I am tired of this NCsoft security hole

I sincerely doubt that Gaile has deliberately lied to us. If anything its probably a case where she was told something, passed it on to us, and then it turned out the devs couldn't do what they thought. I mean seriously what would they get by deliberately lying to us? We already bought the game....

I feel sorry for your friend, especially since, this being the second time, I'm assuming she is considering leaving the game. It is a problem if you cannot change your password or email once you've linked your account to PlayNC (I don't really know much about it, I've never had any reason to link any account to another site. I'm going by what a lot of people on here are tending to have problems with).

However, I've never been hacked, and I use the same email for everything. I'm getting better in the fact that I've stopped using the same password for everything, like I did years ago when I first started joining things on the internet. Here is a list of programs you and your friend should consider getting, that I find helps a lot in keeping out spyware and potential threats to your security:

Eset Nod32 - Really great anti-virus protection. Unfortunately, you have to pay for a full license. It's never failed me though.

Ad-aware Personal from Lavasoft - It's a really great spyware and adware detection program. Just use it to scan every couple of weeks, or even every week, and it'll pick up all spyware, whether it's potentially dangerous (Trojans or key-loggers) or not (simple tracking cookies).

ZoneAlarm - This is a good little program because you can tell exactly what programs should be allowed to access the network and internet. If a program that doesn't have permission tries to access it, then it pops up with a box notifying you, and doesn't let that program have access until you've allowed it to. Sure, it blocks GW every time there is an update, but I think having to click "Allow" every time there is an update is worth the effort for that extra security. There is a free version on their website, but it's a bit hard to find. Just go into products and it should be listed somewhere.

Finally, there's the new NVIDIA firewall that I noticed when I bought my new computer and updated the drivers (I don't know if it's actually new. I haven't used NVIDIA stuff for awhile, since I've only had a laptop for the past year). It's called ActiveArmor, and it's so much better than the crappy windows firewall. It works the same way as ZoneAlarm does, blocking everything that doesn't have permission.

Using these tools could be the difference between getting hacked and not getting hacked. Never allow any programs to access the network/internet that you don't know what they are. Try not to download add ons for games, because that would be creating more risk. I won't argue that these are the best, or that I'm extremely knowledgeable when it comes to internet security (In fact, my brother suggested these as ones I should use), since I haven't tried every piece of software out there, but these are the ones I use, and have found effective. If anyone else has any suggestions as to what security programs they have found good, consider posting those as suggestions, instead of the usual "Ha, you got hacked! should have been more careful", because of the simple fact that no one knows what's best for their security until they learn.

Now finally, you can't blame Gaile if information that she provides doesn't pan out straight away. She's not lying about it, she's the community liaison officer, and she can't make a team focus on one thing more than others. She can only relay what the dev teams let her know. There are all sorts of complications that can arise when trying to implement a piece of software, or an update to one, and sometimes things can't happen overnight.

I would strongly suggest adding Spybot Search and Destroy to your computer, in addition to AdAware. They complement each other well, just don't run them both at the same time.

i just changed the login screen password in 2 minutes flat so ALEX WEEKES is correct that you can easily change it.

again before someone yells i repeat................

this was the login screen password not my play NCsoft account password

WRONG ON ALL COUNTS ON ADAWARE BY LAVASOFT

the latest pc magazine spyware roundup showed that it failed to either detect/remove KNOWN keyloggers on the test system


JUST WRONG

this product DID detect/remove/disable the keyloggers as well as rootkits

http://www.pctools.com/en/spyware-doctor/

EDIT

spybot was given the nod as a backup to the MAIN spyware you use but that was it

Most keyloggers targeted at GW users are custom written. They would be extremely difficult to be detected by any spy ware/AV app. If they piggyback on another app, even many firewalls won't catch them either. Ad Aware isn't really a keylogger detector anyway, it generally only catches cookies, and a few other forms of malware. It's okay, but don't count on it exclusively. That can be said of most every system utility.

This is exactly why I also recommended getting a program to detect programs trying to access the internet as well as programs that are trying to access your computer. Spyware and anti-virus software don't always pick things up. It's impossible to make a program to pick everything up, what with the ever-changing way that these hacks are written. Which is why I listed a number of options.

Now, Ad-aware may be not that good. I don't know, I didn't see that article, and I only use it occasionally when I feel there's a real need to (if my computer is running slowly for no apparent reason, I'll definitely run it). So if you feel like it might not add enough protection, don't get it. But it's stupid to only get one program and expect it to stop absolutely every bit of spyware and viruses out there.

... And I just reread the end of Hocksters post, and I say this: what he said.

Thank you. I would never deliberately lie. We thought that some modifications would be along quite some time ago, but in fact it's taken longer than we anticipated. All of us would like to move forward on the changes, but ask for your patience for a while longer.

I do have a solid grasp on what you want in the way of security, and as I said, one of our co-founders contacted that portion of the technical team today to see if we could move forward on making it easier for you to reset your GW user name, password, and so forth, no matter whether the account is tied to PlayNC or now. I saw the email he sent, and I know the team members who will work on it. I do believe that the team will do their very best to move forward with updates to amend this situation. Our apologies, again, for the delay in making the changes.

http://www.pcmag.com/article2/0,1895,994103,00.asp

note that the product i linked caught an NCsoft specific keylogger that targeted Lineage II on my system.

as for running it every so often by then the damage will be done.

i update SWDoctor each morning and scan the system each time before logging into GW.

i also have zonealarm pro and a router firewall as well

Can I just point out that that article is over 3 years old?

But that's beside the point. Don't use it if you don't want to. And yeah, you really should do a scan pretty much every day, but I'm too lazy for that, and I forget. I mostly use ad-aware to remove harmless spyware that is slowing down my computer. Yeah, I know, it's stupid. But I've never had any hacking issues with my computer. I have had a couple of Trojans try to get in, but guess what? I did a scan with Ad-Aware and it got rid of them.

However, I strongly recommend getting ZoneAlarm. It's good if you can prevent malware getting in, but if that can't stop it, at the very least don't allow them to send the information back out.

Apologies, you are correct. I was mistaken about which stage the lock out was implemented at. I've edited my earlier. Lockouts apply to incorrect attempts to reset a password.

I'll ask our PlayNC people about the possibility of adding this to actual login attempts as well.

Once you link to PlayNC your email that you use as a username is only ever used for that purpose - as a username. The email address can expire and someone else take it up, and your account will not be affected. It is your contact info email address that is used for all further email correspondence with you (such as changing passwords).

Having said that, we understand why the removal of an option to change your username is of concern.

yes please...

I clearly understand security must be improved in Guild Wars, some bad email services has better security features, and I prefer lose all my email accounts than my GW account.

BUT ... security start in your computer, you CAN'T be "hacked" if your are smart.

I hope I don`t have any of the above problems, I`m changing ISPs this week and looked into changing passwords and e-mails a couple of months ago in preperation for the event. Everything seemed ok but after reading this thread I`m now not so sure.
Oh well we`ll see.

P.S. if you are using "add ons" or any other 3rd party programs it serves yourself right if you get hacked, just think yourself lucky you still have an account.

I had no issues... the Log-on email address ont eh log-on screen is just there for that, if you add the game to a PlayNC master account, which you have to to use the in game store BTW, then you can change the email address and password there, ok the log-in email address won't change, but the contact one will and if I remember correctly, if you believe someones gotten your details, its pretty hard to change the password now aswell, I remember it took me blody ages to do and most hackers aren't bothered doing that to get an account

Uh... yeah sure right.

I don't mean to slight you, but that's just not practical; in any way shape or form.

-EDIT- Typo.

I have no anti-virus software. I have no anti-spyware software. My computer is OUTSIDE my router's protection.

I DO have ZoneAlarm Pro running.

I've NEVER had a virus or spyware infection. I've NEVER been 'hacked'.

Why?

..because I don't search for wierd files to download and infect myself with.

Look for the fishy tools and you're gonna get phished.

A little warning:

GW specific keyloggers will NOT trigger anti-virus/anti-spyware if they are even remotely well written.

Anti-virus software works for general viruses and trojans.

Anti-spyware can monitor certain behaviour, but not all.

GW specific keylogger fits into neither categories and is only interested into one thing: guild wars executable. Even more, with specific knowledge of GW it's possible to bypass even network monitors so that even general firewall doesn't trigger.

So downloading any kind of hacks, bots or similar add-ons for GW is asking for trouble. There are no working add-ons of any kind, with possible exception of GWFreaks.

Just don't download stuff that would be GW related.

Last possible attack would be spoofed PlayNC site - something completely unrelated to PlayNC, but in the same way eBay and Amazon spoofs were used to steal CC info. But that is unlikely, as any such attack has never been reported.

Also, never share passwords. Your computer might be ok, but the person you're sharing with might unintentionally expose the information.

Thank you for stating the most obvious thing everyone sadly doesnt know.

The problem here is that the "interweb" can't read the OP's mind so he complains saying there are "loopholes" when the loophole started by trusting someone else logging in on your account. Thats it, period. NCsoft security is a one time seal deal to a specific email/acount name you choose for your own security purposes. Having the option to say completely change your email would have lost your friends account long before you can even post this. Personally, I prefer it this way.

What you should have learnt by now is to also read between the lines. It's not everyday someone quote-unquote "best friend" gets his/her account hacked apparently "consecutively" because he did everything right and the fault is rightfully pointed to Anet.

An account through which security credentials of another account can be changed provides an additional opportunity to compromise the first account. It is not an extra layer of security, but just the opposite: an extra backdoor.

An extra account also adds to the (possible) confusion with the user about the different options and procedures. Confusion about, and improper handling of security related procedures are an important negative factor in maintaing security.

The first thing most helpdesks ask of their users is to disable firewalls and anti-virus software, while most installation software - and their instructions - requests that you disable anti-virus software.

And neither firewall nor anti-virus software will, btw, protect you from keyloggers, 'third-party-programs' that realy account login information or other malware designed to collect information, and they will most certainly not protect you from hacking attempts that use any form of social engineering.

So, before you continue to bash the OP, or anyone else, regarding computer security I'd suggest you get informed first, because it is painfully obvious that you don't have a clue.

to clear up your confusion.

1 use one of those extra *family/asscociate/member/subaccounts* that all ISP providers have so each member of a family can have their own email/webpage. usually 8-10 are provided at no charge.

2 take the time to set up one of those independent sub accounts with a email name which is a maximum character random generated password @ my ISP. com and be sure to store that email as you wont remember it

3 set up your GW account with the sub account email and that is the only time/place you use it.

secure and will not have any effect on your regular personal email activities.

take 5 minutes prevention to help make the account much more secure.

worth it to me at least

The fact that you can't change your account's email is a big deal, whether you want to think so or not. Considering that is a major part of what his problem was, I'd say you missed the point.

What point?

That is you were able to change your account's email address that the hacker gets in changes the email address to one which he owns, then the victim can NEVER get anything back? I didn't miss anything Inspector Gadget could see through this case like water. Do not change the system, warn people not to share information. That is all you need to do, he/she shared information otherwise you cannot be "hacked" unless this person is damn good beyond belief and formerly worked for the CIA.

This is not a relevant thread, this is a complaint and a misdirected one at that.

Haha, a poster here thought i was making up this stuff to cover my account?

Yeh, my friend was stupid somehow for her getting hacked, but im simply trying to get security improvements for GW.

My computer, I do my best to keep it clean, stay away from sites and places that might have keyloggers in it, ect

and, i enjoyed a perfectly fine festival during the weekend, so, i dont know where this person gets the idea im the one that got hacked,

also, to the above poster, most of the time the victim mantains one trump card over the hackers, the acess key from the game, so, being able to change the login email is more helpful for the victim then the hacker, because the victim can recover the account via support.

I'm totally ok with this :LET US CHANGE OUR PASSWORDS PLEASE it's really dangerous for all, and i'm very tired of this RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GOing (and I really say RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GOing, because it's a REAL CRAP) NCSOFT account, that ties your account, that paralyze you, bound your hands you can't do anything, you are OWNED and can't even remove it ! It's illegal, you are samming us NCSOFT, I don't want my account to be FOREVER tied to this "$$°£@ù$%*^ NC account !