Does fulltilt own your OS security settings?

To: technology@fulltiltpoker

subject: fulltiltpoker.exe update enquiry

Hello,

The Fulltiltpoker.exe update of 10/30/09 (Australian time) has set off the following alarms, red flags and alerts within my operating system firewall and is repeatedly telling me that, normally, programs do not need to access physical memory.

I am extremely concerned that fulltilt, without seeking permission from me, may now be able to change the security settings of my operating system.

The alerts are as follows:

FULLTILTPOKER.EXE is trying to access physical memory.

The current security setting for FULLTILTPOKER.EXE does not permit this action.

Details

A program that has access to physical memory can potentially change any data currently stored in memory. This includes program instructions, data, and security settings. Normally programs do not need access to physical memory.

What should I do?

If FTP. EXE needs to access physical memory in order to function correctly and you trust this program, then choose allow. If you do not trust this program or the program does not need to access physical memory then deny it. If you are unsure, you can always deny access and run the program again if it is required.

FTP.EXE may be malicious. It may be attempting to affect other programs or the security of the system. Normally, programs do not need to access physical memory.

Inside the OSFirewall alert


Alert property
Alert property value
Technical explanation
Program Name
FULLTILTPOKER.EXE
A program running on your computer, which attempted an action that was detected by the OSFirewall.
Filename
FULLTILTPOKER.EXE
The filename of the program found on your computer.
Program Size
6647808
The size of the program executable file in bytes.
Program MD5
e2d08de517f59df131e28d3ed1162374
The MD5 hash, or number, that uniquely identifies the executable.
Smart Checksum
85d404794b635fba3e54f3f7146ab67c
The SKIMP hash, or number, that uniquely identifies the executable.
Date Modified
Oct-30-2009 10:56:26 AM
The date when FULLTILTPOKER.EXE was most recently modified.
Event Type
Physical Memory
The event involved accessing physical memory.
Sub Event Type
Unknown subevent type
The event subtype detected
Additional Info
�[V^A,�?^C^Y
Additional information about Unknown subevent type.


Could you please explain to me why FTP would require access the physical memory within my OS?

How will my blocking access to the physical memory by fulltilt affect my poker experience on the site?

Regards

xx_deucem_xx

More to follow..........................................

I'm interested in what they say, but only for curiosity sake.

I trust that there is no nefarious reason to access the physical memory. Maybe, ( and tbh, I hope this is the reason ) they need to do that to make sure that nobody is using illegal programs / websites etc. while they play.

Looking forward to how they respond.

WTF - Why not ask for my passwords as well?



Hello,

Thank you for contacting FTP Support.

In order to troubleshoot this issue, we would like you send us the below information. This will allow us to research the situation for you right away.

What operating system are you using? (Vista, Windows XP, 2000, XP, Mac)
What Internet browser are you using? (Internet Explorer, Firefox, Avant, Opera, etc.)
Does your internet browser have any add-ons or scripts installed?
Is there any security application Installed on your computer, If Yes please specify the name and version of each application.

Also please send us a screenshot of the error you receive. Just follow these five steps to send us a screenshot:

1) Press the "Print Scrn" button on your keyboard when the error is displayed.
2) Open Microsoft Paint by clicking "Start," "Programs," "Accessories," and then "Paint."
3) In the "Edit" menu, select "Paste."
4) In the "File" menu, select "Save" and save your file in JPEG (.jpg) format.
5) Return to your email account, attach the file to an email and send it to us.

Please ensure the file is less than 3 MB, as we are unable to receive files that exceed this size.

We sincerely apologize for the inconvenience, and appreciate your cooperation.

Regards,

******
Technical Representative
FTP Support




It was their update that caused this!!!

I don't see anything wrong with their questions seeing that you sought their technical assistance; you're clearly getting an error message/warning that not everyone is getting. I have the latest FT upgrade and none of my system protections are going off. Could it be that mine aren't detecting something they should be? Sure. Could it be that there is something in your detection that is registering a false positive? Sure.

After 65 views of this thread so far, no one has posted yet saying they are having this same problem or error message. Usually something of this nature would affect many people all at the same time and there would be a huge stink about it. Currently that isn't happening anywhere I can see (here, on FTP forum, via Google). So if there isn't mass hysteria over the latest patch, isn't it possible this is more a system specific issue or conflict opposed to some mass FTP conspiracy to hijack computers?

Of course it could be a legitimate issue and you just happen to be the one that found it, but for the time being there is no supporting evidence to this being an actual issue. I'd be interested to know what OS, browser, anti-virus, etc that you use. Those are all potential sources of system conflict and false positives for a variety of reasons. I guess my point is that based on the facts in evidence thus far don't be so quick to convict and instead work with to resolve.

So far, I haven't ever received a message such as that with FT updates. I have Vista on my computer. That is a lot of info needed though...it would be interesting to know why it's necessary. Try e-mailing their support team & ask. Please tell us what happens & what you find out.

There's nothing out of the ordinary about what they are asking for; those are fairly standard software conflict troubleshooting type questions. Most likely is that they are looking to see what combination of software is tripping up the system. Microsoft is notorious for bizarre conflicts because you happen to install patch A onto OS B while running antivirus C and sometype of malware application D which all of a sudden they cause some huge issue because of nothing more than a software compatability issue.

Standard imo.

What do you mean WTF, they have barely asked you anything.

I'm an Aussie also and I didn't have any problem with the update, so that cancels out any regional issues that you may think there is.
As JD said those are all standard fault finding questions, Stop being paranoid and give them what they ask for, Full Tilt doesn't want any of your private information, they have better things to do.

Thanks for your input everybody. I will let you know the outcome. this was my reply.
My "technical issue" is in direct relation to the update I mentioned but here is the information you requested.
What operating system are you using? (Vista, Windows XP, 2000, XP, Mac)
Windows XP
What Internet browser are you using? (Internet Explorer, Firefox, Avant, Opera, etc.)Does your internet browser have any add-ons or scripts installed?
Internet explorer 8 with NO add ons.
Is there any security application Installed on your computer, If Yes please specify the name and version of each application.
Zonealarm Security Suite version: 9.0.083.000
Could you please explain to me why FTP would require access the physical memory within my OS as no other program or application that I have ever had has required this level of access?
Also, FTP exeappears to run quite happily on my pc when I deny this facet of the application, which leads me to my second question:
How will my blocking access to the physical memory by fulltilt affect my poker experience on the site?
regards

....just from reading it..id say that your computer got a virus and caught on to this update...it happens quite regularly with programs, although ive not seen it with full tilt prior to this..
i had a problem about 2 weeks ago with facebook, it said it had to run some wierd program for sercurity reasons and stuff....but got n contact with facebook they apologised and said that its a virus using their name icons deatils etc to get on ur computer,...im pretty sure thats why..
although of course im just thinking, no proof at all...let us know the outcome..im interested

Interested in their answer but your OP said it was trying to "access physical memory" but your screen cap says it's trying to open a raw disk device????

FWIW

I have seen many posts on the web that certain Full Tilt Poker Updates cause certain Anti-Virus Programs, etc to alert users to Malicious Program, etc. My own computer has never had a warning, but I have seen this posted many times recently in poker forums.

I agree with JD.. They want to gather as much info as they can... If you called my IT Consulting company (when I had it), I would have asked you that many questions or more.... The more information the better.. FT wants to make sure they are not sending out updates with viruses attached, ect...

FTP has a history of some updates causing virus alerts. usually they are quickly fixed/recoded to end it.

My fav is getting the keyboard hook pop-up. But that's how they verify if you are using banned sites i guess. At least they don't try read your screen. But it's the only app/site I let hook my keyboard.

No word from Full tilt yet but I think I have figured it out.

I attempted to register for two seperate aussie freerolls without success after I had denied the application.

After a reboot and allowing the application I was able to register for the freerolls immediately.

This appears to be an app to verify country of origin.

There is still some stress on my part that Fulltilt has the ability to change my security settings and I am hoping to hear from them soon.

Full Tilt can't change your security settings.

Apparently they can, at least that is what my security software was telling me:

The alerts are as follows:

FULLTILTPOKER.EXE is trying to access physical memory.

The current security setting for FULLTILTPOKER.EXE does not permit this action.

Details

A program that has access to physical memory can potentially change any data currently stored in memory. This includes program instructions, data, and security settings. Normally programs do not need access to physical memory.


PROBLEM SOLVED!!!

Ok,

I found that without the offending application I was unable to link (connect) to anything on the web from the fulltilt sight.

I had huge problems with my p c because the application was chewing up my memory by the bucket load which may have been the fault of my video card as it was continually attempting to increase the virtual memory on my system.

How did I solve the problem??

I picked up a new laptop yesterday.

The new laptop does not have the same security software and so has allowed the program to download and run unimpeaded which is a bit of a worry.

Glad you solved your problem. It might go a long way if you updated FT about your findings.

I'd be in the camp that voted it was the particular security software you were using.

I would also argue that FT can not access any part of your system that would allow it to change security settings. XP is decent enough to prevent intrusion of the nature you seem concerned about. That particular security software however, may be able to report to you things which sound more ominous than reality suggests possible.

A program can only make these changes if you grant the access. Just keep an eye on your settings and make sure that nothing new pops in there. I check my security every so often and right after I read a thread like this. Just to make sure nothing new has poppoed into my firewall.

All Aussies have this problem? I'm in California and never once had a problem like this.

I play on my company lappy, if anything was wrong the security would not allow access to FT, trust me, cause there's 100's of client info worth millions on it.

I wouldn't worry about it.

I use TrendMicro and I finally had to go in and allow FTP full permission in order to quit getting the warnings. BTW, Stars does it to my Virus software, also. I can't imagine why it does it but also can't imagine that it should be cause for alarm. Can't wait to hear what they say.

I have never hand an issue with FTP ... I think it depends on your level of protection your running on your computer.

But would be interest to see what FTP has to say...

People, legitimate programs can cause this to happen. It's normal. You just have to configure the permissions for THAT program. Also, I think the thread title is wrong. A program accessing physical memory doesn't necessarily mean it's trying to change your security settings.

i recommend all of you a firewall, that always shows the details on each connection attempt of executables, so that you can block them if they are suspicious. i use norton internet security...