1. SteamRep is shutting down at the end of 2024. See announcement.

Guide to prevent hijacking.

Discussion in 'SteamRep Guides' started by SilentReaper(SR), Jun 8, 2012.

  1. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    Well, lets start first things first.

    Security on your account is dependent on a number of things:
    - You keeping your computer clean of virusus, trojans, keyloggers etc by having a good antivirus and ant-spyware program running.
    - You keeping a firewall up to prevent intrusion.
    - You not allowing someone else using your computer and/or steam accounts or ANY other accounts. Not even your brother/sister/father/mother/son/daughter/sibbling/family/friend/lover or w/e relation you figure out.
    - You not giving anybody any info that a hijacker can use that includes: steam login name, email address, password. But that ALSO includes the "recovery email address", so you CANNOT use your NORMAL email for that EITHER.
    - Keeping severed any links between any registration that is important. In short: do not use the same email to register AND your steam account, and ALL the spammy spam sites to register for some obscure thing.
    - You not logging on onto other people's computers, as you dont know their security policy/status, if that computer is infected, you deliver it right to them (not to mention password saving, activating the steam account there, logging into your mail there to activate steamguard protection access on there etc).

    So the core words are:
    - Real Security (antivirus/antispyware/firewall)
    - Obscurity (to increase the difficulty by not telling/showing anybody the login name, password, emails used etc)
    - Separation (between "every day usage" and secured stuff, and even between those)
    - Awareness.
    - Smart.

    Its no issue if your day-to-day email has a low grade password. As long as your entire online life isn't hanging on that one email address. For then you have a problem if ever your email get hijacked and aren't able to (fully) recover it.
  2. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    So, first step.

    Anti-virus, Anti-spyware, hosts, firewalls.

    If you adverse to such, we're done talking. There are these people who really believe they have full control over their computer, which isn't true. As soon you open a website, a vulnerability may be exploited. Adobe Flash and Java and browsers etc are updated very regularly for these reasons. The only REAL way to NOT be infected is by never connecting a computer to any network or internet, and wreckage the USB/firewire ports, Floppy drive, cd/dvd drive, eSata ports etc.

    As that is not feasible, you need to install protection against virusses, trojans and spyware.

    Start with a good antivirus product.

    Please, don't consider Microsofts's Defender anything else then a mistake. Its never to be intended as a full protection of one's computer.

    My personal opinion is, if you dont understand how your security works and how you need to maintain it, then you have no security. For you dont know what is scanned, checked etc. As I cannot help in that regard (getting you to understanding your security) I'm only giving some pointer in good defense for free. I'm not saying its the absolute best defense, but it gives a good defense and allows some leeway.

    http://en.wikipedia.org/wiki/Antivirus_software

    Antivirus

    If you have currently a paid alternative, please keep it, for most "known" antivirus programs are pretty good (just not MS's defender crap). Just go thru the programs option and check its options and if that is optimal for your use.

    http://www.avast.com/
    Good, free antivirus program, once installed, you need to register for a 1 year free license. This can be done within the program. And after that year you can simply re-register again for another year indefinitely. It doesn't include anti-spyware options (unless paid, but see below for that). Let it scan the C:\ drive

    A Paid good alternate option:
    http://www.eset.com/
    Eset Smart Security is a combination of:
    - Anti-virus
    - Anti-spyware
    - Firewall

    ----

    Anti-Spyware
    Anti-spyware is absolutely not the same as a anti-virus application. Please don't confuse the two different angles of protection. By definition, a virus is a very different animal then spy-ware, rootkits, keyloggers etc. That some anti-virus scanners detect these, doesn't say that they will be scanning for all spy-ware. As a matter of fact, no anti-spyware is doing the same either. Which means you need multiple anti-spyware solutions to check on the full diversity. If you ask why, thank Symantec for it, for they torpedoed the anti-spyware consortium. ( http://www.safer-networking.org/en/news/page-42.html cant find the follow up articles anymore but it ended up in the ASC being a toothless organisation, and never a inter-anti-spyware cooperation on having everybody detecting all the crap after some time.)

    SpywareBlaster
    http://www.brightfort.com/sbdownload.html
    See http://en.wikipedia.org/wiki/SpywareBlaster for a explanation of its working. Its free if you manually update it. About every week a update is provided for download within the program to update and secure.

    Spybot S&D
    http://www.safer-networking.org/
    Spybot S&D is a free anti-spyware program. After installing it and updating, go to the "Immunize" option and let it run to check, and then apply it. This is additional to the SpywareBlaster item. Tip: do not install the "Teatimer", for its mostly nagging, and after a while it loses its effectiveness by that any user will get on auto-pilot after x times the same message on program x trying to change y on z. Do run a scan with it to scan the C:\ drive.

    SuperAntiSpyware
    http://www.superantispyware.com/
    I use this one mainly for scanning, so I dont keep their stuff "active", go thru the options to prevent it to load at startup.


    Combofix
    http://www.combofix.org/
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Combofix is a application intended to remove infections or at least enable you to do so.


    ----

    MVPS Hosts
    http://winhelp2002.mvps.org/hosts.htm
    MVPS hosts is a hosts file, the full explanation is on the link, read thorough before adding it. I myself recommend using the program linked on the bottom of that page to update it automatically. Its named "Hostsman", and I reccommend to set it to update regularly and ONLY for the MVPS hosts, not for the other 4 or so sources for hosts, for that will cripple your internet too far. You need to manually configure to get it to work fully automatically. Updates to this hosts list are provided on average once every 2 weeks. Some sites have problems with this, for they use external rebounce links to stats (you click on a link on a page, that link goes to a stats site, that "counts" you, and then bounces you back to the site. The better method is for the site to have on every page a loadable module added. If that is blocked, it doesn't hamper the site's working. I normally send a email to the webmaster that I'm not going to lower security on my computer to overcome their crappy site).

    ----

    Firewalls
    http://en.wikipedia.org/wiki/Firewall_(computing)
    Firewalls prevent external hosts to talk to your computer and internal applications to talk to the external world, which you configure to let thru applications that should have such access. For instance, you want your browser and your games to connect to the outside world. You dont want unknown applications talking to the outside world, you dont want unknown external parties to talk to your computer unchecked. By installing and configuring a better firewall then the default Windows Firewall, you can keep control on what application can get to thru, and what is allowed in. As there is a lot of differentation between firewalls, and what needs one has, its hard to give a good advice. The highest levels of security are those that only allow specific processes (applications) to talk with the outside world. They aren't always the easiest to configure.

    http://en.wikipedia.org/wiki/Comparison_of_firewalls

    As I said before, one should know their protection, to be able to understand their messages, and be able to configure it correctly. I can make a manual up to the notch on how I would configure it, but that would get outdated as soon as one of those would get updated.
    Melkor likes this.
  3. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    System & Browser Protection.

    System protection.
    Well, if you don't update your computer you wont be protected for windows vulnerability based attacks. Configure windows Update to automatically update your Windows installation with hotfixes and service packs etc. A option in that is to enable "Microsoft update" in Windows Update, which basically means that it will update all Microsoft products installed on the system, and not only Windows. It will include in the updates then also MS Office and other manual to install applications from MS.

    Browser protection.
    Browsers need to be updated and protected, for they have many ways of doing harm to your privacy and even attack vectors to get your computer infected.

    Internet Explorer.
    The one thing it got in advantage is that it often is updated along with the Windows Update feature. So its not outdated often. Only outdated probably in a work environment where desktops are secured. No idea why these almost always seem to be on IE 6 with Windows XP, probably a lazy System Admin.

    Google Chrome.
    I'm not using this one, but I read that it updates itself automatically, so people wont be on a outdated browser with it.

    Mozilla Firefox.
    Firefox updates itself, it got a bit ridiculous with the main version updates that do not update much in functionality really. Firefox is now on version 13, I have no doubt that when a bug fix is done, we will be on version 14 for that, instead of 13.0.1 or w/e.

    I'm a avid Firefox user, and use a bunch of stuff with it:
    I'm using a plugin called "NoScript" which blocks per default on any new site I visit the scripting including on it. On sites I'm on regularly, the plugin wont scream, for I allowed those already. so after a while you only will notice it on new sites, and you will be aware on how many sites some pages have linked in... the most I've ever seen was 47 different sites on 1 page.... of course I didn't trust any of them, so I left it and went searching for better.

    I have no doubt there are similar security features (like NoScript) for Chrome and/or Internet Explorer out there, either in the browser itself, or a plugin, I'm just not going to find all those. Google worked last time I checked, so it should be a fast search. If not, then there is a problem with available features for it.

    I'm also using a plugin called "Tab Mix Plus" which is enhancing my browsing experience (I like to open new tabs on almost every occasion instead of reusing current, and the chore to open first a tab, and then google, click a bookmakr etc is too annoying). I cant without anymore, if I'm on another browser, its a real pain for missing those automatic opening a tab for a search, clicking a bookmark, etc.

    Also, as I'm often for hours behind my monitor, I like dark themes. So I have currently the "FT DeepDark" theme installed.

    Browser Additions.
    Sun Java.
    Java is a programming language which is used in websites to program applications. As such, it has its own vulnerabilities and it needs to be updated regularly.

    ActiveX

    Internet Not Compatible Explorer supports ActiveX components, whole loads are plain hijack tools which they try people to intstall. As they can set itself to "not removable" those are a pain to get rid of. Its for me the main reason to NOT use IE.

    Microsoft Silverlight
    Competition for Adobe Flash. If you have enabled Microsoft Updates, it will update this as well.

    Adobe Flash.
    Adobe Flash is a animation tool, but entire sites can be build with it. As it has its own vulnerabilities, it needs to be updated....


    Adobe Shockwave & Adobe AIR
    Shockwave is a multimedia plugin for animation and interactivity and AIR is a application platform for web applications. Both need their updates as well. If you have 'm installed that is.

    For adobe stuff, often a auto-updater is installed along with it, so not much problems with those. Some people have the habbit of disabling the updates of these plugins. But they are needed for the security of your computer.

    Other plugins for browsers
    Depend on the plugins etc, Its a good habit to keep 'm updated.


    The idea is, to have a different browser then the most attacked ones. And if you like the particular browser, secure it. As Internet Explorer, Firefox and Chrome are the most used ones, those get the biggest beatings in attempts to hack them. Be aware and take your precautions. By having a less used browser, you make it harder/less often attacked vector to your computer (but bigger holes in them). Or better put: the standard attack vector to Internet Explorer wont work on your Firefox or Chrome browser. This goes for other attack vectors as well. If they attack Firefox, this wont work on Chrome or IE etc. You can go for one of the smaller browsers, almost nobody will build a attack to those for the user-base is too small, but at the loss of compatibility/functionality, that is often the trade-off.

    Make no mistake, every browser has their merits, and their weaknesses. Bigger browsers get more attention to bugs and exploits and the smaller ones are attacked less, and inherently have a bit less attention to exploits, for these have to be found first..
  4. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    couple replies for later writing.
  5. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    couple replies for later writing.
  6. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    couple replies for later writing.
  7. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    couple replies for later writing.
  8. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    couple replies for later writing.
  9. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    couple replies for later writing.
  10. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    couple replies for later writing.
  11. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    couple replies for later writing.
  12. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,900
    SteamRep Admin:
    STEAM_0:0:89705646
    updated a bit on the browser stuff.
  13. HAK

    HAK New User

    Messages:
    71
    Steam:
    STEAM_0:1:29044036
    I may be a bit late to the party but... teamviewer has been a notorious way to get hijacked and lose control of one's steam account.

    I am not sure if this problem still persists, but anyone that asks to use teamviewer to do a trade just say no.
  14. DataStorm

    DataStorm Retired Staff

    Messages:
    3,372
    ehm, teamviewer isn't advised at all, only for those that know and trust eachother.

    Also, its susceptible for MiM attacks, so I would suggest to only use it incidentally, not installed as a service etc.

    But that isn't entirely only TeamViewer, its also problematic with other remote desktop solutions. With such the entire path of communications should be secured with VPN tunnels, etc to make it fully secure.
  15. DJ_Machine

    DJ_Machine New User

    Messages:
    19
    Steam:
    STEAM_0:0:40896779
    None of this will stop a targeted attack.
    Only users who install team-viewer incorrectly or with default settings are exploited in this manner Don't be ludicrous.

    Disable HTML MOTD's When visiting new or untrusted servers should be your first bit of information.
  16. DataStorm

    DataStorm Retired Staff

    Messages:
    3,372
    Few things will, and Silentreaper was planning to expand it, but he's inactive atm.
  17. CanadianInvasion

    CanadianInvasion Retired Staff

    Messages:
    2,378
    Steam:
    STEAM_0:1:11860924
    Excellent point brought up, however it is still something of concern if the conversation arises. Simply put, the odds that someone using teamviewer or similar program for a trade is likely up to no good. The best thing to do is decline and report.

    Hidden Content:
    **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).**
    DataStorm likes this.
  18. jambola2

    jambola2 New User

    Messages:
    1
    Steam:
    STEAM_0:1:49109687
    Norton 360 - Combined antivirus , internet protection , anti-spy ware , firewall and backup management .
    A must use .