Greetings,

As you probably figured out from Matt McCormack’s post, and Jeff Williams' post; there are a lot of Game PWS (password stealers) out there. I decided to do a post on how you might prevent these PWS from infecting your computer.

1. Run up-to-date antivirus software. I know us gamers hate the performance penalty AV software can cause, however; we also hate the idea of the item we slaved for days disappearing on us as well. I have seen suggestions of just disabling AV while running the game, however; I know I’m always alt-tabbing to websites looking for clues to the next latest puzzle. I have had Zlob try to infect me while browsing for game hints before.

2. Run two factor authentication if the game allows it. More and more games are turning on two factor these days. What is two factor authentication? A device like a smartcard, or a device that outputs a PIN number you have to enter as well to login to the game. So if someone gets your password, they have to also get your special key!

3. Run up to date browsers and add-ons! Keep your web browser and other applications up to date, since malware loves to exploit the applications you have installed on your machine as well as the browsers. If you have Windows Vista, I suggest you leave UAC on. UAC definitely helps protect against attacks as Internet Explorer runs with low rights to help prevent exploits from installing software on your machine.
 
4. Run as a limited user. I understand as a gamer it’s a pain, since most games don’t want to run as a limited user. Vista UAC also helps with this, as the default user is a limited user.

5. Firewalls are very helpful in preventing people from coming from the cloud and infecting your machine. I suggest you keep your firewall or router up to date as a preventative measure. They won’t prevent the exploits from infecting your machine, but it’s a good way to prevent people from coming from the outside into your network if you do accidently infect your machine.

6. Never log into your account, unless you’re on a machine you trust. I’ve personally seen people log into their game account on public computers before. I personally would never ever log into a computer I didn’t know all the users who’ve used it before me. I also will never share my password, because the person you trusted with your password might login from an untrusted computer.

7. Don’t download random cheats or cracks from some unknown server. As Matt stated, “NEWSFLASH: Not all cracks are actually cracks”. Malware authors have taken a lot of lessons from Troy; they make the cheat program look very enticing on a forum. I personally think people using aim bots or bots in general are missing out on the whole point of the game, but that’s a whole different blog post.

Note: there is a lot of bad information on how to prevent PWS from gathering your password. I’ve seen suggestions to use the remember your name function that some games use as a way to avoid game password stealers. This is false, Microsoft has samples that will scan the screen for the username box and copy what’s in the username box for their report.

Having your game password stolen can definitely ruin your day. I suggest you follow these tips so when you want to unplug, by plugging in, it’s a relaxing experience. ;)

I am also holding out belief in the cake’s existence,

Jeremy Croy