Guide to Account Security by Nasshingu

DISCLAIMER
This article is intended to help protect FFXI users against the growing threat of account theft. While there are many different perspectives on how to handle each and every situation presented in this article, please understand it is simply offered as friendly advice and Wiki nor any other contributing author can take responsibility for the consequences of your own actions. If you are not prepared to risk your machine and its configuration, do not attempt anything found in this article or anywhere else on the internet. And for those who wish to contribute to this article, please understand that not everyone is perfect and not everyone can afford everything to make your solution as true as you would like it to be. Therefore, use caution when editing someone's contribution just because your solution sounds like the most ideal solution available.

*** Please Note ***
The following is a list of actions players (mainly on PC) can use to better protect themselves against account theft. It is not crucial that you do everything on this list, it may not be needed at all depending on your specific configuration. However, it could be suggested that a combination of these items (as many as possible) would be ideal in preventing against account theft. Therefore, if you are unable to implement a particular item, just try to do as many as you feel comfortable in doing. If you feel you are going in over your head, please seek further assistance before attempting to make changes to your computer. You can seek help from various respected support communities online, or just find someone in real life that can help you. Please remember, this site is not a technical support community.

Preventative measures

 * 1. Use a POL viewer password that does not match your FFXI password.

When you first login to the POL viewer, it is only asking for your POL viewer password. This password does not require as much security. If there were a key logger running on your system, this password would not breach your FFXI account. If you ever forget your POL viewer password, you simply need to reinstall POL Viewer. If you forget you FFXI password, you will have to call SE Support.


 * 2. Use the new POL software keyboard to enter your FFXI password.

If there is a key logger running on your system to record keystrokes, it cannot detect what POL virtual keys you are entering.


 * 3. Use the new security measures and store your FFXI account password info on an external USB drive. 

This will store all password information on an external drive that will be used only when you plug it into your computer. Therefore, if a hacker makes his/her way into your computer through a “backdoor” or otherwise, the sensitive data cannot be accessed because the data is not physically available. It’s a nice idea, but like everything it is not foolproof. This option is designed for those who have to share a computer or for those who leave their computer on all day long. It does not protect against everything.


 * 4. Install anti-virus and firewall where available. 

If you do not have access to a firewall and/or anti-virus application that you can install, then you can always look for the free versions. AVG makes a good anti-virus that is free.

Also keep in mind that another background application is going to put at least some additional stress on you computers CPU. Therefore, if you machine is barely able to run FFXI from the start, adding an AV/firewall or anything else that you don’t have could make your system run slower. If you are unsure, find your local computer nerd and ask him/her for advice.

Windows firewall is not a proper firewall. A good firewall will block scripts and even advertisements from reaching your PC. Such applications like Norton or Zone Alarm or even AVG (which is not free) can help protect you. If you can get a good hardware-based firewall, then that is the way to go, but most of us cannot afford that. If you get a software firewall, make sure you use their update function automatically or at least once per week.


 * 5. Install Spybot Seach & Destroy. 

Spybot Seach & Destroy is a nice application that can detect a lot of malware applications. But one of the more useful features of this application is the Tea Timer. The TT is a background application that runs all the time. It will alert you if any changes are made to your registry. The high majority of worms and Trojans out there are designed to start when the computer starts. The best way to do that is to add themselves to the system registry because they still remain hidden at a normal glance. If TT detects and changes in the registry, you will be alerted and prompted for action. Therefore, if you are only visiting a web page and the TT says that something is attempting to alter your registry, you can be more confident that you do not want this change, and you can tell TT to deny the change. Spybot is a free application, the link is posted at the end of the article.


 * 6. Use FireFox or something other than IE. 

This is not foolproof, but it does help reduce your odds of becoming a victim from viewing a page with malicious code. The high majority of operating systems in the world are Microsoft Windows, and Windows comes standard with Internet Explorer. Therefore, most operating systems use Internet explorer by default. Thus, the absurd majority of malicious code is written for IE. To avoid being a part of the overwhelming majority, just use FF or Opera or another browser out there. You could even use a Macintosh, but I don’t think SE makes FFXI for Mac.


 * 7. Don’t trust other FFXI apps.

Yah they are out there and for the most part they are harmless, but the fact is you never know. You just can’t be sure from where and whom you are getting the programs from and what they are really doing to your computer. So if you decide to download the misc programs like the model viewer, or the music converter, or even the unofficial/illegal windower, you are running it at your own risk.


 * 8. Constantly update your browser plug-ins or disable them. 

The recent wave of infections were caused by the recent exploit found in Adobe Flash Player. However, the only way to become a victim of this exploit is to view a web page that is running a flash object (typically an advertisement) on a computer that has a vulnerable flash player plug-in installed. Those that updated their flash player in time were not affected by the latest attacks. However, there are plenty more vulnerabilities that you should look out for. ANYTHING that uses Internet Explorer as its main interface is generally referred to as a plug-in or add-on. Therefore, Windows Media Player is a plug-in, Quicktime is a plug-in, Flash is a plug-in, and there are plenty more. Because quicktime is installed with iTunes, you need to make sure Quicktime is updated whenever iTunes is updated.

Or, if you just want to avoid all this nonsense, you can just uninstall all those plug-ins. IE7 has an add-ons area that allows you to disable each plug-in. Disabling plug-ins may convert the internet to a very boring place (eg. YouTube wont work, and thus myspace will be very dry), so be warned.


 * 9. Never believe any requests, for any function in the world, where the organization in question is asking you to provide your login/account information, or click the link they have provided. 

This is called Phishing and it is a form of social engineering. If you have ever used ebay or better yet AOL, you will recall the warnings they sent out informing its users that AOL will never ask you for your password.

This is true because they don’t need your password to access your account. They are admins, they already have access. Even FFXI support wont ask you for a password, they ask for your billing address. Nowadays, users will receive an email saying there is a problem with their account and if they provide their correct login username or password within 24 hours, their account will be terminated. That one had a few people panicked, but some saw thru it.

Another similar method involved a similar email sent to a user where the email basically said the same thing, but it asks you to click the provided link to login to the system and verify your account information to prevent it from being deleted. What the user cannot see is that the actual link http://www.webpagename.com doesn’t really go to webpagename.com. It actually sends you something like http://192.168.99.66. However, the page that loads in the web browser looks exactly like the page they are expecting to see. Therefore, the user attempts to login to the decoy site, but after attempting to login, it tells the user there is a system issue that is preventing this action and they can try again later. But what really happened is the username/password fields were really an online form that sends the information using email to the site author (aka hacker). This method was highly popular for bank sites like Bank of America and about 2 years ago started popping up (heavily) for Paypal.com.

Another rare method of obtaining your account information is the promise of an upgraded account. In the days of AOL, everyone wanted the special privileges that the AOL admins had. Certain people promised that if they provided their account info, their account would be upgraded within 24 hours. In some cases, an email chain went around with an EXE attachment. When the attachment is run, it asks you to enter the account info to upgrade your account. When doing so, the application sends an email to the author with your account info. So if you ever get offered the powers of a GM, don’t believe it…report it.


 * 10. Set your web browser security to HIGH. 

This can get very annoying, but it’s the only thing you can do in most cases if you are not familiar with computers. Every time a security risk is encountered, the browser will ask you if you want to do this and continue, or it will simply block it by default. Every page asking you to confirm can get bothersome as it does for me. If you don’t have a good firewall (and windows firewall is not a good firewall), then high browser security is recommended. If you cant do this but still want to protect yourself, you could always use another computer to browse the internet, if you have one available. You can look up browser security on the internet for additional assistance.


 * 11. Update windows automatically, or once per week. 

You can set this option in the windows control panel. If you don’t know where it is or how to use it, please search for help online depending on your Operating System. If the automatic updates are not downloading and installing them automatically, then make sure you do it once per week. Also be sure you are running the latest service pack for your OS.

Links

 * SpywareInfo.com - One of the best anti-spyware sites around.
 * SpyBot - Search & Destroy - Uses the TeaTimer which detects changes in your registry.
 * TrendMicro HouseCall - Trendmicro's free online virus scanner. Works with IE and FF.
 * BitDefender Scanner - Bitdefender's free online virus scanner.
 * AVG - Free Anti-Virus application.
 * Kerio Personal Firewall - Free firewall, but limited in its features.
 * SpywareBlaster - A free tool that helps protect your PC from spyware.