Articles Poker Forums

Entity : Secure your computers!

published over 4 years ago

This is a topic that has been covered in general before (best by KyleB/coldcaller — for a great comprehensive look at online security look at this thread by KyleB and this blog post by Nat Arem), but I figured I'd post about what programs I use to help w/my security.  Any time you're keeping a significant amount of your money online, you should be aware of the tools that you can use to help guarantee your security.  There is no 100% safe solution, so be aware that there will always be things to be concerned about, but this is a pretty decent checklist.

  1. My poker PC is only used for work and poker.  Nothing else — I significantly lower the chances of any sort of virus, worm, trojan, keylogger, or other security hazard finding its way onto my computer.  So, for the demographic I'm addressing here: don't use your poker PC to browse porn.

  2. I can't believe how many of you neglect this — keep your computer updated.  I auto-update to Microsoft, which you can enable (in XP) by going Control Panel -> Automatic Updates.  Mine is set to update every day at 3:00AM.  In addition I check about once a week to check for other driver updates or anything else.  Be vigilant about this.

  3. My poker passwords are not guessable.  I use KeePass personally (KeePassX for my Mac) but know of others who use PasswordSafe.  This database is password protected as well, so in order for you to get access to my passwords (online banking, poker sites, etc),

  4. If you insist on using AIM for communication (I know, it's convenient and widespread) use an alternative client like Digsby.  This alone isn't going to do a ton for your security, but I've seen holes in AIM in the past and it's certainly not a program I trust the coders of to secure well.  Beyond that, there are lots of alternative programs that combine all your clients (Google Talk, AIM, MSN Messenger, ICQ, Yahoo Messenger) and use them from one program.  Digsby is one of those (I use it for AIM/Google Talk/Twitter/Facebook Chat).

  5. Use a good antivirus program.  I highly recommend Kaspersky Antivirus.  I just use their virus scanning and not their other apps which are a bit heavy for my tastes (use up too many computing resources).  It's worth every penny and then some.

  6. Look into anti-keylogger programs.  I use a anti-rootkitting and anti-trojan software called ProcessGuard.  As much as it can be annoying at times to have to click "allow this program," it's much better than Vista's UAC and is a very worthwhile and important step to prevent rogue programs from running on your PC or accessing other portions of your PC (for example, preventing poker clients from scanning the contents of your HD) without your permission.  A free alternative to ProcessGuard is SnoopFree, but I can't speak to the effectiveness of it as a program.

  7. Use FireFox 3.  Update your browser frequently.  IE is well known for having various security holes which FireFox generall either avoids or patches before the exploits are utilized as much.  Get Firefox now.

  8. Don't save your passwords in your browser or in your poker client.

  9. Don't login to your poker accounts from your friend's computers.  Any computer you haven't personally secured should = a risk in your mind.

  10. Develop some common sense!  Don't click links from people on AIM on your Poker PC.  In general try to avoid random browsing, etc, on any computer that is linked to your poker playing / poker accounts.

  11. Get a better OS.  Whether it's buying a Mac (everyone from DeucesCracked runs on Macs now for the majority of their non-poker playing work and day to day activities) or running Ubuntu, there are a lot of benefits to running a non-Microsoft based OS.  I know that's not feasible for a lot of you out there, but it's worth mentioning.  When I'm at home, I'm on a Mac, and most of the time I'm working I'm on a Mac.  I use my PC for HEM and for the majority of my playing, but beyond that I try to use my PC as little as possible.

That's all I can think of for now, but this is definitely something that everyone should be aware of.  Worst case scenario each of you should have a friendly computer geek (SOMEONE YOU TRUST) who can help you secure your computer.  It's not that hard to do and is something that can help save you from a lot of problems down the road.

or track by Email or RSS


pipan

Avatar for pipan

5 posts
Joined 03/2008

vgood post, thansks for the infos Smile

Posted over 4 years ago

Matt Flynn

Avatar for Matt Flynn

403 posts
Joined 07/2007

Critical topic. I found Steve Gibson's site useful. One nice feature is Shields Up testing, which checks your ports and can stealth them for you so probing computers cannot find your computer with a routing ping. Here's the relevant page:

https://www.grc.com/x/ne.dll?bh0bkyd2

Click Proceed and wait for the testing to finish. It will look like nothing is happening for a few seconds.

I use AMG for antiviral and rootkit detection because it is free and good. Kaspersky gets higher reviews from enough people to consider paying for it. I have yet to find a good reason to pay for Norton. I also run Spybot Search and Destroy and SpywareBlaster. Other spyware programs have gotten higher reviews than Spybot for detection but free is free.

In addition to www.grc.com, majorgeeks.com is a fantastic resource for security freeware. They also have registry cleaners and a bunch of other useful freeware products. If your computer has slowed down a semi-automated registry cleaner can sometimes help a great deal. I had a computer with a hard drive malfunction such that I could not access a forgotten random string password that was being automatically posted into a field. Majorgeeks under Covert Ops had a small program that revealed the hidden characters and allowed me to salvage the situation.

One of your best detectors for being zombied is the disk light on your computer. If that is blinking rapidly when you aren't on your computer, you may have a problem. Time to go to an online malware detector since your on board programs may be compromised. Some people will only use online malware detectors.

Any other advice Entity? Anybody else?

Posted over 4 years ago

zwoop

Avatar for zwoop

35 posts
Joined 01/2008

On the sites i play the most I only withdraw to my bank account. So i can deposit using neteller MB and so on but i can only withdraw to my bank so as long as people are not dumping money on my account im secure. I also use Nod32 (kick ass antivirus) and ZoneAlarm (fire wall).

Posted over 4 years ago

itsdanwall

Avatar for itsdanwall

31 posts
Joined 04/2008

If you use firefox you should get NoScript imo.
https://addons.mozilla.org/en-US/firefox/addon/722

Posted over 4 years ago

Aspurin

Avatar for Aspurin

13 posts
Joined 03/2008

If you use firefox you should get NoScript imo.
https://addons.mozilla.org/en-US/firefox/addon/722



this!!!!!!!!!!!!!!!!!!!!1111111

also, please elaborate why letting the poker client save the password is bad. this is very arguable

Posted over 4 years ago

asidrane

Avatar for asidrane

306 posts
Joined 07/2008

this!!!!!!!!!!!!!!!!!!!!1111111

also, please elaborate why letting the poker client save the password is bad. this is very arguable



If someone gets on your computer and the password is saved in stars/full tilt or whatever site you play on, they can easily edit your account preferences (password, email, etc...)

Posted over 4 years ago

Entity

Avatar for Entity

8055 posts
Joined 11/2006

this!!!!!!!!!!!!!!!!!!!!1111111

also, please elaborate why letting the poker client save the password is bad. this is very arguable


It's not arguable at all. It allows anyone who can gain physical access or remote access to your computers the ability to login to any sites that are on there. This is especially important for laptop users but also a pretty standard precaution for desktop users. There's no upside besides convenience for letting it save the password, but there's quite a bit of downside.

Security on a computer will almost always be come at the expense of convenience, but IMO that's ok.

Rob

Posted over 4 years ago

Entity

Avatar for Entity

8055 posts
Joined 11/2006

so as long as people are not dumping money on my account im secure.


This is the main method that people use to get money from your account to others. The bank-only method is nice, but it's providing you with a lot more of a sense of security than it is actual security.

Rob

Posted over 4 years ago

Aspurin

Avatar for Aspurin

13 posts
Joined 03/2008

It's not arguable at all. It allows anyone who can gain physical access or remote access to your computers the ability to login to any sites that are on there. This is especially important for laptop users but also a pretty standard precaution for desktop users. There's no upside besides convenience for letting it save the password, but there's quite a bit of downside.

Security on a computer will almost always be come at the expense of convenience, but IMO that's ok.

Rob



I probably should have written a little bit more.

While i totally agree that it is important to protect yourself from physical access to your computer, I dont need this step, since my Windows is password protected (i know that this is useless) and my whole hard drive is Truecrypt encrypted, so noone can access my computer or even only my hard disks.

As far as remote access goes, getting remote access on a (updated and protected) computer is a lot harder than sneaking keyloggers/clipboard loggers onto there, which have the power the capture the password you would type/copy&paste into the poker client.

There is measures against it ldo, like clipboard loggers, Keepass also has an option to protect yourself from this.

Posted over 4 years ago

Entity

Avatar for Entity

8055 posts
Joined 11/2006

I probably should have written a little bit more.

While i totally agree that it is important to protect yourself from physical access to your computer, I dont need this step, since my Windows is password protected (i know that this is useless) and my whole hard drive is Truecrypt encrypted, so noone can access my computer or even only my hard disks.

As far as remote access goes, getting remote access on a (updated and protected) computer is a lot harder than sneaking keyloggers/clipboard loggers onto there, which have the power the capture the password you would type/copy&paste into the poker client.

There is measures against it ldo, like clipboard loggers, Keepass also has an option to protect yourself from this.


In your case it doesn't matter much if you let it remember the password or not. But for a user who uses total encryption on their drive and has a secure (I'm assuming) Windows password, well, let's be honest -- this article wasn't written for you, was it? Smile

I've helped to infiltrate bot and zombie networks back when I worked for the University of Washington so I do know how hard it is to get remote access on an updated/protected computer, but again, that wasn't the point of this article; the point of the article is to get each and every one of you to have updated/secure computers -- the rest, at that point, is mostly pedantic.

You make great points when you start with the assumption that people secure their computers; I started with the opposite assumption, which I see on a daily basis when helping people get setup with applications using Teamviewer or Mikogo -- many of the users I have helped haven't even installed XP SP2 yet, let alone security updates.

All of that said, there's still no benefit besides convenience to leaving "remember passwords" on. In your case it adds a negligible amount of risk with a bit of benefit, but in most cases (that I address in this article) it adds a lot of risk with very little benefit.

Rob

Posted over 4 years ago

kondor101

Avatar for kondor101

927 posts
Joined 02/2008

I find trends housecall is very good at boosting your security. Not only for virus and spyware it also spots flaws in your windows setup and gives links on where to get various updates that you might have missed.

Posted over 4 years ago

ClownFish

Avatar for ClownFish

2 posts
Joined 09/2008

I'm using TrueCrypt on my PC, and it makes that if there is anyone who steals my computer so they can not see the contents of my computer.

TrueCrypt is a free open-source program that can encrypt files or entire hard drives if it is
what you want, and that is what you want Gasp).

I would clearly recommend those who are interested in TrueCrypt download Steve Gibson podcast about TrueCrypt http://www.grc.com/securitynow.htm episode No 133

Steve Gibson gives a very good idea of what TrueCrypt can.

Peter

Posted over 4 years ago

roberth

Avatar for roberth

4 posts
Joined 03/2008

Wrt somewhere to save your poker and passwords... I 2nd TrueCrypt.
Go download it, it's excellent. http://www.truecrypt.org/

I stuck it on a USB key, installed PortableApps and KeePass portable, exellent no hassle solution for all my passwords

Posted over 4 years ago

Caporegime

Avatar for Caporegime

36 posts
Joined 08/2008

a good and properly configured router should patch most of your security leaks, my netgear for example got a perfect TruStealth rating

Posted over 4 years ago




HomePoker ForumsArticles → Entity : Secure your computers!