Comcast is my ISP in the. No. Calif,. East bay area. Within the past few days Comcast has sent an e-mail, as above entitled, and advising that one or more of my computers ( I have 2 connected to Comcast ) may be infected with a " bot ". That e-mail then strongly recommends that I take action to remove malicious software from my computers... press a red " Take action now " button... and then it appears that I am provided with an option to install the Norten Security program.
First, to date I am satisfied with the McAfee security program to which I have subscribed for at least the past few years. Second, if there is such a "bot " malicious software program that has invaded one or the other of my 2 computers... then why has that not been brought to my attention by your McAfee security suite?And, third... if the Comcast "Service Alert " is indeed not legitimate... then why has my McAfee security program not so advised??? For example, should I, and however many other existing McAfee security program subscribers just toss in the sponge and gravitate to the Norten security suite alternative offered by Comcast??? Very confusing indeed.
Interesting. I wasn't aware of what Comcast were doing, even though Brian Krebs wrote an article about it a while back.
Google for "comcast constant guard service alert" and you'll see hundreds of people posting about this. It seems that Comcast are alerting everyone whose online activities raise a red flag, which means that they're certainly monitoring the sites you visit and the IP addresses that are connecting to your IP address; according to one poster everyone who uses Bittorrent for download and - especially - upload is getting this message. A lot of people are highly sceptical and some are offended or outraged; many have run scans with multiple security programs and come out clean but Comcast still insist their PC is infected with malware. Some may be infected, but I doubt that all of them would be. It looks like Comcast is generating a lot of false positives, and while that tie-up with Symantec is quite legitimate this does look rather like a marketing exercise to sell Norton AV software.
My advice : run a full a scan with McAfee (get the latest DAT first), then repeat with GetSusp and/or Stinger. Run Malwarebytes and finish with Microsoft's Live Safety Scanner. If all of those declare you to be clean, I think you can tell Comcast they must be mistaken.
A thought : if they haven't done any remote antivirus scanning of your machine all they've got to go on are the IP addresses you're connecting to. If you've got Netguard enabled then McAfee's TrustedSource will block any suspect IP addresses you try to connect to. It might of course be that your (current) IP address comes up on a blacklist of some sort, but if like most people your IP address is allocated dynamically then the address you're using today will have been used by someone else yesterday, and someone else again the day before that. Then there are all the problems of identification if you're using a Wi-fi connection. In short, I don't think their system of detection is infallible, by any means.
There's a whole load of stuff about this you ought to have a look at. Here's some of it -
They even send these messages to Mac users, which gets them *really* annoyed.
And an extremely jaundiced view of Comcast and Constant Guard from an ESET Blog :
(He doesn't think much of it either, and nor do the many people begging him for help in getting rid of it).
In short : I applaud the general idea (notifying owners of bot-zombies) but I have serious doubts about the implementation. I wouldn't install Constant Guard in the first place because they make it almost impossible to uninstall it. And I think you should keep McAfee and tell them what to do with their Norton.Message was edited by: Hayton on 09/11/12 04:45:40 GMT
Thanx for the quick feedback... it makes much more sense than the nonsense by comcast reps which is being posted as replies to similar concerns in the comcast forums. I do intend to retain McAfee particularly since had problems with Norton a few years back. Nonetheless, bottom-line is (1) it's obviously frustrating to have to jump thru additional security hoops if the Comcast " service alert " is indeed invalid, and (2) it does seem to be approaching fraud if the unexpressed but intended purpose is to have folks either newly install or swith over to the Norton product. Would sure be helpful if someone/agency with clout could look into it. Thnx again.
I think ComCast had a good idea but messed up the implementation. I don't know who could look into this.
btw, when I clicked on one of the links in my post I got a warning about sa-live.com's certificate expiring. If you see it too, it's been flagged for an urgent fix.