<u>Computer Security 101</u> The Internet This was made for the person who knows little to nothing about computer security or as a refresher for those more advanced. I have placed the basic Internet security information first as the readers will be using this information to help them with securing World Of Warcraft. First you must understand the why of computer security. There are bad people out there who want to do bad things to you! They can ruin your life and leave you in the poor house. They use malware, adware, spyware, keylogers, port scanners, viruses, and trojans to take your money and identity. What are these things? They are just different ways of getting what you got. But have no.....umm...little fear! There are programs out there that defend against such programs. Security Software There are three types. First is a firewall. A firewall is a program that prevents a hacker from connecting to your computer. If your computer does not talk with the hackers computer the hacker cannot get your information. Next is antivirus. An antivirus program scans for and removes viruses and trojans. Most of them scan every bit of data that your computer process and blocks the virus or trojan from doing bad things. Antispyware programs work like an antivirus program but it looks for and blocks malware, adware, keylogers, and spyware. For your antivirus and antispyware programs you should check for updates EVERY DAY!. New viruses and spyware are made almost every day and can spread to hundreds of thousands of computers in a couple of hours so you must stay up to date to stay safe. Set them to check for updates every 2-4 hours. Make sure to set your virus scanner to scan compressed files as many virus now days are sent it the .ZIP format. Also turn up the setting on your antivirus software as high as it will go. Even the highest settings on most all antivirus software will not bother you very often. Here are some good antivirus programs. Avast! Antivirus AVG Antivirus Here are links to some good Adware/Spyware scanning programs AdAware Spybot Search And Destroy Windows Defender To get the best protection many companies have suites that add a firewall, antivirus, and antispyware program all into one. The suites can cost from $49.99 to $79.99 but are cheaper than buying them alone. You can get all of these types of programs for free but none of the free versions are as good as the best pay for ones. One of the best and the one I use is Zone Alarm. It's suite is very good and has all of the security parts you need plus a program to protect you while using instant messaging programs such as Yahoo! messenger or ICQ. Yes those fun programs that let you send instant messages is a path for a hacker to get into your computer. Another good one is Norton. Norton also adds computer repair and maintenance software with their suite. Here are some links. ZoneAlarm Norton Internet Security Panda Software A good free firewall: Comodo Phishing For Data Phishing is where a website will look like another such as your bank's website but is not. After you put in your username and password the crooks who made the look alike website can now get into your account. Both Internet Explorer and Firefox have built in phishing filters that work about 70% of the time at catching fake look alike websites. You can add another free phishing filter such as Netcraft. It takes up some space but works very well. With these programs and most all other types of programs on a computer you must update them from time to time. Many of these have a setting that allows the program to download these updates automatically. This is good if you have a fast always on connection like DSL or Cable but for people on dial up you will want to do the updates manually because the downloading of the updates can slow your connection and prevent other programs from using the Internet at the same time. Windows Update Make sure Windows is setup to update itself. In Windows XP click start then control panel then security center and then automatic updates. Make sure that automatic is checked. You can also set what time it will check for updates here. Microsoft normally has new patches for Windows on the second Tuesday of each month at about 11:00pm Tuesday night or 12:00am Wednesday morning. Also if your computer has been off for a while don't wait for Windows to update itself, do it manually. Go to www.windowsupdate.com to check manually. You must use Internet Explorer and allow all ActiveX and other scripts to run for the update to work so click yes if there are any popups asking to allow ActiveX or scripts to run when going to the Windows update site. You normally do not want to allow ActiveX and scripts to run on most websites, just the ones you trust. E-Mail E-Mail is one of the most used ways to get bad programs on your computer. Some E-Mails come with attachments that are viruses or trojans and some E-Mails have links that take you to sites that install bad programs. Even worse are E-Mails that only need you to click on it to read it for it to install a bad program. One way to protect yourself is to disable the preview pane. The preview pane allows you to read the E-Mail as soon as you click on it but this allows a hacker to download a bad program onto your computer. To disable the preview pane in Microsoft Outlook 2003 click view and make sure "AutoPreview" is unselected. In Outlook Express 6 click view then layout and make sure "Show Preview Pane" is unchecked. In Mozilla Thunderbird click view then layout then make sure "Message Pane" is unchecked. Another way a hacker can get into your computer through your E-Mail is HTML code. HTML is the code used to make up most of the Internet and most of the E-Mail clients can use HTML to make fancy effects. A hacker can use the HTML in an E-Mail to get into your computer so to be safe most of the time you will want to view your E-Mail in plain text. You can still read the E-Mail but the fancy effects will not be seen and will mostly show up as empty squares. To turn off HTML in Outlook 2003 click tools then options then Preferences and then E-mail options and check read all standard mail in plain text. In Outlook Express 6 click tools then options then read and click read all messages in plain text. In Mozilla Thunderbird click view then message body as plain text. If you trust the E-Mail and really need the HTML you can turn HTML back on for a few moments but remember to turn it back off. The newest way to get you by E-Mail is a method called Phishing. The bad guy sends you an E-Mail that looks like it comes from some place you trust like your bank. The E-Mail says that you have to do something with your account right now and theres a link in the E-Mail to your banks login page. This link is NOT to your bank account or other type of account login but to a website that looks like it. When you put your login name and password into the site the bad guys take it and use it to steal your money. Another new method is an e-mail saying you have to call the bank for some reason or you account will be closed or frozen and gives you a 1-800 number to call. It's a trick! You will be calling a hacker instead of your bank. If you receive an e-mail like this never call the number, if you must make sure go to your bank in person or call the bank number from your phone book. If you do get an E-Mail that says it's from your bank or other place like E-Bay or PayPal and says you need to do something with your account, close out your E-Mail program and open your browser and manually go to your bank or other account and log in that way, never click on a link that says it will take you to your bank or other account login or website. Install a good spam filter or use an e-mail client that has one built in. At the end of 2007 over 100 Billion spam e-mails were sent each day! Spam e-mail makes up about 70% of all internet traffic. Just think how much faster the internet would be without all that spam e-mail. Ignore E-Mails with typos or bad grammar. PayPal won't send you an E-Mail titled "You r need to fix acount". Also ignore others like "Shee wnts you bigger!" or "penny stoks make lot money". Don't buy anything from spam E-Mail as that is how they get the money to spam people with billions of E-Mail each week. Windows Security If you don't have a password set for Windows you've done 50% of the work for the hacker and if you run in administrator mode all the time you've done the other 50%. Even if you are the only one that uses the computer and even if you have a firewall, antivirus, and antispyware program you still MUST have a password and run a limited account or it's just like wearing a fur coat but your naked underneath. To get started click Start then Settings then Control Panel then click User Accounts. Turn Guest Accounts off. A hacker can use a guest account to worm his or her way into your computer. The first account under "or pick an account to change" should say Computer Administrator, click it and click Create Password if you don't have one. Now making a password is no simple task if you want to make it work. Most hackers have programs that just send thousands of random letter and number combinations until it gets your password right so don't make it simple like 12345 because it's easy to crack and because thats a password a moron would use on his briefcase. Shockingly many companies passwords used to be 12345, abcde or even "password" was to be used for the password. Password Rules *NEVER EVER EVER EVER NEVER EVER tell anyone your password even if they say they are from customer service or security!! *Use both upper and lower-case letters *Include one or more numerical digits *Include special characters if possible like !, @, #, $, *, ect.. *Don't use words found in a dictionary *Don't use passwords that are valid calendar dates or license plate numbers *Don't use a persons, pet, company, TV show, or any other name *Don't share an account *Never use the same password for more than one account *Never click on a link in an E-Mail and type in your username and password into a website even if it looks real or says they will close your account if you don't. Many websites are faked so close your E-Mail program then use your browser to go to the website. *Don't give out your password over the telephone *Log off your computer if your in a public space even if your only going to be gone a moment. *If you have to write down your passwords place them in a safe spot *Try to make your password as long as possible, the longer it is the harder it is to crack, it should be at least eight characters long. An example of a password is k9*E52#y!t3Q some programs wont let you use special characters, special characters are the ones that require you to press and hold Shift then a number above the letters on your keyboard, in that case you would do something like b9E11lfD5sm02Y. Just think of the CD-Key you have to type in when installing games or Windows. Only use the administrator account when you need it such as installing some programs, changing some Windows settings or playing some games that require it. You have to type in the password twice then you can make a hint. Make sure the hint is not too easy such as "My Social Security Number" or "Where I was born" or "Town Where I work" Try something harder like "Red Dot". Red dot reminds me of Coke-Cola so that will remind me of the password, I would never make the passwords as easy as coke-cola, but would make it remind me of the place where I put the paper where I wrote down the passwords, in this case in a coke-cola chess set box. Also remember to change the administrator name and don't just leave it at administrator. Be creative and don't make the name easy to guess. Go back to the User Accounts after turning off guest account and making a password for the administrator account and click Create Account then name the account whatever you want. After typing in the name press enter then choose the type of account. Of course you will want to click Limited and not computer administrator. Use this account everyday. When a time comes that the administrator account is needed most of the time a screen will come up asking for the name and password or you can log off of the limited account in the Shut Down menu and log on as the administrator just long enough to do what is needed. Also place a password on the limited account. You can also run some programs that require administrator privileges with the limited account by doing the following. Install the program, you may need to login as the administrator to do so. Once it's installed log into the limited account and see if the program will run. If not then right click the shortcut to the program and select Properties and click Advanced on the shortcut tab. Now check the Run with different credentialsbox and click ok. You should be able to click on the shortcut and a box will popup asking you for the administrators username and password. If that does not work then try right dragging the shortcut to the desktop (if not already there) choosing Copy. Now edit the shortcut as done above. See All File Types Some files hide their true nature by hiding their true extension. By default in Windows XP and 2000 some file extensions are hidden. Some hackers use this to hide .exe files like this: funnypic.jpg.exe. By default it would show as funnypic.jpg and so you would think it's just a pic and when you went to see it it would run the bad program. To make all extensions visible open Windows Explorer by clicking Start then Programs then Accessories then Windows Explorer. Now click Tools then Folder Options then View. Make sure the option "Hide file extensions for known file types" is unchecked. To get the best look at whats on your computer also check "Show hidden files and folders" and unchecked "Hide protected operating system files". A warning box will come up saying that doing this will end the world but don't worry, if you try to delete a system file or folder it will tell you before you do so and almost all the time it won't let you anyways. Now you can see files that are marked as hidden or system files that some hacker might have got onto your computer. Don't go deleting things until you know theres a problem and your security programs have not worked. Also you can search the web by typing in the name of the file to see what it is such as autoexe.bat or system.ini. Those are normal but if you see something strange like dataeater.ini and you've see on the news about a virus called dataeater you should look into it further. Wi-Fi Security Use WPA. What is it you say? It's Wi-Fi Protected Access and is much better than the old WEP (Wireless Equivalent Privacy). Note that some older equipment does not have WPA. Most all of the newest equipment has WPA2 that is even better than WPA. WPA is not normally on by default. By default the old and very broken WEP is used. Anyone can download a WEP hacking program that will crack the WEP security in about 30 seconds so you will want to use WPA. There is no one way to enable WPA on all routers so check with the manufacture to see how. Also change the routers password. Many come from the factory with weak passwords like "guest" or "Administrator". If you have an older WEP router then really think about getting a newer one with WPA or WPA2. Also make your password more than 8 characters long for better security. World Of Warcraft Security This is for World of Warcraft itself. Remember the password advice above and use it. Change your password often. I normally change it every time theres a patch for the game. Do not use "leveling" services Do not use programs that claim to be hacks or cheats for WoW Do not use UI mods that have .exe at the end of the file Only type in your username and password only at www.worldofwarcraft.com or at the game login screen and do not try to go to the website by clicking on a link in an e-mail. Here is some information about compromised accounts. I would not use Blizzards downloader if at all possible. In order for it to work right (if it ever really worked right) you have to open ports on your computer. Ports are like doors in the house of your computer. Hackers have port scanning programs running on the Internet 24/7 just knocking on every door looking for an open one. Instead try one of the mirror sites or try a well tested program many here at Stratics use and trust called XFire. Ill keep adding to this later as I have time to do so. Safe Computing!