Actual Origin testing

#1d_damjanPosted 8/26/2011 9:45:46 PM

Since there's been quite a bit of speculation about what Origin might monitor on your PC I thought I'd do a quick test to see what exactly it looks for on the computer. Please keep the discussion to either your interpretation of someone's findings or your own actual findings of the program.

After installing Origin I started it up with Process Monitor running as well. It recorded origin accessing various EA folders on the C drive and registry keys relating to EA and system stuff.

I did a search on its registry access and I noticed that it did NOT access the following keys (commonly used by the system to list the programs installed on the computer):
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
SOFTWAREMicrosoftWindowsCurrentVersionInstallerUserData
HKUUSER-SID-HERESoftwareMicrosoftInstallerProducts
HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserData
HKLMSoftware****sInstallerProducts
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall
HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall
HKCUSoftware

I also searched and found that Origin did not access any keys at all containing the word "Uninstall".

Folder and file access showed Origin accessing mostly EA and system related stuff although it did access ALL of the folders and most if not all files in the ProgramData folder. Within these folders it even accessed icon files, Robosoft search dump files and some other miscellanous stuff which seemed a bit strange.

Origin also opened Xfire.ini which does contain a list of detected installed games as well as xfire_games.ini which contains a list of all games that XFire can detect.

I searched all the logs and couldn't find anything about Origin accessing folders or registry keys relating to my legitimate Battlefield 2 installation, and the game itself worked fine afterwards so it doesn't seem to interfere with other EA games (unless they are perhaps part of origin itself).

I searched the file and registry logs and found that Origin did not access any values containing the word "browser", "Internet Explorer", "Steam", "Valve" or "Firefox" (my default browser) except for a couple of HTTPshellopencommand(Default) registry entries that indicate what is the default browser for the system. It also queried the registry entries Internet ExplorerSecuritySafety Warning Level and Internet ExplorerSecurity which seem to indicate what security level IE is running on.

The Wireshark network log showed Origin communicating with several EA servers, though from what I could tell it was mostly sending HTTP GET requests and sending some sort of encrypted information to them.

While Origin was starting up & checking files it utilized 0% of the Internet connection. There was a tiny spike of internet utilization when I logged into my Origin account but after leaving it for a few minutes there was no more Internet activity. This would indicate that although it did check/open everything in the ProgramData folder there's no way it could have provided all that detailed information to the EA servers without a massive spike in Internet usage.

The memory utilized managed to increase by 2GB when Origin was started up which is pretty ridiculous.

Origin did not appear to install or activate any additional services when it was installed or when it started up.

Conclusion:

From what I can see Origin does act a bit suspiciously as it checks everything in the ProgramData folder and I can't tell for certain what data it sends to the EA servers, however it does appear to be mostly benign. Given its tiny amount of Internet utilization when logging in (barely half a megabit per second for a couple of seconds) it would appear to not send that much information to EA, especially since my ProgramData folder is 4.25GB and contains 211000 files in 655 folders. From looking at it's activities Origin seems sloppily programmed and badly implemented more so than anything else.

It doesn't appear to use steam or common registry keys to get a list of other programs on the computer however it does access XFire files which show what games XFire detected on your computer. It doesn't appear to access the game folders or registry keys of the games themselves though. It does however check to see what's in the ProgramData folder

I suppose you could remove the detected game info in Xfire.ini before starting Origin and hide or move the other stuff in the ProgramData folder to stop that stuff from being accessed.

It also doesn't appear to go through your browsing history or check much of your browser stuff except for checking what the default browser is and Internet Explorer's security level.

Keep in mind that Origin like other resource hogs accessed loads of registry entries and various system folders so I didn't check every single thing it did, I only searched for more obvious stuff and skimmed over what it accessed.

#2ghostfox1Posted 8/26/2011 10:40:31 PM
very nice. +1 informative.
---
You know what common sense is right? Use it. If you refuse, THEN GET THE HELL OFF THE INTERNET!
#3R0N1N187Posted 8/26/2011 10:47:39 PM
Build a new computer strictly for BF3 + play only BF3 and do nothing else but BF3 + ??? = profit!
---
My nuts are like raisins.
#4d_damjan(Topic Creator)Posted 8/27/2011 3:01:20 AM
Thanks, you can also stop Origin/Steam/etc from scanning a folder by changing the permissions on the folder before executing the program. You can also run the program in conjunction with a sandbox such as Geswall and Sandboxie to limit its access to folders and the registry.
#5Kurt KobainPosted 8/27/2011 4:29:23 AM
nice work

re: accessing the program files - this is how all anti-cheat software works, right?
#6d_damjan(Topic Creator)Posted 8/27/2011 5:02:34 AM
I don't know about other anti-cheat software, but I've played games such as Battlefield 2 with Punkbuster and Origin is the first program that I've encountered that scans about every folder and file in the ProgramData folder.

I also briefly tested Steam and it doesn't appear to scan anywhere near as much as Origin, though I didn't go into the test's details anywhere near as much.

What's puzzling about this behaviour is that it doesn't appear that Origin is searching for something in particular or else it wouldn't be opening icon files, image files, json files and other miscellanous files. On the other hand there's no way that Origin could relay detailed information about what it's found in the couple of hundred Kilobytes max that it exchanges between itself and the EA servers when logging in.

It's possible that Origin might be providing a general overview of its scans to the servers, although much of the information would be useless as file info about icons and json files would have no value for marketing, customer service or selling the info to others. Given that many people would be using origin at once this would mean that EA's servers would be filtering out loads of useless information obtained by such a scan.

Another possiblity is that Origin is filtering the information found on the ProgramData folder itself before sending the relevant results over, which means that it's very badly programmed as it shouldn't need to scan every damn file to find out info about the software.

There is also the question about why Origin is checking the ProgramData folder but not other significant program folders or the registry keys for other software. Many programs don't store stuff in the ProgramData folder so if Origin was being used to see what other software there was it would only get part of the picture.

If anyone else has an idea of what the hell it's doing or have done their own tests then I'd like to know.
#7d_damjan(Topic Creator)Posted 8/27/2011 5:30:30 AM
Addendum: Out of curiosity's sake I've also done a quick test of Steam. Aside from accessing some system stuff Steam did not access anything else like the ProgramData folder (except for checking some bin files in Nvidia) or other game's folders.

It also mostly stayed out of other program's folders although it did access a dll in the FileZilla FTP Client folder and a couple of bin files in Nvidia's folder in the ProgramData folder. Keep in mind that I didn't check every little thing Steam did, only the (IMO) obvious stuff.

It also accessed the Start Menu\Programs folder and the Desktop folder but only to perform a basic query which provides the following info: CreationTime, LastAccessTime, LastWriteTime, ChangeTime, FileAttributes (just had RHDNCI for mine)

Within the registry it accessed quite a bit of system and steam/valve stuff. It did not access the keys mentioned in my first post that are commonly used by the system to list the programs installed on the computer.

Now that we've also laid to rest that Steam and Origin are NOT the same thing I think I might actually play a game now ;)
#8jasonethosPosted 8/27/2011 6:38:46 AM
Good post, TC.
---
Sucker for games. PC (i5 2500k, 8GB, GTX 560ti) PS3, 360, Wii and PSP. I buy them all. I'm not a fanboy...I'm just a stupid sucker.
#9Grim JackalPosted 8/27/2011 7:37:38 AM
TC: After performing these tests would you hesitate to use Origin in the future? That is, have you removed it from your computer?

Also, if you haven't already done so, I'd re-post this information on the EA message boards to see what input people there have on the matter. (Then report back to us =P )
---
When you play with fire, there is a 50/50 chance something will go wrong, and nine times out of ten it does.
#10kingofjamaicaPosted 8/27/2011 7:43:43 AM

From: d_damjan | Posted: 8/27/2011 12:45:46 AM | #001
The memory utilized managed to increase by 2GB when Origin was started up which is pretty ridiculous.


How much does it use while running BF3 I wonder. If it uses 2GB then too, those people saying 8GB of RAM is overkill will stop being correct come September. I mean, Windows 7 uses around 600MB of RAM(I think), and then 2GB for Origin on top of that would mean you'd realistically only have 2GB left for the game.

I also wonder if rumors are true and that the full version of BF3 supports hyper threading on a quad core. That would mean the i7 2600k might actually be worth the extra $95. I do believe I read that Deus Ex: Human Revolution supports it also.
---
At some point, you're going to have to talk to a tree and do what it says. - Arbor Day Rule, Grand List of RPG Cliches.