A short guide which will hopefully educate some people about how to look after their Steam accounts and protect themselves against hijacks.
Lets start with your PC
what you should have running and how to make sure it doesn’t get infected.
Firewalls and Routers
Software and Hardware firewalls are the easiest way to control incoming traffic to your PC or home network.
Firewalls are designed and configured to regulate the flow of internet traffic to a computer, based on the properties of the traffic. For example, if someone tried to scan your system for open ports (think of ports as windows), the firewall would kick in, automatically intercept that packet and drop it from the network.
Windows firewall vs Commercial firewalls – Windows firewall, although very basic is in fact quite comprehensive as basic protection, the only problem with windows firewall is that is can be very annoying, it will prompt you at the most silly times and updates can also be annoying as well. It is a good idea to turn windows firewall off and get yourself another form of Software Firewall from a more “gaming friendly” company. I use Kaspersky Internet Security personally and have had quite a few in the past, I find Kaspersky to be extremely good, it is lightweight and so doesn’t eat system resources and it also has a “gaming” profile which when turned on will stop all firewall and anti virus prompts while you are in full screen applications (games mostly). The only catch with Kaspersky is that it does cost.. barely anything perfect in this world comes for free unfortunately. If however you are one of the hordes of gamers who outright refuse to part with a tenner for a years worth of protection there are some *free alternatives which will help to keep you safe.
*free – Most come with basic features, make sure you check that a firewall is in the list of features on the free version of your software.
Another alternative is of course a hardware firewall – These obviously cost more but are generally better at intercepting and dealing with network packets, they can also not be “tainted” like software variants and are therefore better overall. Firmware updates are usually free which means that the purchase of a hardware firewall is a one time affair.
For a list of free and paid Anti-Virus and Firewall software click this link
Malicious software
Virus, Spyware, Keyloggers, and the like.
Viruses
Just what is a virus? It is a computer program that can copy itself and infect a computer without permission or knowledge of the user.
Viruses can be spread in the following ways:
-Downloading and executing attachments from email files that are sent by unknown persons.
-Downloading and running files from dodgy websites (i.e. skin packs, programs) without virus scanning them first.
-Some viruses can infect your computer, stay in memory, and infect other disks (Such as floppies/usb drives). This method is very uncommon nowadays.
Viruses cannot be spread in the following ways:
-Downloading models/sounds/skins from a Counterstrike server or any server for that matter.
-Be transferred from one player to another in a server.
Keyloggers
Keyloggers are programs that run in the background without your permission, and log every keystroke that you make.
Keyloggers may be spread in the following ways:
-The same ways that viruses can.
-A hacker can invade your system and install one without your knowledge.
Keyloggers cannot be spread through any game servers or from player to player.
Trojans
Trojans are programs that are designed to install malicious software while disgusing themselves to look like a harmless piece of software.
Trojan horses must be executed in order to infect a computer. Their actions can range from installing a virus or keylogger to opening ports, to changing your homepage. They can be spread in the ways listed above under the virus section. As per keyloggers, they cannot be spread in-game in any way.
Spyware
Spyware is a program which secretly records a computer user by capturing all keystrokes, websites visited, and chat conversations.
You may be thinking, “Isn’t that what a virus/keylogger does?” The answer is yes but with one key difference. Spyware is installed without the user’s informed consent. What is “informed consent”? It means you install the spyware without actually knowing that it is spyware. It may be disguised as a browser helper (BonzaiBUDDY is a good example), or a program (SpySheriff). Both of these programs decieve the user and record certain browsing activites. The difference between spyware and trojans is that spyware doesn’t necessarily destroy your data or replicate itself. It just makes your computing experience much worse.
Things spyware may do to lower your computing experience:
-Change your browser homepage to something else (commonly advertisements).
-Constantly display popups which contain ads.
-Consume valuable system resources.
-Report your activites to a website for data collection.
-Annoy the living crap out of you
How to protect yourself
In this subsection, I will show you how to protect yourself from the various baddies on the internet. The first thing you should always do, is make sure windows is fully updated. This is crucial when securing your computer as Microsoft occasionally sends out vital security patches. The second thing you should do is:
-Never open up email attachments from people you do not know.
-Do not use pirated software (if you have to, install them in a Sandbox first)
-Don’t go to dodgy websites (I.E. Websites that offer you free CD-Keys and the like)
Anti-virus software
The best defense against viruses is a good anti-virus program. These programs have a list of virus definitions which they compare scanned files against. If any part of the file’s code matches a definition, it is flagged as infected.
For more info on how Anti-Virus software works, click this link. You should run a virus scan on your PC every three days or at the bare minimum, every week.
For a list of free and paid Anti-Virus and Firewall software click this link
Anti-Spyware programs
Anti-spyware programs work the same way that Anti-virus software does. For more info on anti-spyware software visit this link.
Password Protection
In today’s world of computing, nothing is more important than choosing a good password. Even if a hacker can get past a firewall and anti-virus software, he can be stopped in his tracks by a secure password. In this section of the guide, I will show you how to create a secure password.
How do passwords work?
Let’s use Steam as an example. When you enter your password into Steam, it sends a hash that password to an authentication server. The hash of the entered password is then checked against the password hash stored on the server, and if they match, you can login. The password you enter into Steam is never stored on your computer. So the only way a hacker can get access to it is through social engineering or keyloggers.
Choosing a secure password
Choosing a good password may seem like a hard task. In reality, it really isn’t. Just follow three basic rules when creating a password:
1) Your password should be something memorable. Try not to use anything that is personal to you.
2) Don’t use the same password for everything.
3) Don’t base your password off of your username. Mix letters, words, and numbers together.
Ways passwords can be cracked
Passwords can be cracked in a variety of ways. One such way would be brute-forcing. Basically, a computer works through and tries every possible password combination :O . It’s a time-consuming process, but, given enough time, any password can be brute-forced. Another way that passwords can be cracked is through a dictionary attack. This time, a computer tries a predetermined list of words in a dictionary file (hence the name) to guess the password. This process can be very fast, but is not guaranteed to work. Your password will inevitably cracked if you choose an easy to guess password.
Examples of weak passwords are:
-Admin -123456
-p@s5\/\/0|2D -qwerty
-ANY SINGLE word found in the dictionary.
Examples of strong passwords:
-t3wahSetyeT4 -MoOoOfIn245679
-4pRte!ai@3
You may notice that these passwords would not be common in a dictionary file. Also notice the fact that numbers, letters, and symbols are used to generate a password that is long, yet somewhat memorable. One more thing you must know about passwords:
VALVE WILL NEVER ASK YOU FOR YOUR PASSWORD!!!!!
Social Engineering
Social engineering is the number one reason people lose steam accounts, Social Engineering is a set of techniqes used to manipulate the victim into giving personal information. MANY people fall for phishing. This is because they are either unexperienced, or because they are not paying close attention to details. In this section of my guide, I will alert you to the dangers of Social Engineering, and show you how to avert them.
Techniques used to “phish” information
There are an immense number of ways phishers can get passwords from people. Sadly, many of these techniques succeed in getting sensitive information.
The first technique that we will talk about is Website Forgery. The number of people tricked into giving info to a fake website is HUGE! What happens is, a scammer creates a fake website which looks and functions almost exactly like the original website, with one key difference. All the info entered into the site will be recorded and sent to a phisher. Observant users may note that the URL of the imitation website looks just like the original website. This is because clever scammers may use scripting to cover up the real url, and replace it with original site’s.
So how do we get around this? Well, its quite simple actually: Turn on your phishing filter! Depending on what browser you are using you should have a filter to nail this kind of activity, turn it on and you should be 90% covered, the other 10% comes from being vigilant yourself, make sure the sites you are visiting are legit, be careful when following links provided by others and if you are in doubt just don’t go to the content.
Friends list/email phishing
Lately, there have been a lot of phishing attempts over the Steam Friends List as well as e-mail. Sadly, most if not all hijacked accounts are phished using this method. The user is contacted via His or Her Friends List and is then thrown the bait. Most of the time, it is someone impersonating a VALVe employee, claiming that “something happened to our database and we need to reconfirm your account or else…” The user is then prompted to enter His/Her account details.
Keep in mind that these sorts of scams require a lot of patience on the part of the phisher. They will do anything possible to make their pitch sound believable. I cannot stress this enough: VALVe will never ask you for your account information.
Facebook/Twitter/Etc Phishing
Keep your passwords separate!
An increasing way for phishers to get your information is to “study” your other means of internet communication. Often enough people can guess your password based on information phished from other sources, such as social networking sites. Your steam account can have hundreds of games on it, which all have value. To secure this information it is very wise to have a separate and completely unrelated password for steam. If your PC is at home and you are the only person with access to it, it’s a good idea to have steam remember your password, that way keyloggers will not be able to get your information without “guessing” it from other sources.
If something is missed please post below and I will add it.
This information has been gathered from loads of sources, including the Steampowered Forums and VALVe website.
