Comcast and Constant Guard – should you worry?

Comcast has started a trial in Denver that will alert customers if the network traffic coming from their system shows signs of being part of a botnet. The notion that an ISP is being pro-active to protect their network and customers is a good one, but there is still the chance that things can go too far, or horribly wrong.

Comcast’s new initiative is called Constant Guard, and what it does is alert customers with a “Service Notice” both in the browser, and email to the customer’s primary “Comcast.net” email account, that they are infected by “a computer virus known as a bot”.

Those who get the notice are instructed to head to the “Anti-Virus Center” and follow instructions to remove the bot from the system. This is just one of the features in the Constant Guard program. Along with the notices, Comcast said that customers can get access to McAfee Internet Security, the Comcast Toolbar, and internal technology on the Comcast network, such as Phishing and Spam protection from Cloudmark, Return Path, and blacklists from Spamhaus and TrendMicro.

If infected, McAfee Internet Security is the suggested choice to remove the Malware. However, while McAfee’s software is free to customers, Comcast will also sell the services of a technician to remove the infection.

Comcast has told several media outlets the same base information. Customers can close the warning, but they cannot opt out of getting them. If they are closed, they will return a few days later. Comcast also said that the Constant Guard program is an expansion on an earlier program where customers were alerted to infections by telephone. When it comes to how the detection works, this is where things get sticky.

Comcast is not looking into traffic, meaning there is no packet inspection (DPI), and nothing to suggest that anyone should worry about privacy issues. They are using third-party information to track IP addresses of known malicious hosts, as well as the aforementioned blacklists. So downloads from a known C&C for example will raise red flags.

Yet at the same time, Comcast has been known to mess with packets on their network. Last year, they stood in the middle of a firestorm thanks to traffic shaping. Comcast was caught red handed using TCP resets to block traffic based on protocol, the top issue was BitTorrent traffic.

The issue got worse when, after denying it at first, Comcast came clean and mostly admitted to the traffic shaping, but essentially said they couldn’t tell people about it because they would circumvent the process. They defended the traffic shaping by comparing it to a traffic jam, where a car is slowed from entering the freeway for a moment, not blocked from entering it entirely. They also added that the press and blogosphere would keep them honest, as one of the reasons for the FCC to take no action.

So while the pro-active security is awesome, the fact they have been under a microscope in the past because of network policies, and the fact they have the ability to launch DPI at any time of their choosing, is a bit of a cold chill.

There’s another aspect to the pro-active security that could haunt Comcast users. The method of notification will come from popup ads and email. Not to sound alarms or claim the sky is falling, but think about that.

Most Rogue anti-Virus infections start with popup ads, warning of infection. A fact the AP reminded people of when they covered the Comcast story, but the AP forgot some things. How long will it take until the Rogue anti-Virus popup warnings target Comcast users?

If criminals use a mix of known Web attacks and browser hijacks, it is possible for someone to spoof the general look of these notices, leading to massive installation payments for the Rogue anti-Virus affiliate systems. Comcast is admittedly aware of this potential issue. At the same time, while the plan to embed links to “how do I know this is real” type information in the notices is great, that wont stop a dedicated group of criminals.

Next we get into Phishing, because the other part of the Comcast notice is email. While Comcast will use IP reputation and blacklists from Spamhaus and TrendMicro, as well as Cloudmark and Return Path technology, they will never catch all of the Phishing attempts aimed at their email notification system. Some attempts will get by, and that could cause issues as well.

Comcast is starting in Denver, but fully plans to release Constant Guard to all of their customers by Q1 2010. Overall, despite the potential for criminals to single this out and cause mayhem, the idea is a solid one. Other ISP’s should do something similar. Instead they redirect URL mistakes and 404 pages to ad-laced search results, but that is another story.

More information on Constant Guard is here.

[This editorial is the opinion of Steve Ragan and not necessarily those of the staff on The Tech Herald or the Monsters and Critics (M&C) network. Comments can be left below or sent to [email protected]]

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.

Cheetah Pictures

Some Cool Cheetah Pictures Cheetahs are found mainly in Africa but also some parts of the Middle East. These sleek animals are the fastest land mammals in the world and can hit 60 mph in about 3 seconds, though they cannot maintain this speed for long. Cheetahs prey mostly on antelopes and smaller mammals but occasionally go for something bigger. We hope you enjoy these photos and don’t forget to check out the other speedy land mammals on our list of the fastest.

Sherlock Holmes Quiz

Sherlock Holmes
Sherlock Holmes was a man who absorbed information like a sponge and had a razor sharp mind. How much do you know about the famous fictional detective from the books?

22 years without Ferruccio Lamborghini

Lamborghini posted this photo today saying: “22 years without Ferruccio Lamborghini.” Ferruccio passed away on February 20th 1993 aged 76. Interestingly he started out making tractors!