Protect Your PC - A GuideFollow

In light of all the events that have been going on with accounts getting hacked and people being paranoid about getting hacked themselves. I have decided to make this guide on how to protect your PC in event that you could possible get a keylogger or virus from an ad on a website that is FFXI related. All links are to free and safe software.

I've put this together with my own knowledge of protecting my PC as well as some information that I've read over the past few day's.

Hopefully this will help those who are a beginner to protecting their PC.

1.0 Software

2.0 Firefox Internet Options

3.0 Caution – Sites To Be Careful With

4.0 Your POL Password

5.0 Third Party Tools

6.0 Disclaimer

1.0 Software

Firefox - While Firefox alone won’t protect your PC, it’s generally the safest way to browse the internet. Downloading Firefox simply isn’t enough, you will need two extra Plug-in’s called No Script and Ad-Block.

http://noscript.net/features - No Script
http://adblockplus.org/en/ - Ad-Block

These sites are secure, but make sure if you download anymore Plug-In’s for Firefox you do so from addons.mozilla.org.

To add these Plug-In’s to your Firefox, simply follow the links to the download’s and follow the instructions given on the site provided.

Spy Bot Search and Destroy - http://www.safer-networking.org/en/index.html - Spy Bot Search and Destroy scans your entire computer system for Malware, Spyware and Adware so it can be removed completely from your computer.

Spyware Blaster - http://www.javacoolsoftware.com/index.html - Spyware Blaster prevents the installation of spyware and other potentially unwanted software; you have to manually remember to keep it updated and tell it to block everything in the update note’s.

Ad-Aware from Lavasoft - http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware does the same as Spy Bot, scans your entire computer for Malware etc.

Virus Protection – Any updated virus protection of your choice. (Check out http://www.bitdefender.com/ for free up to date virus protection.)

Firewall – Any firewall of your choice with the most secure settings. (Check out http://www.personalfirewall.comodo.com/ for Comodo Firewall Pro or http://www.zonealarm.com/ for Zone Alarm)

Note: Windows Firewall isn't recommended. You may keep it running if it doesn't interfer with your better firewall.

Optional Software:

HijackThis – http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10781312.html?tag=lst-1- I would only suggest to use this if you know a lot about your PC, because you manually tell it to delete file’s that may be harmful to your PC. Use it in conjunction with this site to check your logs: http://hjt.networktechs.com


2.0 Firefox Internet Options

Tools -> Options -> Security. Check the box for “Warn me when sites try to install add-ons.”

Tools -> Options -> Content. Check the box for “Block pop-up windows.” This should help prevent additional ads in the form of pop ups.


2.5 Internet Explorer

If your truly still want to use IE go and download IE 7.0. That’s available for free from Micosoft.com. I’ve just recently downloaded it myself, and I’m unsure of any additional Plug-In’s it may have.

You’re going to want to adjust your settings. Tools -> Internet Options -> Privacy -> High. In addition check “Turn on Pop-up Blocker.”

3.0 Caution – Sites To Be Careful With

Until further notice you may not want to visit the following sites:

FFXI Atlas (ffxiatlas.com)

FFXI AH (ffxiah.com)

FFXI Somepage (cannotlinkto)

Additional Information About Somepage from BG

Any other FFXI related site with FFXI related ad’s.

4.0 Your POL Password.

You may think your POL password is secure by making it your first pet’s name and adding on some numbers. It’s really not.

Some tips for creating your password are do not use words, instead use a combination of upper and lower case letters and numbers. It is the most difficult to hack by Brute Force.

Remember to write your password down, at least twice and keep a copy in two different and safe places. Remember to create a password that is for POL only, and that you do not use on Alla etc. And finally remember to NOT give out your POL ID and password, ever.

Bad Passowrd Example: rocky86 (My first pet’s name and the year I was born.)

Good Password Example: JyH60jAtv96 (Typed a random combination of letter’s and number’s)

You can create an easy to remember, yet complicated password by using number's and letter's meaningful to you. Use the initials of your favourite singer, use the first three letter's of your pet, use the first two letters of your favourite food and use your favourite number(s). Add in capitals where they should be and I'd get something like: piKC17Tho56 Looks completely random, hard to crack, but easy to remember because of what it stands for.

In addition to having a secure password you also do not want to have your password saved. You want to have to type it in every single time you log on POL. (When you log in POL click on Settings before you log in, delete your POL password and click Set Password to Not Set). This will prevent your password from being saved on your PC and available to a virus/Trojan etc.

Avaliable with Windows is a soft keyboard, also known as a On-Screen Keyboard. Programs -> Accessories -> Acessibility -> On-Screen Keyboard. Simply open it when you’re logging into POL and click your password in instead of typing. This will prevent your password from being picked up by a key logger in chance that you get one.

For additional tips check out Password Strength

5.0 Third Party Tools

Do not use third party tools. In addition do not click any links to .zip files and the like that someone may link to you in game.

The windower available from windower.net is generally believed and known to be safe, use at your own risk.

6.0 Disclaimer

I don’t claim to know everything there is to know about protecting your PC, but this is what I’ve done and based on personal experience, it works. This may not keep you 100% safe, but it does maximize your security and prevention from getting your account hacked.

Edited, Dec 12th 2007 8:23am by BJordan

Edited, Jan 1st 2008 11:04am by Pikko

Comodo that the OP gave link to is a nice firewall, you get the full version free, even for corporate use.

I also have a port filter called GhostWall, and use Spybots tea-timer function to keep track of any programs that request registry changes.

For those of you that are security protocol aware, CoreForce is without doubt one of the best firewalls you can get, but you do need some degree of expertise to use it.

It's not really that bad, but there have been a lot more cases recently of it happening to people. I've noticed in reading these thread's that a lot of people really don't use all the software that they should on their PC.

Some also make super easy password's.

I knew all of that except the on-screen keyboard.
Rate up for that alone.

RMT operating in FFXI seem to be desperate enough to canabalise their potential customers, but it's not restricted to FFXI alone. They target anyone that offers decent 'loot'.

Gilbuyers are especially at risk, seeing as the RMT know exactly how much they can 'loot' there... snake eating it's own tail...

I forgot to mention that the Windows Firewall is garbage, thanks.

I updated some information on password selection.

Also yes it does matter. In order to save your password, your PC has to store it somewhere, which means the information is avaliable if someone knows where to look.

1 Person getting hacked from a virus or trojan from an ad on a website is one too many. Especially when SE does nothing to help these people.

The site's aren't "banned". I said, you "may not want to visit". A few people have reported of being prompted to download thing's when on these sites, therefore you may want to avoid them. Personally I don't and haven't had a problem yet.

Edited, Dec 11th 2007 8:45am by BJordan

BJ, thats what keyloggers do. They record the sequence of a typed password, or they dig your files for those passwords. one way or the other, if you catch one of those, chances are that you are screwed. Scan your PC and switch your password asap.

I would also like to mention a plug in for Firefox called Key Scrambler. There is a free version and 2 paid versions that work work with both Firefox and IE.

It scrambles your input at the keyboard driver level and then unscrambles it on the browser window. The free version only works for logins while the paid versions work for every keystroke you make on your computer.

It might be of interest to some to check it out.

Why you don't save your password (in any shape or form on your PC) or type it in, use the on-screen keyboard. It seems like a pain, but it's worth it in my opinion.



I'll look into that in a bit and add it once I figure it out.

Also I realised after I posted this that someone else had beaten me to the punch. Oh well.

Some good info, some not so good info.



Both are reasonable passwords, if you understand how a password is stored and how brute force works then you will know that the possible combinations have only increased by a factor of 26.

So how does brute force work? Firstly the person needs to have physical access to your password, they have to get it from SE (pretty much impossible) or steal it from your computer.

Passwords stored locally will be encrypted and are *never* sent over the internet. When POL asks for your password, POL doesnt send info saying "the password we have written is...." it sends a string, and if that string matches the string held on the POL servers login is allowed.

Brute force, well, both combo's you gave were 9 letters, which gives a total combination of (combinations to the power of letters) so A-Z a-z 0-9 = 62m so 62^9 = 13,537,086,546,263,552 possible combinations.

Weak passwords are either just letters (all lowercase) or just numbers. Now lets just do some maths here. Say we manage to brute force 10 million combinations per second. It will take 1,353,708,654 seconds to crack a 9 digit password, or 15,667 days.

So as you can see, the actual amount of time required to crack an encrypted password is monumentally huge. So feeding fear into people that their password is suddenly "unsafe" is quite uncalled for. And 10 million is an incredibly high estimate, last time I checked it was hardly able to make 1m/sec.

Whilst a complex password is quite useful, it isnt really the way the password is written, for instance M8xYhq91 is a weaker password than Passw1978. Whilst the first does appear to be more secure (random letters and numbers), the second contains more letters so is a more secure password.

I'm pretty sure that it would be unable to find the password in only 10,452 combinations anyhow. Brute force attacks start at a minimum password size and work their way up, so if we assume min password size is 6 letters and you have a 9 letter, the programme needs to find a collision for every 6 letter, every 7 letter and every 8 letter combo before it can start on the 9 letter combo.

So at 62^X where X is password size....

56,800,235,584 combinations for 6 letters
3,521,614,606,208 combinations for 7 letters
218,340,105,584,896 combinations for 8 letters
13,537,086,546,263,552 combinations for 9 letters

So before the programme can even begin 9 letters, it needs to figure out over 212 trillion combinations. Easier use comes from dictionary comparisons.

Quick Question....

Which do you guys prefer:

Zone alarm or Comodo?


I've had zone alarm for awhile, though only the free version, and when I went to install Comodo, it said that I could only have one installed, so I'm wondering if it was worth it to take off Zone Alarm and replace it.