Comcast Cuts Infected PCs' Network Connections 592
fidget42 writes "I just noticed this article over at Infoworld. It seems that Comcast is finally doing something about the machines on their network that are being used by spammers. They are now cutting off service to those customers who have computers that have been hijacked by spammers. Now, if only other broadband ISPs would start policing their user base ..."
Yes Yes! (Score:5, Insightful)
if everyone did this (Score:5, Insightful)
You'd be first in line to moan about them 'infringing' on your interweb right!
wtf (Score:4, Insightful)
also, say grandma gets infected. She is best off downloading updated definitions for her old version of symantec, and letting AV take care of it. how do you do that with no intarweb?
Plot by virus scan companies? (Score:5, Insightful)
Blocking web access also means that those users aren't able to download good, free virus scanners like Grisoft's AVG.
Nice but... (Score:5, Insightful)
For example, I administer a mail server, and occasionally have to mail a virus or spam to myself to check that the filters are operating correctly. It would be very inconvenient if I got my connection pulled each time that happened.
I'm glad. (Score:5, Insightful)
Re:Yes Yes! (Score:5, Insightful)
1. user self-policing
2. ISP self-policing
3. federal government "pound-me-in-the-ass" policing
A good decision here (Score:5, Insightful)
Lets hope they hold to this once the calls start coming in from people who have everything from Bagle to Netsky (along with probably a heavy dose of spyware too)
Whose fault is this really? (Score:3, Insightful)
Try sending out an ISP bulletin with the simple tips on how to avoid getting exploited in the first place. It's dead simple.
1. install patches regularly
2. virus scan
3. don't open attachments
4. don't install spyware.
If people used these 4 simple techniques, while it wouldn't be perfect, it would by my thoughts drop the number of infected machines down by three quarters, which will DRAMATICALLY reduce the efficiency and productivity of running a spamming business, and spammers won't have any choice but to leave you alone.
Cutting people off is just going to get them to take infected machines somewhere else.
Re:Yes Yes! (Score:4, Insightful)
It's their service and you're likely violating their AUP by allowing (through ignorance) your machine to be a spamming source. They have every right to police their own network to enforce their TOS.
After all, we've seen how well relying on users to police themselves has worked.
Overkill (Score:2, Insightful)
So if we take a "blaster" scenario... (Score:4, Insightful)
Debtor's Prison (Score:5, Insightful)
How can these people fix the problem without access to up-to-date patches and virus scans?
well... (Score:1, Insightful)
send them an email saying something like "type ftp://blah.blah.blah in your internet explorer (would they be using any other browser?) and run the virus remover exe you see there"
then dump them into a quarantine subnet with access to nothing else except that ftp address
that email would be the last email in their inbox
just cutting them off leaves them no recourse
One Good Result (Score:5, Insightful)
'Net Users Need a Certain Amount of Responsibility (Score:5, Insightful)
Unfortunately, this is something that seems to be lost on the clients of broadband always-on connections, especially those that are used by folks with little or no proficiency. While they have no intention of becoming spam-hosts, or DDOS platforms, by not keeping their machines protected against the various evils that lie in waiting out there, they unwittingly become part of the problem.
This does not reduce the hassles and costs to other sysadmins and users of the 'net as a whole. That said, it seems only fair for an ISP to mitigate the problem by pulling the connection of a user whose systems(s) are spewing out malware.
There are reasonable precautions one should take, that is, having a good firewall, keeping the machine patched and having good virus protection. No, this does not come without some effort and not always without cost. But, to be connected to the internet full-time, it is a cost of doing business, not unlike having insurance for your car in case you cause an accident. Liability insurance is to protect the public, and you from losing everything should you do harm to others. Keeping worms, trojans and viruses off of your machine also protect not only you but others as well.
So, it is really a matter of responsibility.
Why not... (Score:3, Insightful)
But I guess it is easier to just shut them off, and then charge a reconnection fee... eh?
--ryan
It is a good thing... (Score:4, Insightful)
Lets put it another way: the ISP states in their terms & conditions something like: "Subscribers are not allowed to distribute spam or worms over their connection, nor are they allowed to carry out DDOS attacks.". Doesn't sound too unreasonable, does it? Not even if the user breaks this rule unwittingly, because his computer is infected with something nasty.
A rule like this puts the responsibility for the cleanliness of the subscriber's computer firmly with that subscriber. Rightly so, since that user is in an excellent position to do something about it. It sucks being disconnected because of a worm on your machine, but the alternative is to allow the worm to continue to spread.
The only things I worry about is the accuracy of the detection mechanism used on the ISP's side, and the promptness with which they reconnect you after you fix the problem on your machine.
Re:Other ISPs start to do this? (Score:2, Insightful)
Overkill (Score:5, Insightful)
It's about the easiest thing ion the world for the ISP to and it's _very_ effective. Another option would be for ISP's to force all SMTP traffic through their own mailserver and virus scan it. They could easily spot a home user sending a couple of thousand messages in an hour or one spreading infected email everywhere.
If you want unfettered access you can pay for a co-lo box and take the responsibility too. People can't keep hiding behind their ISP and dynamic IPs. I'm all for personal freedoms on the net, but with freedom comes responsibility. Deal with it.
Or maybe... (Score:2, Insightful)
Now that would be a ' Good Thing !
Re:wtf (Score:3, Insightful)
Re:Overkill (Score:3, Insightful)
Re:Don't cut, cripple (Score:2, Insightful)
Re:Whose fault is this really? (Score:5, Insightful)
You could send out that email every day, with detailed instructions, and it would have very, VERY little effect on the number of infected/hijacked machines.
Most users just won't do that stuff. Especially if it involves anything more complicated than "Click here". Multi-step instructions are not going to be followed. Unless, of course, it's going to win them a free trip to Disneyland.
As far as "don't install spyware"...well, spyware is hard to classify, and a lot of it installs pretty silently. Expecting users to be able to distinguish between "bad" pop-up dialogs asking to install Gator and "good" pop-up windows asking to install Flash (or whatever) is asking too much.
Attachments in emails are just going to be opened, period. No one ever learns their lesson in that regard.
Re:Or maybe... (Score:4, Insightful)
Maybe if people start losing service they'll finally start to educate themselves. Education is still the best weapon to use to further secure the 'Joe User' PC's out there.
Re:Yes Yes! (Score:3, Insightful)
Re:Doesn't just apply to viruses... (Score:4, Insightful)
I work in system support. This conviction of mine that the numbers out stupid people outweigh the power users is borne of considerable experience and many thousands of hours of fixing things for those friends who only call when they have a problem.
There is a massive hard core of people who just DO NOT LEARN from their mistakes. Frankly if ISPs are going to let these dangerously ill-educated people onto the web they should have a duty to deal with the consequences
Anything ISPs do to protect these people or us techies from their side-effects is a good thing.
This isn't a whinger or an outsider speaking. I've got the T-shirt and it wasn't worth what they charged.
Re:Yes Yes! (Score:5, Insightful)
1. user self-policing
That might be true in an ideal world. However, these users were disconnected because they failed to police themselves.
I know someone who's running a Win98 box thats been infected with SoBig.F for over a month. Yet his copy of Norton AV has been sitting on his desk for the past year. His excuse for not cleaning it up? No time and he doesn't want to reinstall everything.
I'd say it's fair to assume that the vast majority of these Comcast customers are just like him - clueless and happy that way.
Re:I for one... (Score:5, Insightful)
It fixes the issue for me as well. And you. And, in fact, anyone at all who isn't the person infected.
Having said that, I agree with your point about prior contact. I'm fully in favour of cutting off virused connections however, and in a reasonably swift time limit too.
Cheers,
Ian
Re:Whose fault is this really? (Score:3, Insightful)
1. install patches regularly
2. virus scan
Again, automagic updates would be nice too. This one would probably work out most of the time.
3. don't open attachments
'But it was from my mother/sister/brother/son and they said they loved me!'... This won't work.
4. don't install spyware.
'Gator is spyware? Wait. What is spyware again? It just prefills forms and makes life easier. What? No, it didn't install anything else...' Continue this thought process yourself.
Hate to be cynical, but giving them a warning then shutting them off is probably the best solution. I would also recommend the ISP send out a CD with some cleanup tools since they've effectively cut off these people's access to some of the tools to help themselves.
Re:Whose fault is this really? (Score:2, Insightful)
People don't read these. If their machine is still up and running, they don't care. The only time they will do anything is if their machine useless or their service is cut off.
Also- I'd make a little change to your list:
1: Get a Mac
OR
2. install patches regularly
3. virus scan
4. don't open attachments
5. don't install spyware.
If people used these 4 simple techniques,...
They won't, which why they should use #1 instead.
If Grandma is just using the Interweb for email and browsing and such there is NO good reason for NOT using a Mac! These people are not interested in constantly updating their machines, they just expect them to work.
I have one friend who uses a Windows box that is constantly getting hosed by trojans and worms and viruses and he keeps using it until it grinds to a halt. Then he invites a tech friend over for dinner and the guy "cleans out" his machine and updates his system.
And this is how it is until it gets all farked again in a month or so. He keeps saying he'll get a Mac "one of these days...."
that day will be when his system is down and his tech friend is no longer available.
There are SO MANY people that are just "home users" that are NOT interested in all the maintenance involved with a Windows PC, but they have no clue what they are in for when they go shopping for one.
Re:Yes Yes! (Score:5, Insightful)
I don't mind so much if consumers are offered consumer-grade access. It does bug me, though, that EVERYONE was once offered geek-level access for $9.95/month and now you get port 80 inbound for $21.95/month. If you cut your service, you should cut your pricing.
Re:Is this right? (Score:2, Insightful)
Giving helping hand to grandma (Score:3, Insightful)
ISP could set up captive portal (like on WLANs) with information and pointers to AV software updates. Either all traffic is relayed through proxy or then packets are allowed to AV sites.
But false positives are the problem, of course. But once you get confirmed spam, virus or worm traffic, then you can be quite sure.
Re:Thank you! Next, please take out the virus-infe (Score:5, Insightful)
I work for one of the largest meta-ISPs. To put things simply, my employer operates the back-end of of a few hundred interest services. Said employer shall remain nameless, and no, my email address does not reflect said employer.
Anyway. I'm a graveyard shift network operator. There isn't a whole lot to do on the graveyard shift except make sure nothing bursts into flames. So I'm pretty bored until about 5am when our authentication logs gets rolled into the database.
And this is when i can go through all the complaints about spam, viruses, port scans, and whatever else our teeming masses of end users have perpetrated, and figure out exactly who's computer is doing what. And then shut 'em off.
I agree completely that it would be great if there were some way i could efficiently get the end user to disinfect or secure their systems without having to resort to strong-arm tactics, but the truth is that, for 99.99999% of home users, disabling their supply of email and porn is the only way we can get them to sit up and pay attention.
Think about it. If you got some popup on your screen that said you have a virus and your internet connection is at risk, you'd just close it and go about your business. Unless your connection didn't work, and then you'd call customer service and try and get it 'fixed'.
Heck, most people get popups that tell them that sort of thing all the time.
Would a smart person trust that the 'free' antivirus tools are indeed what they claim to be without some way of independently verifying that? I sure wouldn't.
Would an *average end user be able to use them effectively? That joke isn't even funny. I did my time in tech support - the sheer number of people who have asked me what a comma is while I'm trying to help them disable call waiting on their phone line are shadowed only by the monumental stupidity of the woman who was overheard - on several calls - shouting at her husband - over and over - "IT'S THE A IN THE CIRCLE! THE *A* IN THE *CIRCLE*!!!". It would be funnier if it didn't make one lose all faith in the future of humanity.
Furthermore, have you considered the liability issues here? You want a corporation to tell a user to run a program that proports to remove a virus from their system? a FREE program? What happens when it runs across some new variant of some virus, thinks it's the old variant, does the wrong thing to remove it, and ends up rendering the whole system inoperable? I'll tell you what, some arm-chair attorney is going to threaten legal action. You have no idea how frequently this really happens. Even if you so much as recommend third party software.
So we cut 'em off. Just to force them to call us. And then we tell them, essentially, "Look, buddy. Your computer has this problem. And your computer's problem is our problem. And that makes it your problem. We don't care what you do to solve this problem, but you better do it. We suggest antivirus software as a first step. We hear that you can get a free version of something called AVG."
And then, if they seem to understand, we turn their connection back on, so that they can update their norton or download avg or whatever.
And every week, there's two or three end users who get their accounts totally closed because we've been over this with them three times already and they haven't managed to get the picture.
I wish there were a kinder, gentler way to do it. So far, I don't think there is.
the better way to do this (Score:4, Insightful)
why not (say) decrease the dhcp lease time from whatever to an hour or so. when whatever mechanism they're using to detect spam/whatever infection (hope to god they're not just listening for smtp traffic, that'd be evil but sadly likely) goes off, it would tell the cable modem ot use a different config which would then allow the user to get a different dhcp lease. this lease would set their router to something different, which would then pipe a single page to the user - similar to what many universities install for when users try and access pr0n or something like that from a school computer.
some mechanism ('m not familiar with routing protocols unfortunately) would then be provided to drop all traffic at the router except for http traffic through a specific gateway, possibly to specific hosts such as mcaffee, symantec, windowsupdate.microsoft.com, and the vairous other free virus and malware scanning packages.
This is a bit more complex, but surely it's possible - I've seen and/or read about all the various mechanisms I mentioned above.
Re:Yes Yes! (Score:3, Insightful)
I think you missed the point of the parent entirely... just because you can do something doesn't mean you should do something. Yes, the contract allows Comcast to cut off users like that, but do we want them to? And, in what other situations do we want them to (or not to)?
Re:Yes Yes! (I have to dissent) (Score:4, Insightful)
I understand that techies across the world think this is super-fantabulous, but this is horrendous for the average end-user. Comcast doesn't (I will refrain from saying can't or won't) say what a user's system is infected with, or what exactly it's doing...just that there's some "illicit traffic" coming from that IP. That's great, now how am I supposed to diagnose the problem? It wouldn't be that difficult if the machine were in front of me, but how to I walk Mary End User through complicated tasks over the phone while she's already frustrated? If Comcast were doing more - i.e. they told you what the problem was and the steps you can take to remedy it - I would be more supportive of this. As it stands, it's just going to make a lot of end-users get cheated by shady local PC repair places while they get the run-around from fifteen different vendors. Make jokes about virus scans all you want, but nothing is fool-proof...and since any fool is equipped with a computer these days, infections will happen and malicious attacks will succeed. So +1 to Comcast for taking some initiative, and -2 for crappy execution and not giving half as much of a flying foo as they'd leave their customers to believe.
Bad Idea (Score:5, Insightful)
Now, here's my humble suggestion for a better solution. If a PC is identified as a compromised machine, it's added to a pool of machines that all gets a special IP and special DNS servers (I assume they run DHCP - if they don't they should). Now, the new DNS servers resolve all addresses to a special page dedicated to downloading anti-spyware and virus checkers. Maybe even an online scanner like housecall. [trendmicro.com] So, when Joe Luser fires up his web browser, he reaches this page no matter what he types. Once he's machine is cleaned, he will be removed from the compromised pool.
Send them a thank you note. (Score:3, Insightful)
Except that... (Score:3, Insightful)
"Hi, I'm the admin from [YourISP]. We think you have a virus. Please run the attached program, and blah blah blah."
The next round will have something like "Please type in [EvilURL].com and run the 'virus remover' you see there."
How is Joe Averages' Grandma supposed to tell the difference?
Re:Yes Yes! (Score:2, Insightful)
How do you know that?
I had thought one of the things us enlightened slashdotters loved about the Internet was that we could set up our machines to do whatever we wanted them to do without approval from our ISP. While I hate spam and spammers as much as I hate Illinois Nazis, I've always accepted that a free Internet demanded that we allow people to configure, mis-configure, or allow to become misconfigured any way they wanted to.
This is yet another bad precedent we're being encouraged to believe is good for us.
Freedom demands eternal vigilance, and you just gotta do it for yourself. That doesn't mean you can demand others apply that vigilance to their own lives; their concept of Freedom might just be different than yours.
There are valid reasons why I shouldn't run a spambot. But are there any valid reasons why I shouldn't be allowed to run a spambot?
Re:Yes Yes! (Score:3, Insightful)
Re:Yes Yes! (I have to dissent) (Score:5, Insightful)
Re:Yes Yes! (Score:5, Insightful)
> spambot. But are there any valid reasons why I
> shouldn't be allowed to run a spambot?
Yes, because it _will_ (NOTE: not 'can') be used to relay spam to other networks. This is costing other people time and money.
Re:Yes Yes! (Score:5, Insightful)
Yes, the contract allows Comcast to cut off users like that, but do we want them to?
What an easy question. Yes.
These people DO have the capability to take care of themselves. However, they have repeatedly shirked the responsibility of learning the basic tenets of computer use on a connected, global network.
Comcast is cutting these people off and basically walking them through the process of using their computer like they're helpless small children because, frankly, when it comes to computing, they are. There are plenty of resources out there to teach you some very basic safeguards that require only common sense and a few guided mouse clicks to eliminate a huge portion of this problem. These people consistently refuse to use these resources, or simply choose to ignore them when it becomes slightly inconvenient to do otherwise. How many people ran out to find out how to turn off the deep-sixing of executables in Outlook when Microsoft added that feature? Did these idiots run out to find out why their PC was rebooting, how they got infected, and how they could prevent similar attacks in the future when Blaster hit? Of course not. They still don't patch, they still execute attachments, they still download and run crap like Gator, they're still grabbing executables off of Kazaa, and they STILL aren't turning on ICF. I could understand people getting burned once, but these imbeciles are getting burned again and again and again by the same thing over and over. I mean, look how lazy these spam-virus writers are now. They have the ultimate exploit: people with an IQ of about 2 when they're around computers. Shit... the goddamn viruses come with instructions on how to install them now and these morons are STILL getting infected!
Look, I'm sorry, but we don't let mentally retarded people do a lot of dangerous things in "real" life, why should we let the Internet equivalent do the equivalent things on the net? It's not exactlyl a matter of freedom, it's a matter of truly incompetent people repeatedly failing to live up to even the most basic obligations of owning a broadband connection.
I see no problem with this, whatsoever. In fact, I hope they start barring chronic offenders from the network permanently if they can't even take basic care of the connection.
Re:Yes Yes! (Score:2, Insightful)
If you'd see the piles of spam everyday that my coworkers and I get, even the filtered stuff, every day, in addition to the stuff on all my other accounts, you'd want them shut down too.
Let's not even start on the virus-spewing zombies...
Re:Yes Yes! (Score:5, Insightful)
Would you be willing to pay more for ICMP?
Absolutely not. I signed a contract that said "internet access". Correct me if I'm wrong, but ICMP is still an internet protocol, is it not?
Earthlink started blocking outbound 25. I dropped the sum'bitches like a bad habit. If I want "web access" I'll go waste my money on AOL. If I signed up for "internet access" you can be damn sure I'd better be getting. I think there's a potential breach of contract case if my ISP decides to start chopping out protocols, depending on other wording in the agreement (and "we can do whatever we want without telling you" isn't absolute in the eyes of a court - those kind of sweeping, general clauses are meant to scare consumers, not withstand a lawsuit).
Heh (Score:3, Insightful)
I've already set them up with a good firewall... controlling what they do with their Email attachments is a bit more problematic.
I support cutting off accounts for abuse, whether intentional or simply clueless/negligent. Hell, I'd be delighted if somebody warned me that something was up with my connection, for a couple of reasons. One: I have more than a passing interest in net security, so if my box just got pwned, I want to know about it, including how they did it. Two: I try to be a good netizen, and just like I'd expect one of my neighbors to call me if he noticed my house was on fire, I'd hope somebody would tell me if I was polluting the 'net.
This is comcast doing the user and their fellows a favor.
Re:Yes Yes! (Score:5, Insightful)
Since when is the internet free? Freedom of speech is a whole lot different from the freedom to use/abuse the connection you purchased from your ISP in a manner which violates the contract you have with your ISP.
This is yet another bad precedent we're being encouraged to believe is good for us.
Bullshit.
Freedom demands eternal vigilance, and you just gotta do it for yourself. That doesn't mean you can demand others apply that vigilance to their own lives; their concept of Freedom might just be different than yours.
There are valid reasons why I shouldn't run a spambot. But are there any valid reasons why I shouldn't be allowed to run a spambot?
Sure, because as part of your internet service you agreed to follow an Acceptable Use Policy given by your ISP. If you then violate your agreement, you give up your right to the freedoms your ISP granted to you.
This isn't some kind of constitutional right. You are paying for a commercial service. Part of that transaction involves certain restrictions in what you're able to do with the service. If you do not like those restrictions, you can choose to not use the service and either start your own or find an alternate service more to your liking.
But don't whine about how your supposed freedoms are being trampled on. It's nothing of the sort.
Re:Yes Yes! (Score:5, Insightful)
I'm sure my cust-serv problems are more related to the whole "No Help Helpdesk" thread of a few weeks back, but at what point do/can we start holding the ISP's liable for their users?
Re:Yes Yes! (Score:5, Insightful)
Why not. But you should be made responsible for all done with it. That includes, but is not limited to selling controlled substances, assisting the sale and smuggling of controlled substances across country borders, selling counterfeit/pirated software, financial and mail fraud.
So if you have deliberately decided that it is OK for you to run a SPAM bot, you should also agree to be held responsible for what it is used for.
They'd better get it right (Score:4, Insightful)
Considering a) I'm running Linux and b) I do forensics on trojans at work, I'm not going to be infected.
I checked my wife's box which was Windows at the time, and it was clean. I checked mine and it was clean.
A little more digging and the "attack" comes down to SpamAssassin. Anyone who was running SpamAssassin or MailWasher got these warnings because RR couldn't manage their freaking DNS servers correctly.
I for one do not want to get cut off because of the incompetence of the ISP.
Re:Why not... (Score:3, Insightful)
Personal firewalls are crap. They cannot - by design - interfere with the other operations of the PC, so they won't allocate a large enough pool of memory for keeping state on active connections. This results in lots of false alerts if TCP FINs are retransmitted, and on our busy ad banner servers, they sometimes are retransmitted. The PC firewalls think this is a FIN scan, because they have already purged the session when they see the first FIN. Dumb, dumb, dumb!
McCrappy is especially vulnerable to this, and not only that, in it's popup alert it uses the language "Your PC is under attack from
To make matters worse, McCrappy doesn't provide the user with enough information to respond reasonably, even if it were a legitimate attack. I don't know how many people have sent me a McCrappy firewall alert, which contained nothing but a dump of our WHOIS records, headed by a paragraph accusing the listed party of attacking the user.
"Yes sir. That's our WHOIS record. Yes sir, I am already aware of that information, since I put it there."
Re:Yes Yes! (Score:5, Insightful)
40 Comcast customers who have sent out more than 100,000 e-mail messages a day, with many sending close to 1 million daily e-mail messages
The net is a shared resource. When your "misconfiguration" screws it up for the rest of us, you get no sympathy from me.
I'm no fan of corporate policing, but these people had the same opportunities to lock down their machines as everyone else. They failed to exercise that ability, and are now paying the price.
Re:Yes Yes! (Score:5, Insightful)
You think you're funny, but you're damn right!
Enforcement should be delegated and hierarchal, just like DNS lookups.
If a clueless and lazy user can't bother to patch up their box, then the ISP should cut `em off.
If the ISP is too cheap and lazy to enforce good network behavior on their users, then their broadband provider should cut `em off.
All the way to the backbone, to the biggest router!
Start with the premise of responsibility, enforce only when responsibility is not exercised.
Re:Yes Yes! (Score:5, Insightful)
I sure don't agree with you. Use of the internet is a privilege, not a right - like everything else in this world. Think you have a right to life, liberty, and the pursuit of happiness? That's poppycock, because if your pursuit of happiness infringes on someone else's, let alone their life or liberty, society might decide to take away your life or liberty in turn, because you have abused it. You must have a license to drive, even though you pay for the car. Why should the internet be any different? The lack of education problem is not the responsibility of those in the know, it's the responsibility of the user, just as knowing how to drive is the responsibility of the driver, not of people who know how to drive. If it were, then race car drivers would never have time to race, because obviously they know more about driving than the rest of us, and they should be teaching people how to drive, right?
There is such a thing as lack of malicious intent, which is why it's reasonable to prevent these people from spamming, but not to take away their computer. If you pick up a gun, knowing it is deadly but not knowing how to operate it, and you kill someone with it accidentally, you are still guilty of manslaughter. You should really have not picked the thing up since it's deadly and you have no idea what you're doing. If you operate a computer, and you leave it unprotected and you spam people, you are still guilty of spamming. You should really not have plugged the thing in to the internet since you don't know what you're doing.
In both cases, there is no law that says you must be certified before you operate the device in question; in both cases, no one can take responsibility for your education but you. In both cases, you should pay the price for your lack of responsibility because an action once taken cannot be undone.
Re:Yes Yes! (Score:5, Insightful)
Secondly, Comcast is a company. They are in business to make money, not to allow you the freedom to do with your net connection in any way you see fit. The way you express your thoughts in such a matter is via freedom of choice and you leave Comcast for another company.
The Internet may indeed be free, but access is not. Pay the company you prefer to go with or go into business yourself. However, don't attempt to cloud the discussion with a foggy definition of what "freedom" means and what your responsibilities are within a "free" system.
Re:Other ISPs start to do this? (Score:3, Insightful)
While activating my Cox Cable access the other evening, they actually require you to disable all firewalls (hardware and software) and connect to the internet.
Then, if you have problems once you turn on your firewalls, multiple techs have recommended, "Just turn it off, the connection will work fine!"
Right.... here, let me put this un-firewalled box on the internet.
I don't care what OS you're using, this is a bad idead.
Re:Yes Yes! (Score:3, Insightful)
ISP's also need to start taking more responsibility though. They should be shipping their modems with a built-in firewall pre-configured to block all inbound connections (and allow the customer to manage it via a decent web-based interface or something,) and running AV on their email servers. VERY few ISP's do either.
Don't think so (Score:5, Insightful)
Re:Yes Yes! (Score:2, Insightful)
Re:Yes Yes! (Score:3, Insightful)
Re:I work for Comcast (Score:3, Insightful)
While I can appreciate the nobility of such an act, unless it's part of Comcast's user agreement that they are allowed to have control over, and the ability to deposit data on their customer's computers, you just violated a bunch of laws. Anyone who had this happen to them could probably sue the crap out of Comcast.
So they're going.... (Score:2, Insightful)
That's like in Britten when they used to put paupers in jail for not paying their taxes. Not a lot of people got a lot of high paying jobs in prison, so they never paid the taxes.
This is NOT a good thing (Score:1, Insightful)
Comcast has already gotten lambasted here for cutting off "abusive" downloaders who have "unlimited" access. If Comcast not only is allowed to but also is *encouraged* to handle this problem simply by dropping the users' access, then there's no reason they won't feel like they can address the other problem by continuing to cut off those using a large amount of bandwidth under unlimited plans.