EA Games Rootkit - Pando Media Booter

[palindrome]

I installed NFS:World a month ago and this is what happened...

Check your computers, people. Pando Media Booster is a p2p client with no interface that runs in the background using any and all available bandwidth. I am limited by my service provider (ATT) to 150GB of data usage per month. The Pando Media Booster rootkit according to my calculations (based on testing, router bandwidth logs, and netlimiter) was consuming a whopping 3.2 gigabytes of data PER DAY.

This is theft. I will not stand for it. I hope that others will feel the same. My wife and I have suffered for the past month with horrible ping, slow webpages, and laggy gaming, all because EA feels the need to install rootkits on your computer to steal your internet bandwidth. THIS SHOULD BE ILLEGAL. Especially when you take into account those with ATT/Comcast accounts that have a set limit to the usage per month.

Heed this warning and boycott EA for their antics!

More into to come later...

 

[zokudu]

I would hardly call it a rootkit you can safely uninstall it and it is more than likely stated somewhere in the install. Hundreds of games use this software as a digital distribution method and you downloaded the game using the software from other people. If you don't want to use it uninstall it and move on with your life.

 

[DominionSeraph]

Damn.

http://www.pandonetworks.com/Pando-Download-Manager

Pando Download Manager

Rapid. Low cost. Highly reliable game delivery solution

Need to deliver a 2GB game to millions of users simultaneously around the world? The Pando Downloader was designed specifically to handle such server-crushing scenarios.


The Pando Download Manager uses an optimized managed content delivery cloud for the rapid and reliable delivery of gaming assets. The Downloader is available as a hybrid service enabling game developers and distributors to leverage the unparalleled rapid game delivery capabilities of peer-to-peer technology for the delivery of large game downloads to millions of consumer, both for today’s large MMO installers or massive game patch data pushes.

 

[AyashiKaibutsu]

I would hardly call it a rootkit you can safely uninstall it and it is more than likely stated somewhere in the install. Hundreds of games use this software as a digital distribution method and you downloaded the game using the software from other people. If you don't want to use it uninstall it and move on with your life.

Not a root kit, but it's definitely sneakily added to a lot of installs. I'm not against torrents for downloads like this, but this is done mostly behind peoples backs.

 

[zokudu]

Not a root kit, but it's definitely sneakily added to a lot of installs. I'm not against torrents for downloads like this, but this is done mostly behind peoples backs.

Its not like theres much choice in distributing large game binaries. It's either put your game on Steam and let the Steam servers take the brunt or use Pando and utilize the power of p2p filesharing.

 

[AyashiKaibutsu]

Its not like theres much choice in distributing large game binaries. It's either put your game on Steam and let the Steam servers take the brunt or use Pando and utilize the power of p2p filesharing.

That doesn't excuse them from putting forth effort to hide it in their installs, and pando doing as much to hide itself as it can without being overtly malicious.

 

[SunnyD]

And it's not an EA product either.

 

[palindrome]

And it's not an EA product either.

It came with the installation of an EA product....

 

[Merad]

Isn't just an EA thing. Unless they've changed it recently Turbine's downloader for LOTRO uses the same system.

 

[zokudu]

Tons of companies use it. Riot uses it for League of Legends as well.

 

[vshah]

they should have a disclaimer, and it should disable itself/prompt to uninstall once a 2.0 ratio is reached.

 

[palindrome]

I would hardly call it a rootkit you can safely uninstall it and it is more than likely stated somewhere in the install. Hundreds of games use this software as a digital distribution method and you downloaded the game using the software from other people. If you don't want to use it uninstall it and move on with your life.

Definition from google:
"A rootkit is software that enables continued privileged access to a computer, while actively hiding its presence from administrators..."

I don't recall giving Pando or EA permission to cripple my internet connection. What I said in the OP about my ping being bad isn't descriptive enough. When I pinged google from the command prompt, my average response was between 400ms and 800ms. Now that Pando is off, I get a consistent 33-34ms.

Just because it is easy to uninstall doesn't mean it isn't malicious. The software is designed to "[Run] as a secure transparent background service on your viewer's computer..." as advertised by Pando's website.

 

[palindrome]

Isn't just an EA thing. Unless they've changed it recently Turbine's downloader for LOTRO uses the same system.

Tons of companies use it. Riot uses it for League of Legends as well.

It doesn't make it right or non-malicious just because other companies use it. Under no circumstance should this be running in the background 100% of the time, whether I have the game client open or not. Software that runs outside of the game should have a separate EULA, just like the other billion pieces of software that bundle other things with it.

 

[zokudu]

Definition from google:
"A rootkit is software that enables continued privileged access to a computer, while actively hiding its presence from administrators..."

I don't recall giving Pando or EA permission to cripple my internet connection. What I said in the OP about my ping being bad isn't descriptive enough. When I pinged google from the command prompt, my average response was between 400ms and 800ms. Now that Pando is off, I get a consistent 33-34ms.

Just because it is easy to uninstall doesn't mean it isn't malicious. The software is designed to "[Run] as a secure transparent background service on your viewer's computer..." as advertised by Pando's website.

You didn't finish that quote:

A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.

It does not alter your Operating Systems functionality nor affect other applications directly.

Also it may not be in the EA launcher but this screen is in every other Pando Media game I have ever run:

which is an agreement to install Pando Media Booster. By the way that agreement reads in full:

This Downloader uses Pando Media Booster to download XXX Game. When you use this Downloader, you install Pando Media Booster and participate in a secure, closed peer-to-peer network where you receive pieces of the download package from a Content Delivery Network (CDN) as well as other active users (peers). In addition you send pieces of the download package installer to other peers participating in the secure peer-to-peer network. No other files can be shared on your computer via Pando Media Booster and your computer is never used as a relay nor for transient storage of content you did not wish to download. However, please note that in its default configuration Pando Media Booster may automatically upload certain files or components of files that you have previously consented to download via Pando Media Booster. More information about Pando Media Booster and how to manage it, including how to alter the default configuration to prevent or regulate uploading or to uninstall, can be found at http://pandonetworks.com/pmb-faq . To accept the Terms of Use for Pando Media Booster, install Pando Media Booster and start the download click "I Agree".

 

[chihlidog]

I stopped playing LOTRO altogether because of Pando.

 

[palindrome]

You didn't finish that quote:

It does not alter your Operating Systems functionality nor affect other applications directly.

Also it may not be in the EA launcher but this screen is in every other Pando Media game I have ever run:

which is an agreement to install Pando Media Booster. By the way that agreement reads in full:

I think you are completely missing the point of this. Pando was indiscriminately utilizing 100% of my upload bandwidth at all times. Other than psychically knowing that PMB.exe was utilizing all of my available bandwidth. So it did, in fact alter my OS's functionality and affected every application that needed internet (Netflix, browsing the web, games, etc). Yes, this rootkit was probably mentioned in the EULA somewhere. I can honestly say I didn't ready. Typically, garbage like this has a separate TOS/EULA with little check boxes that are pre-check and you can opt out by deselecting the boxes. I'm sure that 99% of people who install software never read the EULA. However, I, like most other people, have realistic expectations of what software is supposed to do for you and what it will do to your computer as a result. Nowhere in the agreement you posted above does it warn you Pando will utilize your entire bandwidth, crippling your ability to even use the internet.

Call me a noob or whatever you like. I'm just trying to help people to become aware of this potentially running in the background.

Also, I wasn't trying to be deceitful with the quote.

 

[paperfist]

Does it continue to run after you have downloaded your own game?

 

[Zenoth]

Only one of my games uses Pando, after the game installed I uninstalled Pando itself and the game works properly which is all I wanted. It's always a good reflex to check what applications run in the background from time to time. I "discovered" that it was running in the background simply by doing my weekly (more or less, just a reflex I developed over time) check on my active processes and background-running applications with the default Task Manager, HighJackThis and CCleaner. When I saw that I checked for the application's path on my drive and found out about it that way, since it wasn't mentioned during the installation of the game that I would install Pando, and that it would run in the background.

But thankfully, I could just uninstall it. Curiously though, in my case, my bandwidth was fine while Pando ran in the background, it did so for maybe a few days I guess, perhaps a week at most after I installed the game (and I'm always connected online, unless I reset my computer or my modem from time to time). So even though it was "running" in the background it really never negatively affected my internet connection's speed, I merely discovered it by doing some routine maintenance around, otherwise I don't think I would have ever noticed it.

 

[s44]

LOL

These days, for the internet complaint brigade,

rootkit = "anything I dislike and want to scare people about"

In fact, he might have some legit complaint buried in here, but the overblown outrage (and lack of understanding as to what "privileged" means) makes it impossible to take seriously.

 

[zokudu]

I think you are completely missing the point of this. Pando was indiscriminately utilizing 100% of my upload bandwidth at all times. Other than psychically knowing that PMB.exe was utilizing all of my available bandwidth. So it did, in fact alter my OS's functionality and affected every application that needed internet (Netflix, browsing the web, games, etc). Yes, this rootkit was probably mentioned in the EULA somewhere. I can honestly say I didn't ready. Typically, garbage like this has a separate TOS/EULA with little check boxes that are pre-check and you can opt out by deselecting the boxes. I'm sure that 99% of people who install software never read the EULA. However, I, like most other people, have realistic expectations of what software is supposed to do for you and what it will do to your computer as a result. Nowhere in the agreement you posted above does it warn you Pando will utilize your entire bandwidth, crippling your ability to even use the internet.

Call me a noob or whatever you like. I'm just trying to help people to become aware of this potentially running in the background.

Also, I wasn't trying to be deceitful with the quote.

How does this not mean it can utilize your bandwidth?

In addition you send pieces of the download package installer to other peers participating in the secure peer-to-peer network.
...
However, please note that in its default configuration Pando Media Booster may automatically upload certain files or components of files that you have previously consented to download via Pando Media Booster.

Not only that, it does have its own seperate TOS for Pando just because you did not read it and did not double check the program does not make the program a "rootkit".

Does it continue to run after you have downloaded your own game?

Yes its a p2p setup like a torrent. Once you have finished downloading your software it seeds it to other people who are downloading it. If everyone just removed it or it only ran on install that defeats its purpose, to distribute the software without requiring the providing company to take on the large expense of digital distribution.

 

[Via]

I stopped playing LOTRO altogether because of Pando.

Yeah, so did I. I had some problems with it a while back; I don't remember specifically what they were but I do remember that my searches led me to unistall the whole thing because of that peice of software.

In fact - iirc I ended up doing a reformat/re-install shortly afterwards because of continued problems/wonkiness.

 

[Dankk]

Ah, Pando Media Booster. Correct... it's not an EA-only thing. I remember installing APB: Reloaded when it went into open beta last spring, and it came with Pando. Thing was, I could uninstall it with no penalty whatsoever and keep playing the game. They don't seem to care if you uninstall it, it makes no difference. I guess they just depend on people who are less computer literate and would never figure out that it's installed.

To be honest, I think it came with the price of being free-to-play. Publishers use it so they can save money on bandwidth and have the consumers use their own bandwidth to distribute the game instead. I can see why.

 

[MarkLuvsCS]

To be honest, I think it came with the price of being free-to-play. Publishers use it so they can save money on bandwidth and have the consumers use their own bandwidth to distribute the game instead. I can see why.

Bittorent is a popular P2P network among large companies now. Blizzard and SWTOR Beta client definitely use it. Bittorrent has enough modifications to have the companies run their own trackers, use CDN networks to help the aggregate bandwidth. I'm pretty sure companies would have to license with bittorrent to use it, but at least the clients allow rates to be set fairly easily to ensure a stable connection.

I hope more companies can be a bit open about their P2P bandwidth sharing networks so users won't have to guess what's going on with their connection.

 

[palindrome]

Does it continue to run after you have downloaded your own game?

Yes, it runs all of the time, whether you open the game or not. It is set to run in the background on startup. The only thing that clues you into the fact that it is running is that anything using the internet will be slow.

 

[palindrome]

How does this not mean it can utilize your bandwidth?

Show me the section that it says it will make your internet connection almost unususable due to it being designed to utilize, not just some bandwidth, but all of the bandwidth available all the time.

Not only that, it does have its own seperate TOS for Pando just because you did not read it and did not double check the program does not make the program a "rootkit".

Going to their website to investigate is not the same as a separate window popping up during installation to alert you of this completely separate piece of software.

Yes its a p2p setup like a torrent. Once you have finished downloading your software it seeds it to other people who are downloading it. If everyone just removed it or it only ran on install that defeats its purpose, to distribute the software without requiring the providing company to take on the large expense of digital distribution.

I think after I've uploaded over 100GB worth of data I've done my part. The game is only about a 2GB download for NSF:W. Plus, the game is hardly F2P. Without paying for microtransactions, it makes it almost impossible to progress in the game.

zokudu, you almost speak as though you represent Pando...