A lesson in virus protection for the casual MMOG player.
|Security 101 or "How to Protect Your Computer on the Internet"
By Misty "Beans" Matonis
With the most recent evil
virus running around the Internet like a rabid dog in heat,
I thought the timing would be right to unveil a little document
I wrote not long ago on security and your system, especially since
a lot of MMOG players are really casual Internet users.
This essay is designed to give the casual computer or Internet user
(read: novice) some basic ideas about protecting their systems from
such things as viruses, trojans and the usual hacker stuff. This
essay is not complete, but it is a good starting point.
This document assumes that the you are using Windows 95, Windows
98, Windows 98 Second Edition, and Windows NT. Windows 2000 and
Windows ME, as well as Mac, Linux, and other OSs are not.
The absolute, 100% sure way to protect yourself from malicious attacks
on your computer and your data is to not be on the Internet, however,
that advice is not practical. But there are some things that you
can do that can help you limit said attacks, and help to ensure
your privacy and secure your data.
Passwords Are the Key
Password-protect your computer. If you are using a Windows machine,
perform the following steps:
- Go to start
- Select Settings
- Select Control Panel
- Select Passwords
- In the "Change Passwords" tab, hit the "Change Windows Password"
- If you already had a Windows password, you may change it now.
Input your old password in the password field. Then put your new
password in both the "new password" and "confirm new password"
fields and hit the OK button. You will get a confirmation window
stating that your password has been updated.
- If you did not have a password for your computer, you may set
one at this time. Put your password in the "new password" and
"confirm new password" fields, leaving the "old password" field
blank. Hit the OK button. You will get a confirmation window stating
that your password has been updated.
- After creating or updating your password, hit OK to close the
Password protect your screen saver if you are using one.
Chosing a Good Password
- In the Control Pannel, double-click "Display."
- Select the "Screen Saver" tab.
- Check the "Password Protected" box and hit the "Apply Button."
- Hit the OK button to close the Display screen.
This is perhaps the most important thing that you can do as an end-user
if you wish to protect your data from malicious attacks.
Password Do's and Don'ts
- Avoid dictionary words. For example, "secret" is a dictionary
word. DO NOT use words like this
- Avoid using your first name, middle name, last name, names of
members of your family, pet names, etc. as your password.
- Limit your password to either 7 OR 14 characters. Here's why.
The way Windows stores passwords is as follows: Windows breaks
up your password into bits of 7. So if your password is 8 characters
long, your password is stored in one part as 7 characters, a second
part as 1 character. It's much easier for a hacker to work with
a password like this, as it's relatively quick to decipher part
2, and then work on part 1. Limiting it to either 7 or 14 characters
will make the job of the cracker a bit more difficult.
- Use upper and lower case in your password.
- Use numbers in your password.
- Use non-alphabet characters in your password, e.g. @ or $
- DO NOT use characters in your password that are together on
the keyboard. For example, "qwerty" is a bad choice for your password,
or part of your password. As is "123." Crack applications thrive
on this type of mistake. DON'T do it.
- Mix upper, lower, numbers, and non-alphabet characters in your
password. For example, "1r0X0rj00pUnK!"
- Do this for EVERY password you have. Including Web sites, online
games, documents, etc. Create individual passwords for each.
Some Notes on Passwords and Windows and Screen Savers
- DO NOT EVER WRITE YOUR PASSWORD DOWN. Never ever ever. Did I
say don't. Well, just plain don't.
- DO NOT EVER share your password with ANYONE. This includes friends,
co-workers, and family members. If you have to, change your password
as soon as possible.
- DO change your password often. Once a month is okay, but if
you are feeling adventurous, change it weekly.
- DO NOT recycle your passwords if the period of three months
has not passed. Meaning, if you have to recycle your password,
wait three months minimum to use that password again.
- DO NOT put your password or password hints in comments, such
as in HTML code, a document, named folders or files, or system
The problem with Windows is that passwords aren't really that much
of protector when it comes to your computer and a rogue individual.
If I were to come up to your desk and see that you have a password-protected
screen saver, all I would have to do to gain access to your system
is reboot your machine, wait for the windows login screen to appear,
and then hit "cancel." I would then have full access to whatever files
you have on your system. The good thing, though, is that I won't have
access to your company's network if you're on one, but, if you've
not followed the steps outlined above, chances are I'd be able to
guess what your password is.
This problem does not occur on NT. Protecting Your System
from Viruses and Trojans
Many unscrupulous individuals will send viruses and trojans through
e-mail attachments and executable files. Knowing what to do and what
not to do is important. Invest in a Virus Scanner
There are quite a number of products on the market that will scan
your system and your files for viruses and trojans. Two of the best
Personally, I think Norton's is the better of the two, but they both
The most important thing that you can do is keep your antivirus application's
signature files up-to-date. I recommend checking for new updates once
per week. If any new viruses or variations of a virus have been discovered,
this can insure that you will be protected.
Also, be sure to read any and all documentation on using the virus
scanner and product updates. Know how to use it. Know how to run it
in the background. Most importantly: just know how it works!
E-mail Hell: Some Tips
Download Hell: Some Tips
- If you are an Outlook or Outlook Express user, make sure you
have your mail client set so that it does not auto-open attachments.
Check the help me documentation that comes with these programs
to see how to disable it. The vast majority of email worms are
targeted to users who use either Outlook or Outlook Express. I
personally prefer Eudora to limit my chances or an attack that
- Never open an attachment without first scanning it with your
- Never open and attachment that has a .vbs or a third extension
(such as *.*.*).
- Never open an attachment that contains an executable file (*.exe)
without first scanning it
- Never open an attachment because a friend or someone you know
sent it to you without first scanning it for viruses. Remember
virus? That propagated so well because most people would receive
it from someone they know well and would automatically open ILOVEYOU.vbs
without thinking or scanning first. Bad move
- If you receive a word or excel attachment, scan it for macro
viruses, and if the document uses macros, select the disable macro
option that comes up when you open the document.
Disks and CD's
- Be wary if you download applications off the Net. This includes
anything from Netscape and IE browsers to trial versions of your
favorite product from your favorite vendor. Always run a scan
on any executable or zip file you may download.
- Limit downloading from unknown sources. If you do have to download
from an unknown third party, scan scan scan.
- If you use a service such as an online game, or any service
that auto-patches an application for you, make sure you have your
virus scanner running in the background. Origin Systems, Inc.,
a well-respected gaming company, almost accidentally sent its
150,000 users Back Orifice 9x through its auto-patching system.
Thankfully, they didn't, but you can see the dangers inherent,
- Scan scan scan
- Scan scan scan
- Scan scan scan
Just because you have an application or a document from a disk or
CD does not mean that you won't download a virus or trojan! Scan first
before using. Scan after using. Education: Know Thy Enemy!
The most important thing that the end-user can do to protect themselves
is to educate themselves. Know what viruses and trojans are out there.
Know how your OS works. Know if there are any security flaws in the
applications that you use.
Here are some good sites to check out:
Firewalls: Keep the Bad Guys Out!
If you have a static IP as many users tend to have when they have
high-speed Internet access, you'd be remiss if you did not have a
firewall. Different firewalls do different things. Some may simply
monitor any and all port activity. Some prevent third-party access
and may need to be configured so that you can play your games or use
your IM programs. If you're interested in investing in a good firewall,
and I suggest that you do if you're concerned about third party access
to your system, make sure you read the documentation on your prospective
purchase closely. Compare
and see which one would best one to fulfill
And don't forget to ask your friends what they use, and why. My friends
tend to prefer ZoneAlarm
and some recommend BlackICE
The decision is yours. Chose wisely. OMG I've Been Infected What
Do I Do?!
Firstly, calm down. Knowing that you've been infected is the first
step in the right direction!
Close all applications and documents. These can propagate the infection.
Shutting down your computer can also help but it does not ensure your
safety in the future. Your computer is still infected, after all.
If you have a virus scanner, use it.
If you don't, get one immediately. You can download great virus scanners
free. These are trial versions.
Now that you have a virus scanner, use it. Follow anything that these
applications tell you to do. Pay attention to what files are infected
and what virus was used to infect them. Let your virus scanner do
Go to a virus database and learn about the virus and how to clean
your system of them. An excellent virus database can be found at http://www.symantec.com/avcenter/
Symantec will not only tell you the nuts and bolts of the virus, but
will also tell you how to clean it from your system.
trojan cleaner (http://moosoft.com/download.php
This application will check to see if you've been infected with a
trojan. Consider this your backup.
If it was a friend or an associate who sent you the virus, notify
them immediately that they did so. Chances are it wasn't malicious.
If the virus or trojan was sent to you by someone unknown to you,
notify your ISP or online service provider immediately.
Delete the source of the virus.
Relax! If you've done all of the above, chances are you've cleaned
your system of the virus. And now you've learned your most valuable
lesson! AOL and AOL Instant Messenger, ICQ and other
- DO NOT create a profile for yourself. If you do, do not put
personal information or other clues to what your password may
be. Not having a profile will also decrease your chances of getting
spam to your AOL account.
- DO NOT go to chat rooms. Chat rooms on AOL are a great source
for wingnuts to collect email addresses so they can spam you.
You also may risk giving away personal information, or even your
password, to a rogue individual.
- DO NOT accept files from ANYONE, including someone you may know,
even if it is a picture.
- DO NOT accept IM's from a person you do not know.
- DO change your password often.
- DO NOT open unsolicited email (spam) if they have attachments.
Delete them immediately.
- DO contact AOL's customer support team if you notice unusual
activity with your account, or if you suspect someone is violating
the AOL/AIM/ICQ TOS
- Set yourself up for the highest security level if you can. On
ICQ, hide your IP address. Limit who can send you events. Use
the invisibility feature. Ignore events that come from an unknown
As I said earlier, this is by no means a complete list of do's
and don'ts, but it's a start. If you protect your system well, you'll
not only protect your files and your sanity, but you'll lessen the
frustration of losing your hard work in your game to a hacker.
Originally Published on GameSpy
[ Return to Article Index ]