• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Is my graphics card spyware?

Associate
Joined
30 Nov 2005
Posts
156
I just updated all the software and drivers for my ATI graphics card, and i'm puzzled.

Why is it every time i fire up the new catalyst software for a tinkering it does an ET and calls 194.74.65.68

Every time i fire it up, poof, off it goes calling home again. I can rule out any auto updating because you have to go and get the Catalyst software from them, it don't come to you. It seems to be one way traffic.

Can someone with better knowledge of ATI and the Catalyst software please explain why it needs to ring home via a third party website every time i open up.
 
Nope, no banners or spyware. Run Adaware, Spybot, and norton, and visited Housecall for luck.

This is my ATI graphics card driver software, and ATI have a bloody cheek. The only thing i can think of is spyware in the drivers. The worst thing is there is no way to switch the attempted connections off except by the firewall.

Category: Firewall
Date,User,Message,Details
17/01/2006 18:45:42,Supervisor,"Rule ""ATI Technologies Catalyst Control Centre"" permitted (194.74.65.68,domain(53)).","Rule ""ATI Technologies Catalyst Control Centre"" permitted (194.74.65.68,domain(53)). Outbound UDP packet. Local address,service is (DENNIS(86.137.91.241),0). Remote address,service is (194.74.65.68,domain(53)). Process name is ""C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe""."
17/01/2006 18:45:42,Supervisor,An instance of "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" is preparing to access the Internet.,An instance of "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" is preparing to access the Internet.
17/01/2006 18:45:33,Supervisor,"Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (86.137.5.217,microsoft-ds(445)).","Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (86.137.5.217,microsoft-ds(445)). Inbound TCP connection. Local address,service is (DENNIS(86.137.91.241),microsoft-ds(445)). Remote address,service is (86.137.5.217,1251). Process name is ""System""."
17/01/2006 18:45:30,Supervisor,"Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (86.137.5.217,microsoft-ds(445)).","Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (86.137.5.217,microsoft-ds(445)). Inbound TCP connection. Local address,service is (DENNIS(86.137.91.241),microsoft-ds(445)). Remote address,service is (86.137.5.217,1251). Process name is ""System""."


Lively little gits whatever they're up to
 
These are the two lines that are important:

17/01/2006 18:45:42,Supervisor,"Rule ""ATI Technologies Catalyst Control Centre"" permitted (194.74.65.68,domain(53)).","Rule ""ATI Technologies Catalyst Control Centre"" permitted (194.74.65.68,domain(53)). Outbound UDP packet. Local address,service is (DENNIS(86.137.91.241),0). Remote address,service is (194.74.65.68,domain(53)). Process name is ""C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe""."
17/01/2006 18:45:42,Supervisor,An instance of "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" is preparing to access the Internet.,An instance of "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" is preparing to access the Internet.

The other two are standard Windows filesharing, another computer was trying to access your shares (if any) and was rightfully blocked by your firewall. As for the ATI thing, I don't know. It could be trying to check if you have the latest drivers, or it could be more sinister and sending usage data.

No spyware apps will pick this up btw - the file thats doing the work is the .NET version of the Java Virtual Machine. Basically its a legit file, and Internet access is a standard capability. How that Internet access is used is the potentially dangerous part.
 
It gets more sinister. The whole firewall log is down to one action, firing up ATI's Catalyst Control Centre, even the incoming stuff. I cleared the log three times and repeated it. I'm building two systems at the moment, and boy am i glad the firewall alarmed out before i went shopping for a couple of cards.

Untill ATI can come up with a reasonable excuse i think i'll treat their products like i would the lurgy, and avoid them at all costs. Pitty about that, i think their latest cards are awsome.
 
Found this on ATI's site:

http://www.ati.com/products/catalystcontrolcenter/faq.html#10

Q9: Why does the Catalyst® Control Center open network connections on my system?
A9:

The architecture of the Catalyst® Control Center is based on the client-server model, and uses the Microsoft® .NET framework as its foundation.
The Catalyst® Control Center run-time (which could include 3rd party plug-ins), acts as the server component and provides the interface between the display driver and the client component, also known as the Catalyst® Control Center user-interface (which could be ATI only, 3rd party only, or a combination of both). This extremely flexible architecture requires the run-time and server components of the Catalyst® Control Center to communicate with one another via network messages. It is very important to note that all Catalyst® Control Center communications that use the .NET channels are “localhost” only, which means there is absolutely no connection to outside non-local systems. Unfortunately users may see warnings from various firewalls, as most firewall software is unable to differentiate between “localhost” and “outside” connections.


Q10: Why does the Catalyst® Control Center require 3 “CLI.exe” files as well a “Preview.exe” file?
A10: The Catalyst® Control Center has been separated into different components (a unique instance of CLI.exe per component) because it allows us to tune the characteristics of the process instance to the type of component. One component is called the “Runtime”, which acts as a server to all of the other client components. The two other client components are the “User-Interface” and the “System Tray”. The client “CLI.exe”s are tuned differently to enhance performance; the “User-Interface” client is optimized to run for short periods of time, whereas the “System Tray” client is designed to run for long periods of time. The “preview.exe” file (used for the 3D preview) is a based on the Win32 process (whereas the rest of the Catalyst® Control Center is based on the .NET framework), and is strictly an OpenGL application. Note that the preview “preview.exe” process is used only when the “User-Interface” is operating, and is ended as soon as the Catalyst® Control Center is closed.

Although hat seems to indicate that it doesn't try to communicate outside of your network.
 
Dennisthemenace said:
194.74.65.68 is well outside my stand alone computer, and CLI.exe tried to jump ship more than once.

If your PC is on the internet it's far from a "standalone" system. It's part of the worlds largest network.
It's a 'network' (.net) application and as such it's querying your DNS server to lookup the IP address of your system. ( (DENNIS(86.137.91.241),0). )
 
Back
Top Bottom