Security warnings after downloading 0.4.5

Problems and solutions for installing or running FreeOrion, including discussion of bugs if needed before posting a bug report on GitHub. For problems building from source, post in Compile.

Moderator: Oberlus

Post Reply
Message
Author
defaultuser
Juggernaut
Posts: 854
Joined: Wed Aug 26, 2015 6:15 pm

Security warnings after downloading 0.4.5

#1 Post by defaultuser »

Based on advice in another thread, I got the latest test version to try. When I started a game, my firewall said FreeOrionCA.exe was trying to access the internet. No reason for that, so I had it block the access. The game never did load.

I went back to the original 0.4.4 that I had been running, but now ThreatFire is popping screens about it doing keylogging and setting up my computer for another to access it.

What's up here?


Brian

User avatar
MatGB
Creative Contributor
Posts: 3310
Joined: Fri Jun 28, 2013 11:45 pm

Re: Security warnings after downloading 0.4.5

#2 Post by MatGB »

It's not trying to access the internet, the game uses a server/client system to both support multiplayer and run the AIs, the client (the game window you use) needs to talk to the server (that does the actual running of the game in the background).

To do this it needs use ports that the firewall protects. So you need to let it through.

I'm currently sat in front of the TV using the kids Windows laptop instead of my Linux desktop and it's running RC1 fine with no security threats.

I have zero clue about keylogging or similar, that's never happened, Vezzra builds the Windows version on a secure box that, IIRC, isn't networked. It is always possible that something's sneaked in, or that the download got corrupted of course, especially given Sourceforge's recent, ahem, issues, but it's unlikely.
Mat Bowles

Any code or patches in anything posted here is released under the CC and GPL licences in use for the FO project.

defaultuser
Juggernaut
Posts: 854
Joined: Wed Aug 26, 2015 6:15 pm

Re: Security warnings after downloading 0.4.5

#3 Post by defaultuser »

I dug into the logs a bit. The IP address was 0.0.0.0 port 123456, so safe I guess. I just wonder why I had no problem for all this time, then two separate security programs (ThreatFire and Comodo) get hinky about the new build.

Brian

User avatar
MatGB
Creative Contributor
Posts: 3310
Joined: Fri Jun 28, 2013 11:45 pm

Re: Security warnings after downloading 0.4.5

#4 Post by MatGB »

Actually there is one thing, I recall when we switched to SDL for graphics some users got warnings, I did on one of my machines, over cautious antivirus.

It wouldn't have hit you before because you're using a year old release. I don't know specifically why it sometimes flags things up and it'd need someone more capable than me to dig into code.

It possibly might be worth putting a stronger advisory on the download page for Windows users as you'll virtually always get the firewall warning (I don't know why you didn't get one before I always did on a fresh install on Windows, but, well, antivirus is weird).
Mat Bowles

Any code or patches in anything posted here is released under the CC and GPL licences in use for the FO project.

defaultuser
Juggernaut
Posts: 854
Joined: Wed Aug 26, 2015 6:15 pm

Re: Security warnings after downloading 0.4.5

#5 Post by defaultuser »

I uninstalled the new version but still got warnings when running the older one. I ended up doing a system restore to before the install, removing 0.4.4, then reinstalling it. Things are back to no warnings.

I will think about what to do with the newer one. I don't like ignoring my security programs, so I'll need to look into things more.

Brian

User avatar
Vezzra
Release Manager, Design
Posts: 6095
Joined: Wed Nov 16, 2011 12:56 pm
Location: Sol III

Re: Security warnings after downloading 0.4.5

#6 Post by Vezzra »

Simple: check the installer package with a couple of AV programs. If the packages somehow got compromised, they should get flagged.

Are you sure you didn't get any warnings when you first tried 0.4.4? Maybe you gave the app access, but that of course doesn't carry over to the new version... like Mat said, Windows firewall should always complain, as the different processes of the app use TCP to communicate.

User avatar
Geoff the Medio
Programming, Design, Admin
Posts: 13587
Joined: Wed Oct 08, 2003 1:33 am
Location: Munich

Re: Security warnings after downloading 0.4.5

#7 Post by Geoff the Medio »

Should probably add a popup on windows the first time a game is started to warn about probably firewall / windows network access warnings...

defaultuser
Juggernaut
Posts: 854
Joined: Wed Aug 26, 2015 6:15 pm

Re: Security warnings after downloading 0.4.5

#8 Post by defaultuser »

Vezzra wrote:Are you sure you didn't get any warnings when you first tried 0.4.4?
Pretty sure, but I can never guarantee.

Brian

User avatar
Ouaz
Dyson Forest
Posts: 232
Joined: Wed Aug 13, 2014 7:21 pm
Location: France

Re: Security warnings after downloading 0.4.5

#9 Post by Ouaz »

defaultuser wrote:When I started a game, my firewall said FreeOrionCA.exe was trying to access the internet. No reason for that, so
I have two firewall programs on my PC (a paid one from my office, and the built-in Windows).

As far as I can remember, the two have always asked me the permission to start FreeOrionCA.exe.
I release every updated file under the CC-BY-SA 3.0 license.

defaultuser
Juggernaut
Posts: 854
Joined: Wed Aug 26, 2015 6:15 pm

Re: Security warnings after downloading 0.4.5

#10 Post by defaultuser »

I will revisit it this weekend. The server thing makes sense, and I can see how it could be interpreted by the firewall as an attempt to allow outside access. In fact, you can do that can't you for multi-player games? Not that I would, the main reason I was interested in FO was as an off and on solitary game, although I've gotten less sleep of late because it can be addicting to "hit the turn just one more time".

Post Reply