and Answer, Blizzard will do it everytime. I actually had this same problem, and basically Blizzard refuses to change Secret Question/ Answer. Its total BS, basically haven't played WoW since.
Just to put my 2 cents in, In my 8 years of Mmo's , I have never had any account compromised also I have never bought gaming currency, never used leveling services and never used any mods and I have zero , I mean zero protection on my pc ( other then common sence ) . Sounds like Op's friend ( possibly op ) has tried to bend the rules a lil .
Guess you haven't read most of the posts thus far, so I won't really comment because that wouldn't make any sence.
Two things I usually mention, but for some reason forgot to 1) Your friend needs to log into his computer on an account that does not have administrative rights. That will reduce his risk exposure ten fold. 2) If he has no idea how to surf safely, he should create a virtual machine on his computer and do all of his web surfing there. Make sure to set the virtual machine to not save changes on exit.
Both take a bit of effort and know how, so they are not options for everyone.
I'm not quite sure what kind of surfing habits he has, but one thing is certain, he did something that exposed his system. Since he has transfered his toons from one account to another I think he feels pretty confident and has not even been the least bit worried. Lets just see if it works this time around, like you said these options aren't for everyone and I doubt this guy would want to go through any of these just to play a game. Which is why I recomended him get the authenticator but he is not gonna get that either. Told him I made a thread so he can come read all these posts and I'm not even sure if he has done that yet, shows how much surfing he does outside of playing WoW.
Two things I usually mention, but for some reason forgot to 1) Your friend needs to log into his computer on an account that does not have administrative rights. That will reduce his risk exposure ten fold. 2) If he has no idea how to surf safely, he should create a virtual machine on his computer and do all of his web surfing there. Make sure to set the virtual machine to not save changes on exit.
Both take a bit of effort and know how, so they are not options for everyone.
I'm not quite sure what kind of surfing habits he has, but one thing is certain, he did something that exposed his system. Since he has transfered his toons from one account to another I think he feels pretty confident and has not even been the least bit worried. Lets just see if it works this time around, like you said these options aren't for everyone and I doubt this guy would want to go through any of these just to play a game. Which is why I recomended him get the authenticator but he is not gonna get that either. Told him I made a thread so he can come read all these posts and I'm not even sure if he has done that yet, shows how much surfing he does outside of playing WoW.
Well eventually it will be his bank account information, credit cards, his identity or something else. Compare it to having unprotected sex with strangers, eventually he will get something that will not go away so easily.
Yeah, that's what I said too. Wouldn't have felt like a friend if I did'nt at least try, hopefuly this don't happen again because then there is not much else I can say that I have not said. Pretty much suggested everything posted here but after the character transfer I guess he's comfortable.
Comments
Two things I usually mention, but for some reason forgot to
1) Your friend needs to log into his computer on an account that does not have administrative rights. That will reduce his risk exposure ten fold.
2) If he has no idea how to surf safely, he should create a virtual machine on his computer and do all of his web surfing there. Make sure to set the virtual machine to not save changes on exit.
Both take a bit of effort and know how, so they are not options for everyone.
Something else that can happen is that malware can be installed from a completely extraneous source. There was a case last year where USB Digitial Photo frames were infected with malware designed for stealing WoW login information. No bull...
In general, here are some good tips for avoiding problems:
~Ripper
First, most games won't run with reduced privileges. I don't know about WoW, but its anti-cheat snooper might complain about the limited rights. With other games, you're usually running into other problems like missing rights to the HKLM tree of the registry or lacking the rights to start and use their copy protection drivers. Games aren't really known for their ability to play nice with the system. Unfortunately, the practice that everyone runs everything with Admin privs anyway plays into the hands of game makers too lazy (or stupid, take your pick) to actually produce games that don't require them. More often than not, you even read simple statements like "must be run with an Admin account" in the manual (I use the term loosely, today, the "manual" is often just some PDF file on the DVD), without any explanation whatsoever why a simple, stupid GAME needs privileges that should be limited to the times when you're actually changing system critical things. Something a game simply and plainly has no business in.
But since people would rather play the OMFGWOWZOMG superspecialawesome game than be safe, they get away with this practice.
The virtual machine is by itself a very good idea, unfortunately there are already some POCs that show it is possible to break out of it. It's neither trivial nor in any way in widespread use, so for now it's safe. It's just no foolproof way to avoid an infection for now and forever.
stop looking at porno online
Grymm
MMO addict in recovery!
EQ,SWG preCU,L2,EQ2,GW,CoH/CoV,V:SOH,
Aion,AoC,TR,WAR,EVE,BP,RIFT,WoW and others... no more!
Just to put my 2 cents in, In my 8 years of Mmo's , I have never had any account compromised also I have never bought gaming currency, never used leveling services and never used any mods and I have zero , I mean zero protection on my pc ( other then common sence ) . Sounds like Op's friend ( possibly op ) has tried to bend the rules a lil .
Waiting on Guild Wars 2
Most likely these people that have hacked your friend 4 times, somehow know his Secret Question/ Answer. Basically if they know that along with the Account name, your screwed. All they have to do is contact Blizzard and request to change the Email info, and password reset. If they know the SQ and Answer, Blizzard will do it everytime. I actually had this same problem, and basically Blizzard refuses to change Secret Question/ Answer. Its total BS, basically haven't played WoW since.
Guess you haven't read most of the posts thus far, so I won't really comment because that wouldn't make any sence.
I'm not quite sure what kind of surfing habits he has, but one thing is certain, he did something that exposed his system. Since he has transfered his toons from one account to another I think he feels pretty confident and has not even been the least bit worried. Lets just see if it works this time around, like you said these options aren't for everyone and I doubt this guy would want to go through any of these just to play a game. Which is why I recomended him get the authenticator but he is not gonna get that either. Told him I made a thread so he can come read all these posts and I'm not even sure if he has done that yet, shows how much surfing he does outside of playing WoW.
tell him to buy a blizzard authenticator for his account and see if that helps.
"The great thing about human language is that it prevents us from sticking to the matter at hand."
- Lewis Thomas
I'm not quite sure what kind of surfing habits he has, but one thing is certain, he did something that exposed his system. Since he has transfered his toons from one account to another I think he feels pretty confident and has not even been the least bit worried. Lets just see if it works this time around, like you said these options aren't for everyone and I doubt this guy would want to go through any of these just to play a game. Which is why I recomended him get the authenticator but he is not gonna get that either. Told him I made a thread so he can come read all these posts and I'm not even sure if he has done that yet, shows how much surfing he does outside of playing WoW.
Well eventually it will be his bank account information, credit cards, his identity or something else. Compare it to having unprotected sex with strangers, eventually he will get something that will not go away so easily.
At least you tried.
Yeah, that's what I said too. Wouldn't have felt like a friend if I did'nt at least try, hopefuly this don't happen again because then there is not much else I can say that I have not said. Pretty much suggested everything posted here but after the character transfer I guess he's comfortable.
To be continued.....