I received an email from Comcast (my ISP) announcing their “Constant Guard™ Security Service”. Basically, if Comcast thinks a customer is infected with a bot they will email the customer and offer to help clean up the computer. The Constant Guard service claims to do a lot more too, but Comcast is quite ambiguous about parts of it.

The email Comcast sent to their customers starts with

“Dear Valued Customer,

We know that protecting your identity and using the internet safely are both very important concerns for you.”

Later in the email it says

“Ensuring your online safety and security is our top priority”

Really? Their top priority? Then why does Comcast advise customers to set up Outlook in a manner that will transmit their username and password in plain text? This is especially problematic if the customer is using unsecured WI-FI. Why does Comcast not even warn customers of that danger in the instructions for setting up email clients to access Comcast email?

Comcast’s negligence of the most basic security and privacy issues does not bode well for their “Constant Guard TM Security Service”. Comcast actually gives security and identity protection very low priority.

One of the claims that Comcast makes of their Constant Guard™ Protection Suite is that it “Conceals what you type online to protect your personal information”. Unfortunately Comcast does not explain what data is protected or how it is protected. An email to Comcast asking for clarification of this was replied to with highly non-specific marketing hype.

Given Comcast’s history of willful neglect of basic security, I believe their Constant Guard Security Service is more marketing hype than security.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America