dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10584
share rss forum feed


NSM998

join:2009-02-12
Philadelphia, PA

2 edits

1 recommendation

Update to the Comcast Constant Guard Program

Today, Comcast announced the expansion of the Constant Guard bot detection and notification system. As many of you know from our previous posts, in October 2009 we announced the Constant Guard security program to identify bots on our network and trial an in-browser Service Notice technology. We developed this system internally, leveraging key outside bot expertise and technology, including from Damballa, and we continue to work on two relevant IETF drafts, which you can find at https://datatracker.ietf.org/doc/draft-oreirdan-mody-bot-remediation/ and https://datatracker.ietf.org/doc/draft-livingood-web-notification/

We have collected a lot of good feedback during the course of the trial in the Denver area, which has enabled us to improve the user experience, encourage more customers to visit, and help customers make more effective use of the Constant Guard Center, which is a remediation portal with tools and steps to assist in the removal of a malware.

Were now starting to expand Constant Guard on a market-by-market, in a two-phased approach:

Phase 1

Customers will first receive an announcement email introducing and explaining the Constant Guard service once it is launched in their market. This phase then involves notifying users via email when bot or malware activity has been detected. We are deploying Constant Guard in the Salt Lake City area first and will expand the service to our other markets in the following few months.

Phase 2

In phase 2 of the of the Constant Guard service rollout, customers will also receive the in-browser service notice that is currently being trialed in the Denver, CO. Similar to the email notification, the in-browser notification will provide customers a link to the Constant Guard Center for help with the bot clean-up process. We tentatively expect that the in-browser notice occurs after some period of time where email notifications have not been acted upon.

We're excited to announce the expansion of Constant Guard, which represents a great deal of research and development effort to determine how to better help protect our customers from the growing threat of bots. For more information you can also check out the Comcast Voices blog.

Regards,
Nirmal
Comcast - National Engineering & Technical Operations



Johkal
Cool Cat
Premium,MVM
join:2002-11-13
Happy Valley
kudos:9

Got my email 2 days ago.


nysports4evr
Premium
join:2010-01-23
kudos:1

So, Comcast will be injecting this information into web pages?



jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

said by nysports4evr:

So, Comcast will be injecting this information into web pages?
As Nirmal noted, the first step is you get an email notification. If you ignore those, then you get a web notification.
--
JL
Comcast

nysports4evr
Premium
join:2010-01-23
kudos:1
Reviews:
·Comcast

said by jlivingood:

said by nysports4evr:

So, Comcast will be injecting this information into web pages?
As Nirmal noted, the first step is you get an email notification. If you ignore those, then you get a web notification.
Ah, fair enough.

hp550c

join:2002-08-08
Pittsburgh, PA
reply to NSM998

Hi,
I received an email yesterday saying my computer may be infected with a virus/malware (from this Constant Guard thing). I can assure you that this isn't the case. I run Linux and Mac's at home, and neither of which have a virus or malware (I've verified this).

How do I opt-out of this annoying "service"?

Thanks



NSM998

join:2009-02-12
Philadelphia, PA

said by hp550c:

Hi,
I received an email yesterday saying my computer may be infected with a virus/malware (from this Constant Guard thing). I can assure you that this isn't the case. I run Linux and Mac's at home, and neither of which have a virus or malware (I've verified this).

How do I opt-out of this annoying "service"?

Thanks
I believe you received the "Announcement Email" that Constant Guard feature is coming to your market. I am basing this on your location "Pittsburgh" which, is not set to receive Botnet notifications yet.

- Nirmal

hp550c

join:2002-08-08
Pittsburgh, PA

Nirmal,
After looking at the email again you are correct. The email sent out was a very poor communication. Below is what I got (verbatim, spaces, newlines, etc, are all there). Hence I thought it was spam at first, but then scrolled down and saw the "example" and thought that was the actual message. See below:

quote:
Dear Comcast Customer, Need to download

the Norton security

suite? Click Here

Need to remove a Bot

or malware?

Visit the

Constant Guard Center

Need the latest

information and tips on

security issues? Visit

the Security Channel

Need to contact

Comcast Security?

Get Help

We are committed to providing you with the best and safest online
experience possible.

As part of our ongoing efforts to help protect you while you're online,
we are launching Constant Guard�„� for High-Speed Internet customers in your area. Constant Guard is the result of a multi-year effort to create a comprehensive approach to protect our customers from increasingly sophisticated online security threats.

The Constant Guard service consists of:

Customer Security Assurance: Highly skilled security professionals who proactively contact customers to respond to issues relating to spam, virus-infected computers, and other security-related issues.

Education: Our online security website includes real-time security alerts, tips, tools and other resources that help educate and protect consumers. For more details please visit www.comcast.net/security

World Class Technology
- Top-rated Norton Security Suite: Provides award-winning online protection that helps guard against identity theft, viruses, hackers, spam, phishing and more. It also includes easy-to-use parental controls to help keep your kids safe online. (A $160 value included at no additional charge.)
- Secure Backup & Share: The new easier way to securely back up and share your valuable files, like photos. (2 GB storage included at no additional charge.)
- Desktop Applications: The Comcast Toolbar includes anti-Spyware, network-embedded anti-spam and anti-virus technologies brought to you through our partnerships with Bizanga, Cloudmark®, GoodmailcertifiedEmail�„�, and Return Path. In addition, we use up-to-date blocklists from Spamhaus and TrendMicro to help reduce and guard against unwanted spam.
- Proactive Bot Notification: As a new feature of the Constant Guard service, we may email a Service Notice to your Comcast primary email address if we believe one or more of your computers may be infected with a type of virus, called a Bot. A Bot is a malicious form of software that could use your PC to send spam, host a phishing site, or steal your identity by monitoring your keystrokes. The email will advise you go to the Comcast Constant Guard Center at »constantguard.comcast.net, where you can access resources to help you remove the Bot from your computer. The Service email will look like this:

From: Comcast Security Assurance
Subject: Constant Guard Service Notice

Dear Comcast Customer,

The Constant Guard�„� service has identified that one or more of your computers may be infected with a Bot. Please read on.

A Bot, also referred to as malicious software or malware, is used to gain control of your computer, typically without your knowledge. Online criminals can use Bots to collect your personal and private data, such as Social Security numbers, bank account information, and/or credit card numbers by monitoring your keystrokes. This can lead to identity theft and fraud!

We recommend that you visit the Comcast Constant Guard Center at »constantguard.comcast.net for instructions to help you remove the Bot from your computer(s). We also advise that you keep your computer(s) protected by performing regular Operating System updates and by using Norton Security Suite anti-virus software.

If you would like to learn more about Constant Guard please visit »security.comcast.net/constantguard.

Sincerely,

Comcast Customer Security Assurance

This service email is designed to proactively alert you to take steps to protect your security interest on a real-time basis. Our goal is to provide customers with a safe and secure Internet experience.
We appreciate your business!

Sincerely,

Comcast Customer Security Assurance

This is a service-related email. Comcast will occasionally send you service-related emails to inform you of service upgrades or new benefits to your Comcast High-Speed Internet service.

Copyright 2010. Comcast. All other trademarks are properties of their respective owners.

Comcast respects your privacy. For a complete description of our privacy policy, click here.

Comcast
One Comcast Center, 10th Floor
1701 JFK Boulevard
Philadelphia, PA 19103-2838
Attn: CHSI

And actually, the upper portion of the email had more spaces in front of the sentences which made it even worse.


NSM998

join:2009-02-12
Philadelphia, PA

That is the email about CG coming to your region....the first part of the mail is the announcement which, then references what the actual Botnet notification will look like.



Sterling
IP Support Tier III
Premium
join:2003-05-30
Pittsburgh, PA
reply to NSM998

Looks like pretty good English to me, you must have over read the part that mentions that the "email is going to look like this".


hp550c

join:2002-08-08
Pittsburgh, PA

It's not about bad english, it's about the top portion of the email that has a few words, then a newline, a few words, then a newline. I quickly read over it and assumed it was spam, then scrolled down (didn't read the message below it) saw "From" and "Subject" and just read the message below that.


joshub

join:2008-11-04
reply to NSM998

How can you opt-out of this man in the middle exploit?



NSM998

join:2009-02-12
Philadelphia, PA

said by joshub:

How can you opt-out of this man in the middle exploit?
There is no opt-out....just keep your computer(s) clean and you will not get the botnet notification.

joshub

join:2008-11-04

Things go wrong in security detection all the time, and I expect sooner or later you will have mis-detection. I would rather avoid the problem all together by opting out as it is useless for me.

Which part of "no thank you" do you not understand?



pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
kudos:1
Reviews:
·Comcast

said by joshub:

Things go wrong in security detection all the time, and I expect sooner or later you will have mis-detection. I would rather avoid the problem all together by opting out as it is useless for me.

Which part of "no thank you" do you not understand?
Agree.. where is the opt-out? I want no part of this.
Also where is it noted HOW this detection works? What are the minimum / basic criteria for triggering it?

How truly transparent is it?
I mean It has to see "something" in your data to think it's seeing a bot, right?

ETC..
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com

Daemon
Premium
join:2003-06-29
Berkeley, CA
Reviews:
·Comcast
·webpass.net
·AT&T U-Verse
reply to joshub

said by joshub:

Which part of "no thank you" do you not understand?
Then pick a difference service provider.
--
-Ryan
Currently using Ubuntu 10.04, Windows 7 and OS X 10.6. To each his own.


Rob
In Deo speramus.
Premium
join:2001-08-25
Kendall, FL
kudos:3

1 edit
reply to joshub

said by joshub:

Things go wrong in security detection all the time, and I expect sooner or later you will have mis-detection. I would rather avoid the problem all together by opting out as it is useless for me.

Which part of "no thank you" do you not understand?
What Comcast is doing is a step in the right direction. As the largest ISP in the United States, they have a responsibility, not to just their customers, but to the entire Internet community worldwide on keeping their network clean and free from bots.

You may think it's useless, but I can assure you, even the best have been infected at one point or another.

In either case, this isn't about YOU, this is about their investment and I agree with them that there should be no opt out option.
--
CheckSite.us | YourIP.us | Reverseip.us


camper
Premium
join:2010-03-21
Bethel, CT
kudos:1
Reviews:
·Comcast
reply to NSM998

What is scary about this is that Comcast shuts down parts or all of your Internet service based upon data they will not share with you and that you are not able to rebut.

My outbound port 25 access was eliminated. When I asked why it was shutdown, I was told that Comcast could not tell me the reason.

To me, this looks like arbitrary censorship in the making.



jazzman916
Life on the Upbeat
Premium,MVM,ExMod 2004-10
join:2001-09-01
Birdland

1 recommendation

said by camper:

My outbound port 25 access was eliminated. When I asked why it was shutdown, I was told that Comcast could not tell me the reason.
They post a reason: »customer.comcast.com/Pages/FAQVi···Internet
--
"Hoaxes use weaknesses in human behaviour to ensure they are replicated and distributed. In other words, hoaxes prey on the Human Operating System." --Stewart Kirkpatrick


jazzman916
Life on the Upbeat
Premium,MVM,ExMod 2004-10
join:2001-09-01
Birdland

1 recommendation

reply to pokesph

said by pokesph:

Also where is it noted HOW this detection works? What are the minimum / basic criteria for triggering it?
Here: »constantguard.comcast.net/
said by »constantguard.comcast.net/faqs/H···ast.html :

How did Comcast determine that I may have a bot?

We identify infected computers in several ways. First, we get data from reputable Internet research groups that specialize in bot identification. The data we get includes a list of Internet Protocol (IP) addresses that are infected and those that belong to bot command and control channels. Second, we look for malicious behavior exhibited by bots such as spam, distributed denial of service attacks and repeated connections requests to known command and control channels. We then aggregate this data to confirm whether one or more of your computers has been infected.

--
"Hoaxes use weaknesses in human behaviour to ensure they are replicated and distributed. In other words, hoaxes prey on the Human Operating System." --Stewart Kirkpatrick

dead_screem

join:2004-09-10
Carol Stream, IL

said by jazzman916:

Here: »constantguard.comcast.net/
said by »constantguard.comcast.net/faqs/H···ast.html :

How did Comcast determine that I may have a bot?

We identify infected computers in several ways. First, we get data from reputable Internet research groups that specialize in bot identification. The data we get includes a list of Internet Protocol (IP) addresses that are infected and those that belong to bot command and control channels. Second, we look for malicious behavior exhibited by bots such as spam, distributed denial of service attacks and repeated connections requests to known command and control channels. We then aggregate this data to confirm whether one or more of your computers has been infected.
also here »customer.comcast.com/Pages/FAQVi···8522727f

Does Comcast's technique of detecting bots allow them to see my online activities?
No, this technique does not detect bots based on the online activities, protocols or applications you use. We provide you with full access to all the content, services, and applications that the Internet has to offer.
Which is nice to know.

I still however hate this web page-injected service alert crap.

nysports4evr
Premium
join:2010-01-23
kudos:1

I hope they don't start doing it to those of us who go over the cap like Rogers in Canada...