Mon, 22 Sep 2003

Safe Comcast HighSpeed Internet Installation

Comcast HighSpeed Internet default installation procedures are not safe. They leave unsuspecting users susceptible to worms and viruses. In addition, there are many accusations that the Comcast install installs spyware on users computers.

The problem is a Catch-22. If you're running a Windows based system, you need to apply security patches before you expose your computer to the Internet. But the only reasonable way to get the security patches is to download them from the Internet.

There is simple alternative to Comcast's default installation instructions that has the benefit of an additional layer of security and privacy. You don't need to install any software provided by Comcast.

If you are running Linux, or another unsupported OS, you can get your Comcast HighSpeed Internet connection up and running without access to a Windows based PC by following these instructions.

  • Do not connect your computer directly to the cable modem. Use a broadband router with NAT. Connect it between the computer and the cable modem.
  • Configure your browser to use sas.r1.attbi.com, port 8000, as your proxy server, excluding sas.r1.attbi.com.
  • Navigate to http://sas.r1.attbi.com and complete on-line registration process.
  • When registered, disable the browser's proxy server settings.
  • Update Windows with all Critical Updates using the Windows Update site.
  • Update your virus scanner and use it, or an online virus scanner to ensure your system is virus free.

On my Comcast connection, last week, I received over 14,000 Welchia probes from over 700 different hosts. And that's just Welchia. There are dozens of other threats raining down on my firewall all day every day. Barely a minute passes, on average, without some kind of parasite trying to determine whether or not I'm a vulnerable host and infecting me.

A new Comcast users is likely to be a vulnerable to recent worms and viruses. Even a brand new system is unlikely to come from the factory with current security patches. Bundled virus scanners likely have out of date virus signatures.

So, my advice to all Windows users is to first obtain a good broadband router with NAT support. There are several broadband routers to choose from. Among them are options from:

In addition to some added security, broadband routers with NAT allow you to share your Internet connection with other computers in your household.

It is understandable that Comcast does not want the added variable of a broadband router or firewall device between the PC and the cable modem; it would complicate installation and troubleshooting. However, exposing vulnerable computers to the kinds of worm and virus attacks we've seen recently probably leads to just as much, if not more, trouble down the road as infected computers chew up bandwidth, frustrated users overload support centers, and systems have to be sanitized.

[/internet] [link]

About this weblog

This site is the personal weblog of Marc Mims. You can contact Marc by sending e-mail to:
marc@questright.com.

Marc writes here about cycling, programming, Linux, and other items of personal interest.

This site is syndicated with RSS.

Archives

Credits

CSS stolen from Tom Coates who didn't even complain.