So, what are my chances of getting keylogged on this site?

Icheatatgolf · 04-26-10, 04:54 PM

Or Curse for that matter. I've just downloaded a few addons from the "Trusted" sites, being here, and Curse.com.

I'm somewhat of a new player, so I don't want to put in hours of play time only to have my account trashed 3 weeks from now. So, Just how safe are the addons from these sites?

I always do manual installs, and I don't mess around with .exe's. I may be a little over paranoid I guess, but you hear about someone getting keylogged pretty much every day. Currently pasting my password into the game window instead of typing it.

Edit: Also, I just downloaded the Gatherer Database, and in-game, it had to "Import the data" which would likely be a perfect opportunity to import a keylogger as well. Just throwing that out there.

Icheatatgolf · 04-26-10, 05:07 PM

The deadness of these boards is certainly reassuring...

Eas · 04-26-10, 05:31 PM

Last I saw, all the addons submitted on this site are opened and taken apart by the moderators before being authorized for download. Dunno if that's still true, but this site is perfectly safe.

2amcoffee · 04-26-10, 05:35 PM

You waited a whole 13 minutes before being snippy about replies?

You seem to have a good start in regards to keeping your account safe, but there are many more steps you can take - Here is a good resource from Blizzard regarding the matter http://us.battle.net/security/checklist.html

I realize that you may not be a coder yourself, so please refrain from making ignorant posts about how the scripting used for wow mods work and what they can and cannot do. If you feel that you cannot trust any specific addon, feel free to drag it from your WoW folder and into your Trash. Remember that not a single mod on this site is mandatory for you to actually run the WoW client.

PS. If you do have a keylogger on your system, Copy-Pasting passwords isn't going to keep you any safer than manually inputting it.

Sunhead · 04-26-10, 05:36 PM

The chance is pretty low.
Both sites AV scan their add-ons when they are uploaded.
IMHO I have never trusted the Addon Manager programs people have published. I prefer to download and unzip my addon files myself. That way I know where all the files are going.

As for things like the import in gatherer, that all happens inside the LUA Sandbox so its not possible to actually infect a computer from inside the game.

You will get a keylogger from a self extracting executable file or from just visiting a poxy site while your computer's security is compromised. Those poxy sites can be found in the phising scam e-mails you will eventually get sent to the e-mail you use to register with WoW related websites, so pay attention to the actual URL of any link you are clicking on.

Shadowed · 04-26-10, 05:45 PM

Originally Posted by Eas

Last I saw, all the addons submitted on this site are opened and taken apart by the moderators before being authorized for download. Dunno if that's still true, but this site is perfectly safe.

Correct, we look at the files inside an addon as well as doing a virus scan before approving them. Any addons with an exe or dmg file are manually checked to make sure they aren't doing anything unnecessary. People who post saying they downloaded addon X and later that day their account got compromised more likely were infected months ago before somebody used the password information to steal an account.

Icheatatgolf · 04-26-10, 06:09 PM

Thanks for the responses, guys.

Originally Posted by 2amcoffee

You waited a whole 13 minutes before being snippy about replies?

You seem to have a good start in regards to keeping your account safe, but there are many more steps you can take - Here is a good resource from Blizzard regarding the matter http://us.battle.net/security/checklist.html

I realize that you may not be a coder yourself, so please refrain from making ignorant posts about how the scripting used for wow mods work and what they can and cannot do. If you feel that you cannot trust any specific addon, feel free to drag it from your WoW folder and into your Trash. Remember that not a single mod on this site is mandatory for you to actually run the WoW client.

PS. If you do have a keylogger on your system, Copy-Pasting passwords isn't going to keep you any safer than manually inputting it.

I realize I was a bit aggressive in my post, it's just a side effect of my paranoia. And I know copying and pasting my password probably won't do much to protect against it, even if I never entered it whole before getting logged.

A lot of these addons almost ARE mandatory, due to their sheer usefulness. I really do appreciate the effort put in by all the authors; I just wish people weren't so damned greedy and malicious.

2amcoffee · 04-26-10, 06:22 PM

Originally Posted by Icheatatgolf

Thanks for the responses, guys.

I realize I was a bit aggressive in my post, it's just a side effect of my paranoia. And I know copying and pasting my password probably won't do much to protect against it, even if I never entered it whole before getting logged.

A lot of these addons almost ARE mandatory, due to their sheer usefulness. I really do appreciate the effort put in by all the authors; I just wish people weren't so damned greedy and malicious.

No, none are mandatory for WoW to actually run. There may be add-ons that are useful and helpful, or just plain fun, but none are 100% required for World of Warcraft to start up and allow you to connect to a server to play.

Being a former tech support lackey for an ISP, this is a giant sore spot for me. What goes on in your computer and your browsing habits are YOUR RESPONSIBILITY. Some caution when you go browsing the web is fine - full on paranoia with fingerpointing at invisible boogeymen aren't going to help you actually be secure.

Take the time to learn about what these malicious programs really are, how you can secure yourself and your data from it, and implement your own computer security instead of taking the easy way out and blaming sites like WoWInterface and Curse-Gaming.

**Seerah** · 04-26-10, 09:29 PM

Originally Posted by Icheatatgolf

Edit: Also, I just downloaded the Gatherer Database, and in-game, it had to "Import the data" which would likely be a perfect opportunity to import a keylogger as well. Just throwing that out there.

Just to clarify something, the "Import" is to import the nodes (saved ore/herb/etc. spawn points) from the database into Gatherer. WoW is a sandboxed environment. Nothing can get in or out while the game is running, and stuff (saved variables) is only written to specific files when logging out or reloading the game.

Ferous · 04-29-10, 10:08 AM

Just to add this -

Most keyloggers obtain your information months before they even do an initial attack. They save your information for later use, because they don't want you to realize where you got it from :P Or so I think, anyway.

Sepioth · 04-29-10, 03:04 PM

Another way to protect your account is to spend $6.50 USD on a Authenticator. This will add a random secondary password to your WoW account. (In game and at battle.net). While it is not 100% guaranteed to protect from a hack it is virtually impossible for someone to get into your account with one. One would need to be watching you with a keylogger an IMMEDIATELY access you WoW account and change your password before the random secondary password changes and since most keyloggers do not get your info immediately getting hacked with an authenticator is pretty much never gonna happen.

The authenticator password is in sync with the Blizzard server and is unique to you. The password changes every 20 or so seconds. When you add one to your account the WoW login screen adds a third line to enter the authenticator password.

Bluspacecow · 05-01-10, 12:00 AM

@2amCoffee

I've only just reviewed this post now due to Ferous bumping it (/friendly bonk)

Frankly I thought your initial response was a tad agreesive. Seems to me you practically bit the guys head off.

Now this is not a personal attack or anything just a suggestion on how you can change for future postings. It's also a sort of general tip for everyone who reads when answering people's posts.

Do not post in anger. Do not give into that sort of energy. Don't post when angry or upset. Try to take the higher moral ground , not in a condescending manner but in an informative , helpful way.

Torhal · 05-01-10, 12:08 AM

I refuse.

Bluspacecow · 05-01-10, 12:09 AM

OP your concerns are somewhat unwarranted.

There are a lot of measures in place to prevent keyloggers here on this site. There are also a number of technical reasons why addons can't log your keys which i have detailed at this post here :

http://bluspacecow.livejournal.com/2440.html

One thing tho : Make sure your keep your Flash player updated. Keyloggers have been known to "sneak" in on a addon site's ad stream. Most sites don't have that much control over what's displayed but can get ads removed once reported.

Curse and Wowinterface are pretty vigilant on this front but it always pays to keep Flash updated just in case

Finally : stop copying and pasting your password in. It's actually fairly trivial to get the contents of the pasteboard (this is the area of the memory where your copy and pastes go).

The pasteboard isn't protected and getting the contents of it is ridiculously simple - one little bit of code assigning a variable to the contents of the pasteboard.

All modern keyloggers would start grabbing the contents of the pasteboard when you have the wow client open.

voodoodad · 05-01-10, 03:11 AM

Originally Posted by Torhal

I refuse.

AGREED!! If I never posted in anger, then I would never post at all!

Give me TROLLING, or give me death!

***Cairenn*** · 05-01-10, 03:20 AM

Behave boys.

voodoodad · 05-01-10, 03:31 AM

ok...

Until I win the bidding war, and OWN Canada! Then you, and all your Canuk friends will be my MINIONS and you will HAVE to do my BIDDING!!!!

MWAHAHAHAHA!!!

/cast banhammershield

/cast runawayasfastasIcan