Uncle Arch's Security Corner
Some of the dangers
---------------------------
It's a dangerous ol' world out there, and if you're not careful, even something simple can lead to your computer being infected with a keylogger or worse.
* Visit a website that uses banner ads provided by another company... and there's a risk that an infected banner ad will use a script to infect your computer. This has happened in the past even to respectable Fortune 500 companies, and well-known web portals!
* Visit an RS-related scam site or gold-selling site... and there's a high risk that the site owner is using scripts to infect your computer. This shouldn't be a surprise - the people who run such sites are criminals (as a minimum they're breaking their contracts with Jagex, and many are involved in international credit card fraud).
* Use your RS login details on any other website, and there's a danger that either the owner is logging them, or that the site is compromised by a hacker who will steal them. You may trust the site owner... but you have NO WAY of verifying their back-end site security! (This has happened on popular fansites in the past!)
* Click on a malicious weblink or open a file sent to you by someone else, and there is a risk of infection.
* Download any software at all, and there's a risk that it carries a malicious payload (heck, even one of NASDAQ's executive tools got hit like this recently...).
* Your IP address can be revealed by using IRC channels, or through voice chat servers hosted by the dishonest. This in turn can make you vulnerable to Denial of Service attacks and even direct hacking.
So you need to be careful!
Preventative measures
-----------------------------
To help protect yourself, you can do the following:
* Install a script blocker on your browser, and learn how to use it (NoScript for Firefox is a good example).
* Install an advert blocker on your browser, to block malware-infected adverts (e.g. AdBlock Plus for Firefox). [*cough* you'll need to leave the RS site unblocked to stay within the game rules]
* Make sure you have a proper antivirus and firewall; learn how to use them, and update them regularly. Choose an antivirus that includes link checkers for popular search engines (e.g. AVG or McAfee).
* Get some anti-malware software as well, learn how to use it, and update it regularly. MalwareBytes and Spybot Search & Destroy are good examples of this type of software.
* Keep your operating system fully patched.
* Set an RS bank PIN!
* Don't open attachments if you don't know what they are, and scan before opening if you think you *do* know what they are.
* Don't visit scam sites, RS gold sites etc., even if it's "just to see what they look like". It's an unjustifiable risk.
* Don't download RS-related software (clients, bots), many are laced with malware.
* Don't use easy-to-guess passes, PIN or recovery questions. Make them unique to you.
* Never, ever share pass or recovery question info with anyone else. And make sure they don't use information that you have made available on social networking sites!
* Never give out the email address you registered for RS with. Use a disposable address instead.
* Use different passes for EVERY site you use! Try to use different login names too.
* Don't write your passes down - someone will find them, however secret you think your hiding place is... You have a brain, use it!
* Change your passes from time to time (as long as you are SURE you have no infection when you do!)
* Your login name and your in-game (screen) name don't have to be the same! Changing your screen name can confuse potential hijackers
What to do if your account is hijacked
-------------------------------------------------
Step I: find the keylogger
* Update your antivirus program
* Update your anti-malware program
* Come OFFLINE and run your antivirus and anti-malware programs. Anti-rootkit scans may need to be done manually (e.g. in AVG), so check!
* Use the task manager (press CTRL, ALT and DELETE simultaneously) to identify any remaining unknown processes. There's plenty of information online to help you work out which ones are genuine, and which are fake (even if they look genuine!)
* If you still didn't find anything, use online antivirus checks such as those provided by Trend Micro, Kaspersky Labs, Symantec, McAfee etc. (remember that some malware can disable or effectively hide from your own antivirus!)
Step II: recover the account
ONLY do this once you have identified and removed your problem, or you will just be open to hijacking again!
* Recover the account if necessary
* Change the pass
* Get a new bank PIN
* Reset your recovery questions
On the road - RuneScape away from home
---------------------------------------------------
One of the good things about RuneScape is that it is entirely browser based - there's no need to buy and install a copy of the game online or in a shop first. This also means that, in theory, you can log into the game from anywhere you happen to be.
While this is all very wonderful, there are major security issues that need to be considered.
* When logging in from someone else's computer, you are relying on their security, which may not be good enough. You have no way of telling if someone else's computer is infected with malware, keyloggers etc.
* Computers in Internet cafes etc. often log all the activity that takes place on them - including logins and/or keystrokes. There is no such thing as a secure public use computer.
* WiFi connections can *easily* be spoofed in public places by someone looking to steal credit card and website login details from others (it just needs a spoof front page, a laptop and a powerful signal - demonstrated on TV by 'The Real Hustle', where a $3000 fraud took under 45 minutes).
* Logging in from anywhere near other people increases the risk that they will just see what you type! No extra tech required...
Unless YOU control the security of a computer, it is a risk to trust your login info to it. Simple as that.
logo
The Runescape clan for adults
Security considerations
Moderators: Citadel Overseer, Media, Liaison Team
- Dr Brad
- KoA Alumni
- Posts: 11697
- Joined: Thu Jan 15, 2009 8:44 pm
- RSN: Dr Brad
- Location: near Washington, DC, USA
- Contact:
Security considerations
Source: RSOF Clan Leader's Forum (Authored by Forum mod: Archaeox)
- Dr Brad
- KoA Alumni
- Posts: 11697
- Joined: Thu Jan 15, 2009 8:44 pm
- RSN: Dr Brad
- Location: near Washington, DC, USA
- Contact:
Re: Security considerations
Someone in the forum commented:
1) All the virus and malware checks should be firstly done when you're not connected to the Internet
2) Something I posted on someone's post -
@Ctrl+Alt+Delete to open the Task Manager, click on processes and then start checking each of the name (for example wlcomm.exe) over the Internet.
Usually the trojans/viruses etc. have the similar names to any Windows process (for example iexplore.exe is Windows Internet Explorer but iexplorer.exe is a a malicious program).
Re: Security considerations
That's one of the reasons I don't click on any vids peeps post on forums. They may have posted them in corruptedness but those things might still have something nasty hidden on them, lol.....
Last time I went on RS high scores page within a day someone tried to hack my entire computer through a false "infected" report. I had to take my laptop back to "off the shelf new" so I lost EVERYTHING! I also had to cancel 2 credit cards I attempted to use to "buy" the program to uninfect the compter. Thank God I called Asus Tech Support and they told me what was going on. I had Norton and couple of other "protection" programs. They somehow came through a back-door. I wasn't the only one that happened to from going on the RS high scores page. I will never ever go back on that page.
Now I have a new laptop so I'm keep my fingers, toes and everything else crossed that never happens again.
Last time I went on RS high scores page within a day someone tried to hack my entire computer through a false "infected" report. I had to take my laptop back to "off the shelf new" so I lost EVERYTHING! I also had to cancel 2 credit cards I attempted to use to "buy" the program to uninfect the compter. Thank God I called Asus Tech Support and they told me what was going on. I had Norton and couple of other "protection" programs. They somehow came through a back-door. I wasn't the only one that happened to from going on the RS high scores page. I will never ever go back on that page.
Now I have a new laptop so I'm keep my fingers, toes and everything else crossed that never happens again.
- Twirlindana
- Site Admin
- Posts: 2732
- Joined: Mon Jul 18, 2011 8:39 am
- RSN: Twirlindana
- Location: Italy
Re: Security considerations
I resolve all my problems by wearing a foil paper hat. It's marvelous!. No really, to be serious, my levels of paranoia are reaching newer heights...
"I'm no hero. I put my bra on one boob at a time just like everyone else" - Tina Belcher
- Cally Raven
- Site Admin
- Posts: 6102
- Joined: Tue Aug 02, 2011 10:06 am
- RSN: Cally Raven
- Location: Bolton
Re: Security considerations
You do this too Twirl? And I thought I was the only one ;)I resolve all my problems by wearing a foil paper hat. It's marvelous!.
Seriously tho, things are getting scarier regarding computer safety, I seem to do nothing but scans these days :cry:
Re: Security considerations
Might have to start doing that aswell haha
[url=http://runetrack.com/profile.php?user=Tanked_As][img]http://runetrack.com/sigs/stat/gold/pos ... ked_As.png[/img][/url]
[url=http://leetscape.com/][img]http://advlog.leetscape.com/default/tanked_as.png[/img][/url]
[url=http://leetscape.com/][img]http://advlog.leetscape.com/default/tanked_as.png[/img][/url]
Re: Security considerations
Arr. Articles like these... Need a PHD in computer science to play Runescape these days. Might as well resort to wearing a condom on my head each time I log in (equivalent to NoScript).Twirlindana wrote:I resolve all my problems by wearing a foil paper hat. It's marvelous!. No really, to be serious, my levels of paranoia are reaching newer heights...
The best practice is common sense. If you're trying to login to RS and the website has a banner that sells Persian wives (for example), you obviously dialed the wrong number.
About logging in on public wifi by the way, that's mostly untrue. Runescape, as well as many billing-related services use an encrypted connection. Meaning, while someone can read everything you send on wifi, they can't make any sense of it.
- Dr Brad
- KoA Alumni
- Posts: 11697
- Joined: Thu Jan 15, 2009 8:44 pm
- RSN: Dr Brad
- Location: near Washington, DC, USA
- Contact:
Re: Security considerations
DeeKay wrote:Might as well resort to wearing a condom on my head each time I log in...
-
- KoA Alumni
- Posts: 2031
- Joined: Thu Oct 07, 2010 10:13 pm
- RSN: DoctorDRAGON
- Location: Indianapolis Indiana USA
Re: Security considerations
ROFL Brad!
Thanks for the tips
Thanks for the tips
[img]http://runesigs.in/stat/3200.png[/img][img]http://i43.tinypic.com/vh723k.jpg[/img]
Re: Security considerations
Glad to provide the incentive. o_O
Re: Security considerations
I will have to check out spybot. I got norton 360 and don't do anything on my computer but runescape. i do updates continually.But now i'm worried. I am not very computer savvy.
Re: Security considerations
Spybot was one of the best tools available a few years ago, I still use it, but am not on top of such things anymore, probably some equally good tools out there.
-
- KoA Alumni
- Posts: 282
- Joined: Sat Jan 31, 2009 9:45 pm
- RSN: Sloggish
- Location: Philly- but Scottish!
Re: Security considerations
Great info TY All! Brad- I have suggested many times to not wear that condom on your head in public- just not a good look for you! I'm with you ISanI- worried & none too savvy.
[url=http://runetrack.com/profile.php?user=Sloggish][img]http://runetrack.com/sigs/stat/blue/pos ... oggish.png[/img][/url]
[spoiler][url=http://runetrack.com/competitions/compe ... php?id=232][img]http://runetrack.com/sigs/competition/g ... oggish.png[/img][/url]
[url=http://runetrack.com/competitions/compe ... php?id=332][img]http://runetrack.com/sigs/competition/r ... oggish.png[/img][/url]
[url=http://runetrack.com/competitions/compe ... php?id=457][img]http://runetrack.com/sigs/competition/b ... oggish.png[/img][/url]
[url=http://runetrack.com/competitions/compe ... php?id=638][img]http://runetrack.com/sigs/competition/p ... oggish.png[/img][/url]
[img]http://i416.photobucket.com/albums/pp24 ... OlyVal.gif[/img][/spoiler]
[spoiler][url=http://runetrack.com/competitions/compe ... php?id=232][img]http://runetrack.com/sigs/competition/g ... oggish.png[/img][/url]
[url=http://runetrack.com/competitions/compe ... php?id=332][img]http://runetrack.com/sigs/competition/r ... oggish.png[/img][/url]
[url=http://runetrack.com/competitions/compe ... php?id=457][img]http://runetrack.com/sigs/competition/b ... oggish.png[/img][/url]
[url=http://runetrack.com/competitions/compe ... php?id=638][img]http://runetrack.com/sigs/competition/p ... oggish.png[/img][/url]
[img]http://i416.photobucket.com/albums/pp24 ... OlyVal.gif[/img][/spoiler]
Re: Security considerations
I just use facebook login and have my facebook account protected with sms authentication. Almost impossible to beat that.
Once you link your account to facebook login, just change your password to a long unmemorable one.
Once you link your account to facebook login, just change your password to a long unmemorable one.
Re: Security considerations
Well i can also give some help on computer security and ways to keep password safe, also i can help clan members computers get infected or compromised from malware, viruse, ransome ware and so on so feel free to inbox me if your having a computer issue oviously give head up in game im happy to help btw awesome post brad