Guild Wars 2

There’s an article “Configuring User Account Control (UAC)” by Matt Chernicky here: https://forum-en.gw2archive.eu/forum/support/tech/Configuring-User-Account-Control-UAC.

I want to lobby for a change. The reason User Access Control (UAC) is being set is so that the EXE and DAT files in the Guild Wars 2 folder can be modified regularly (every time we bring it up).

The problem is that UAC exists is because it shuts down most of the vectors through which malware can enter a system. This is, in fact, one of the foremost rules of security: “Never perform an unprivileged task from a priviledged account”. In other words, don’t use admin rights unless admin rights are required.

To allow the GW2 game to run with full admin rights is, frankly, way up on the computer security “folly meter”. NOBODY should commonly run with admin rights. And, arguably, gamers are the body of humans this rule should apply to the most. Why? Because gamers get hack attacks against them at a very high rate.

The right answer is NOT to run the game in a local administrator account. If someone hacks the game, without UAC active, you are a sitting duck. Worse, if someone hacks your computer, Guild Wars itself becomes an even better sitting duck.

But, that leaves us with a problem: How to make the client work more securely. Well, there is a way. Instead of running in full admin mode, simply change the permissions on the two files to allow the current user account to write those files.

It’s not a complete solution, but it’s far better than running as admin. This solution allows the game to still be hacked, but that hackjob can’t trivially infect the rest of the computer, because UAC will send up a warning.

NOTE: The above applies to ALL games that “require” admin rights. In every case I have seen, this smaller hole in ones security footprint works.