open All Channels
seplocked EVE General Discussion
blankseplocked For CCP Fallout RE: Protect Your Accounts thread
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: [1] 2

Author Topic

Tobin Shalim
Eclipse Industrials
Quantum Forge
Posted - 2010.01.21 19:14:00 - [1]
 

CCP Fallout,

I read the thread about protecting your accounts. While a good read, you are lacking links to two tools that can potentially help users secure their computers better. I have been using these two programs in conjunction for years with nothing but good things to report, and have never been the victim of a keylogger/malware/spyware/etc. I offer these programs up for review by you (or whomever at CCP) for possible linking in your thread regarding account security. If they pass muster, all I ask is that they be linked in the thread to further assist users in securing their accounts from possible hacking attempts.

Spybot: http://www.safer-networking.org/index2.html

Ad-aware: http://www.lavasoft.com/

Omal Omal
Posted - 2010.01.21 19:40:00 - [2]
 

Malwarebytes > Both of those programs.

AdAware is fat and bloated.

Implying Implications
Minmatar
Broski Enterprises
Elite Space Guild
Posted - 2010.01.21 19:47:00 - [3]
 

how do i compootar

Samantha U
Posted - 2010.01.21 19:52:00 - [4]
 

Originally by: Omal Omal
Malwarebytes > Both of those programs.

AdAware is fat and bloated.


I second this

Vak'ran
TUIG Inc.
Posted - 2010.01.21 19:59:00 - [5]
 

Originally by: Samantha U
Originally by: Omal Omal
Malwarebytes > Both of those programs.

AdAware is fat and bloated.


I second this


and for these reasons and others they ofcourse cannot link specific software packages in the thread on the subject, just suggest you have 'proper protection', which afaik they do. Suggesting certain packages would be opening a can of worms in terms of legal issues and lengthy forum debate of which AV/AS is best for the job.

Tobin Shalim
Eclipse Industrials
Quantum Forge
Posted - 2010.01.21 20:28:00 - [6]
 

Originally by: Vak'ran
Originally by: Samantha U
Originally by: Omal Omal
Malwarebytes > Both of those programs.

AdAware is fat and bloated.


I second this


and for these reasons and others they ofcourse cannot link specific software packages in the thread on the subject, just suggest you have 'proper protection', which afaik they do. Suggesting certain packages would be opening a can of worms in terms of legal issues and lengthy forum debate of which AV/AS is best for the job.


I only suggested these two programs because they are two that I know, use, and am familiar with. I do not doubt that there are other programs out there that may do the same job and may indeed do it better. Maybe a list of suggestions could be given, not just tied to two specific programs of course. A list would enable players that are perhaps less tech-savvy than those of us that are to be aware of the options that are out there to help them better protect their computer, which at the end of the day is all that I care about, not which program is being used to do so.

Atnal
Whats Wrong With This
Posted - 2010.01.21 20:51:00 - [7]
 

http://www.techsupportalert.com/pc/security-tools.html

Check out this list. The new combo to use is Malwarebytes and SuperAntiSpyware. I've heard both do a decent job.

Minchurra
Caldari
Posted - 2010.01.21 20:59:00 - [8]
 

Originally by: Implying Implications
how do i compootar


I think I read somewhere it has something to do with sacrificing a goat to the mighty god Ra.

Samantha U
Posted - 2010.01.21 21:22:00 - [9]
 

Originally by: Tobin Shalim
Originally by: Vak'ran
Originally by: Samantha U
Originally by: Omal Omal
Malwarebytes > Both of those programs.

AdAware is fat and bloated.


I second this


and for these reasons and others they ofcourse cannot link specific software packages in the thread on the subject, just suggest you have 'proper protection', which afaik they do. Suggesting certain packages would be opening a can of worms in terms of legal issues and lengthy forum debate of which AV/AS is best for the job.


I only suggested these two programs because they are two that I know, use, and am familiar with. I do not doubt that there are other programs out there that may do the same job and may indeed do it better. Maybe a list of suggestions could be given, not just tied to two specific programs of course. A list would enable players that are perhaps less tech-savvy than those of us that are to be aware of the options that are out there to help them better protect their computer, which at the end of the day is all that I care about, not which program is being used to do so.


But that was the point we were making, you know of a app or two that you feel does the job and it's likely so does 90% of the player base, and between us there may well be many opinions on the most favourable bit of software to use. A list might be useful though that might provide a dizzying number of choices, which again leaves CCP with the choice to list every application suggested by players or somehow decide upon a select few.

Even if they do compile a full list there will be arguments over those people feel should not be included since their favoured app is much better.

Pallidum Treponema
Body Count Inc.
Pandemic Legion
Posted - 2010.01.21 22:08:00 - [10]
 

Edited by: Pallidum Treponema on 21/01/2010 22:08:41
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660

When do we get this for eve?

For those of you who don't want to click on the link, it's a little device that is linked to your account. Whenever you log in or do any changes to your account, you need to enter the code that this device displays in its LCD screen. Only that specific code will allow you to log in, and that specific code is only valid for a certain amount of time. The code is unique for your device.

In short, only the account-owner (IE, the person that has the physical device) can log in.


Where is my EVE Authenticator?


Furb Killer
Gallente
Posted - 2010.01.21 22:29:00 - [11]
 

I seriously doubt there are enough people interested in it, especially when we add CCPs shipping rates. (And no forums are not a realistic way to find out how many people would want them).

Originally by: Atnal
http://www.techsupportalert.com/pc/security-tools.html

Check out this list. The new combo to use is Malwarebytes and SuperAntiSpyware. I've heard both do a decent job.


Yep is also what i use now. Used to use ad-ware and spybot S&D, but these days they just arent that good anymore. Spybot still useful for its extensive list of websites it can block though.

JitaEspion
Posted - 2010.01.21 22:30:00 - [12]
 

Originally by: Pallidum Treponema
Edited by: Pallidum Treponema on 21/01/2010 22:08:41
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660

When do we get this for eve?

For those of you who don't want to click on the link, it's a little device that is linked to your account. Whenever you log in or do any changes to your account, you need to enter the code that this device displays in its LCD screen. Only that specific code will allow you to log in, and that specific code is only valid for a certain amount of time. The code is unique for your device.

In short, only the account-owner (IE, the person that has the physical device) can log in.


Where is my EVE Authenticator?




This

Tobin Shalim
Eclipse Industrials
Quantum Forge
Posted - 2010.01.22 16:25:00 - [13]
 

Originally by: Pallidum Treponema
Edited by: Pallidum Treponema on 21/01/2010 22:08:41
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660

When do we get this for eve?

For those of you who don't want to click on the link, it's a little device that is linked to your account. Whenever you log in or do any changes to your account, you need to enter the code that this device displays in its LCD screen. Only that specific code will allow you to log in, and that specific code is only valid for a certain amount of time. The code is unique for your device.

In short, only the account-owner (IE, the person that has the physical device) can log in.


Where is my EVE Authenticator?




Problem is, that doesn't protect you against any keyloggers that might be on your computer. Sure, hardware authentication tokens sound like a great idea and it's something I've brought up to the higher-ups at where I work (turned it down due to costs and people losing them) but all of the hardware security in the world means bupkis if you have a keylogger on your system. Hence the software solution I proposed.

Regat Kozovv
Caldari
Alcothology
Posted - 2010.01.22 16:35:00 - [14]
 

Originally by: Tobin Shalim


Problem is, that doesn't protect you against any keyloggers that might be on your computer.


It does actually. The password needed to log in is comprised of both a PIN you know and a randomly generated number on the token. Even if the attacker were to capture both the PIN and the token number sent, the credentials captured would be immediately invalid as the token number changes. That's the beauty of two-factor authentication, it's secure even when the "something you know" portion of the credentials are disclosed.

That's not to say that having an up to date malware scanner is inadvisable. Ideally, one shouldn't need to have to rely on two-factor authentication for EVE, and there are many players who are protected just fine using a mix of best practices and common sense.

What two-factor authentication does do is provide defense in depth when other security controls have failed. Given the commotion and high value of EVE accounts, it seems that making these authenticators available would be a worthwhile benefit.

RaTTuS
BIG
Gentlemen's Agreement
Posted - 2010.01.22 16:39:00 - [15]
 


CCP Fallout

Posted - 2010.01.22 18:37:00 - [16]
 

I meant to respond to this thread yesterday, but I wound up a little busy ;)

I personally prefer to not recommend applications to players because that would give the appearance of an official CCP stamp of approval. I think everyone has their own personal preferences when it comes to what kind of tools they use to protect their systems. At the same time, there's also the issue of some companies putting out more inclusive virus files more quickly than others... one is never going to be truly secure. Case in point: that nasty **** keylogging spam that was hitting our forums. The majority of scanners simply didn't look for it, so people who thought they were being protected simply weren't.

But please continue to discuss what tools you think are best and whatnot. People can learn from this discussion, and I hope all of you use more than one tool to protect your systems. I do :)

Nareg Maxence
Gallente
Posted - 2010.01.22 19:20:00 - [17]
 

Originally by: CCP Fallout
I meant to respond to this thread yesterday, but I wound up a little busy ;)

I personally prefer to not recommend applications to players because that would give the appearance of an official CCP stamp of approval. I think everyone has their own personal preferences when it comes to what kind of tools they use to protect their systems. At the same time, there's also the issue of some companies putting out more inclusive virus files more quickly than others... one is never going to be truly secure. Case in point: that nasty **** keylogging spam that was hitting our forums. The majority of scanners simply didn't look for it, so people who thought they were being protected simply weren't.

But please continue to discuss what tools you think are best and whatnot. People can learn from this discussion, and I hope all of you use more than one tool to protect your systems. I do :)

Best tool by far: Use your brain. Don't trust anyone to do the thinking for you.

Belliana
Posted - 2010.01.22 21:37:00 - [18]
 

I'm the entire I.T. dept at work and am raising 4 kids who are now aged 14 to 20. Through trial and error I found the best configuration for keeping pc's safe with the help of my 4 kids trying their best to ruin them.

Firefox with the adblock plus and flashblock plugins.

Avira free a/v. AVG is the worst and completely useless. I used avast too and it wasn't too bad.

Use a USER account and not an admin one. If you're using windows on an admin account then nothing you do or run will keep you safe. You can run all the spyware, antivirus, and firewall programs in the world and they won't make much difference. Fast user switching to an admin account makes installing necessary things easy.

That's it. No need at all to keep spyware programs running. No need to constantly scan for bad stuff. After 8 or 9 hours of fixing pc's the last thing I wanted to do when I got home was fix more, so believe me I put a lot of time into this crap. I used to use spybot and all those but no more. They're largely useless now. I just use hijackthis when something does manage to get through.

Regat Kozovv
Caldari
Alcothology
Posted - 2010.01.22 22:05:00 - [19]
 

Originally by: Nareg Maxence

Best tool by far: Use your brain. Don't trust anyone to do the thinking for you.


Going to second this.

Best security blog post ever.

As for Bell's suggestion of running under a user account, I cannot support that enough. Like many here, I end up doing tech support for my parents. After the 20th or so time of cleaning all of the crap off of their computer, I removed admin rights and gave them a user account.

They've never had problems since.

Those of you running Vista/7, keep UAC activated. Trust me. (In 7 it's much less of a pain.) I'll never forget installing Supreme Commander on my Vista machine and suddenly "Sony/BMG wants to install a program (ie, rootkit) on your PC". I never saw the install on XP.

hakkiew365
Muffin Munchers
Muffy Inc.
Posted - 2010.01.23 00:12:00 - [20]
 

Edited by: hakkiew365 on 23/01/2010 00:17:51
/me spins his Compiz cube around...
spyware? viruses? keyloggers? whats that?
Very Happy

Also, edit:
http://malwarebytes.org/
http://www.safer-networking.org/
http://www.mvps.org/winhelp2002/hosts.htm/
http://personalfirewall.comodo.com/

Cat o'Ninetails
Caldari
Rancer Defence League
Posted - 2010.01.23 00:32:00 - [21]
 

Originally by: CCP Fallout
I meant to respond to this thread yesterday, but I wound up a little busy ;)

I personally prefer to not recommend applications to players because that would give the appearance of an official CCP stamp of approval. I think everyone has their own personal preferences when it comes to what kind of tools they use to protect their systems. At the same time, there's also the issue of some companies putting out more inclusive virus files more quickly than others... one is never going to be truly secure. Case in point: that nasty **** keylogging spam that was hitting our forums. The majority of scanners simply didn't look for it, so people who thought they were being protected simply weren't.

But please continue to discuss what tools you think are best and whatnot. People can learn from this discussion, and I hope all of you use more than one tool to protect your systems. I do :)


hi ms fallout cat here

why not post links to a variety of softwares in your locked thread and suggest they may be of use rather than commiting yourself lol

many companies link potentially useful resources without specifically endorsing them lol

xx

yfz3r0
Caldari
Perkone
Posted - 2010.01.23 00:37:00 - [22]
 

Originally by: hakkiew365
Edited by: hakkiew365 on 23/01/2010 00:17:51
/me spins his Compiz cube around...
spyware? viruses? keyloggers? whats that?
Very Happy



Linux Exploits 1

Linux Exploits 2

You are not as safe as you think.

I myself am anti anti-virus. All it takes is one extra line of syntax and an attacker can get their malicious files past any and all virus scanners. If you actually scan and find a virus on your computer, its because the attacker is unskilled and/or lazy.

Tyke Orlieveit
Posted - 2010.01.23 00:48:00 - [23]
 

Edited by: Tyke Orlieveit on 23/01/2010 00:48:39
Originally by: hakkiew365
Edited by: hakkiew365 on 23/01/2010 00:17:51
/me spins his Compiz cube around...
spyware? viruses? keyloggers? whats that?
Very Happy

Also, edit:
http://malwarebytes.org/
http://www.safer-networking.org/
http://www.mvps.org/winhelp2002/hosts.htm/
http://personalfirewall.comodo.com/



I would consider using about 75% of that list. Comodo, I personally wouldn't trust as far as I could throw it.

Malwarebyte's isn't my preference, but it's got good reviews.

I try to keep my network safe before hand, and treat each machine as "hostile" ( inclusive of one's I know and trust ) , so have each machine locked down as tight as reasonably can.

Each machine gets it's own fixed IP, Zonealarm Firewalls on each PC, I review the logs frequently, I have set the machines to be non-trusting of most traffic, and I use FF with Abblock, Scriptblock, most spamvertising and less trusted advertisers blocked at the Router. Excessivly lengthy password for the wireless network, with MAC address filtering.

Beyond that, and I don't consider myself excessively tech-wise, common bloody sense! Don't open those emails that look blatantly fishy, View the source before clicking any link you're even SLIGHTLY suspicious about..

I've not seen an infection or problem on my own network for years, most I see is crap trying to sniff from the outside world.

TL&DR: If you look after your home connection, it'll look after you.

hakkiew365
Muffin Munchers
Muffy Inc.
Posted - 2010.01.23 01:07:00 - [24]
 

Originally by: yfz3r0
Originally by: hakkiew365
Edited by: hakkiew365 on 23/01/2010 00:17:51
/me spins his Compiz cube around...
spyware? viruses? keyloggers? whats that?
Very Happy



Linux Exploits 1

Linux Exploits 2

You are not as safe as you think.

I myself am anti anti-virus. All it takes is one extra line of syntax and an attacker can get their malicious files past any and all virus scanners. If you actually scan and find a virus on your computer, its because the attacker is unskilled and/or lazy.


Hi, I use MSF myself (just updating to 3.3.3 nowVery Happy), i know im not safe and i am aware that exploits exist for everything. But you have to admit that Linux is a whole lot safer than windows :)
Besides, i know what im doing on the internet :)
And im with you on the anti anti-virus

hakkiew365
Muffin Munchers
Muffy Inc.
Posted - 2010.01.23 01:15:00 - [25]
 

Originally by: Tyke Orlieveit
Edited by: Tyke Orlieveit on 23/01/2010 00:48:39
Originally by: hakkiew365
...


I would consider using about 75% of that list. Comodo, I personally wouldn't trust as far as I could throw it.

Malwarebyte's isn't my preference, but it's got good reviews.

I try to keep my network safe before hand, and treat each machine as "hostile" ( inclusive of one's I know and trust ) , so have each machine locked down as tight as reasonably can.

Each machine gets it's own fixed IP, Zonealarm Firewalls on each PC, I review the logs frequently, I have set the machines to be non-trusting of most traffic, and I use FF with Abblock, Scriptblock, most spamvertising and less trusted advertisers blocked at the Router. Excessivly lengthy password for the wireless network, with MAC address filtering.

Beyond that, and I don't consider myself excessively tech-wise, common bloody sense! Don't open those emails that look blatantly fishy, View the source before clicking any link you're even SLIGHTLY suspicious about..

I've not seen an infection or problem on my own network for years, most I see is crap trying to sniff from the outside world.

TL&DR: If you look after your home connection, it'll look after you.


I second that. Common sense is the best antivirus-firewall-protection-whatever you can get. WLAN WPA2-PSK, MAC address filtering, long and complicated passwords, etc... Linux running on all machines at home.

yfz3r0
Caldari
Perkone
Posted - 2010.01.23 01:38:00 - [26]
 

Originally by: hakkiew365
Originally by: yfz3r0
Originally by: hakkiew365
Edited by: hakkiew365 on 23/01/2010 00:17:51
/me spins his Compiz cube around...
spyware? viruses? keyloggers? whats that?
Very Happy



Linux Exploits 1

Linux Exploits 2

You are not as safe as you think.

I myself am anti anti-virus. All it takes is one extra line of syntax and an attacker can get their malicious files past any and all virus scanners. If you actually scan and find a virus on your computer, its because the attacker is unskilled and/or lazy.


Hi, I use MSF myself (just updating to 3.3.3 nowVery Happy), i know im not safe and i am aware that exploits exist for everything. But you have to admit that Linux is a whole lot safer than windows :)
Besides, i know what im doing on the internet :)
And im with you on the anti anti-virus


Update MSF from the trunk, 3.3.4-dev is the latest I believe.

FluterEx
Caldari
22nd Black Rise Defensive Unit
Posted - 2010.01.23 01:40:00 - [27]
 

The best thing CCP could do to prevent Keyloggers from stealing someones account password is implementing a virtual keyboard that enables us to enter passwords using the mouse.

Keyloggers cant track your mouse movement so they cant log your password. I know a F2P mmo that uses this system and it seems to work just fine.

Chalrayne Illyndar
Posted - 2010.01.23 02:05:00 - [28]
 

Originally by: FluterEx
The best thing CCP could do to prevent Keyloggers from stealing someones account password is implementing a virtual keyboard that enables us to enter passwords using the mouse.

Keyloggers cant track your mouse movement so they cant log your password. I know a F2P mmo that uses this system and it seems to work just fine.


No, the best thing as previously mentioned would be authenticators. Keyloggers can be setup to do a wide variety of things besides capturing what people type, and virtual keyboards using the mouse are definitely not outside the scope of a keylogger. You simply record the coordinates of the mouse clicks. Keyboard is randomized? Key logger takes screenshots. There have been quite a few F2P MMO who have had their password+pin w/ random keypad systems defeated. You end up with something like captchas; It annoys the hell out of your legitimate users while doing next to nothing to add security.

Chainsaw Plankton
IDLE GUNS
IDLE EMPIRE
Posted - 2010.01.23 04:17:00 - [29]
 

Originally by: yfz3r0
Originally by: hakkiew365
Edited by: hakkiew365 on 23/01/2010 00:17:51
/me spins his Compiz cube around...
spyware? viruses? keyloggers? whats that?
Very Happy



Linux Exploits 1

Linux Exploits 2

You are not as safe as you think.

I myself am anti anti-virus. All it takes is one extra line of syntax and an attacker can get their malicious files past any and all virus scanners. If you actually scan and find a virus on your computer, its because the attacker is unskilled and/or lazy.


or you have been infected for the last week/month/year and the av just got updated.

yfz3r0
Caldari
Perkone
Posted - 2010.01.23 04:32:00 - [30]
 

Edited by: yfz3r0 on 23/01/2010 04:43:13
Originally by: Chainsaw Plankton
Originally by: yfz3r0
Originally by: hakkiew365
Edited by: hakkiew365 on 23/01/2010 00:17:51
/me spins his Compiz cube around...
spyware? viruses? keyloggers? whats that?
Very Happy



Linux Exploits 1

Linux Exploits 2

You are not as safe as you think.

I myself am anti anti-virus. All it takes is one extra line of syntax and an attacker can get their malicious files past any and all virus scanners. If you actually scan and find a virus on your computer, its because the attacker is unskilled and/or lazy.


or you have been infected for the last week/month/year and the av just got updated.


Watch me!

EDIT: Maybe a little more insight would be helpful. An attacker could sit there and produce executables that do nothing but send a connection back to them once you execute it on your computer. Once they've double or triple encoded it, its going to get past your anti-virus whether you like it or not. Once in, the would go ahead and kill your AV processes, migrate their rootkit (most like Meterpreter as its very powerful and resident only in memory and not on the hard-disk) into another process like explorer.exe. That way its hidden inside of legitimate Windows processes.

From there they can run a keylogger on you, add users, steal your password hashses... pretty much whatever they want to do. And you were the person who let them in the front door. Granted, this is a worst-case scenario and an example of what someone would do if they were focusing most of their efforts on your one machine (maybe have a grudge with you, whatever). Most of the time when people get infected with malware, its usually an attacker trying to assimilate your computer into his/her botnet to perform tasks at a later time. Again, just giving you a little idea of what could happen and how.


Pages: [1] 2

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only