Advertisement

Azeroth Security Advisor: Patient patching prevents pestilence

Jon Eldridge
Updated ·6 min read

Every other week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show.

It's Friday night at 6:45 pm server time. Your raid begins in 15 min and you think you're ready to go. Narrowly escaped another speeding ticket trying to get home from work in time? Check. Belly full of pizza? Check. Mind totally polluted on bad tasting energy drink? Ch3cK! Dog fed and walked? Check. TiVo recording the latest over hyped drivel? Check. Kids unconscious. Check. Parents or domestic partner unconscious or otherwise leaving you alone for one damn second? Check. When will they understand that you ARE being social by locking yourself in the computer room all night... jeez!

Time to rock and roll! Or not. What's this? A patch? On Friday night? Agony, shame and defeat. Azeroth will not know the terror of your blade this night. Gornak the mighty has been caged by some dweeb code monkey and their total POS patch system. Your raid leader is going to KILL you. Wait, what about downloading the patch from the Internet? Just Google up the patch number and let your cable modem download it at lightning speed right?

Don't do it.

Really. Don't do it. Downloading executable files from an unknown host is a huge security risk. It's possible to take bigger risks but you'd need a Ouija board and a used electric chair. Just kidding. That would be dangerous. Anyway where was I? Downloading a .exe program opens you up to every form of virus, Trojan horse, malware, adware and Internet pie in the face imaginable. For most of you the lesson ends here. Either you know better or you embrace the time honored historical fallacy "I do it all the time and I've never had a problem" which is central to most of the amusing YouTube videos involving explosives (skip to 1:40 for the good stuff note the clever lack of a fuse and fun loving horseplay after the initial explosion).

Still here? Need more convincing? Want to see more explosions (language warning)? OK here we go. Getting infected with malware can seriously mess up your PC and your happiness. It can certainly prevent you from showing up to that raid you were worried about. Getting a virus (great reading on this link don't miss it) that deletes your Windows directory or otherwise forces you to restore or rebuild your computer can really put a dent in your weekend. You do keep a current backup image of your PC using a utility like Norton Ghost for just such an emergency right? Don't worry, almost nobody else does either which is why you should avoid unknown .exe files like the plague they may actually be.

Even if you are spared the outright destruction of your PC there are more potential delights awaiting the unwary. Your PC could be turned into a zombie and forced to enlist in a botnet army for the purposes of spreading adware, spyware, email spam or launching denial of service attacks against perfectly legitimate businesses or websites. Botnets are a growing concern as organized crime replaces the angst ridden teen hacker we usually associate with computer high jinx... and yes I'm old enough to use "high jinx" with a mostly straight face.

Gamer specific threats often come in the form of a password stealing Trojan horse. Attacks against the login information of online gamers is not new but it is also not going away. Attacks targeting WoW players are not uncommon at all because your login information is worth... you guessed it... MONEY! Not only can somebody gut your bank for gold and unbound items but the account itself can be sold as well. I'd provide some exciting links but frankly I really don't trust most of these sites so I'm not about to send you to them. Recent attempts at stealing WoW login data have come from innocent looking digital picture frames purchased from Best Buy. Worse yet this is not the first time hardware has come from China packed with a covert threat to Azeroth. Last year it was a Maxtor hard drive. But wait there's more. Even WoW information sites have packed a malicious payload.

The biggest problem with wanting to download a WoW patch from the Internet is that you have no way of knowing what you have until it is too late. Even after it is too late you might not realize the full extent of the damage until you find you can't log in to your account. Some game companies release the exact hash value (unique identifier) for each patch thus allowing players to verify the hash of a downloaded patch prior to running the executable on their computer but Blizzard has chosen not to. I'd like to see Blizzard offer more than one option to their user community in order to help stem the tide of malware that affects their customers.

There are indeed third party sites that attempt to provide legitimate options for downloading WoW patches but they do not (can not and should not) try to take responsibility for the actual content of the file you download. Take careful note of the disclaimer at the top of the wowwiki mirror site in the link above. File sharing networks like the Pirate Bay also contain links to alleged WoW patches but the spread of malware via these methods is so pervasive that is not hard to find comments added below a torrent link by other users such as "WoW virus you suck" or my personal favorite "Even if it isn't a virus you are highly retarded and should never post torrents again. In fact, throw your computer out the nearest window and die." Once again I'd provide links but these pages have live links to suspected viruses so you'll just have to trust me.

So there you have it. Downloading random .exe files is like chewing gum you found under your seat on the bus. You might not get sick, but don't go bragging to your friends about it.