Two issues.

First, PMB was apparently set to continue running in the background. Turbine uses PMB and turns this functionality off by default. So should STO.

Second, this morning I got the following hits from Malwarbytes.

The IP address is from Moldova. I'm wondering if this is a legitimate IP address from Cryptic or PWI or not. (If so, why is it on MBW's block list?)




2012/01/27 11:11:55 -0800 IP-BLOCK 89.28.95.101 (Type: incoming, Port: 56578, Process: pmb.exe)
2012/01/27 11:20:30 -0800 IP-BLOCK 89.28.95.101 (Type: incoming, Port: 56578, Process: pmb.exe)
2012/01/27 11:31:12 -0800 89.28.95.101 (Type: incoming, Port: 56578, Process: pmb.exe)
2012/01/27 12:18:28 -0800 89.28.95.101 (Type: incoming, Port: 56578, Process: pmb.exe)

Pando acts as a limited P2P client in that it downloads the game to and from other users--but ONLY the game, no other files. It's possible that IP address in question is from an attempted upload/download of the game file.

Just my guess.

It's possible the IP is just in a restricted range, or a dynamic IP now held by a legitimate gamer, yes.

As to claims of Pando's security, I'll take those with a grain of salt. There's probably a reason that the sticky on this page uses the words "at your own risk" in regards to allowing the program past your firewall. They can't control it and are unwilling to vouch for it.

As to the first point, it's theft of bandwidth to leave the thing set to (or changing the setting in my case) run in the background without notifying the user.

I don't have a huge issue with the bandwidth myself, but other people on more restrictive plans have been burnt by this in the past. This is one reason Turbine changed the default setting to not do background downloads.