Home Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Go Back   Dreams in Vanadiel - Final Fantasy XI Forum > FFXI Game Related > Crafting & Synthesis
Reload this Page

Announcements


Announcements in Forum : Crafting & Synthesis
07-16-2007 until 07-17-2013
Taskmage
The Hare
Administrator
Steelknight Emblem
 
Taskmage's Avatar
 
Join Date: Dec 2003
Posts: 5,559
Style:

Thanks: 329
Thanked 1,047x in 522 Posts
GUIDE: Protecting your web browser. (Courtesy Aikar @ Windower)
As everyone knows, People are getting hacked left and right. FFXI is under attack by the chinese RMT by methods of Website instrusion and placing of malicious malware code that executes a key logger on victims PC's.

There is protection you need to use to protect yourself from these attacks.

Normally when loading a persons browser with Firefox Extensions or telling them which ones to get, I wouldnt ever load NoScript if they were not tech-savvy enough to understand how it works.

but this hacking stuff is becoming too much of a problem so heres your made-of-steel condom guide for the internet.
Now, I know theres plenty of guides out there saying use firefox+abp+ns etc, but none the guides actually tell you how noscript works for those non tech-savvy people. So heres a full guide (with pictures) for non tech-savvy people.

  1. ==== Browser Changes ====
    1. --- Securing Internet Explorer ---
      1. Update to IE7 if your still using IE6 (even if you use firefox). IE6 is horrible to even have on your PC. IE7 can be found on the Microsoft website, and should be a recommended update when you do Windows Update on your computer.
      2. Open your Internet Explorer (even if you use firefox): Tools -> Internet Options
      3. Go to the Security Tab, and on the Internet Zone, change the Slidebar to High (max).
      4. Go to the Privacy Tab, and click Advanced (Medium Slider should be sufficient). Enable the override checkbox, Prompt for first party cookies, block 3rd party cookies, and always allow session cookies. Click Ok.
      5. Go to the Advanced Tab, and uncheck both Enable third-party browser extensions and Enable websites to use the search pane. Click OK once these changes are made and close IE. Your done securing it.
    2. --- Switching to Firefox ---
      1. Our goal above was to secure IE for use of only trusted websites such as Microsoft.com and use Firefox which offers you much more secure tools when browsing.
      2. Download Firefox: Here (Instructions for Installing Firefox on that website)
      3. Upon start it will ask to be your default browser. CLICK YES! It will also ask to Import your Internet Explorer Settings such as bookmarks. Go through the wizard and bring your bookmarks and such over.
      4. Time to get extensions. Heres how you normally get extensions: Go to Tools -> Add-ons -> Click Get Extensions. However I'm just going to give you direct links to them to help you out.
  2. ==== Putting on your condoms (configuring) ====
    1. Click OK or Close any popup's that spawn upon opening Firefox. (I already have these installed, so I cant remember exactly what pops up so well go from the menu's to configure them).
    2. **Go to Tools -> Addons: we will do this step multiple times for extensions. Each extension you installed will have an Options button on it that we need to configure (with exception to FlashBlock, the default settings are fine)
    3. AdBlock:
      1. Open AdBlock Options(above) -> Options Menu > Make sure the extension is fully enabled.
      2. Open the Filters Menu and Add Filter Subscription: You want to enter a title and URL for each subscription and be sure both checkboxes are enabled!
      3. Add the following subscriptions (format: [/b]Title: Location[/b]):
      4. Once all 3 are added click OK to finish.
    4. FiltersetG:
      • Open FilterSetG Options -> Settings Tab -> Check Supress Update Messages. So it wont bother you when it updates.
      • Click OK to finish.
    5. NoScript:
      • Open NoScript options, and go to the Plugins Tab -> Make sure all of the RED CIRCLED checkboxes are selected. DO NOT SELECT THE BOTTOM BOLDED CHECKBOX!!
      • Go to the Advanced Tab, You will see Sub-Tabs -> Click on Untrusted Tab (if not already selected). You want to make sure all of these are selected.
      • Click OK to finish.
  3. ==== Using your condoms (browsing) ====
    • FlashBlock: When visiting sites that use flash, all flash files will be disabled. You will see a small flash icon in place of any spot where flash SHOULD of been.
      If you fully trust the flash application and know what it is and need to see it, then simply click the flash icon to make that flash player activate.

      You generally will not need to run most flash applications on a web page unless its for navigational purposes or a video player. Most sites use flash for ads or logos, which you do not need to see.

      If you use a specific site alot, return to the FlashBlock options and check the White List tab, and add the site to the list.
    • NoScript:
      • NoScript blocks all unknown websites from executing javascript on load.
      • Many websites use javascript to function properly.. Upon visiting a site that uses JavaScript, Flash, Java Applets and more, you will notice the NoScript Icon in the bottom right corner of your Firefox.
        • : This means ALL javascript was blocked. The site may not function correctly, or it might work fine. it all depends on how the sites coded to use the javascript.
        • : This means javascript was PARTIALLY blocked. This means the site your visiting was allowed to run javascript (or did not contain any) however a 3rd party URL (an address thats not the same website) was blocked from being ran.
          4/5 times this means some ad websites javascript was blocked. In most cases your website your visiting will function correctly, and noscript is doing its job: blocking the unwanted javascript.
        • : This means ALL javascript on this website was allowed to run, or else the website did not contain any javascript. This site will function just as if you did not have NoScript.
      • By default you will also receive notification on the bottom with a big bar (this bar can be told to not show).
      • If the website your using needs javascript to run (things are not working properly), you may simply click the NoScript icon, and you will see in Bold Letters "Allow domain.tld" or by option you can allow it temporarily.
      • If you choose to only allow it temporarily, noscript will block that website again the next time you reopen firefox (its saved until you close firefox).
      • If you choose to allow (the bold letters) this site will always be allowed to run javascript.
      • How do you know which sites need to be allowed? Simple: None unless they dont work without it. When you visit a site, browse it normal. If things arnt working such as links misbehaving or not working at all, and scripts are blocked, enable it temporarily. Does the link now work? If so, then it needs the javascript.
        If you add a site to temporary allow that you want to perma allow, you need to remove the temporary allow (as in reblock it) then choose the permanent option.
      • Next you ask, what if you allow javascript on these trusted websites, how is that protecting you from the malware? These malware infections are linking offsite to other websites. Remember that 2nd icon (Partially blocked)?
        That malware website its linking to will not have permission to be ran in noscript. Your root website your viewing will, but that extra url will be blocked because its not the same address.

        The only case you will be vulnerable to the javascript is if the malware infectors add their virus code to the websites server itself (so that its not linking to another website).
        This is very possible for them to do, but they in general want to link it to their own site so they may modify the virus code when they need and log whos being infected -- so they in general wont (or cant) do this approach,
        so noscript will be protecting you.
  4. ==== Additional Security Measures ====
    Following the above guide will provide you a condom made of steel, and protect you from at least 95% of possible infections.
    A good first layer of security on your browser is the best step at protecting yourself from infection. However, theres always a chance something new comes out and bypasses your first layer of protection, so there is additional things to be sure you have.
    1. Anti Virus: Some like to argue this is the most important thing. I have to disagree, an anti virus software is only useful if your first layer of protection is penetrated. Following my guide above puts you in very low chance that it ever is penetrated.
      Common sense, Web Browser Security and safe browsing habits are the most important thing in securing your PC.
      However, its a good thing to have that backup protection in place to possibly catch the new exploits.

      I recommend AVG, while not the best anti virus there is, its one the best of the free ones:
    2. Firewall: Ok, so you got some nasty trojan that bypassed BOTH of your 2 layers of protection (Secure Browsing, AntiVirus), theres one final Layer, a software firewall.

      Software firewalls alert you when unknown applications are trying to connect to the internet. So even if you are key logged, your firewall is going to ask "Can this program you have no clue what the hell is connect to some website you have no clue what the hell is with some information?"

      Pretty obvious answer. Keylogger DENIED!
      I recommend Sygate Personal Firewall. Its very quiet beyond the questions about allowing applications - Doesnt eat up resources - and it even knows when an application changes to reask for permission.
    3. Install AntiSpyware: Spybot Search & Destroy is one of the leading spyware removal and prevention tools. Best of all, its free! Spybot S&D has tools to help prevent you from getting Spyware -- however, it shouldnt catch 'much' as your first layer should be blocking spyware too.
    4. Uninstall Real Player: Access your Control Panel by clicking your Start Menu then going to Control Panel. Then go to Add & Remove Programs. Wait a minute for the list to build, and then check it for anything about "Real Player".

      Is it installed? If so, REMOVE IT! Real Player is a devil application that is the reason many are losing their accounts.
      Get rid of it, get rid of any piece of trash that relies on it. You have 2 options: Keep your FFXI account or keep Real Player, decide now.
    5. Save your PlayOnline Password!!!! - No, The trojans ARE NOT downloading your saved password file and decrypting it. The recent trojans have been investigated and they are simple key loggers, they are not stealing files, and to our knowledge the encryption scheme has not been cracked by the RMT yet.

      Saving your password is a great idea, as you no longer have to type it to log in! Cant be key logged now.

      If you have people who use your PC, simply put a 'Member Password' or what ever its called on your login account. Thereful you still need a password to login, but MAKE THIS PASSWORD COMPLETELY DIFFERENT!
      So if you do get key logged, they get a completely useless password.

      At worst, they can steal the file and login with it, but without your current password they can not take it over. so, while not a fully safe solution, it still helps protect you from permanently losing your account (and being transferred, doesnt that require your password?). If your security is broken and you get hacked, I think youd least be happy knowing you got to keep your account -- also you can keep knocking them off if your online when they attempt to and change your password quickly and stop them before they even get a chance. Saving your password into POL gives you more options to keeping your account even if you do get hacked.
    6. Keep your PC up to date with Windows Updates. We had security beefed up on Internet Explorer in the first part of the guide, but Microsoft.com is automatically in Trusted group so it will be fine.

      If you want to update your PC without even using Internet Explorer, there is a free update website called WindizUpdate for Firefox users that offers all of the Windows Updates that Microsoft offers.

There you go, Safe Surfing.
Taskmage is offline   Button by Aksannyi :)
11-06-2006 until 12-30-2037
AKosygin
Programming Slave
Administrator
Allied Ribbon of Bravery
 
AKosygin's Avatar
 
Join Date: Feb 2003
Location: California, USA
Posts: 1,560
Style:

Thanks: 65
Thanked 60x in 29 Posts
My Mood:
Send a message via AIM to AKosygin
Forum Rules / Guidelines
The following is a list of guidelines of conduct while using the message board.

1. We're all here to have fun and share information.

The most basic of the rules, this one is arguably the most important. Be Considerate of Others. and if you're in a bad mood, and feel it might affect your post, then just take a breather and chill. Come back when you can discuss the post responsibly.

2. Be respectful to the other members of this board.


If you disagree with someone's opinion, that's cool, but disagree politely. Don't try and force your views on others or make people on this board feel insignificant.

3. Try to keep on topic.

I break this rule alot, so I understand when others do it. Basically, try to stay on the subject of the game, and avoid posting about other things on this board. There are other boards outside of this one for non Final Fantasy XI (or game) topics.

4. NO FLAMING! Keep the criticisms constructive.

If you have problems or feel that there are weaknesses in someone else's posts, tell them in a constructive mannerism. Don't harshly reply to them and say, "You suck!" or "Your post is so stupid!". This is not the way criticism should be handled, and I don't want to see this. Those whom resort to profanity, calling names, and/or attacking someone's character is flaming another visitor. Such actions will not be tolorated by the moderation team.

Admin team notes: As the administrators of this board, if we hear any bull crap like this, the first time we will warn you, the next time we will remove your post. This is the rule we are most stringent on. We should do our best to build each other up, not tear each other down. While we don't wish to be heavy handed or like a member of the SS or something, we will not permit verbal abuse on this board, in any way, shape, or form. We will do our best to give any arguments fair consideration, but if we find your post offensive, it's going to be deleted.

5. Treat each other as you'd want to be treated.

In addition to this being a good rule for the board, it's all a good rule for life.

6. NO SPAMing!

SPAM stands for Senseless Pointless Annoying Messages. Please ensure that your posts are on topic of the forum indicated. Massive amounts of messages that do not pertain to the subject and are designed to annoy other board visitors maliciously, with intent to disrupt activites on the board, shall be grounds for immediate ban from these boards without warning. Warnings are given as a courtesy and are not required for any moderators or administrators to ban a member for SPAM. We have been spammed way too many times, and it has caused endless trouble, so we have to be quite firm and "Nazi" about it.

7. Keep signatures and avatars file size small!

Image sizes used in the personal photo or signature area must be kept small! Please keep the images below 25 Kilobytes and no larger than 550 pixels wide and no taller than 350 pixels tall. Any images in the signature or avatars area going over 25 Kilobytes may be subject to being edited out. These limits apply to ONLY signatures, personal icons, and avatars of the vBulletin system under personal profile in your control center. 25K is A LOT for signuatures and personal photos, remember these images repeat over and over. So 25K picture X 10 posts in thread = 250K! And soon it can reach several megs! (Especially when your browser is stupid about caching the files.)

If you want to show someone your fan art or an image of something you are talking about on a thread, those limits do not apply. (But please be courtious and keep the image sizes reasonable; or if it is very big, provide a link to it.) No one wants to sit there all day for your image to load just to read a post past yours. Severe violations will result in a warning followed by banning for repeated offenses. If too many people abuse the signature or avatar function, it will be turned off.

8. No offensive materials.

Please try to keep all posted/displayed materials to a PG-13 rating level or so. No R rated stuff, and definitely no nudity or things that really border NC-17 stuff. Please also attempt to restrain yourself from using profanities. Any moderator or admin can edit or remove things which are offensive (see below), and usually we will notify you if we feel something is inappropriate and you should know.

9. Moderator and Administrator override.

Any moderator has permission to edit or remove a members post if it is found to be in violation of the rules. Warnings will usually be given, however, such warnings are only provided as a courtesy. Any administrator can put a temporary or permenant ban on members whom have severely violated the rules.

10. Appeals.

You may appeal any actions or decisions (bans, deletes, etc.), made by a moderator or administrator, first to the moderator or administrator that made the action or decision. If you are unsatisfied with their decision, you may appeal to a mod/admin immediately superior to the mod/admin you appealed to until you reached the top administrators. You last and final appeal lies with the top administrator: PiNG. A moderator's or administrator's decision stands until it is "overturned" after an appeal.

However, if you are banned and are unable to contact any admin, you may directly contact an Administrator at their e-mail address. (Please note, jumping directly to PiNG for an appeal will result in your last appeal.)

Current Order of appeals from lowest to highest:
1.) Moderator
2.) Super Moderator
3.) Administrator
4.) PiNG

For a detailed list of heirarchy, click here
NOTE: If a Super Moderator performed the banning action, don't go to a mod, they can't do anything, go up the chain of command, not down. Likewise with an Administrator, don't go to mod or super mod.

Once again, the mod/admin team do not believe we will have any problems with this, but we fell it would be good to post it any way and keep things clearly defined. Please post with good intentions, and if anyone would like to discuss these guidelines, feel free to do so in the Comments and Suggestions section of the boards.

Please note these rules are not all inclusive and the use of common sense on the internet is necessary. Following these guidelines should be sufficent to keep you out of trouble. But if you have any doubts as to whether a certain action or post is permissible, it is best if you Private Message a moderator or administrator and ask.

These guidelines are subject to update from time to time, and it is recommended that you return occasionally to check up on any changes.

If you have any questions or concerns, please feel free to Private Message an Administrator or Moderator for assistance.

Thank you,
FFXIOnline.com Moderation and Administration Team
__________________
Signature was intentionally left blank.
AKosygin is offline   Button by Aksannyi :)

 
Forum Jump
All times are GMT -8. The time now is 05:00 PM.
Site Powered by: vBulletin Version 3.8.1 Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0 RC2
©2001-2009 SQUARE ENIX CO., LTD. All Rights Reserved. Title Design by Yoshitaka Amano.
FINAL FANTASY and VANA'DIEL are registered trademarks of Square Enix Co., Ltd. SQUARE ENIX, PLAYONLINE and the PlayOnline logo are trademarks of Square Enix Co., Ltd.
Comments and posts are property of their authors. All the rest, including video, articles, compiled game data, and sections, unless otherwise noted, are
©2002-2009 FFXIOnline.com: Dreams in Vana'diel. All rights reserved.

Contact Us - Dreams in Vanadiel - Final Fantasy XI - Top
Page generated in 0.29235 seconds with 13 queries