July 21, 2011

Comcast says it is revamping the software that new customers need to install to start service with the ISP. The software is unfriendly to Mac users running Firefox: It changes the browser’s homepage to comcast.net, and blocks users from changing it to anything else.

I heard this from a friend who’d just signed up for Comcast’s Xfinity high-speed Internet service and soon discovered some behavior on his Mac that is akin to Windows malwareย  — something had hijacked his Internet settings. The technician who arrived to turn on the service said that a software package from Comcast was necessary to complete the installation. My friend later discovered that his homepage had been changed to comcast.net, and that Comcast software had modified his Firefox profile so that there was no way to change the homepage setting.

I contacted Comcast; they initially blamed the problem on a bug in Firefox. Mozilla denies this, and says it’s Comcast’s doing.

“This is NOT a Firefox bug or issue,” a Mozilla spokesperson wrote in an email. “It is a Comcast method that applies preference changes to Firefox.”

Some of the Mac files installed by Comcast's Xfinity software.

Comcast spokesman Charlie Douglas acknowledged that the Xfinity software hijacks Firefox’s settings. He said the problem is limited to Mac users, and that permanency of the change was unintentional. He added that the company is in the process of correcting the installation software.

“Customers absolutely should be able to change their preferred homepage anytime,” Douglas said. “We’re obviously apologizing for any inconvenience we’ve caused Mac users.”

Fortunately, there is a stopgap fix for this problem. Blogger Ryan Parman has published step-by-step instructions and screenshots showing how to remove the homepage hijack.


40 thoughts on “Comcast Hijacks Firefox Homepage: “We’ll Fix”

  1. me

    I guess my question would be, “Why does Comcast require any type of software install for a new connection?”
    Sounds pretty shady to me.

    If you have an soho wifi router, do they ‘require’ this software install on all the pc’s behind the router at the site?

    1. qka

      The same question came to my mind as i read the article.

      I have encountered “mandatory” software from ISPs before and have always skipped it to no ill effect.

      1. mr.aleph

        Well, I never installed anything comcast gave and my internet service is working great. We are a Mac only home and no problems.

        In short DO NOT install anything comcast gives you. It’s worthless anyway.

    2. Matt

      This brings up another interesting topic.

      Should an ISP have a NAC system in place, requiring all clients connected to have minimum security software installed (like an anti-virus that they could offer for free)? This would greatly reduce virus spread, but at the cost of what exactly… “personal freedom?”

      1. hhhobbit

        I have had multiple emails from Comcast about my infected LINUX powered machines. They continued to come even after I stopped doing research on the malware for my filters except for cleaning up:

        http://www.hostsfile.org
        http://www.securemecca.com

        How are they going to know what is bad if they don’t have all of the people like me doing this research to inform them of the bad stuff? Are they prepared to handle all of that research? Right now I can connect to my broadband router and see that I am still being pelted by a worm on port 27977 on the WAN side. I have even given it a name in my firewall rules: worm-1. Most of the time the stuff you have identified as bad they didn’t even know about it (their bot detection software), and they continue to block it long after it is no longer bad. This same thing happened to me the other day on the Wachovia bank phish I reported to PhishTank. I also added filter rules to the PAC filter to prevent it from happening to unknown threats to Wachovia bank customers. Yahoo’s email blocked the message even with a preceding “hxxp://” instead of an “http://”. The phish was already gone. I will say it a million times – a policy of enumerating the bad just doesn’t work very well. What is needed is a quantum jump in security. Linux does provide that.

        What makes it even worse is that most of their staff believes Windows malware will infect a machine running Linux. Have we bred a nation of idiots? Linux is immune to all Windows binaries! Do not make laws or pass legislation or have company policy that dumps on people who have an infinitely more secure OS by design! When I say infinitely more secure I mean exactly what I say. Security is not one of Linux’ problems. Out with the old and in with the new, tons of wrong information on the Internet and too many OS upgrades (I don’t mean updating the kernel – I mean installing a new upgrade OS more often than every three years) and things that revamp the way the things are done IS a problem on Linux. Usability is another problem if you have never used Linux, Unix, or some Unix-like system.

        Color me a very disgruntled Comcast customer. What are they going to do next? Ban me from using Linux because they cannot install their software on it? If I was rich I would dump my Comcast Internet and go with what ever Qwest (or what ever its new name is) provides. I don’t care that it is slower. It is fast enough to get the job done. I just hope they don’t have a similar anti-Linux mindset, or even worse the idea that Linux can be infected by all Windows malware.

        1. Al Mac

          In larger cities, there may be a nitch business service opportunity, an ISP for customers who are on other than Windoze OS, with tech support people there who really do understand Mac, Linux, other alternatives. Oh have a Windoze techie on staff in case of such customers.

          Your web site share disaster stories of ISP “service” by people who know Windoze only, not understand other OS. I suspect there is huge volume of people who have weaned themselves off Windoze who would love to switch to a service provider who understands the reality they have moved to.

  2. Pete

    I have always hated these “internet installation disks.” Every time I have signed up for internet service, I throw the CD right into the trash. The CDs are worthless and anything but “necessary.”

    If you’re lucky, they simply connect to a web interface and register your router’s MAC address with the system. But nearly every one of these disks also throws in a bunch of crap that is annoying, unnecessary, and very frustrating.

    In my experience, the following things have been done by various “installation disks” handed out by ISPs:

    – Changing your browser’s homepage
    – Changing the suffix on Internet Explorer (i.e. every IE window title is “Internet Explorer — brought to you by Comcast”)
    – Installing bloatware (such as “diagnostic tools” or various anti-virus and anti-spare — not a problem unless you like to choose these products yourself and/or already have some installed and/or just don’t want them)

    Those are just the things I remember seeing. And it’s impossible to know what else they might be doing. They never ask permission for anything and always imply that using the disk is required to get your service working.

    And to be clear, I’ve never found an ISP that I couldn’t get my computer working on without their installation disk. In one case, I had to check the default gateway assigned to my router by DHCP and try connecting to it with a web browser in order to register my router. But that was many years ago. I haven’t had anything so complicated since. These days, you just need to plug in and you’re generally good to go (assuming you make use of an ISP provided modem, as I do — YMMV with your own modem, but it shouldn’t require the installation disk).

    In general, I consider these disks to be malware, as I do any application that makes changes to your computer under false pretense or without your express permission.

    1. kooberfacer

      Same here.I usually prevent anything other than the target program i want from installing.

      I want to get from point A to point B, nuff said.

  3. Him

    The only feasible reason for their software would be, at the very least, the installation of additional software, AV/FW they offer for users.

    That and maybe proper configuration of wireless setup if their cable modem has built in wireless.

    Other than that, I’ve never had to do that with their business cable (installed via them) when I had it or my residential service (self install).

  4. Tom Seaview

    I’ve helped a lot of Comcast customers — including myself — set up their new service or replace their cable modem. Activating a new modem with Comcast is still necessary to get out of the “walled garden,” from which any DNS query returns the address of the Comcast modem activation page. However, you have at least two available ways to get out of this:
    1) Choose the “installer” option, and provide your address and other account information. Comcast will activate the modem without a software installation, although you won’t generate a Comcast Email address (as if you care).
    2) Call Comcast. Tell them that you only have a work PC, and you cannot install software on it because you are not local Administrator. They will activate your modem and create an Email address for you.

    1. anonymous A

      Yes, Tom, I recently had Comcast out to set up a new account (actually, I was just moving half a mile away, but they were unable to transfer service and treated it as a new account) and told the installer it was a company laptop I couldn’t install software on. She said no problem and called HQ for a bypass.

    2. EskimoQ

      Tom – Great idea in telling them you only have a work PC! I’ve previously not been able to come up with anything better than arguing with them about the need to modify any software until they cave.

    3. Mark v

      I don’t tell them any lies. I just tell them I’m not going to put their software on my computer, and insist they do it manually.

      No problem. You just have to know who the boss is, in this little endeavor.

      (HINT: It ain’t them!)

    4. JCitizen

      I do similar for my AT&T clients. They have almost as annoying changes to the browser with their setup CD. I simply bypass all that in a similar way.

      One thing that gripes me about ISPs like that, is that they insist on providing a “firewall” modem, that has a very poor firewall indeed. So then there is no way to test the interior firewall in the standard way.

      It wasn’t long ago that another big net company got a class action against them for forcing modems on customers that were vulnerable to being pwned. The firewall was about as good as tissue paper, and the attackers were gaining remote control from the WAN side and flashing the modem to take complete control of the connection.

      It would behoove anyone to check their model number against sites that publish cracked modem model numbers; especially for the low ball ISPs like Comcast!

  5. Al Mac

    I am with WOW for my ISP. I have loss of signal on a regular basis. Several co-workers have same problem.

    For example, we telecommute via VPN. In perhaps an hour of work, we might have dropped signal 20 times, which can be very disruptive to our work.

    WOW has competition in our area, which I previously tried, but their customer support competence cannot hold a candle to WOW’s. So I am currently on the least worst ISP found so far.

    I can understand how any ISP might want to offer their hardware or their software to fix the stuff that constantly breaks down, and to add a chunk of $ to the monthly bill, because of the hardware we allegedly need to connect to their service … Cable TV, Internet, Phones, whatever.

    It would be nice if loss of signal could be fixed with various devices or software from ISP. The fact remains I have to reset their hardware regularly, and when that unsuccessful, call them regularly, and for some problems they are clueless.

    I have previously shared the story of me formerly reporting attachments to KNUJON but not any more because if forwarded by me, WOW detects the outgoing but not the incoming.

  6. Nick P

    It must be Windows users or people in a certain area. I’ve had Xfinity for over a year now. I currently run a Linux box with Firefox and a wireless router sits between my PC and my cable modem. I’m not seeing the home page redirect. I’ll check tomorrow on a friend’s Win7 machine when he comes over. Curious if this is nationwide or local.

    1. Neej

      If you’d read the article more carefully you’ll find that issue applies only to Mac users only (as I read it anyhow).

      1. Nick P

        I apologize. I was drinking and multitasking. Not a good combination for quality it seems. ๐Ÿ™

  7. wiredog

    Glad I’m with Cox. But I’ve never used any ISPs install disk. I ran Linux from 95 until 06, when I got my Mac, so I’m used to doing the setup by hand. But with Cox all I had to do was plug in the cable modem and I was ready to go. No setup required.

  8. Joshua

    Windstream tried to foist that on me when I set mine up a few days ago. Luckily it was at the end after activation, so I just closed out the installation and had no problems.

    1. G_Nepenthe

      Pretty much the same thing here. I don’t like using commonly used browsers when doing these kinds of activations, as companies like Comcast will have coded their procedure to take advantage of any vurnerabilities in say, IE or Fire Fox.

      Today I used Opera and for some reason the Xfinity web page interpreted that as meaning I was using OSX, which I wasn’t… so when hit ‘install’ I found I was downloading a .pkg rather than a .exe, kinda funny.

  9. laughingpanda

    Brian, you’re on the right way.
    Soon you’ll find out how major search engines spy on their users via browsers – like google uses firefox feature geo.enabled which is true by default, or like Google Chrome is officialy full of spyware functions.
    Most “driver” software contains modules which could be qualified as spyware, Comcast was just stupid enough to make it too obvious by changing homepage as well.

    Average internet user is being spied on every time, whatever he thinks about it.

    1. JCitizen

      No different than DRM. I have to allow more “legal spies” than I can shake a stick at, just so I can enjoy HD cable content, and blu-ray movies.

  10. PB

    Recent conversation on this point (well, Comcast’s adulteration of Internet Explorer at service startup) led to the proposal to activate the service from within a disposable virtual machine image or image snapshot.

    This would also avoid the cr-pware I recall their attempting to foist onto my machine. (Note, though, that the Norton security suite is actually a good deal for many people — you’re forced to pay for it as part of your subscription; might as well use it if you don’t have a better alternative that you wish to use.)

  11. Shinki-itten

    I began using Comcast 3 years ago. I was leary of their software and asked to speak to a supervisor. I explained I could not see any reason for Comcast to install software on my computer. He was completely nice about my request and explained how to activate my e-mail account, etc. without the installation software. (I do not recall the instructions.)

  12. drzauisapelord

    Its incredible that these tactis are still done. Comcast did this to my PC once. Their software changed the title bar of my browser to “Provided by Comcast” (which is some group policy setting my ISP has no business changing) put in some toolbar/adware nonsense and changed the home page. I think they also installed some utility.

    Err, what they should be doing is just activating the service, not putting their crapware on our PCs. This is a lot like the US cellular industry, where they put all sorts of crapware on the phone they just sold you with a two year contract. I dont know what moron this impresses, but we can do without this stuff.

    1. Mark v

      The difference with the phone is that it’s THEIR phone when they install all that garbage. THEN they sell it to you.

      With ISPs, they are installing their garbage on PCs that don’t belong to them!

  13. sulfide

    you don’t need to install anything. I told the dude all I have is linux computers and he went to his van and ran some stupid software on his laptop…end of story

  14. jay

    My reaction would be “It’s a $25 fee to install software on my PC and $15 per month to rent the space. I take cash or credit cards, otherwise I’ll need your social security number to verify your credit.”

  15. xAdmin

    Everyone already said it (late to the party) …. but when I had Comcast for years a while back, there was absolutely no reason to install their software! I always had my own cable modem and a simple call to customer service was all that was needed to register the modem on the network and I was good to go! They should be ashamed for even suggesting the need to install anything! It’s MY computer, I decide what gets installed on it!!!!!!! ๐Ÿ˜›

    When I had to settle for AT&T DSL (after moving), they wanted the same thing initially, to install setup software. But I knew otherwise and was able to setup my hardware firewall router as needed to work with the DSL modem. Never looked back! ๐Ÿ™‚

    Don’t take what they tell you! You do NOT have to install anything to get your Internet connection working!

    1. JCitizen

      I’ve had clients in markets with Quest and Comcast, that force you to use their modem. If you don’t like it, they politely leave. If you want the service they won’t back down. No modem, no service.

    1. hhhobbit

      I have tried this several times before and did it again right now. Every time I am informed there was an error and they cannot make the change. All attempts to change it were made from Linux. Does it have to be done from Windows and can be done only with their installed software? The world for a DNS service that doesn’t try forever and just says not found when it isn’t there. The world for browsers that know when to give up rather than pounding you through to something, anything. I would much rather get a no can do from DNS and a browser that does no more than three DNS queries and then just quits trying. If it isn’t there, then it isn’t there. That is good, plain, simple, and honest. It isn’t just good enough for me. It is highly desirable and impossible to get any more.

      But thanks for giving people these URLs. Hopefully others have better luck than I have. I will try again later but I don’t hold out much hope.

      The main thing that Comcast has done right is giving people Symantec NAV. I have it on the Windows side (almost never used) on one of my machines. It works well but there are malware samples I have it probably will never detect. Here is a VirustTotal scan of one of them I just scanned again today (using NAV on Windows):
      http://preview.tinyurl.com/43f2nwa
      But all AV packages have that problem and it is less than a week old as part of my proof that clickbank redirects to stuff you don’t want (in this case they redirected to the host anti-virus-professional.com). My PAC filter blocks it wihout me even knowing its name. It also blocks clickbank. I had to disable two PAC filter rules to download it. It is good I wasn’t just depending on just NAV to protect me. I was using Linux – immune to all Windows binaries, and I was using my own dog-meat (the PAC filter).

  16. David

    Comcast is an inherently evil and malicious company whose intent is solely and exclusively oriented toward making a boatload of money, and they’ll do ANYthing to accomplish goal. Customers are simply rats to be hered and pushed around in the process.
    I learned this the hard way after my father died and I had to stop all of his domestic services. Comcast was among these, and they did everything they could to make this already difficult process exceedingly painful. They were pushy, rude, did not give a damn about death or anything else, as long as I paid the bills. Returning the equipment was met with a cold, calculated wariness and assumption that I was somehow trying to “rip them off”.
    To add to the fun, 2 weeks after all of that, they began sending twice weekly solicitations – ADDRESSED TO MY DEAD FATHER – to try and get him to “sign up”. These were sent to MY home address after they forced me to disclose that in order to “cancel”.
    I will never, ever, under ANY circumstances, do business with them and will discourage anyone I know from doing so.

    1. Al Mac

      I have had similar experiences with INSIGHT, which I no longer use, because their Customer Service was really Customer Sabotage.

      Where a service is active in more than one city, I suspect that the training for the people there might be the problem.

      In one city we had to stop using SEARS REPAIR because they broke more than they fixed. When sharing our disaster stories with friends in other cities, we found that in some cities, SEARS service is fantastic, while in other cities it was crud.

  17. FreewheelinFrank

    This Linux user has no problem setting up a Comcast modem:

    “So I need to provision it (ie letting Comcast know about the new modem MAC address), so I call up Comcast. It being a Sunday afternoon, I was expecting that I’ll just have to wait for Monday to get it sorted out. But no, not only is there a friendly tech who is greeting me with neither silly muzak nor waiting, but she’s happy to get my all provisioned and up and running with a new cable modem in minutes (ok, so it took more than a couple of minutes, but a lot of it was literally waiting for the new cable box to boot up a few times).”

    http://dontsurfinthenude.blogspot.com/2009/09/your-operating-system-is-not-supported.html

    1. hhhobbit

      Right now I cannot even get to my web-site any more except via ftp and email:

      http://www.securemecca.com/tmp/NoAccess.txt
      (you can see it if you use an Internet proxy)

      I don’t know yet whether it is Comcast, Yahoo, the hackers playing games or what. So far the problem seems to be pointing to Yahoo. So here is the file in more readable form (which I can see on my machine):

      http://www.hostsfile.org/tmp/NoAccess.txt

      But you don’t create filters that filter out bad stuff on the Internet either. I do – strictly using Linux which is immune to all Windows binaries. People will have to get them on the sister site (at least you can see the file there showing the problems I am having right now):

      http://www.hostsfile.org/

      I cannot wait until you get an email message from Comcast saying your Linux machine got infected with some Windows malware. Given the filters I create I get them all the time. That isn’t the bad point. The bad point is – there is nobody that knows what is going on to talk to at Comcast that will resolve these problems. I know because I have tried. Their filters don’t even have the capacity for white-listing I guess. I can’t wait until you click on the resolve problems to your malware email message and you will be staring at choices of just Windows and Macintosh. What are Linux users supposed to do? You know, if everybody shifted to Linux not only would almost all of these malware problems be a thing of the past, but so would these corrective mechanisms that don’t work very well that get in people’s way. I imagine they work well enough for people using Windows but they are just a darn nuisance for people using Linux. IOW, you are being penalized for using a safer OS.

      1. G_Nepenthe

        @hhhobbit: I’d imagine its something besides Comcast, unless you have a radically different setup than I do. I use Comcast (or it uses me) and was able to path to your top address no problem.

        1. hhhobbit

          No, it was almost invariably Comcast and they talked Yahoo into blocking as well except by going to the securemecca.com web site through a proxy. Every proxy I tried at proxy.org punched me through to securemecca.com with no problems. Securemecca.com was the only thing that was blocked but only when I went to it directly. I was able to directly reach two of my spam/phish hosts that are at the very same IP address securemecca.com is at with no problems. The block lasted from 12:00 2011-08-06 UTC (Saturday) to 18:00 2011-08-08 (Monday) for me. The blocking stopped about 12 hours earlier for the people in London England and Strasbourg France who were using both a school (no ISP interference for traceroute) as well as their local ISPs (not Comcast). But they were also blocked for the second half of Saturday and most of Sunday (UTC). mtc tests on my part showed no problems in routting with the route being complete:

          http://www.hostsfile.org/tmp/SM-NoAccess.txt
          (go to the bottom for the ICMP mtr route traces and at the very same time I did the route traces which made it all the way through I was still getting blocked)

          The problem is Comcast’s anti-bot service has detected me as bad and that securemecca..com is a CC server. Given that I do at least 100 times more work with Windows malware than MVPHosts does that may be understandable. It is also understandable that Mike doesn’t do more because he is using Windows and I am using Linux. He is also on Comcast. My hat’s off to him. I don’t like to live that dangerously and almost all malware is pulled down with wget, ON LINUX! ALL Windows malware is pulled down ONLY ON LINUX. But Comcast should have a way of white-listing me. Any filtration scheme that doesn’t have provisions for white-listing when there really isn’t a problem is going to fail. I should know because I make a filter but it is under user control. They can disable it any time they want to if it gets in their way. They can remove it entirely if they don’t want it. Comcast has done this before and it is going to happen again. They also erroneously ear-marked a lot of 1and1.com web servers and mail servers as CC controllers earlier this year. It took me three months to finally talk 1and1.com into allowing 7-zip files to be downloaded at the hostsfile.org sister site which is hosted at 1and1. 1and1 takes security very seriously. I have never saw them listed at the Zeus project and what few hosts they have had in my hosts file disappear really fast. 1and1 pounces on the bad host and gets rid of the problem ASAP.

          Snatch my email address from the top of this (I deleted it out of the blocking hosts file because I got tired of seeing it – it was at the top of it but here you have to go down some):

          http://www.hostsfile.org/Downloads/proxy_en.txt
          http://www.securemecca.com/Downloads/proxy_en.txt

          and I will tell you which of the files in here show what happened and also give the last summing up email message to you. There is a lot going on behind the scenes in my statements that you do not see (like the fact that I have built network management systems for a State and a University as well as writing code for nascent devices that are now phone and internet access machines):

          http://www.hostsfile.org/tmp/
          http://www.securemecca.com/tmp/

          The only solution for me is to move my web-server to BlueHost since the WOT redlines every IP address Yahoo has given me. Even though my PAC filter can block by network address I am very stingy in the use of it. If possible I also need to shift to a DSL connection through CenturyLink. I am using only around 10% of the network bandwidth Comcast has allocated to me anyway. More than horrendous network bandwidth that I don’t use I need something that doesn’t get in my way every so often or somebody that is looking at my packets real-time. I can literally tell when they they are examining my packets in real-time because when they do it my connection slows to a crawl. Yes, they could be looking at your passwords if you use unsecured connections. The problem is only with securemecca.com. The last time it was sftp / ftp problems. Until I do these things (a new web server and new ISP) if I continue to work on these filters I will continue to have severe problems. NAV is also constantly trying to remove the PAC filter because they think the proxy server address has to be some place else other than IN the filter itself. All other AV programs that I have used ignore it. Maybe they shouldn’t but all of the AV programs need to do something about understanding what it is and how it is different from one that redirects you some place else out there rather than to your localhost IP address :

          VirusTotal scan of proxy_en.txt
          http://preview.tinyurl.com/3q9ae69

          VirusTotal scan of proxy_fr.txt
          http://preview.tinyurl.com/3ow2ebn

          Will a normal Linux or Macintosh user (interpreted – they don’t make filters like I do) with a buttoned down router firewall have problems with Comcast? Probably not. Just be sure if your router is wireless (mine is wired only for more security) to change your SSID, restrict access to only known MAC adddress, turn off SSID broadcasting, and use WPA encryption. Do them all if you can. Some wireless WAP routers don’t have the ability to do all of that. If you don’t do that you may be a getting a message from Comcast because an unknown person using your WAP with an infected Windows machine flags your WAN IP address as being a problem. Even if you are using Linux or Macintosh, be sure to secure your WAP. The reason I don’t use what Comcast provides is what they have is even worse than a Linksys (probably the best of home routers for a safer configuration). I want to block certain ports in all directions (SMTP – 25 is one of them) and have a firewall log to see what is happening:

          http://www.securemecca.com/tmp/WAN-Log.txt

          One of the worms coming from MICROSOFT-1BLK, eh?

          Please make any other replies via email. This is Brian’s forum. Even though the problem is apropos to the subject nobody including me wants to see this any more.

Comments are closed.