1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice

Security Best Practices

Discussion in 'UHall' started by Llewen, May 30, 2008.

  1. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    I've seen a number of "I've been hacked" threads recently. I've put together a security best practises thread on my clan forums. You can read it here. I tried to be fairly thorough, but it is entirely possible that I might have forgotten something terrifically important, so feel free to comment and make suggestions, and I will add anything that I feel is important that I might have missed.
     
  2. envinyatar

    envinyatar Guest

    Thanks for the tips. I have several of those apps, but none of them are updated. I will be doing that first thing tonight. I may not have alot of any value on my account but I can't stand the thought of being hacked.
     
  3. Setnaffa

    Setnaffa Certifiable
    Stratics Veteran

    Joined:
    Sep 13, 2004
    Messages:
    1,537
    Likes Received:
    0
    One bit of advice I give to people is don't just click on a hyper-link. If it takes you to an unknown site, don't click on it.

    Not that I don't trust http://www.crazy-canucks.com (OK. I don't) but I'd rather you just posted your recommendations here than trying to lead me to another site.
     
  4. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    After reading several posts from people said they have had their game accounts hacked for Ultima Online, and knowing that several of us have had problems with viruses and spyware, I thought I'd put together a thread on security best practises.

    1. Keep your software up to date. This is probably the single most important piece of advice you will read here. Stay on top of updates, and as much as possible, keep everything up to date. Here is a quick list of things you will want to keep up to date.

    - Hardware drivers. This might not be immediately obvious, but even hardware drivers can have security vulnerabilities. At the very least you will want to keep your drivers up to date to keep your system as stable as possible. For newer hardware, and especially video drivers, you should be checking for updates once a month. For older hardware, or hardware other than video drivers, you should be checking once every three months or so. If the software that comes with your hardware has automatic update features, use it, but don't rely on this for hardware. I have had the problem with Logitech specifically that the automatic updates didn't tell me a new version of my software had been released, so check manually at least once every three months.

    Here is a quick list of drivers that you should be keeping up to date:

    Chipset Drivers (for your motherboard)
    Video Drivers
    Sound Drivers
    Ethernet Adaptor Drivers (for your lan card or nic)
    Keyboard and Mouse Drivers

    - Your operating system. No matter what operating system you are running, keep your operating system up to date. Any operating system released in the past few years should have a way of automatically keeping up to date. Use the feature for whatever operating system you are running and if it is on a schedule, make sure it is scheduled for a time when your computer will actually be on. You should be checking for updates at least once a week.

    If you are using an old operating system that is no longer supported, such as Windows 9x/Me, it is time to switch to something else. If money, or old hardware is an issue, there are plenty of great options for Linux, that are free, that will run on older hardware. If you don't feel up to reinstalling your operating system yourself, get someone to do it for you.

    - Web browser. If the web browser you use isn't updated with your operating system, make sure you keep it up to date. You really should be checking for updates to your web browser every day. Have it automatically check for updates every time you open up your browser. If you are using a really old browser, that is no longer being developed, stop using it and switch to a product that is actively being developed. There are plenty of free options for browsers that are actively being developed, there is no excuse for using an old browser. If you are comfortable with your old browser, and don't want to switch, get over it. Nothing can get you in trouble faster, and more easily, than security vulnerabilities in your web browser and any old web browser that is no longer being developed will have security vulnerabilities.

    - Chat and email applications. If your email and chat aren't included in your operating system updates, make sure you keep them up to date. Again, most newer applications will have a way of keeping up to date automatically, enable those features, and if they are enabled, make sure your computer will be on at the times your update checks are scheduled to run.

    - Security software. If you are using security software, which you absolutely should be. Make sure you keep it up to date. Use scheduled updates if they are available. Anti-virus software with the virus definitions should be updated daily. Other security software such as anti-spyware software should be updated at least once a week.

    - Java. Keep your Java up to date. Once again, with Sun Java, on Windows, there are options for automatic updates, use them.

    - Office software. Keep your word processor, spreadsheet software, etc., as up to date as possible. If it is newer, you should be checking once a month at least. If it is older, and no longer being updated, it might be time to consider switching to something newer. If money is an issue, or old hardware, OpenOffice is a top notch product, that is free, and should operate well on any system purchased in the past six years, and maybe even older systems than that. It is available for most of the major operating systems.

    - Games. This isn't always possible to do, as many of us play older games that are no longer being developed, but as much as possible, keep them up to date. Any games you can play online should have automatic updates, or update notification available. If you have a game that can be played online that is no longer supported, you should consider no longer playing it online, or if you must, play it only with trusted friends, or on a lan.

    2. Consider switching to a more secure operating system. If all you aren't running software that you can't do without, that won't run on Linux, you should consider switching to Linux. It is far more secure than Windows, for many reasons (I don't know about Macs). If all you are doing is basic computer "stuff", such as playing browser based games, email, chat, office software and graphics software, Linux can do all of those things, and your chances of being hacked or infected with a virus, even if you don't know what you are doing, are almost 0.

    3. Switch to a safer browser. Stop using Internet Explorer, now. There is no good reason to use Internet explorer for anything other than updating Windows, and the few programs that require Internet Explorer to view content. Get Firefox and install the NoScript and Adblock Plus addons. There are millions of unsafe sites out there, and many unscrupulous advertisers would love to spy on you, and far worse. Don't argue about it, just do it. It may be a bit annoying until you get used to it, but a site operated by criminals can steal any confidential information you may have on your computer, from game account names and passwords, to credit card numbers and banking information, and all it takes is one click.

    There are sites that do depend on advertising to pay for their operating costs. If you frequent such a site, and you trust them and their advertisers, simply disable Adblock for that site. However, sometimes perfectly legitimate sites can be hosting advertising for clients that are not to be trusted, without being aware that this is the case. So be careful with that, even on sites that you trust.

    4. Always have your cookies on prompt, and make it your default habit not to accept them. If you find you need them, for example to access forums, or use a banking service, or shop online, simply remove the site from your list of blocked sites, reload the page, and accept the cookies. Never accept any cookie from any site unless you are certain you can trust the site, and make sure you check the domain name of any cookie before you accept it to make sure that it actually belongs to the site that you trust. Many advertisers will try to load "tracking cookies" and worse, on to your computer, so even though the site you are visiting may be trustworthy, they may be hosting advertising that is not as trustworthy as they are.

    To do this in Firefox go to Tools in the top menu, then choose Options. Then choose the Privacy tab, and in the "Keep until" drop down menu, select "ask me every time". Click on OK. It will look something like this:

    [​IMG]

    For Internet Explorer, do this even if it is not going to be your primary browser, select Tools from the top menu, Internet Options, choose the Privacy tab, then click on the Advanced button, then check the "Override automatic cookie handling" box, and choose the two "Prompt" options below that. Hit OK twice to get out of the options menus. It will look something like this:

    [​IMG]

    To remove a blocked site in Firefox, choose the Exceptions tab, find the site in the list, and choose Remove Site. In Internet Explorer choose Sites, find the site in the list, and choose Remove.

    5. Install antivirus software, and run a full scan at least once a week. As I stated above, make sure you use the automatic updates option and make sure it is updated at least once every day. I recommend avast. If you can afford it, buy the full version from them, they deserve the support. If you can't, the free version is fully functional and high quality. I have also found it more friendly to older systems. AVG is another popular free antivirus solution. I do not recommend Norton. The only virus I have ever had on my computer, was missed by a fully up-to-date Norton scan, and just about anything Norton makes these days is a resource pig.

    5. Install both Adaware and Spybot and run scans with both of them at least once a week. Make sure they are fully up to date before you run the scans. Spybot's Resident SDHelper and Teatimer are also excellent features and should be updated at least once a week (when you do your scan, right? ;) ).

    6. Never ever click on an email or chat link or attachment, unless you already know what the link or attachment is, and you are expecting it, even if the email or chat message comes from a friend. Also never allow anyone to add you to their contact list in chat, unless you know who they are, and you trust them.

    7. Finally, use a more secure chat client. There are better choices for chat clients than any of the big proprietary chat clients, such as ICQ, AOL, MSN etc. All of these "official" chat clients come with annoying advertising, and most of them come with security vulnerabilities. I highly recommend Trillian, but there are other free options as well. The best thing about Trillian is that it allows you to access all your chat accounts with one client. Again, if you can afford to buy the "Pro" version, do it, they deserve the support. If you can't, the basic version is fully functional, and includes no spyware or advertising whatsoever.

    Pidgin is another multi-protocol chat client that I highly recommend. Again, more secure and completely without any spyware or advertisements.

    8. Use complex passwords for any accounts you use the need passwords. Make them at least eight characters long, and use a combination of upper and lower case letters, numbers, and symbols, if they are allowed. "5tY9Lq02" is an example of a strong password. "bunnies" is an example of an extremely weak password.

    9. Never share account information such as names and passwords with anyone if at all possible, unless you completely trust that person, and are completely comfortable with losing everything in that account, including personal information. This includes friends and family. The majority of accounts that are hacked, are hacked by people that are known to the victim, either friends, or more often, family members. If you do share an account name and password with someone, make sure that you don't share that password with any other account.

    9. Use a firewall. For Windows XP and better there is an acceptable software firewall included with the operating system, make sure you use it. If you are running an older version of Windows, it is time to make the switch, either to Windows XP or Vista, or to Linux if your hardware can't handle XP or Vista. Linux comes with a firewall as part of the operating system, all you need to do is install a gui, such as GuardDog, to set it up.

    If at all possible also use a hardware firewall. If you only have one computer at home, and are connected to the internet directly through your modem, you shouldn't be. Go out and buy a router. You can find simple basic routers for $50 US or Canadian, or less. If at all possible get a wired router. If you must use a wireless router, make sure you secure it properly. An unsecured wireless network is like leaving your house completely unlocked with all your doors and windows wide open with a big sign on your lawn saying, "Please come in and help yourself, I won't mind!" and then going on a six month long vacation.

    ***Note: Setnaffa is right, clicking on links can be dangerous, but part of the point of this entire post is to make doing that less of an issue. The safest thing of course is to simply never use a computer, but if you are going to use a computer, and you are going to use the internet, you are going to click on links where you don't know the website you are visiting. Even if you never use a search engine, at some point you will likely click on a link that you don't know where it is going.

    You can do this any one of a million ways. So while I don't disagree with Setnaffa, I don't think following his advice is practical if you are going to get any use out of the internet at all, unless you are fortunate enough to have a separate computer that you use exclusively for web browsing that has no personal information on it whatsoever and is in no way connected to any other computer you might use.

    At any rate, I am known on these forums, although I suppose I could always be an imposter... At some point you do have invest a certain amount of trust, the point is to do it as wisely and carefully as you can, without completely limiting the usefulness of your interactions with the internet.

    Hopefully this post shows that I can be trusted. Up until this last note it is a direct copy of what you will find on my clan website, but I will not likely be updating this. I will however be keeping the one on my clan website, up to date.***
     
  • About Us

    Stratics is the oldest continually running MMORPG Fansite on the Internet. Founded in 1997 Stratics has served the Ultima Online Community for 18 years. We strive to provide the most complete social experience for Ultima Online players.
  • Subscribe Now!

    Want to provide Continual Support? Subscribe and gain additional benefits as a patron of Stratics.com!
    Subscribe Now!

    Stratics Professional Accounts feature the following advantages:

    • Ad-Free Browsing of our Forums
    • Upload a custom Profile Cover
    • Unlimited media upload storage space
    • Use of the theme styler
    • Ability to collapse the sidebar
    • Premium background themes to choose from
    • Access to additional features of the Classifieds System
    • Ability to Customize Your User Title
    • No Post Delays
    • Additional Signature Allowances:
    • Special Professional Banner Display with your Account
    • PM Allowance Upgrade
    • Additional Thread Allowances
  • Support Us!

    Don't feel like subscribing? Donations to benefit the further development of Stratics and for purchase and inclusion of additional features are always welcome.

    Donate to us!