Two Questions with FC and BS

[FlankerFan2012]

hi all,

 

I have not played FC regularly. I miss flying around in the su27 online however I have two issues with FC.

 

1) Security: Is it possible for LUA to install viruses? LUA has the ability to write files, which in itself could be used to spread a virus. From looking up on LUA, I also found that lua can execute programs with os.execute. If this is implemented in FC, this is a very serious issue as anyone hosting a server could get the LUA script to download a file then execute it on the client's computer. FC itself could be used as a "backdoor".

 

The reason I ask this is on two separate occasions my computers failed when running FC. Both instance was a motherboard failure. I'm guessing that either FC has a bottleneck within the BUS that made the mobo's fail, or I might have picked up a LUA virus since in both situations I was on an unfamiliar server. The latest mobo to fail was a Gigabyte usb-3-770t running an AMD Phenom x4 965 be.

 

2) Asthetic: Why is it that FC doesn't maximize usage of either the GPU or the CPU? When FC is running, it uses an average of 28% of the cpu (28% of the 4 cores of an i5 2500k, 100% of 1 core plus a bit on the other cores). It uses about 60% of the GPU. Mozilla Firefox can max out all cores on the CPU but FC cannot.

 

 

 

Thanks in advance and Cheers!

FlankerFan2012

[cichlidfan]

I have a question about item one. The way I am reading it, you're MB failures are either the result of FC causing it somehow or a virus you picked up while running FC online. How exactly did you narrow it down to just those two scenarios?:music_whistling:

[Slayer]

1) Even if it could a virus causing a hardware failure is highly unlikely. More likely is that the sim was loading up the hardware and a weak component caused said failure. In my experience most motherboard failures come from poor/cheap power supplies.

 

2) The game is mostly a single threaded application(I think the sound runs on a different core) so you don't really benefit from having more cores. You benefit from higher single threaded app performance, be it higher Ghz or newer gen processors with better pipelining etc.

 

That being said the GPU has time waiting for data from the CPU so it doesn't get to 100%

 

Certain options in the graphics are CPU dependent and certain options are GPU dependent. You can probably turn up some of the eye candy if you only have 60% usage and have a better looking game with little FPS hit. There is a post from one of the developers that explains which options are CPU or GPU dependent but I can't seem to find it.

 

Edit here it is: http://forums.eagle.ru/showthread.php?t=75097

Edited April 24, 2012 by Slayer

[FlankerFan2012]

1) Even if it could a virus causing a hardware failure is highly unlikely. More likely is that the sim was loading up the hardware and a weak component caused said failure. In my experience most motherboard failures come from poor/cheap power supplies.

 

2) The game is mostly a single threaded application(I think the sound runs on a different core) so you don't really benefit from having more cores. You benefit from higher single threaded app performance, be it higher Ghz or newer gen processors with better pipelining etc.

 

That being said the GPU has time waiting for data from the CPU so it doesn't get to 100%

 

Certain options in the graphics are CPU dependent and certain options are GPU dependent. You can probably turn up some of the eye candy if you only have 60% usage and have a better looking game with little FPS hit. There is a post from one of the developers that explains which options are CPU or GPU dependent but I can't seem to find it.

 

Edit here it is: http://forums.eagle.ru/showthread.php?t=75097

 

So, even if it's unlikely that it was a virus, is it still a security hole? I feel that "security through obscurity" or just trusting that everyone that plays FC is trustworthy is dangerous. I do doubt a virus caused the hardware failures, but it raises the question of how safe LUA is.

 

Regarding power supply: the power supply was a mid range psu, rated at 700W, more than the computer would ever pull, and since the CPU and GPU never pulled that much when running FC, I'm sure the PSU was well below 700W (CPU 125W, GPU max 400W, but if W usage is linear, only 60% of 400W, 240W). Noise in the PSU could have been an issue, but was never an issue with any other game, most of which maxxed out GPU and/or CPU.

 

Regarding performance, I have everything maxxed graphics wise, and I get lows 50 fps and usually above 65 fps on quick missions.

 

I have a question about item one. The way I am reading it, you're MB failures are either the result of FC causing it somehow or a virus you picked up while running FC online. How exactly did you narrow it down to just those two scenarios?

 

Just deduction. If you have a counterexample, please share. Sure, like Slayer said, it could have been a PSU issue, but why would FC, a piece of software that doesn't even max gpu or cpu, tax the PSU the hardest? Usually when benchmarking a system, the harder you push it, the more likely it is to fail.

 

Both of these computers that failed while running FC could run many other types of games just fine. FC never even maxxed out the phenom x4 nor it's GPU.

[FlankerFan2012]

Just tested. os.execute works in export.lua. I'm not sure what files get downloaded from server to client, will check on this later.

 

function LuaExportStart()
-- Works once just before mission start.

-- Make initializations of your files or connections here.
-- For example:
-- 1) File
--  local file = io.open("./Temp/Export.log", "w")
--  if file then
--    io.output(file)
--  end
-- 2) Socket
--  package.path  = package.path..";.\\LuaSocket\\?.lua"
--  package.cpath = package.cpath..";.\\LuaSocket\\?.dll"
--  socket = require("socket")
--  host = host or "localhost"
--  port = port or 8080
--  c = socket.try(socket.connect(host, port)) -- connect to the listener socket
--  c:setoption("tcp-nodelay",true) -- set immediate transmission mode

   os.execute( "notepad.exe" );
   
end

[GGTharos]

No executable LUA is downloaded from server to client in FC2.

[EtherealN]

If you have a counterexample, please share.

 

Here's one candidate: being online.

 

Seriously, this has sometimes been enough. I once (back in the XP days) ran a fun experiment and connected a computer to the internet without AV and without firewall. It took 10 minutes before it was infected by it's first virus. And note - all I did was connect, I didn't actually browse the web... Your system can be attacked simply through an automated program testing every IP adress it can randomly generate (that is: all of them) and testing a range of vulnerabilities known to the creator of said program, and if it finds a machine that has one of these vulnerabilities it'll automatically send a payload. This is less of a problem nowadays, but I wouldn't be surprised if it still goes on. And of course, having AV and FW's on is helpful, but not 100%.

 

There's also been an upsurge in attacks via proxy; for example, someone spends a lot of time manually attacking the servers of an internet advertisement agency and drops a payload into those system. Then the attack will be attempted every time anyone browses to any site that purchases advertisement services from that company - and if the browser is vulnerable, your system is toast.

 

Sure, like Slayer said, it could have been a PSU issue, but why would FC, a piece of software that doesn't even max gpu or cpu, tax the PSU the hardest? Usually when benchmarking a system, the harder you push it, the more likely it is to fail.

 

It's not necessarily about "taxing" the PSU hardest. PSU's do a lot of fancy stuff with a lot of separate rails and funny things can happen. Not sure I rate the PSU trail as high on a list of suspects though, more detailed information would be needed. I generally don't rate hardware failures as extremely indicative of virus infection though. It's certainly possible, but just like biological viruses there is usually little to gain from breaking the host. And causing component failure isn't the easiest thing to do anyhow. You can make a mess of an OS and cause weird behaviour, including BSODs and so on, but physical failure of components isn't easy. Not impossible, but not easy either. Of course, PSU problems on the other hand very much can cause things to fry. But so can malfunctions in other components as well.

[GGTharos]

So, even if it's unlikely that it was a virus, is it still a security hole? I

 

Not in FC2.

 

Regarding power supply: the power supply was a mid range psu, rated at 700W, more than the computer would ever pull, and since the CPU and GPU never pulled that much when running FC, I'm sure the PSU was well below 700W (CPU 125W, GPU max 400W, but if W usage is linear, only 60% of 400W, 240W). Noise in the PSU could have been an issue, but was never an issue with any other game, most of which maxxed out GPU and/or CPU.

The spec don't matter if the PSU is failing and supplying uneven voltage. That would easily lead to BSODs. Are you overclocking?

 

Just deduction. If you have a counterexample, please share.

Probabilistic inference is superior to any kind of deduction in this case.

 

Both of these computers that failed while running FC could run many other types of games just fine. FC never even maxxed out the phenom x4 nor it's GPU.

It can also be an interaction between FC, DX and GPU drivers.

[cichlidfan]

Thanks Ethereal and GG! This just reminds me of the common complaint when I worked in IT.

 

"It can't be broken. It was working fine yesterday."

 

Parts fail when they are ready to fail, the program you are running when it happens is rarely at fault.

[Slayer]

Try loading an old copy of XP pre SP1 on a computer and connect it to the internet You'll be amazed by how fast it is compromised.

 

I did a clean install once of my GF's computer after a hardrive failure so it was a clean disk. Installed the XP that it had come with and went out to do yardwork for a few hours while I downloaded drivers and updates and such from windows update. No other sites were connected to. By the time I came back in there were already popups on the screen and the computer was infected. Something pushed through and proceded to download 20 or so more viruses and malware programs. You couldnt close windows or kill processes fast enough. Lesson learned....

[FlankerFan2012]

No executable LUA is downloaded from server to client in FC2.

 

Ok so if no LUA is downloaded to the client, that is good to hear!

 

Here's one candidate: being online.

 

I totally agree. My firewall gets hit from spots in China all the time. I also read these IPs might be "borrowed" from North Korea, but that's just someone's theory.

 

Anyways, I usually run at least Windows Firewall, if not a better firewall that blocks both incoming and outgoing.

 

You can make a mess of an OS and cause weird behaviour, including BSODs and so on, but physical failure of components isn't easy

 

I read something about a virus that would flash hardware. I was thinking the virus was something like an old email bomb, with the intent of disabling the computer.

 

Regarding the PSU, yeah they were mid range PSUs. I went for a corsair PSU this time, just to be safer.

 

So, issue is solved regarding the security issue. If GG says no LUA files are transferred, then the LUA scripts should not be a security hole in the method I mentioned.

 

Thanks for the replies guys!

 

Cheers!