Q: When Comcast stopped offering free downloads of Norton anti-virus and internet security software, I spent considerable time online trying to find details. Comcast was very deceptive in hyping the benefits of xFi Advanced Security and staying silent on its limitations. Am I correct in what I learned? xFi Advanced Security basically functions as a firewall. Protection is provided by Comcast’s network infrastructure. xFi AS does not provide client-based anti-virus or malware protection. When tech support was pinned down, I was told to use Windows Defender for client protection. Also, if you install the xFi AS client you cannot uninstall it without help. I’d be happy to learn I am wrong.

Jim Mathis, Tumwater

A: Yes, xFi Advanced Security is basically a firewall. It not only blocks access to certain ports on your computers as well as to other smart devices — cameras, cellphones, etc. — that are on the network, it also monitors network traffic looking for signs of suspicious activity that could indicate a threat.

And yes, xFi Advanced Security does not provide anti-virus or anti-malware protection. It’s possible that viruses and other malware could evade xFi’s defenses or could be allowed in by user behaviors such as clicking on infected links in a web browser or email program. In short, yes, you’ll still want to install anti-virus/anti-malware software.

Finally, you can’t uninstall xFi Advanced Security because it isn’t installed on your computer. It’s enabled on compatible routers. You can, however, turn off the service. You’ll find instructions for doing so here: https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security

Bear in mind, though, that since xFi Advanced Security isn’t installed on your devices when you aren’t on your home network your devices are especially vulnerable until you turn on the Windows firewall.

Related Tech Q&As

Read more from Patrick Marshall here >>

Q: Now that I’ve read both the question and your answer in your recent column about VPNs maybe you’ll add a footnote telling us non-techies what a VPN is. I connect with my BECU account just fine.

Karen Perret, Seattle

A: A VPN is a virtual private network. The “virtual” part means it’s done in software. What it does is encrypt all incoming and outgoing transmissions when you’re connected to the internet. That means that even if a hacker is able to intercept your transmission they won’t be able to make sense of it without having the decryption key.

VPNs are simple to install and easy to use. I use one whenever I’m connected to public Wi-Fi.

They can, however, prevent you from connecting to some sites, especially financial sites.



Several readers of that recent column wrote in to note that they are able to connect to BECU while using a VPN. That’s my experience, too. But BECU customers may also find themselves blocked if the specific IP address assigned by your VPN may be on the site’s blacklist. If that’s the case, all you have to do is turn off the VPN and log in. Since BECU and other banks use encryption for all transmissions your connection is secure. You can tell you’re connected to a site that uses encryption if the address in the URL bar of the browser starts with “https.”

Also, most if not all VPNs offer a “snooze” feature to make it easier to deal with connections to sites that don’t support the use of VPNs. That way you don’t have to remember to turn your VPN back on after your session.