Comcast – Xfinity malware
Comcast says that it is re-engineering it’s software for new customers, for installation and to start new service with the ISP. The software is unfriendly to computer users in general as it changes the browser’s homepage to comcast.net, and blocks users from changing it to anything else. I have encountered “mandatory” software from ISPs before and have always skipped it to no ill effect. I have always hated these “internet installation disks.” Every time I have signed up for internet service, I throw the CD right into the trash. The CDs are worthless and anything but “necessary.” If you’re lucky, they simply connect to a web interface and register your router’s MAC address with the system. But nearly every one of these disks also throws in a bunch of crap that is annoying, unnecessary, and very frustrating. In my experience, the following things have been done by various “installation disks” handed out by ISPs:
- Changing your browser’s homepage
- Changing the suffix on Internet Explorer (i.e. every IE window title is “Internet Explorer — brought to you by Comcast”)
- Installing bloatware (such as “diagnostic tools” or various anti-virus and anti-spyware — not a problem unless you like to choose these products yourself and/or already have some installed and/or just don’t want them)
Those are just the things I remember seeing and it’s impossible to know what else they might be doing. They never ask permission for anything and always imply that using the disk is required to get your service working. I have never found an ISP that I couldn’t get my computer working on without their installation disk. In one case, I had to check the default gateway assigned to my router by DHCP and try connecting to it with a web browser in order to register my router. But that was many years ago. I haven’t had anything so complicated since. These days, you just need to plug in and you’re generally good to go (assuming you make use of an ISP provided modem, as I do — your mileage nay vary with your own modem, but it shouldn’t require the installation disk). In general, I consider these disks to be malware, as I do any application that makes changes to your computer under false pretense or without your express permission. I’ve helped a lot of Comcast customers — including myself — set up their new service or replace their cable modem. Activating a new modem with Comcast is still necessary to get out of the “walled garden,” from which any DNS query returns the address of the Comcast modem activation page. However, you have at least two available ways to get out of this:
- Choose the “installer” option, and provide your address and other account information. Comcast will activate the modem without a software installation, although you won’t generate a Comcast Email address (as if you care).
- Call Comcast. Tell them that you only have a work PC, and you cannot install software on it because you are not local Administrator. They will activate your modem and create an Email address for you.
My reaction would be “It’s a $25 fee to install software on my PC and $15 per month to rent the space. I take cash or credit cards, otherwise I’ll need your social security number to verify your credit.”
I heard from someone who’d just signed up for Comcast’s Xfinity high-speed Internet service and soon discovered some behavior on his Mac that is akin to Windows malware — something had hijacked his Internet settings. The technician who arrived to turn on the service said that a software package from Comcast was necessary to complete the installation. My friend later discovered that his homepage had been changed to comcast.net, and that Comcast software had modified his Firefox profile so that there was no way to change the homepage setting. Here is the result.
Comcast initially blamed the problem on a bug in Firefox. Mozilla denies this, and says it’s Comcast’s doing.
“This is NOT a Firefox bug or issue,” a Mozilla spokesperson wrote in an email. “It is a Comcast method that applies preference changes to Firefox.”
Comcast spokesman Charlie Douglas acknowledged that the Xfinity software hijacks Firefox’s settings. He said the problem is limited to Mac users, and that permanency of the change was unintentional. He added that the company is in the process of correcting the installation software.
“Customers absolutely should be able to change their preferred homepage anytime,” Douglas said. “We’re obviously apologizing for any inconvenience we’ve caused users.”
I just tell them I’m not going to put their software on my computer, and insist they do it manually. You just have to remind them who the boss is, in this little endeavor. Firefox appears to be the only browser severely affected. Interesting. Even more interesting is how quickly they deleted my comment from the Facebook fanpage. This is the homepage Comcast insists I enjoy. Luckily Ryan Parman of ryanparman.com figured out what Comcast was doing and how to reclaim your homepage in Firefox. Here is the fix which worked for me. Please note the following about different browsers and what I’ve witnessed with Comcasts little sneak attack. Opera – did not show any signs that Xfinity/Comcast installed any malware on my computer nor did their installer change the home page. Safari – easily fixed by setting the home page back to the URL of your choice. Chrome – easily fixed as well by going into your preferences and simply changing the home page URL.
Word to the wise – Do not install any Comcast offered software, most specifically Constant Guard, Nortons or Symantec as you do not need it.
