Latest in Gaming

Image credit:

How to protect your system from keyloggers [Updated]

Dan O'Halloran

It's raid night. You've farmed your mats, topped off your repair fun and loaded up on pizza and cola. But for some reason you can't log on. You're sure you typed in the right password, but no go. You IM you guildie: "Are the servers down? I can't get in." His reply sends chills down your spine: "We just saw you at the bank. Why was your toon naked?"

Years of hard work gone. Someone else accessed your account and stripped your main of all his gold, bank items and tradable equipment. "But I don't give my password to anyone!" you wail. You don't have to, the keylogger program knows it anyway.

What's a keylogger? It's a small, virus-type program that can accidentally be installed on your computer. How might a keylogger be installed on your system?

  • Visiting an untrustworthy web site. Some sites may have code in them that exploit your web browser and cause it to quietly install a keylogging application without your permission. (Note: even turstworthy sites can be hacked! The same hackers who are after your information can hack what you think of as trustworthy sites and add exploit code to them which could give you a keylogger.)
  • Downloading addons (or other files) from an untrustworthy site. Any executable file you download could contain a keylogger or virus, so before you download a file, be sure you're downloading it from a source you trust!
Once a keylogger gets installed, it starts recording every keystroke you make. And when you type in your account name and password for your WoW account, it captures that, too. The next time you access the Internet, it sends your private information to the hackers who use it to log into WoW and strip all your characters of everything valuable leaving you with a penniless toon wearing nothing but his trousers.

This all sounds pretty scary, but don't worry -- there are ways to protect yourself from keylogging programs!

A WoW European Hunter, Eldariel, has written a great guide to defend your computer from keyloggers, spyware and viruses. Here's a run-down of what you can do to keep your computer safe and sound:

  • Get a virus scanner. Grisoft provides one for free. Be sure to configure it to scan your system regularly and to check for updates. (Even the best anti-virus software won't do you any good if it doesn't know about the latest virus information -- so keep it updated!)
  • Get a free anti-spyware program and run it. Spy Sweeper is a good one. As with your anti-virus software, be sure to configure it to scan your system regularly and check for updates.
  • Install firewall software that prevents any unauthorized access between your computer and the Internet. Comodo is recommended. Again, its free and well regarded.
  • Be sure to run the latest version of your browser software. Whether it's Internet Explorer or Firefox, keep it patched and up to date! Many exploits that hackers used have already been patched by the software vendors -- all you have to do is stay updated!
  • On the subject of browsers, consider using Firefox. There's plenty of room for debate on whether it's more secure than Internet Explorer, but for now, at least, there are more viruses and exploits out there that target Internet Explorer, simply because it's more widely-used.
  • Keep your OS up to date. Just like with browsers, many hackers will try to install keyloggers on your system using exploits that have long since been patched by the software vendor. If you run Windows, be sure to run Windows Update regularly -- in fact, I recommend setting it up to run automatically on a daily basis.
  • Be careful downloading files! While your anti-virus and anti-spyware software should catch anything that gets installed, it's better to catch them before they get installed and have a chance to cause damage. Never download files from sites you don't trust and be wary of opening unexpected e-mail attachments.
  • You can configure your WoW client to remember your user name. In this case, even if you get a keylogger installed, they'll find your password, but won't know your account name. The password is useless without the account name, and if you don't type the account name, a keylogger won't see it.
  • And, of course, never share your password. You may just give it to one person, but who knows where it could go from there. (For all you know they've got it on a post-it note on their monitor where anyone can see it.)
And if the worst scenario happens and your account is stolen, contact Blizzard support immediately. It can be a painful process to restore your account (Blizzard will immediately cut off access to the account until they can confirm your identity as the account-holder), but once your account has been compromised, it's the only way to get your stuff back and re-secure your account.

Anybody have other hints or tips they can provide to keep their system safe?

Update: Revised the definition of "keylogger" and added a number of tips on how to keep yourself safe from them.

From around the web

ear iconeye icontext filevr