comcrap

[tom]

Pretty sleazy way of trying to get me to DL their norton bloatware:

"Dear Comcast Customer,
The Constant GuardT service has identified that one or more of your
computers may be infected with a Bot. Please read on.

A Bot, also referred to as malicious software or malware, is used to gain
control of your computer, typically without your knowledge. Online criminals
can use Bots to collect your personal and private data, such as Social
Security numbers, bank account information, and/or credit card numbers by
monitoring your keystrokes. This can lead to identity theft and fraud.

We strongly recommend you go to the Comcast Constant Guard Center at
https://constantguard.comcast.net for instructions to help you remove the
Bot from your computer(s). We also advise that you keep your computer(s)
protected by performing regular Operating System updates and by using Norton
Security Suite anti-virus software.

If you would like to learn more about Constant Guard, please visit
http://security.comcast.net/constantguard.


Sincerely,

Comcast Customer Security Assurance"

 

[Virus Guy]

Pretty sleazy way of trying to get me to DL their norton bloatware:

"Dear Comcast Customer,
The Constant GuardT service has identified that one or more of
your computers may be infected with a Bot. Please read on.

You've just made a total fool of yourself, by announcing to the world
that your ISP has determined that a computer you own at home is infected
with malware and is part of a botnet - and you obviously didn't know
it. How does it feel that your ISP knows more about your computers than
you do?

And what's worse, you're improperly understanding comcrap's e-mail to
you primarily as a solicitation to download AV software instead of what
the e-mail is really telling you - that you're a failure at being a
competent computer user by failing to keep malware off your computer.

Congratulations - you are now officially part of the problem.

Read the following to enlighten yourself:

http://www.dslreports.com/forum/r24869514-Update-to-the-Comcast-Constant-Guard-Program

 

[idbeholda]

Pretty sleazy way of trying to get me to DL their norton bloatware:

"Dear Comcast Customer,
The Constant GuardT service has identified that one or more of your
computers may be infected with a Bot. Please read on.

A Bot, also referred to as malicious software or malware, is used to gain
control of your computer, typically without your knowledge. Online criminals
can use Bots to collect your personal and private data, such as Social
Security numbers, bank account information, and/or credit card numbers by
monitoring your keystrokes. This can lead to identity theft and fraud.

We strongly recommend you go to the Comcast Constant Guard Center athttps://constantguard.comcast.netfor instructions to help you remove the
Bot from your computer(s). We also advise that you keep your computer(s)
protected by performing regular Operating System updates and by using Norton
Security Suite anti-virus software.

If you would like to learn more about Constant Guard, please visithttp://security.comcast.net/constantguard.

Sincerely,

Comcast Customer Security Assurance"

If you're interested, I have one up that is free and available for
anybody to use @ http://www.tot-ltd.org/TT-Livescan.rar. The current
version makes use of 3 databases (blacklist, whitelist and default
port list) that has a combined total of over 40 million definitions.
The download is only 100KB in size (uncompressed to approximately
1.7MB in size). You will need winrar, and a few vb6 runtime files
installed.

 

[Buffalo]

tom wrote: [snip]
Congratulations - you are now officially part of the problem.

Read the following to enlighten yourself:

http://www.dslreports.com/forum/r24869514-Update-to-the-Comcast-Constant-Guard-Program

Did you read it? It basically says you 'may' have a bot. One guy running
Linux with a clean system got the same bs warning from Comcast.
Sounds more like a promotional deal (SPAM) than anything eles.
Don't you actually think so?
Buffalo

 

[tom]

You've just made a total fool of yourself, by announcing to the world
that your ISP has determined that a computer you own at home is infected
with malware and is part of a botnet - and you obviously didn't know
it. How does it feel that your ISP knows more about your computers than
you do?

You've got more confidence in comcrap than I do. I'm not sure who the naive
fool is here.

 

[FromTheRafters]

You've got more confidence in comcrap than I do. I'm not sure who the
naive fool is here.

Indeed. If they had evidence of infestation, wouldn't just block the
offending client until it got cleaned - not try to sell them an AV program?

 

[Ron]

Indeed. If they had evidence of infestation, wouldn't just block the
offending client until it got cleaned - not try to sell them an AV program?

NAV is free for CC users.

 

[David H. Lipman]

From: "Ron" <[email protected]>


| NAV is free for CC users.

So ?
Is it worth it even if its free ? Most would say, NO.

 

[Ron]

From: "Ron" <[email protected]>





| NAV is free for CC users.

So ?
Is it worth it even if its free ?  Most would say, NO.

That's not the point. The word "sell" was used. CC isn't trying to
sell NAV.

Also, I just read an article a couple of months ago that stated that
NAV 2010 is no longer a resource hog. In fact they did a side by side
comparison with Avira free and the results on resources were almost
identical.

 

[David H. Lipman]

| That's not the point. The word "sell" was used. CC isn't trying to
| sell NAV.

| Also, I just read an article a couple of months ago that stated that
| NAV 2010 is no longer a resource hog. In fact they did a side by side
| comparison with Avira free and the results on resources were almost
| identical.

I'm not so sure about that. It is a good marketing ploy not unlike the so-called tripple
play for $99.00/month but that's for one year and they don't tell you what it will cost 12
months later only but they are eager to tell you "but you can cancel". Yeah AFTER you
have it installed and you are used to it. Same way with NAV. You'll pay AFTER its
initial free period which I'm sure is in the fine print. I'm sure there is some form of
percentage that Comcast makes from Symantec either for the number of downloads or the
number of users who eventually pay for the product.

Glad that they compared NAV's resource utilization and its improved. Too bad NAV's catch
rate hasn't.

 

[Ron]

| That's not the point. The word "sell" was used. CC isn't trying to
| sell NAV.

| Also, I just read an article a couple of months ago that stated that
| NAV 2010 is no longer a resource hog. In fact they did a side by side
| comparison with Avira free and the results on resources were almost
| identical.

I'm not so sure about that.  It is a good marketing ploy not unlike theso-called tripple
play for $99.00/month but that's for one year and they don't tell you what it will cost 12
months later only but they are eager to tell you "but you can cancel".  Yeah AFTER you
have it installed and you are used to it.  Same way with NAV.  You'llpay AFTER its
initial free period which I'm sure is in the fine print.  I'm sure there is some form of
percentage that Comcast makes from Symantec either for the number of downloads or the
number of users who eventually pay for the product.

When MSN was my ISP I got McAfee Antivirus and Webroot Spy Sweeper for
free. Now that I'm using Road Runner that offer CA Internet Security
Suite (which sucks) for free. No fine print. FREE.

My father also had a free security suite offer when he was with AT&T
(don't recall what it was). He just switched to CC a couple of months
ago and he mentioned the NAV free offer to me. He didn't mention any
fine print. Not that it matters, he uses Avira free.

Glad that they compared NAV's resource utilization and its improved.  Too bad NAV's catch
rate hasn't.

I wouldn't know. Avira is all I need.

 

[G. Morgan]

I wouldn't know. Avira is all I need.

++1

 

[Virus Guy]

The main point was that Comcrap sends out 2 different e-mails:

1) Informs customers that Comcrap intends to perform network monitoring
and inform them if it detects bot-like activity from the customer
computers.

2) Informs specific customers that bot-like activity *has* been detected
on their account, and solicits / offers them a software solution to
remedy the situation.

Many people confuse e-mail #1 as being equivalent to e-mail #2.

Our OP here seems to have received e-mail #2.

It's far fetched to believe that Comcrap would be sending e-mail #2 not
because it actually did detect bot activity but instead to solicit some
sort of extra revenue from the sale of software.

It's my perception that big ISP's that have millions of customers
generally have turned a blind eye away from trying to detect obvious
mal-activity on the part of their subscribers because the problem of
resolving individual incidents was just too major and costly from a
service point of view, so the ISP's basically did nothing about it
because of the futile nature of the excercise.

Automating mal-activity detection and resolution is obviously needed
when you have millions of customers, and Comcrap appears to be doing
just that.

And by the way, does Comcrap still allow out-bound SMTP connections on
port 25, or have they finally blocked that from their dynamic
residential IP pools?

 

[David H. Lipman]

From: "Virus Guy" <[email protected]>

| The main point was that Comcrap sends out 2 different e-mails:

| 1) Informs customers that Comcrap intends to perform network monitoring
| and inform them if it detects bot-like activity from the customer
| computers.

| 2) Informs specific customers that bot-like activity *has* been detected
| on their account, and solicits / offers them a software solution to
| remedy the situation.

| Many people confuse e-mail #1 as being equivalent to e-mail #2.

| Our OP here seems to have received e-mail #2.

| It's far fetched to believe that Comcrap would be sending e-mail #2 not
| because it actually did detect bot activity but instead to solicit some
| sort of extra revenue from the sale of software.

| It's my perception that big ISP's that have millions of customers
| generally have turned a blind eye away from trying to detect obvious
| mal-activity on the part of their subscribers because the problem of
| resolving individual incidents was just too major and costly from a
| service point of view, so the ISP's basically did nothing about it
| because of the futile nature of the excercise.

| Automating mal-activity detection and resolution is obviously needed
| when you have millions of customers, and Comcrap appears to be doing
| just that.

| And by the way, does Comcrap still allow out-bound SMTP connections on
| port 25, or have they finally blocked that from their dynamic
| residential IP pools?

I agree with "...resolving individual incidents was just too major and costly from a
service point of view..." in general and not specifically with malicious activity.

The switch from TCP port 25 to TCP port 587 is pretty much industry wide and universal
now.

 

[Virus Guy]

The switch from TCP port 25 to TCP port 587 is pretty much
industry wide and universal now.

The SMTP server at $Dayjob receives mail from the external world ONLY on
port 25, and it's still the world-wide default port in that sense.

Hence my question about Comcrap doing the responsible thing - which is
to block their infected home subscribers from sending direct-to-mx spam
on port 25 to the outside world, like some major ISP's have been doing
for at least 5 years now.

 

[Virus Guy]

The switch from TCP port 25 to TCP port 587 is pretty much
industry wide and universal now.

The SMTP server at $Dayjob receives mail from the external world ONLY on
port 25, and it's still the world-wide default port in that sense.

Hence my question about Comcrap doing the responsible thing - which is
to block their infected home subscribers from sending direct-to-mx spam
on port 25 to the outside world, like some major ISP's have been doing
for at least 5 years now.

 

[Virus Guy]

The switch from TCP port 25 to TCP port 587 is pretty much
industry wide and universal now.

The SMTP server at $Dayjob receives mail from the external world ONLY on
port 25, and it's still the world-wide default port in that sense.

Hence my question about Comcrap doing the responsible thing - which is
to block their infected home subscribers from sending direct-to-mx spam
on port 25 to the outside world, like some major ISP's have been doing
for at least 5 years now.

 

[Virus Guy]

Ignore the tripple post (temporary problem between my NNTP client and
AIOE)

 

[David H. Lipman]

From: "Virus Guy" <[email protected]>


| The SMTP server at $Dayjob receives mail from the external world ONLY on
| port 25, and it's still the world-wide default port in that sense.

| Hence my question about Comcrap doing the responsible thing - which is
| to block their infected home subscribers from sending direct-to-mx spam
| on port 25 to the outside world, like some major ISP's have been doing
| for at least 5 years now.

I don't have Comcast (thank G-d) but a search for that answer shows - YES.

 

[Whoever]

When MSN was my ISP I got McAfee Antivirus and Webroot Spy Sweeper for
free. Now that I'm using Road Runner that offer CA Internet Security
Suite (which sucks) for free. No fine print. FREE.

My father also had a free security suite offer when he was with AT&T
(don't recall what it was). He just switched to CC a couple of months
ago and he mentioned the NAV free offer to me. He didn't mention any
fine print. Not that it matters, he uses Avira free.

AT&T currently offers a rebranded version of Command antivirus which is
based on the F-Prot engine for free. Charter offers a rebranded version of
F-Secure's Internet Suite for free.