OK EA, now you're pulling the piss...

Burgo · 29-08-2011 2:12pm

someone over on the EA forums did a bit of research into origin:

Lightman101 wrote:

Since there's been quite a bit of speculation about what Origin might monitor on your PC I thought I'd do a quick test to see what exactly it looks for on the computer. Please keep the discussion to either your interpretation of someone's findings or your own actual findings of the program.

After installing Origin I started it up with Process Monitor running as well. It recorded origin accessing various EA folders on the C drive and registry keys relating to EA and system stuff.

I did a search on its registry access and I noticed that it did NOT access the following keys (commonly used by the system to list the programs installed on the computer):
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
SOFTWAREMicrosoftWindowsCurrentVersionInstallerUserData
HKUUSER-SID-HERESoftwareMicrosoftInstallerProducts
HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserData
HKLMSoftware****sInstallerProducts
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall
HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall
HKCUSoftware

I also searched and found that Origin did not access any keys at all containing the word "Uninstall".

Folder and file access showed Origin accessing mostly EA and system related stuff although it did access ALL of the folders and most if not all files in the ProgramData folder. Within these folders it even accessed icon files, Robosoft search dump files and some other miscellanous stuff which seemed a bit strange.

Origin also opened Xfire.ini which does contain a list of detected installed games as well as xfire_games.ini which contains a list of all games that XFire can detect.

I searched all the logs and couldn't find anything about Origin accessing folders or registry keys relating to my legitimate Battlefield 2 installation, and the game itself worked fine afterwards so it doesn't seem to interfere with other EA games (unless they are perhaps part of origin itself).

I searched the file and registry logs and found that Origin did not access any values containing the word "browser", "Internet Explorer", "Steam", "Valve" or "Firefox" (my default browser) except for a couple of HTTPshellopencommand(Default) registry entries that indicate what is the default browser for the system. It also queried the registry entries Internet ExplorerSecuritySafety Warning Level and Internet ExplorerSecurity which seem to indicate what security level IE is running on.

The Wireshark network log showed Origin communicating with several EA servers, though from what I could tell it was mostly sending HTTP GET requests and sending some sort of encrypted information to them.

While Origin was starting up & checking files it utilized 0% of the Internet connection. There was a tiny spike of internet utilization when I logged into my Origin account but after leaving it for a few minutes there was no more Internet activity. This would indicate that although it did check/open everything in the ProgramData folder there's no way it could have provided all that detailed information to the EA servers without a massive spike in Internet usage.

While testing origin I did find that Origin itself used about 70MB of memory.

Origin did not appear to install or activate any additional services when it was installed or when it started up.

Conclusion:

From what I can see Origin does act a bit suspiciously as it checks everything in the ProgramData folder and I can't tell for certain what data it sends to the EA servers, however it does appear to be mostly benign. Given its tiny amount of Internet utilization when logging in (barely half a megabit per second for a couple of seconds) it would appear to not send that much information to EA, especially since my ProgramData folder is 4.25GB and contains 211000 files in 655 folders. From looking at it's activities Origin seems sloppily programmed and badly implemented more so than anything else.

It doesn't appear to use steam or common registry keys to get a list of other programs on the computer however it does access XFire files which show what games XFire detected on your computer. It doesn't appear to access the game folders or registry keys of the games themselves though. It does however check to see what's in the ProgramData folder

I suppose you could remove the detected game info in Xfire.ini before starting Origin and hide or move the other stuff in the ProgramData folder to stop that stuff from being accessed.

It also doesn't appear to go through your browsing history or check much of your browser stuff except for checking what the default browser is and Internet Explorer's security level.

Keep in mind that Origin like other resource hogs accessed loads of registry entries and various system folders so I didn't check every single thing it did, I only searched for more obvious stuff and skimmed over what it accessed.

Questions Raised:

What's puzzling about this behaviour is that it doesn't appear that Origin is searching for something in particular or else it wouldn't be opening icon files, image files, json files and other miscellanous files. On the other hand there's no way that Origin could relay detailed information about what it's found in the couple of hundred Kilobytes max that it exchanges between itself and the EA servers when logging in.

It's possible that Origin might be providing a general overview of its scans to the servers, although much of the information would be useless as file info about icons and json files would have no value for marketing, customer service or selling the info to others. Given that many people would be using origin at once this would mean that EA's servers would be filtering out loads of useless information obtained by such a scan.

Another possiblity is that Origin is filtering the information found on the ProgramData folder itself before sending the relevant results over, which means that it's very badly programmed as it shouldn't need to scan every damn file to find out info about the software.

There is also the question about why Origin is checking the ProgramData folder but not other significant program folders or the registry keys for other software. Many programs don't store stuff in the ProgramData folder so if Origin was being used to see what other software there was it would only get part of the picture.

Comparison to Steam:

Out of curiosity's sake I've also done a quick test of Steam. Aside from accessing some system stuff Steam did not access anything else like the ProgramData folder (except for checking some bin files in Nvidia) or other game's folders.

It also mostly stayed out of other program's folders although it did access a dll in the FileZilla FTP Client folder and a couple of bin files in Nvidia's folder in the ProgramData folder. Keep in mind that I didn't check every little thing Steam did, only the (IMO) obvious stuff.

It also accessed the Start Menu\Programs folder and the Desktop folder but only to perform a basic query which provides the following info: CreationTime, LastAccessTime, LastWriteTime, ChangeTime, FileAttributes (just had RHDNCI for mine)

Within the registry it accessed quite a bit of system and steam/valve stuff. It did not access the keys mentioned in my first post that are commonly used by the system to list the programs installed on the computer.

These tests indicate that Steam and Origin are NOT the same thing, especially when it comes to what is scanned on the computer.

Personal:

I still have Origin installed however I won't use it outside of tests unless I can block its access to the ProgramData folder (apart from scanning every file and folder in ProgramData it also takes forever to load as a result). The best way to do this without resorting to Virtual Machines seems to be to use a sandbox program, however I haven't found one that properly works for Vista 64bit.

Comments, explanations and clarifications welcome, especially by EA staff.

http://forum.ea.com/eaforum/posts/list/7492824.page