So I just checked my email and about half an hour ago I received two alerts that my WoW password had been changed. Obviously not my doing. I have since sent off the appropriate emails to Blizzard and plan to call their billing department first thing Monday morning.

However, I post this here in the Tech Annex because one thing is still un-accounted for and is REALLY bothering me. How did my account get "hacked" in the first place?

The first thought that comes to mind is a keylogger -- but I run a secure system; I have Norton (A/V and firewall) running all the time, and I frequently scan with Spybot, AdAware, and Windows Defender (and of course system cleaners, but those don't do viruses). I don't make trivial mistakes like installing unknown .exe files, etc. Nearly every piece of software on my computer is accounted for (that is, I can identify it and tell you how it got there and what it does).

My password was a strong password -- 13 characters of random letters and numbers; impossible to guess and incredibly difficult to brute-force.

Some interesting facts: Last night was the last time I had logged in to play. It was also the first time in a month that I had played -- I had re-activated my account last night.

I had recently scanned my system with adaware (full scan) and windows defender (quick scan) -- both turned up clean. I had (about a week ago) scanned my system with a free trial of SpySweeper (which wouldn't let me clean the stuff it found) and it brought up a list of "threats" but I dismissed them since no other scanner had found anything (and after all, this program was trying to convince me to pay them money -- what better way to get me to do it?).

So what do you guys think? What should I do now? If someone managed to get a hold of my seemingly secure world of warcraft account (which had one of my more complex and rarely used passwords), what else could have been compromised? More passwords? Credit card information? etc

The most common group of people in this world that get caught for illegally hacking private networks are people who work as office cleaners.
They don't use tricky hacking techniques, they just grab passwords that millions of people worldwide write on post-it notes and stick on the side of there monitor or desk or somewhere else just as silly.

It is highly unlikely that some one got your password by hacking your computer. It is most likely that the person that stole your account is some one you know.

I have never written the password down and have only logged in (recently) from my desktop computer when no one else was around. (And obviously I have never shared my account)

Just a wild guess, BM (and an absolutely confounding yet stupid one too). Have anyone watched you when you type in your password?

Recently, no. In the past my friends may have been able to get a glance, but the password is so long and complex (and I type fairly quickly) that it would be incredibly difficult to pick up by watching it being typed.

The reason I suspect it's a key logger of some kind is because I renewed my account one night, played for a bit, and then the very next night it was hacked. No one knew that I had renewed my account and it had been inactive for ages -- someone that had stolen my password in real life wouldn't know that my account had been re-activated. Maybe there's been a dormant key logger on my computer for a week and just when I renewed my account it picked up the password.

Either way, I've upgraded my Norton to Internet Security 2008 (not that it gives me much re-assurance, being norton and all) and it still doesn't detect anything unusual.

Just out of curiosity, have you ever placed an audio cd into your computer that asked you to install a special program designed for copy protection? If you recall the Sony BMG rootkit scandal (http://en.wikipedia.org/wiki/2005_Sony_BMG_CD_copy_protection_scandal), you should note that the "copy protection" was installed even if the user declined the license agreement. So even if you clicked "No, do not install," the software may be present on your computer.

This software hid certain system processes from the task manager and many utilities, such as spyware and virus removal programs, using simple pattern matching on the process name (I believe it actually hid any process starting with a dollar sign, but I cannot remember if this is correct).

As you can imagine, this behavior leaves a gaping security hole where an intruder could install a system process that you will never see and may never be caught by your system defenses. I would imagine that Norton, McAffee and company would have provided a means of detection by now, but I do not know for certain. The Wikipedia article I linked has a link to an uninstall program from Sony, if you believe you may need it.

Hmmm, thats possible -- I don't specifically remember sticking any audio CDs into my computer (recently) but the idea could still apply. I'm kind of suspecting that maybe there IS some sort of spyware hidden deep within my computer.

A norton scan the other day pointed out that my windows hosts file had been modified, but I checked it (I think) and didn't notice anything unusual (then again, I don't really know what to look for or how the hosts file works). Norton claims to have fixed the problem.

I wonder if it could be possible that I subconsciously managed to stumble upon a phishing site and tried to login, then when it failed I dismissed it as the faulty blizzard servers being down again.... But then again, I don't remember doing that (hence why maybe I did it subconsciously) -- but that then poses the question of how I could have gotten to a WoW phishing site.... I'm certain that I wouldn't have clicked a link in a fake blizzard email (since I always access the WoW site through my bookmark). Hmmm, where oh where did the login get stolen.....

On a side note, I've inferred that this "hacker" had stolen accounts before -- he had about half an hour in the account before I changed the password on him. In that time, he'd sent away most of my gold -- I notice he kept maybe about 30 gold on my character.... enough to cover auction house listing fees....

Today when I logged in I discovered what happened to my stuff and I think I now know why two of my bags were still full (while the others were completely empty). Apparently he had methodically gone through my bags and put anything of value up for auction, while deleting the junk. Today I got half of the auctions returned and a big pile of gold from the rest of the stuff. Because my first 3 bags were empty and the remaining two completely full, I suspect he was in the process of sticking stuff in the auction house when I kicked him out of my account.

So this guy was in it for the gold -- he sent away my money, then began to liquidate my items as fast as he could with hopes of returning later to pick up the gold they brought in. But there's one thing I don't understand -- he spent half of my honor points on some gear and re-arranged the action bars... as if he were going to play on my account. If he WERE in it just for the gold then he wouldn't have done that. But he didn't try to change the name or email on the account, just the password.... hmmm......

Blizzard better hurry up with this investigation, I called them 5-10 times today and their line has been busy all day.....

Edit: I've attached a hijack this log if anyone wants a look (I don't personally know what to look for, but I recognize most things on the list)

Looked at your HJT report, was going to call it clean until I found this:

C:\WINDOWS\system32\cisvc.exe
Would never have caught it since it is a normal windows process and most online directories of filenames will tell you it's clean, but according to one site (http://www.pcuser.com.au/pcuser/hs2.nsf/lookup+1/5758E98D521C2E5BCA256EA6002576CE)there is a keylogger that uses the same name. Could be your culprit.

Here is a link (http://www.2-spyware.com/file-cisvc-exe.html)for removal.

Damn, there getting tricky these people, it's an out right pain in the ass.

At least you can contact blizzard, verify your ID and get control of the account again, but even though. What a pain in the ass.

How many morons are there that use the internet that seem to have the sole purpose to stuff people over or even close down the bloody internet, its bloody madness.

Again my friends, hammocksleeper pwned you!

Back on topic:
You could also check for these little culprits in your web browser:

One Step Search - a little browser integration for 'easier' searches as described in its site but was suspected as an adware / trojan rootkit / keytrapper in 2007

eBates / eBates Moe Money Maker (look for it in your add remove programs too) - a dominant little creep that takes hold of every input to your system, allowing every keyword entered in the address bar to take you into an infected site. Also, there's this little invisible button on your browser's navigation bar that says 'eBates' when you hover your cursor over it. It's also a sure rootkit / trojan keytrapper.

My recommendation: Instead of wasting too much time and money (and eat up your CPU) on Norton (if you have acquired it legally :P), switch to AVG Free (http://www.grisoft.com/). Based on 2007 polls and surveys and conducted researches, currently it is the most reliable and efficient anti virus.

Looked at your HJT report, was going to call it clean until I found this:

C:\WINDOWS\system32\cisvc.exe
Would never have caught it since it is a normal windows process and most online directories of filenames will tell you it's clean, but according to one site (http://www.pcuser.com.au/pcuser/hs2.nsf/lookup+1/5758E98D521C2E5BCA256EA6002576CE)there is a keylogger that uses the same name. Could be your culprit.

Here is a link (http://www.2-spyware.com/file-cisvc-exe.html)for removal.


Hmm, the removal instructions want me to download Spyware Doctor, I'll run it in the morning to see if it finds anything and post the results here.

My Account was hacked, just like you said happened to you.
Email blizzard explain the situation, give them your WoW Account name (make sure u send the email from the email address you have your account was attached to).

They will reset the password, they did that for me.

AVG is your best bet, it'll catch just about anything.

My Account was hacked, just like you said happened to you.
Email blizzard explain the situation, give them your WoW Account name (make sure u send the email from the email address you have your account was attached to).

They will reset the password, they did that for me.

If you read the thread, I've already done that. The account is back in my possession and I'm awaiting item/gold restoration.

Holy shit. After a bit of googling, I found a website that markets keyloggers and similar filth to parents as a way to keep their kids safe. They've got one that can completely hide itself from the Add/Remove programs dialog and the task manager, and it seems that everything on their pages intercepts all input from the keyboard and stores it to text files.

This sickens me slightly. Knowing everything that anyone types on your computer is just asking to find out things you don't want to know. Seriously, set up a password and only let people use the computer with you in the room if you're that worried about it.

Holy shit. After a bit of googling, I found a website that markets keyloggers and similar filth to parents as a way to keep their kids safe. They've got one that can completely hide itself from the Add/Remove programs dialog and the task manager, and it seems that everything on their pages intercepts all input from the keyboard and stores it to text files.

This sickens me slightly. Knowing everything that anyone types on your computer is just asking to find out things you don't want to know. Seriously, set up a password and only let people use the computer with you in the room if you're that worried about it.

But of course, there's a lot of ways to prevent that. Take Deep Freeze (http://deep-freeze.en.softonic.com/) for example. Anything done on your computer, save files, logs, hardware software changes, destruction due to virus, complete registry delete, even format and FDISK can be undone just as easily by pressing the reset button. If you have your PC protected by it for example, your parents cannot delete it 'cause its password protected and stuff, and they can't log your keys even if they have the strongest keyloggers in the world, or even if they inject all of the virus in the world.

Holy shit. After a bit of googling, I found a website that markets keyloggers and similar filth to parents as a way to keep their kids safe. They've got one that can completely hide itself from the Add/Remove programs dialog and the task manager, and it seems that everything on their pages intercepts all input from the keyboard and stores it to text files.
Children are not adults and need protecting from both potential online predators and themselves. Parents have the right to keep there children safe.
Children need the internet for education and most kids want it for recreation.
But the bottom line is kids are kids, they are not adults and do not have an adults judgment or experience.
It's all very well to say "just teach your kids not to hand out private info" but the problem is that they still do.

But of course, there's a lot of ways to prevent that. Take Deep Freeze (http://deep-freeze.en.softonic.com/) for example. Anything done on your computer, save files, logs, hardware software changes, destruction due to virus, complete registry delete, even format and FDISK can be undone just as easily by pressing the reset button. If you have your PC protected by it for example, your parents cannot delete it 'cause its password protected and stuff, and they can't log your keys even if they have the strongest keyloggers in the world, or even if they inject all of the virus in the world.

(slightly off topic)

So wait, Deep Freeze will protect you against any key logger? How does that work? To my understanding, Deep Freeze is a program that simply resets your hard drive to an exact state when you tell it to (or on a set schedule, such as at boot up). How could that actually make it impossible for a key logger to work?

(slightly off topic)

So wait, Deep Freeze will protect you against any key logger? How does that work? To my understanding, Deep Freeze is a program that simply resets your hard drive to an exact state when you tell it to (or on a set schedule, such as at boot up). How could that actually make it impossible for a key logger to work?

No, it isn't off topic (if I'm correct that this topic should help you fight keyloggers in the future).

Okay, so here's how it works.

When you turn on DeepFreeze, it will 'freeze' your hard drive so that you can't make changes (i.e. save files, change settings, etc.) unless you turn it off. It can help you fight keyloggers because keyloggers work by creating a log file of everything you input on your keyboard, and send it on their server after you reboot ( or restart session). So, if you have DeepFreeze, the keylogger will make the log file, though after the reboot it can't send it to the server because it won't exist anymore. Same thing goes with viruses, they can't make any change in your system.

Any questions?

~Hope this helps XD

Oh well you wouldnt guess, but after like a month i got the latest WoW patch (my account had cred to jan), well guess fucking what, i cant get into mine either.

Blizzard are fucks, do u wanna know why cause im not gettin my account back lol, so much money waisted well it was waisted anyway, this is fucked argh anyway GW ftw

Children are not adults and need protecting from both potential online predators and themselves. Parents have the right to keep there children safe.
Children need the internet for education and most kids want it for recreation.
But the bottom line is kids are kids, they are not adults and do not have an adults judgment or experience.
It's all very well to say "just teach your kids not to hand out private info" but the problem is that they still do.

I should have articulated my point more clearly. This particular key logger had special features that would isolate text entered into web-based forms. While this could possibly be useful for a parent, it's still reaction rather than prevention. I would think that being with your children while they use the computer (prevention) would take less effort than sifting through a large pile of text after the fact (reaction), at least for the average parent.

However, how many users of this product are really concerned parents? A key logger that isolates input used in web forms practically hands personally identifying information over to whoever controls the spyware.

Suppose an intruder has brief access to your computer, rather over a network or by physically sitting at the keyboard. Give them around 30 seconds to a minute and they now have direct access to any information you type at your keyboard, with special highlights put around your social security number, bank account password, email password, and so forth.

Distributing software like this could be as simple as a putting up a self-installer on file-sharing networks and naming it as something with a high download count. Many computer users won't think twice before running the executable, and will assume the download just didn't work when nothing visible happens.

The promise of safeguarding your children serves merely to disguise a tool for stealing personally identifying information from unsuspecting users.

Okay, so here's how it works.

When you turn on DeepFreeze, it will 'freeze' your hard drive so that you can't make changes (i.e. save files, change settings, etc.) unless you turn it off. It can help you fight keyloggers because keyloggers work by creating a log file of everything you input on your keyboard, and send it on their server after you reboot ( or restart session). So, if you have DeepFreeze, the keylogger will make the log file, though after the reboot it can't send it to the server because it won't exist anymore. Same thing goes with viruses, they can't make any change in your system.

Ah, interesting. I suppose then the only way you could get hit is by managing to get a keylogger on your system AND entering sensitive information before restarting, AND if the keylogger program were set to send data before a reboot. But either way that's pretty cool.

Ah, interesting. I suppose then the only way you could get hit is by managing to get a keylogger on your system AND entering sensitive information before restarting, AND if the keylogger program were set to send data before a reboot. But either way that's pretty cool.


Yes, a key logger can send keystrokes on the fly (probably not a good idea since it would be more noticeable) or send them every 15 minutes or whatever the author decides on. In fact, they would probably rather send them after small intervals rather than waiting for a large amount of data to build up since transmitting that could be noticeable, too.

Here is a list of fake spyware cleaner programs.
It can help you defend yourself.
http://en.wikipedia.org/wiki/List_of_fake_anti-spyware_programs
Btw always use firefox for better protection online.

Also here is a list that can also help you.
http://resources.alibaba.com/article/204514/10_Tips_to_help_you_avoid_fake_anti_virus_software _scams.htm

On a side note, can someone PM me a link to a phishing site or two (I can't find any) so I can put this "Norton Phishing Filter" thing to the test? =P

BMB, just try a combination of letters (removing, trading or slight deviations) around the "MicroSoft" word onto your browser search and you'll be sure to find some nasty sites pretending to be MS's official one.
It's your call but not even with a program I'd want to try out my chances on purpose. :P

I would think that being with your children while they use the computer (prevention) would take less effort than sifting through a large pile of text after the fact (reaction), at least for the average parent.

Keeping your children in eye site at all times is just not possible. You don't need to be concerned with contacts you have identified, only new contacts and especially contacts that are using a third party proxy.
It's my job to keep my children safe while giving them the space they need to develop there individuality. There are people out there that would hurt my girl's if they got the chance, this is one of the very few weapons on my side.
However, how many users of this product are really concerned parents? A key logger that isolates input used in web forms practically hands personally identifying information over to whoever controls the spyware.

If its legit software from a legit company then I dare say most of them, scorned jealous partners as well no doubt. These products need to be installed and configured then password protected by the person that owns the computer. There not backdoor programs installed via dropper.
Spyware keyloggers have been around a long time now, we all know about them, they don't need to be manually installed, they don't need to be configured, they just pop on in without you even knowing.
Suppose an intruder has brief access to your computer, rather over a network or by physically sitting at the keyboard. Give them around 30 seconds to a minute and they now have direct access to any information you type at your keyboard, with special highlights put around your social security number, bank account password, email password, and so forth.

Very good point, I recommend installing a self configured keylogger on your machine, that way no one can do anything on your PC with out you knowing. :D

Distributing software like this could be as simple as a putting up a self-installer on file-sharing networks and naming it as something with a high download count. Many computer users won't think twice before running the executable, and will assume the download just didn't work when nothing visible happens.

Legit software is never installed this way, you know it I know it, this is not spyware, it is a security program designed to keep you informed about what is going on with your computer while you are away.
The promise of safeguarding your children serves merely to disguise a tool for stealing personally identifying information from unsuspecting users.

A legitimate security keylogger designed to observe your pc by your choice is some thing completely different from spyware.

Very interesting. Though, I would not encourage everyone to use 'legit' keyloggers. If I were to protect my children for harm over the internet (let's say, adult dating, chat, adult thingies, etc.), I'd just use good ol' site watchers.

For those who don't know what site watchers are, here's a quick overview of them:
A site watcher is a generally safe and secure program to log not the keystrokes (that'd be against privacy, IMO) but the websites visited by the user/s, the time they visited, chatrooms/IRC channels they joined, etc. so to protect them from potentially unwanted sites. There is no risk in your user/s being able to open the log/ger, it is password protected and requires administrative access. Another thing, they can protect users from sites flagged by their online communities, or sites flagged by the administrators themselves, so to prevent unwanted access to adult stuff or malicious content. These programs can also prevent execution of any script, including VBS, Java, etc.

For those who don't know what site watchers are, here's a quick overview of them:
A site watcher is a generally safe and secure program to log not the keystrokes (that'd be against privacy, IMO) but the websites visited by the user/s, the time they visited, chatrooms/IRC channels they joined, etc. so to protect them from potentially unwanted sites. There is no risk in your user/s being able to open the log/ger, it is password protected and requires administrative access. Another thing, they can protect users from sites flagged by their online communities, or sites flagged by the administrators themselves, so to prevent unwanted access to adult stuff or malicious content. These programs can also prevent execution of any script, including VBS, Java, etc.
You got any idea how old netnanny and the like is?
Plus most of these programs also offer keylogging and an entire host of other tools to help a parents keep an eye on things.
Who's privacy do you feel is being violated? These are my computers and these are my children. Not until I feel they are old enough and that they are ready to deal with potential threats will I stop watching over them.
Plus I have to say that I find the very suggestion that the only thing to fear on the internet for a parent today is inappropriate websites is laughable in the extreme.

Well there's got to be a fine line. When do you stop? Is your 10 year old "old enough?" -- 12? 14? 16?

My aunt, who is psycho-crazy, still watches what my 18 year old cousin does online. I think he got bitched at for clicking on some email he got that turned out to be a porn one -- this was while my brother was out west on vacation.

If you are interested in protecting your kids, use a whitelist. Block everything else. Deny them access to IRC, and be wary of IMing stuff, unless you have one that logs convos (like Trillian or something).

To go overboard and keylog and/or screenshot every single thing your kid does strikes me as overkill. Would you plant hidden camera's in your kid's room, hallway, the bathroom, the living room, etc...?

Don't get me wrong, I'm all for protecting your kids and such, but gosh =P

-Neo

Toucan, my main point was that a clever person can take a "legit" keylogger and use it as spyware. While the "family" version costs around $30, this site also offered a free version that places an icon in the Windows taskbar. But disabling something like that wouldn't probably wouldn't take more than an hour or two.

Then there's also the security risk that these programs create just by being on your computer. If one of these keyloggers, even "legit" ones, can completely hide itself from the task manager and other means of normal detection, then what else could piggy-back on that feature? If you recall the controversy over the SonyBMG "root kit" two years ago, it had a similar feature. To hide itself from the user, it discretely modified several components of Windows so that the system would not display processes starting with a certain symbol. As you might imagine, authors of real spyware were able to exploit this to hide their own malevolent programs.

When you install a program like this on your computer, you're first opening the door for stealth attacks that are not under your control.

Secondly, most of these programs store everything in plain text. Writing down your password is almost always a bad idea, and storing it on your computer in plain text is just asking for someone to steal it.

So you put this on your computer to monitor your children. One day they download something that opens a nice back door into your system. Before you even know about it, that whole log could be in someone else's hands. Every password your kids ever used (and if you forget to turn it off while you're on the computer, ever password you ever used) into someone else's hands with minimal effort on their part. These programs create an identity theft goldmine.

Think about Neo and Modred's posts, Toucan. We are just giving our suggestions, btw, so don't get us wrong. We're not trying to meddle with your kids' stuff. Also, I did not just mean that you should use site watches (or nannies as you prefer to call them) to watch over adult stuff. As you have said, that is truly highly laughable. What I meant is that you don't want to become so much involved in everything your kids does over the net. You don't want to know every little thing about your kid even if you are their parent, because even if you are the authority, your kids are still human, and they deserve some respect over privacy. The thing here is, what you are trying to do is breastfeed your children into safety, and lock them into forced honesty. IMHO, your kids should learn to be honest by themselves and not just forced to be.

Think about this:
If you were your kids, would you like it if you find out that your parents are spying on everything you do on your PC, even in your private life? Would you not think that your parents may have paranoia? Or would you think that your parents are not concerned about your morality and private life but for the safety of the PC?

Now, let me clear my self and repeat what I said: I'm not trying to meddle with what you do with your kids, this is just me and the rest of the guys suggesting about what we think of using anti-privacy overboard stuff on your kids.

Next thing, please let me be acknowledged that I'm only giving out my suggestions and humble opinions, and that I highly honor what your actions are and what your beliefs are.

Thanks.

woah, don't lump me in with you please, I was just commenting generally.

I'm thrilled Toucan is actually participating, a bit more fervently then I would myself, but then again, I'm not a father. And I'd wager that neither are you guys.

Plus you've got to realize we are talking about really young kids. Not like tweeners or anything.

god I hope not, because if they are tween-age then i'm old >:|

-Neo

Well there's got to be a fine line. When do you stop? Is your 10 year old "old enough?" -- 12? 14? 16?
I agree entirely, as I have said when I feel they are old enough to deal with potential dangers by themselves I will stop keeping such a close eye on things.
But understand one thing Neo, it’s not my children I am watching, its people she may speak to or things she may see on the internet.
My children are children, not teenagers.
My aunt, who is psycho-crazy, still watches what my 18 year old cousin does online.
I agree, that’s nuts.
If you are interested in protecting your kids, use a whitelist. Block everything else. Deny them access to IRC, and be wary of IMing stuff, unless you have one that logs convos (like Trillian or something).
I don’t let them use IRC and wasn’t going to let them use any IM program for some time, but I came home one day and my wife had set up a messenger account for her to chat to a friend from school, they where already swapping links (links about butterflies at the time) and practicing grammar and spelling in a very rapid and enthusiastic way.
After that I couldn’t really take it away from her.
Some times she meets other children through pen pal programs and the like, in the modern age this generally leads to IM messaging, I like to be sure who she is talking to is really another child, and then I’m happy.
But disabling something like that wouldn't probably wouldn't take more than an hour or two.
Why would you bother? There are many underground sites that you can download viruses, spyware, keyloggers and the tools you need to configure them.
Underground sites that distribute this shit have been around for a long time before products like this came on the market. Removing this product from the market would not reduce the numbers of distributed spyware and keyloggers. This is not the egg, it’s the chicken.
Then there's also the security risk that these programs create just by being on your computer. If one of these keyloggers, even "legit" ones, can completely hide itself from the task manager and other means of normal detection, then what else could piggy-back on that feature?
There are new security vulnerabilities being discovered all the time by hackers and software security providers.
Quite simply, what if someone comes up with some thing to “piggy-back” on wordpad, or notepad, or firefox.
You’re crying wolf.
Secondly, most of these programs store everything in plain text. Writing down your password is almost always a bad idea, and storing it on your computer in plain text is just asking for someone to steal it.
Hidden and encrypted or in plain text witch is it?
Every program I have looked at required a password to access any files it created. And they could only be viewed in the viewer that was part of the program. Plus my children don’t have access to any security critical passwords.
So you put this on your computer to monitor your children. One day they download something that opens a nice back door into your system. Before you even know about it, that whole log could be in someone else's hands. Every password your kids ever used (and if you forget to turn it off while you're on the computer, ever password you ever used) into someone else's hands with minimal effort on their part. These programs create an identity theft goldmine.
This is true of any program on your computer, vulnerability could be discovered.
The program logs can be flushed after each viewing. I do just out of habit, but its only if she chatting to a new pen pal I even view it.
Think about this:
Think about this:
If you where a parent would you like to go to the morgue to identify the raped, murdered and possibly partially eaten corpse of your child?

Now let me make some thing clear, I do not read my daughters conversations with her friends once I have established who she is talking to.
I do not deprive her of a private chat with her friends, as long as I know it is her friends and not some drooling freak pretending to be a child.
I don’t understand why you have a problem with my use of this software in this manor, I think I use it very responsibly.

Generally Toucan, I'd just not allow your kids to use Myspace (at all -- even when they are old enough -- hopefully by then myspace will be dead), and Facebook isn't much better. But IMing itself isn't that big of a deal, though you might want to be careful... Many people fall for the MSN or AIM viruses ("Hey is this you?" *click* "OMG MY COMPUTER ASPLODED!!!")

However Facebook is pretty useful in some manners (something to consider, possibly setting up a facebook for your kid(s) and then manage it yourself, until you feel they are old enough -- then again this isn't that big of a deal since it's doubtful your kids have changed schools and lost touch with old friends =P)

But yeah. Personally I figure the only way to really protect your children would be through a whitelist filtering system (Something that blocks everything except like "Nickelodeon" or Disney or edu-sites). I'm surprised often at some filtering programs that take a blacklist approach, since that seems pretty pointless to me (there will always be one site you've missed).

And to add on to what Modred is hyping, if that's even remotely a concern, just make sure to have a decent firewall installed. So if you see some program "keylogger.mailer.p.to.satan" you can block it from connecting =P

-Neo

And to add on to what Modred is hyping, if that's even remotely a concern, just make sure to have a decent firewall installed. So if you see some program "keylogger.mailer.p.to.satan" you can block it from connecting =P

firewalls are not for that.

software firewalls (which you imply) can easily be circumvented by malicious software (http://www.securityfocus.com/infocus/1840). besides most malware is delivered through using browser exploits or other active methods such as p2p, for which firewalls are useless for protection: the user has already allowed those kinds of traffic.

don't mislead people. firewalls are no magic protection from everything.

what firewalls are good for is controlling the types of traffic going through a common gateway. traffic analysis is a whole different beast.

... and possibly partially eaten ...
okay the rest of that statement is not funny, however i found this rather humorous in the context of the rest of your response. ;)

By the way, you'd be better off starting a new thread for Parental Controls, since.. this is not a WoW account we're talking about getting eaten.

Seal there are a few good software firewalls that work well in conjunction with other prevention things like AV software or Windows Defender-like protection. If you run just an AV or just a Firewall then of course it's not going to keep your protected.

But the point is that you don't need a software firewall for anything other then monitoring traffic going out. a nat-enabled router blocks anything coming in from an outside source... unless of course your computer is infected and initiated the contact.

Besides I'm not suggesting someone use the default windows firewall or anything.

And how many of these types of trojans exist anyways? Barring that, don't you think that in almost 2 years there might've been some changes or security updates that fix this possible whole?

Of course software firewalls aren't magical, but not having one can be folly.

-Neo

okay the rest of that statement is not funny, however i found this rather humorous in the context of the rest of your response.
Sorry, I wasn't trying to make you laugh, do a bit of research on cannibalism in the modern world. You might be surprised at the things you find that still go down. Cannibalism has been a major motivator for many psychotic serial predators in the past.
By the way, you'd be better off starting a new thread for Parental Controls, since.. this is not a WoW account we're talking about getting eaten.
Fair enough AJ, but with all due respect, I have only been responding to statements directed at me.

Okay, this'll be my final response on this thread (if you guys still continue to talk about Parental Controls on the WoW thread without even bluemicrobyte around). Toucan, I understand what you meant, especially if you are a father watching over his daughters. I fully understand that paternal issue as my father is as concerned to my sister's activities. What's happening here is that we have different situations and outlooks on things, and so we have different beliefs and angles of view, and we would not have a good conclusion (or atleast something we all agree on). And so, please do not get mad on me and the others for the comments we merely suggested.

Kthnx

Okay, this'll be my final response on this thread (if you guys still continue to talk about Parental Controls on the WoW thread without even bluemicrobyte around). Toucan, I understand what you meant, especially if you are a father watching over his daughters. I fully understand that paternal issue as my father is as concerned to my sister's activities. What's happening here is that we have different situations and outlooks on things, and so we have different beliefs and angles of view, and we would not have a good conclusion (or atleast something we all agree on). And so, please do not get mad on me and the others for the comments we merely suggested.

Kthnx
I have simply responded to statements that where directed at me.
If you get upset by people responding to your statements I suggest you don't make them.
I'm there father, understand what that means.
Father knows best.

I wasn't upset. I was merely considering the fact maybe I have upset you. Nothing more. And I do understand that you are their father and what your situation is. I also know that you were merely replying to messages directed at you, so we have no problem on that.

No hard feelings, peace pal.
and
http://www.scrappersguide.com/forums/gallery/data/500/Happy-Holidays-webcopy.jpg