About Account Security

BIG NOTE

THOSE NO LONGER ARE WORTHWHILE.

the latest testing by PC Mag and others showed that they are missing next gen keyloggers/rootkits and a lot of others.

Spybot got 2.5/5 rating
AdAware got 3/5 rating

Spyware Doctor and Spysweeper got the keyloggers/rootkits and other stuff the others missed

both got 4.5/5 rating

thanks for that Loviator, that was something I didn't know but figured anyways...
I started noticing a couple of months ago that those weren't catching everything but they are still a decent backsweep at times....

A question: Are tracking cookies a threat to account or personal security? I know almost every major site uses them, but in the wrong hands could they be utilized for something unwanted?

Are Spyware Doctor and Spysweeper free? I like to use the free ones.

But as I stated earllier, I stay away from sites that put that junk on your computer. I also don't advise downloading any freeware unless it has been tested and used by a reliable source. I think Download.com tests their freeware before posting them on their site.

im pretty sure ad-aware and spybot are kind of out-of-date.


I went the distance and *purchased* spyware doctor- my computer hasnt been this happy since the day i bought it.


Also- consider restarting your computer into Safe Mode, and do a Deep Virus Scan as such- You cant be too careful.

its easy to forget how expensive/fragile these computer things are...

spyware doctor is your friend.

45+ other users on siteadvisor say differently.http://www.siteadvisor.com/sites/dow...page=6#reviews I, personally, have recieved a virus from that site. Don't trust it.

I'm glad to see this issue is being addressed so quickly. GG

My question is what is ANETs response to the players. It sounds like at some level ANET messed up somewhere but as i understand the people involved lost everything. I would image there is a good number of players that are understand secuity and make sure they are protected and would think at least a few of the people were protected. BUt between this thread and the other it seems like there was some stuff ANET did that caused players to lose everything.

And to be honest i think their response will at some level either assure i buy ch3 or not. If they choose to do nothing it will make me question why i buy the new chapters.

Can we see a link to those reviews?

Thx, siteadvisor seems like a great resource. /Bookmarked

I don't think Anet responded very quickly. My alliance leader had his account broken into and lost everything not customized. Well over 1000k worth of gold and items were stolen.The scumbag that did this even pm'd him the next day to brag about it.

My alliance leader took screen-shots of the chat between himself and the thief and sent that along with what happened to Anet support. That was over 2 weeks ago! In the meantime, other people were reporting in this forum that they had their account hijacked.

The account theft was related to him purchasing an extra character slot from plaync. Exactly how the thief got his user name is still a mystery.

Like I said, this happened 2-3 weeks ago and was immediatly reported. And they are just now taking steps to beef up security?

well i dont believe in purchasing/downloading/installing a dozen similar ___-ware programs. educate yourself instead... you don't have to be a net geek, nerd or whatever else.. just take a few minutes a day to familiarise yourself with the technology at least on a practical level. know where and how to patch your OS' latest vulnerabilities, where and how to update your AV definitions, be able to use common sense in not clicking on stupid links that exploit MSIE (the worst browser ever created(TM)), and so on and so forth...

btw as far as antiviruses go, i have got to plug Trend Micro. their line of AVs is absolutely top notch and not as burdensome/invasive as similar offerings from mccaffee, norton et al.

summary of earlier testing is on page 45 of the latest (sept 19th issue.

grab it and look at any place that sells PC Magazine

here is a little known free one MAXIMUM PC considers extremely good from their latest issue on utilities Nov/06 issue

http://www.f-secure.com/

If you can get an e-mail of a suspisious hacker, you should be able to get their IP adress and you can give it to NCsoft to stop them in their tracks and it will help everyone in the community. I did that and haven't seen any of the hackers accounts go on since.

In all honesty, no, we were not responsible. There were three components to the theft, as I understand it. I feel that the PlayNC security was lacking in a secondary issue involving one of those three. However, there really are security measures in place, and they will be improved by, for one thing, adjusting the number of times someone could try to brute force a password. But the situations that I wrote about involved players revealing their user name (a bad idea), players exposing their birthday (another bad idea) and (according to actual chat records) some players even eventually revealing their secret question (and presumably answer). (I honestly don't even know if the players are themselves aware of this even now. Sorry, guys, it's what I am told happened in at least one or two cases.) So I'm sure that you can see -- as much as I might be called a Protector of ArenaNet (or at least the company's reputation) -- the instances really cannot be totally or fairly laid at our feet.

Now, that needs to change! I will pass that along immediately.

I will have to say that I know some about accounts being hacked, my husbands was. We are firm belivers is adaware, spybot, avg, and doing alot of maintence on our comps. I dont know if it was the fact the he had just recently purtchaced a couple of extra char slots on his account or what that made him a large target.

I am glad to see that action on plaync side is being taken to help prevent things like this from happening in the future, I can't put all the blame on them. Mainly for one big reason, like my father told me when I was growing up "A lock is ment to keep honest people out"

You get these hackers out there and no matter what they will try to get you because they are not honest and they will try to find a way arround things no matter what you put in front of them. Just like a thief who will find ways to open locks no matter how complex it is. Sometimes it may be for the thrill of doing it, other times it may be becuse they can.

I ask that you not be angry with plaync or ANET over the security issues, they are working on them and working at changing them. Remember that it is not them who are doing the hacking. If it takes some time to resolve issues with one player, please remember that there are in my estimation thousands if not a million people who have accounts. Sometimes it take a little time to get through the e-mails and stuff that they get and do the investigations to resolve the issues that you send them.

Yes it took about a week or two for my husbands issues to be resolved, but they have been resolved. Unfortuantely he will not be able to get back all the things he lost. but we are happy with the outcome.

I would like to end this on one note, I would like to see where you can change your e-mail addy for the login to gw since you cant right now if your account is tied in with a plaync account. I think that measure would help with security issues as well.

To clarify: I wish ANET would help these people do more to rebuild. Correct a small lock keeps out honest men but a big lock keeps out criminals. I know that acct hacks are going to happen and that people are going to be stupid and download stuff. But Im not unhappy with the violation i am unhappy with the apparent lack of care. I find it intersting that it happened after you upgraded your acct via NCSOFT. If the lock company produces a faulty lock they are held liable for their actions. I think its good that they are fixing the problem but i would like to see more support for accts hacked.

How much did your husband lose when he was hacked? how long did it take you to build it all? how long will it take you to rebuild it?

No, NCsoft is not just now just starting to beef up security; it's an ongoing endeavour. Would you kindly ask your friend for the Support Ticket number that he received from NCsoft? Please ask him to PM it to me, or you may do so, if he is comfortable with that. I will be happy to investigate this one, as this is a crucial issue and we're very interesting in learning as much as we can from each instance. Keep in mind that we may well have resolved this issue, that the person who stole the account may already have been disciplined or actioned. That is what we offer -- not insta-refund of lost items.

Here's a tip for you, though: Most people establish identities on the 'Net. So Mary Sunshine becomes [email protected], and she is Mary Sunshine on the forums and IRC. When she creates a PlayNC account, what does she choose to use? Bingo! So her user name is exposed by her own hand.

Someone decides to trade with Mary, perhaps offering an offer that is "too good to be true" just to establish a relationship. This person says they should discuss by email, and Mary kindly provides her email address. Unless Mary is smart and has a "disposable email address" for public use (see my initial post), Hacker now has a second critical piece of info. Hacker looks at Mary's profile and sees she was born on XX date. Info Bit No. 3. And all with NCsoft and ArenaNet not having a single bit of involvement!

When you say that you don't know how someone got a user name, well, sorry, but it didn't get exposed by us. It is reasonable to ask that we (ArenaNet, PlayNC) keep your information secure. But it is also reasonable of us to ask that you keep your own information secure, too. If someone reveals personal information, puts up a silly security question, or tells a "friend" his password, something bad may happen, and there is nothing in the world that any company can do to prevent it. Asking a company to "make everything better" with personal rollbacks or with item restoration doesn't address the core problem. Such an act is absolutely and utterly impossible for us to do, as it starts the ball rolling towards fraud, an increase in scams, game economy damage, and it actually encourages a reduced care for personal security. It also devalues accomplishments and reduces the preciousness of items and gold. ("Oh, well, if my things get taken, they will be replaced.")

The end of the story is that together, with due care and with an eye to always keeping our essential information private, we can prevent account theft and all the pain that comes from it.

Please, Gaile, if you could post in this thread when/if usernames/email addresses can be changed for Guild Wars/NCsoft(store).
I prefer to change acount access information for important accounts on a regular basis, and this has always bothered me about GW.

thx for raising security awareness

This is a very good thread...