Be careful with the installation of the Logitech Harmony software. Here is my experience. Has anyone else had this problem?

I recently purchased a 659 remote (although I was told that the following applies to your other models as well) from Newegg.com. When I tried to install it, software was placed in my startup menu as my Webroot spyware protection immediately informed me. Then it contacted the internet but would not accept my browser unless I modified my security settings. I spoke with tech service and they informed me that there was no manual way of connecting to the internet to configure the remote: the only way was to disable by security (he said even my anti-virus had to be suspended but I guess I didn't get that far along the installation to encounter this).
Nowhere in the product description is any of this mentioned. The tech representative said this was in the software agreement and I didn't have to accept the agreement. Well I don't accept it. However, he would not allow me to return it and if I return it to Newegg. I have to pay shipping and a restocking fee.
I certainly don't see the need to have the software running in the background all the time since setting up a remote is a one-time thing. If it needed to be updated this could easily be done from the desktop or by staring the program manually. Keeping teh software runnings wastes cpu time and memory.
We are all aware of all the problems with the SONY software. I suppose (at least I hope) that there is no rootkit in this installation, but I don't think consumers should have to take all this on faith.
I suggest that Harmony users request the following from Logitech
1) That they allow the return with a full refund including shipping both ways to those customers who do not accept the installation agreement.
2) That they clearly inform future buyers of these products that they must compromise their computer's security to use them or modify the procedures to make these security compromises unnecessary. This information should be prominent on the web site, in the product literature in the instructions and on the box.

You can connect to the internet and change your configuration all you want. I do it from work all the time and I've never connected the remote to my work computer.

There is no reason you can't start the harmony monitor manually when needed.

As for the security settings - it has to download a file to your PC as do many other programs. If you choose to block that activity then it's not Logitech's fault.

Harmony tech support told me that one must intall the software automatically and let it automatically connect to the internet and that one cannot start the program manually. You may be able to CHANGE a configuration that way once set up. Do you need to accept the lower security on your browser when you connect from work? Have you checked to see what has been installed on your work computer if you are not sure?

At any rate, Logitech should make the user aware of these probelms before they buy and be willing to accept a reutrn with a refund (at the very least) if the user does not accept their intrusions.

Hi,
Security is a concern for everyone but what is such a big deal to log on once and change config to your need? Anyhow I don't have any classified material on my PC and I don't even use IE or Netscape. My Mozilla on wireless did not cause any trouble or security breach setting up my 880.
Tony

Hi Tony,
I use Mozilla too. It all depends upon how you have set upt security. I suggest you check for spyware usining one of the free trials from Weborot or somewhere else to see what is on your computer. You can also check what processes are running by using windows task manager. If you are comfortable with these programs running, that is fine. But don't you think one should know what will be installed before one buys? If one doesn't agree does one have to sacrafice the price or should the vendor agree to take the product back? I have no problem with people installing this stuff so long as they know that when they buy. That is their choice. But if one doesn't want to install these possibly invasive programs, it is impproper for the vendor to say "sorry but that is our policy- we won't take it back and we won'r provide software that does not require a reduction in your security."

Considering you're the only one who's complained about it in over 2 years I don't think it's a big issue.

It may be true that you need to have it auto-connect the first time but after that you can go to the website manually (from anywhere with just a regular browser) and modify your configuration to your heart's content. I'm 95% sure that when you download your configuration it runs the necessary software. I think the monitor program is just used to get you to the website automatically when you plug in the remote - which you don't have to do.

If you or some else is not concerned enough about security that of course is fine so long as you make your choice when you purchase a product. If you purchase a product without a proper warning from the manufactures who then refuses a return, that is innappropriate. You are probably aware of the rootkit that SONY CD's installed on users computers. It was widely covered in the press. Yet, it took a very long time to be discovered. I am sure that many more prople bought the CD's than the remotes. Most were probably 95% (or more) sure it was simply running the necessary software. Is 95% enough? That means statistically one installation in 20 (for which you have 95% confidence) will be problematic.

What exactly is the big security concern? Having to lower your IE security settings doesn't necessarily compromise the security of your computer. Also installing an application that runs in the background doesn't necessarily mean it's spyware. I agree that it is annoying, but it's not that hard to disable the background application and set up security exceptions for specific websites. If you don't trust Logitech's web site security, you shouldn't buy their products. You did, afterall, purchase a remote that is advertised as being "internet powered".

Having to disable your anti-virus when installing is also not unheard of. Most people are aware of the issues that virus scanners can cause when trying access the registry during an installation.

I understand that you don't want to make changes to your system that may compromise it to outside attacks, but it's kind of like locking all your doors and windows in your house, ordering a pizza, then wanting a refund because you have to open the door to have it delivered.

You can't expect a manufacturer to explicitly address every single issue that may be of concern to 100% of the population in some form before you purchase the product. If you think that Logitech somehow misrepresented what you thought you were purchasing, I'm sure you could attempt to take legal action.

That said, I do agree that the internet setup is kind of stupid. It seems that it would make more sense to have an application that runs locally and only connects to Logitech's database to get updates for your setup when you specify. I think all of this is annoying, but not deceptive, destructive, misrepresentative or insecure.

but you would still need to connect to the internet and he would still need to mess with his firewall.

Also don't forget the original Harmony remote that came out in 2001 was basecaly created to be a TV guide (the 745). So at least at the time it was easy to assume

1) people will need to connect often (at least once a week)
2) people will need to access the internet with mosts DL. (most of the time it is new guides and no changes)

-------------

jjd: trust me I can understand security concerns, by like your Sony example you don't need an internet connection to be threatened. There is no spyware, there is nothing malicious you don't need to get rid of your firewall or antivirus. Like joesuspense said with most sw it is usually recommended to disable the antivirus during the install, it is a matter of resources and a matter that it can mess up registries if it accessing them at the same time. You also don't need to disable your firewall, all you need is to open it up enough so the Harmony remote and application can talk to the website to tell it to DL the application. I am guessing that the help desk gives the standard answer "disable your firewall during the DL because most people know how to do that but don't know enough to properly reconfigure a FW. This PC is passing through three firewalls as I type (modem, router, PC) . As for the monitoring application, i is just that, it makes the connection from remote to website to connect you automatically and to be able to DL. You don't need to run it all the time, but it is there because the original remote and most since then (anyone with a guide feature that is used) will need to get regularly plugged in and connected to dl the guide. If I am not mistaken, you don't need to run the monitor at all, all it does is pay attention if the Harmoney remote gets plugged in and then calls up the site and logs you in. You can go to the website and then click link.


PS for the FW, if I am not mistaken it is an outward call that is made (initiated from the PC, not server) so most places don’t have restrictions on this, that is why he can connect on his PC at work. Akirby, when I bought my first Harmony (I think it was early 2002 but might have been late 2001) my PC at home did not have USB, I was doing the setup at home and then bringing the remote to work for a DL

To those of you who believe that there is little security risk in this one particular software installation, I would say that you are probably correct. However, when (as most of us do) we install many programs that may connect to the internet, being probably correct is insufficient. It only takes one malicious program or even one thought to be (and designed to be) benign by its developers, but that opens a security hole (that neither you nor the developers are aware of) to cause real problems on a computer. Many of you may be surprised to find that you have what is commonly referred to as spyware already on your computers. You can easily check for free via the following web sites
[Link: webroot.com]
or
[Link: webroot.com]

For those of you that are unfamiliar with the SONY CD software scandal that I referred to in an earlier post, it is reviewed here:
[Link: vnunet.com]

The real problem that I have with the Harmony software installation is not that they ask you to disable anti-virus software before installation, most software installations ask that you do that to make life easy for the company�s tech support, but I have rarely found it to be necessary to actually do this. The problem is that it asked me to reduce the security of my browser without telling me what it intended to install. The installation could be some innocuous cookies that just go back to the harmony domain or it could include tracking cookies from companies that sell information on you computer usage, etc. If it would simply try to install the cookies (rather than simply say to change your security settings) you could give (or deny) permission for each cookie individually. Generally software will work without the tracking cookies as they are not essential.

I should also point out that since my last post, I have spoken with Peter Evans, who is Harmony�s customer relations director (or some similar title). He completely understood the problems and said he would suggest that appropriate changes be made to the software. He also agreed with me that it was not necessary for the software to run continuously in the background. Hopefully, these constructive changes will be made. Then, I would be happy to join those of you who seem to admire these remotes for their functions.

I made a mistake in the last post and gave the same url for free chcks of spyware twice. The second one should have been:

[Link: pctools.com]

agree, but didn't you know that the Harmony is web configurable before hand? it is obvious that it will need to connect to the internet. I guess it might have been possible (don't know) to do HTTP tunnelling on port 80, but in the end, what is more of a "security" risk, a program that uses the right port for the job and so needs that port open or one that tries to fake what it is doing?


it is not cookies, it needs the right ports open to be able to ul/dl info from the remote to the server.


didn't I say that in my previous post :) (OK I don't work for Harmony) but like I said before, I think the Harmony monitor is there for people that use the TV guide, if you use it then you need to connect to the web site on a regular basis. The original Harmony



as you can see just had some simple transport buttons for VCR/DVD and for regular TV you just used the guide feature



the guide feature was practically required to be used with the 745, with the 768 it was optional (you could dial a channel because they added # keys), with the 6xx it was at first an add-on option and with the 5xx, 8xx it is not there any more. (it is amazing how this line has evolved over the years. So yes, for an 880 and 520 the monitor application makes no sense, for the 6xx and 7xx it makes more sense since someone could be connecting every few days just to update the guide (length of time depends on settings on the remote (number of channels, size of the rest of the config, max# days you stipulate)

didn't you know that the Harmony is

Of course I knew. However, I have many other programs on my computer that connect to the internet without compromising security.



Opening ports and leaving them open is potentially a lot more dangerous than tracking cookies - especially when the program opens upon startup and runs continuously.

There are other ways of doing this that don't compromise security. one (of many possible) would be to simply download the database and run it locally. This is what anutvirus programs do - you have the program on your computer and you periodically download updated virus definitions.
There are may other approaches that would not compromise security


Just as people update their virus definitions regularly.


I am rather amazed that many people believe and accept that the remote needs to have insecure software to be usable. The same functions could be provided using a much more secure system.

I suppose many of you are familiar with the problems that arise when a computer gets hacked. Why take the risk of increasing your computer's vulnerability? I you do get hacked, it is unlikely that you will ever know it it was due to this software or to something else.

Yes. This malware took over my computer and forced it to log into their site every time I started the computer up. It slowed the operation to a crawl. No internet available, computer wouldn't work at all. I took it to a professional to get it removed and they could not do it.

When you accept their user agreement you are agreeing to have this spyware on your computer so regular filters do not catch it. I recommend that you stay clear of Harmony, Logitec software of any kind.