Security Tips for the Guild Wars Player
Originally Published by
Security Tips for the Guild Wars (GW) player
version 0.6 (10/04/2008)
By Fril Estelin, on Guild Wars Guru
Released under Creative Commons Attribution-Share Alike 3.0 United States:
http://creativecommons.org/licenses/by-sa/3.0/
This is a simple and straightforward mini-guide to security so that you and all GW players can enjoy a safer Guild Wars experience. Please contact the author if you spot mistakes and have comments or suggestions.
1) The Current Security Threat and How to Be Safe
Scammers, hackers and other malicious people are trying every day to get an advantage by exploiting vulnerabilities and weaknesses of MMORPG users and software. It is important that everyone understands basic security principles, apply them at their level and spread the word around. Your security depends on the security of others too, and helping secure someone else's computer may prevent problems from happening and thus impacting you and other indirectly.
Modern hackers use computing techniques to break into your computer, but they also use social engineering techniques, where they make user believe something that is false. For example, they try to make people believe that they have a genuine problem or request by saying something like "drop your Elite weapon so that I can take a picture of it", and then use the Ebon Escape skill to shadow step to the person and steal the item. They will also try to be seen as legitimate authority by saying "I am a GW Game Master so do as I say", while someone knowledgeable would know that a GW Game Master would never use his power to gain an advantage over GW players.
On the other hand, be careful not distrust everyone because a few people are malicious! Not only would this greatly diminish your GW experience by separating you from a lot of honest GW players, but this can actually be used against you (e.g., to force you to quit GW). Try to be cautious but not paranoid (which usually creates a false sense of security), You need to be vigilant but not obsessed with security!. And balance your actions according to the risk. For example, no need to bother buyers or sellers for trades of a few gold pieces, but look carefully at the trade window for trades of a few platinums.
Always remember that thinking will save you from dangerous and unexpected circumstances. Malicious people are always trying to improve their techniques and find new attacks. Inattention or ignorance facilitates the job of scammers and hackers. It is healthy to warn people about scamming attempts and other kind of attacks, but you should be careful not to frighten people as it would bring more harm than good. Feel free to communicate and ask questions on fansites and among your guild, but always in calm way.
Security is always as strong as the weakest link of the chain. Antivirus and firewall are only two links among others (see section 3 below). Other links include for example: passwords, software update status, personal data (e.g., credit card or social security numbers, real name) protection. So, having the best security software will not save you if your passwords are weak (see section 2 below).
2) The Weakest Link in the Security Chain
The weakest link is usually for most users their passwords. It is either too weak (it can be guessed easily, e.g., your in-game name) or not well protected (it is given to friends and family, or other users selling their in-game services).
If you shared your password with anyone, even mum, dad or your best friend, you're at risk. These people may not reveal it consciously, but it may be stolen from them at one point by malicious people. For example, someone may pretend to be you or an ArenaNet representative, and ask them to reveal your password. Similarly, guildies or GW players selling their in-game services should not know your password under any circumstances.
ArenaNet of NCsoft staff would never ask you for your password, for any reason whatsoever, because they have other means to access information about your account. Only someone not from ArenaNet or NCsoft would ask your password. And remember that sharing your password will, in case of problems, make the work of identifying the problem impossible, because the problem happened outside of the system that ArenaNet and NCsoft control. And never, ever use the same password for 2 different systems (e.g., email, GW account, GW Guru account, etc.), because of breach of security in one means that the other account is affected too.
A strong password should ideally contain letters both in lower and upper case, numbers, special signs (@#$%^&*) if allowed, and be at least 8-symbols long. A password should NOT be a word you can look in a dictionary, a name or date. Even a "phrase acronym" (where you take the first letter of each word in a given sentence) is not so good, but better than the previous ones. Some people use the following trick to make passwords stronger: use a word you remember well and change a letter to something that looks "visually" the same, i.e., "e" is replaced with "3", "A" with "4", or "O" (capital letter o) with "0" (zero).
Here are a few password strength testers and more information on passwords:
3) The Security of your Software
Always have an antivirus and firewall active, at all times, even when playing GW. NCsoft and ArenaNet advise the gamers who want a lightweight antivirus solution to use Sana Security: http://eu.plaync.com/eu/about/pressrelease-full/ncsoft_europe_introduces_sana_security/
You should also make sure that your Windows and all the applications running when you play GW are up-to-date. Activate the Automatic Update feature or check regularly the Windows Update website. And regularly check that your applications are updated, as they may be the open door that a hacker will use to get into your computer.
You should also have an anti-spyware software running continuously, or regularly scan your computer using the common anti-spyware tools:
http://www.ccleaner.com/download
Be careful about the third party programs that you install when running GW. Some may contain malicious components. Read the page about mods on the official GW wiki:
http://wiki.guildwars.com/wiki/Guide_to_modifying_in-game_graphics
4) A Word of Conclusion
Security is a process or an activity, but not a product. This means that buying an anti-virus or a firewall (though an absolute necessity nowadays) is not the end, but only one step towards your goal of securing your computer and game. The security threat evolves constantly as hackers exploit new vulnerabilities and develop new ways to scam people, and this why updates are important and will always be necessary.
In just a few words, remember: to be vigilant but not paranoid; to regularly check that you are up-to-date with your software and other security advices; to spread the word about security so that no one is at risk around you.
version 0.6 (10/04/2008)
By Fril Estelin, on Guild Wars Guru
Released under Creative Commons Attribution-Share Alike 3.0 United States:
http://creativecommons.org/licenses/by-sa/3.0/
This is a simple and straightforward mini-guide to security so that you and all GW players can enjoy a safer Guild Wars experience. Please contact the author if you spot mistakes and have comments or suggestions.
1) The Current Security Threat and How to Be Safe
Scammers, hackers and other malicious people are trying every day to get an advantage by exploiting vulnerabilities and weaknesses of MMORPG users and software. It is important that everyone understands basic security principles, apply them at their level and spread the word around. Your security depends on the security of others too, and helping secure someone else's computer may prevent problems from happening and thus impacting you and other indirectly.
Modern hackers use computing techniques to break into your computer, but they also use social engineering techniques, where they make user believe something that is false. For example, they try to make people believe that they have a genuine problem or request by saying something like "drop your Elite weapon so that I can take a picture of it", and then use the Ebon Escape skill to shadow step to the person and steal the item. They will also try to be seen as legitimate authority by saying "I am a GW Game Master so do as I say", while someone knowledgeable would know that a GW Game Master would never use his power to gain an advantage over GW players.
On the other hand, be careful not distrust everyone because a few people are malicious! Not only would this greatly diminish your GW experience by separating you from a lot of honest GW players, but this can actually be used against you (e.g., to force you to quit GW). Try to be cautious but not paranoid (which usually creates a false sense of security), You need to be vigilant but not obsessed with security!. And balance your actions according to the risk. For example, no need to bother buyers or sellers for trades of a few gold pieces, but look carefully at the trade window for trades of a few platinums.
Always remember that thinking will save you from dangerous and unexpected circumstances. Malicious people are always trying to improve their techniques and find new attacks. Inattention or ignorance facilitates the job of scammers and hackers. It is healthy to warn people about scamming attempts and other kind of attacks, but you should be careful not to frighten people as it would bring more harm than good. Feel free to communicate and ask questions on fansites and among your guild, but always in calm way.
Security is always as strong as the weakest link of the chain. Antivirus and firewall are only two links among others (see section 3 below). Other links include for example: passwords, software update status, personal data (e.g., credit card or social security numbers, real name) protection. So, having the best security software will not save you if your passwords are weak (see section 2 below).
2) The Weakest Link in the Security Chain
The weakest link is usually for most users their passwords. It is either too weak (it can be guessed easily, e.g., your in-game name) or not well protected (it is given to friends and family, or other users selling their in-game services).
If you shared your password with anyone, even mum, dad or your best friend, you're at risk. These people may not reveal it consciously, but it may be stolen from them at one point by malicious people. For example, someone may pretend to be you or an ArenaNet representative, and ask them to reveal your password. Similarly, guildies or GW players selling their in-game services should not know your password under any circumstances.
ArenaNet of NCsoft staff would never ask you for your password, for any reason whatsoever, because they have other means to access information about your account. Only someone not from ArenaNet or NCsoft would ask your password. And remember that sharing your password will, in case of problems, make the work of identifying the problem impossible, because the problem happened outside of the system that ArenaNet and NCsoft control. And never, ever use the same password for 2 different systems (e.g., email, GW account, GW Guru account, etc.), because of breach of security in one means that the other account is affected too.
A strong password should ideally contain letters both in lower and upper case, numbers, special signs (@#$%^&*) if allowed, and be at least 8-symbols long. A password should NOT be a word you can look in a dictionary, a name or date. Even a "phrase acronym" (where you take the first letter of each word in a given sentence) is not so good, but better than the previous ones. Some people use the following trick to make passwords stronger: use a word you remember well and change a letter to something that looks "visually" the same, i.e., "e" is replaced with "3", "A" with "4", or "O" (capital letter o) with "0" (zero).
Here are a few password strength testers and more information on passwords:
- http://www.microsoft.com/protect/yourself/password/checker.mspx
- http://www.securitystats.com/tools/password.php
- http://rumkin.com/tools/password/passchk.php
- http://www.microsoft.com/protect/yourself/password/create.mspx
- http://www.sophos.com/pressoffice/news/articles/2006/04/passwordadvice.html
3) The Security of your Software
Always have an antivirus and firewall active, at all times, even when playing GW. NCsoft and ArenaNet advise the gamers who want a lightweight antivirus solution to use Sana Security: http://eu.plaync.com/eu/about/pressrelease-full/ncsoft_europe_introduces_sana_security/
You should also make sure that your Windows and all the applications running when you play GW are up-to-date. Activate the Automatic Update feature or check regularly the Windows Update website. And regularly check that your applications are updated, as they may be the open door that a hacker will use to get into your computer.
You should also have an anti-spyware software running continuously, or regularly scan your computer using the common anti-spyware tools:
- http://www.lavasoftusa.com/products/ad_aware_free.php
- http://www.safer-networking.org/en/download/index.html
http://www.ccleaner.com/download
Be careful about the third party programs that you install when running GW. Some may contain malicious components. Read the page about mods on the official GW wiki:
http://wiki.guildwars.com/wiki/Guide_to_modifying_in-game_graphics
4) A Word of Conclusion
Security is a process or an activity, but not a product. This means that buying an anti-virus or a firewall (though an absolute necessity nowadays) is not the end, but only one step towards your goal of securing your computer and game. The security threat evolves constantly as hackers exploit new vulnerabilities and develop new ways to scam people, and this why updates are important and will always be necessary.
In just a few words, remember: to be vigilant but not paranoid; to regularly check that you are up-to-date with your software and other security advices; to spread the word about security so that no one is at risk around you.
