Comcast Warns Customers Suspected of Bot Infection 196
eldavojohn writes "Comcast is pushing a new program nationwide that warns customers if they might have a bot infection. It puts a semitransparent overlay on the top of the website you're viewing, warning you that you may have a bot installed if the provider detects botnet traffic from your residence. Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."
Mixed feelings (Score:2, Insightful)
It's good that Comcast is actually doing something, but I'm not really sure how effective it will be, and the precedent it sets makes me a little leery. Not sure how I feel about this.
Antivirus2010 (Score:5, Insightful)
ComcastAntiVirus have detected a infection or your computer. To run free virus removal click here!
www.c0mcast.net/antivirus.exe
Re:Mixed feelings (Score:4, Insightful)
Re:Mixed feelings (Score:4, Insightful)
Comment removed (Score:5, Insightful)
Re:IPv6! (Score:3, Insightful)
IPv4 isn't a serious problem, and that part of the summary seems rather silly considering that anyone who has a serious network setup probably either has a good understanding of it or has a friend / family member with that knowledge. IPv6 would be a lot nicer, but the world is going to go on dragging its feet as long as it can.
Re:Wait, what? (Score:4, Insightful)
A risk - in theory - is that when people see this popup, they'll say "I'm supposed to not interact with these things" and just click "Close," rather than understanding what it says. On the other hand, if your computer is infected with some sort of 'bot, you probably click through things like this anyway.
Re:Mixed feelings (Score:4, Insightful)
Because people will ignore the email.
Just one more piece of spam.
Re:Wait, what? (Score:3, Insightful)
I still think this is a gross and intrusive tactic, but so is how they hijack DNS redirects to show you a custom "search" page with ads on it. At least they give you an option [comcast.net] of turning that "service" off.
Re:Wait, what? (Score:2, Insightful)
Re:Mixed feelings (Score:2, Insightful)
An email to the address they have on file would be much less creepy and more effective, IMO
I agree but not everyone uses Comcast email.
Re:Mixed feelings (Score:2, Insightful)
If the customer fails to address the issue promptly, then Comcast should disable their connection. When they call in, Comcast could easily ask them for a email address to forward such communications to.
I work for an ISP and this is how we handle it. (Of course, we're small, so we also call the customer on the phone number(s) on their account.)
Re:Wait, what? (Score:3, Insightful)
Anyone that throws out mail from comcast can just as easily ignore the overlay. Besides, it's not comcast's responsibility to tell you if you have a bot running on your machine. This would be a little like your car putting an overlay on your windshield if your windshield wipers are in need of replacing, it's just ridiculous.
Also, what happens when someone gets flagged falsely and they can't get the overlay removed. Every try calling comcast customer service. Wait three hours on hold and then talk to a moron in india that doesn't speak english only to be read a script in a thick accent and then have them hang up on you.
Re:IPv6! (Score:3, Insightful)
I think that most of the people who are qualified to setup and maintain their own router are also qualified enough to determine exactly which of their machines are infected
1) You go to best buy and plug $59 for a 4 port router box.
2) You take it home and plug it into the wall.
3) You plug the WAN port on the router to the cable or dsl box. - this is the hardest part to get right
4) You plug your computers into the other ports and start accessing the internet
People qualified to do the above are not qualified to determine which of their machines are infected.
Re:Mixed feelings (Score:3, Insightful)
Re:Does anything bad even run in GNU/Linux? (Score:1, Insightful)
I don't think it even bothers GNU/Linux, but, just for our peace of mind, let's ask those wizards on /.
Linux servers are generally a pretty high value target (they usually don't get turned off at night, most are on better-than-average connections and 99% of the software written for the thing doesn't require a GUI). Also, some guy running ancient shitty php forum software "for his family" on his home network is ripe for pwning.
Re:Wait, what? (Score:4, Insightful)
Let's look at the following:
1. By definition, an internet service provider IS a man in the middle. To everyone whining about using this method - welcome to the real world. A man in the middle approach is the easiest one for the man in the middle to take.
2. Perhaps the ISP should just terminate the accounts of users of infected machines, since I am sure running an infected machine on the net is a violation of the TOS somewhere.
I WANT them to break the service and force people to upgrade, instead of continuing to spew their filthy zombie attacks all over the net. The more dramatic and attention getting, the better. Face it - your mission critical systems should not be on a residential account anyway, RIGHT? That's what the premium priced business packages are for... So what if grandpa has to click on some links to download some software and fix his machine before he can read his paper today. It's worth it to clean up the net.
ten bucks on .... (Score:3, Insightful)
Good idea, but a bad implementation (Score:3, Insightful)
My own ISP does something similar, but a little better (again, IMHO). A few weeks ago I opened my wireless network because one of my devices was choking on WPA2. Sure enough, someone must have hopped on it and sent a fair bit of spam. So my ISP killed my connection and changed the DNS server so everything resolved to their "Call tech support now" page (although it took a while to for me to figure that out since I wasn't using their DNS server, but I digress). A quick call had me talking with a representative with an explanation, and I was reconnected. (Obviously I re-enabled WPA2 and blocked/logged port 25 at the router in case I really did get rooted.)
You just don't get it (Score:3, Insightful)
Let's look at the following:
1. By definition, an internet service provider IS a man in the middle. To everyone whining about using this method - welcome to the real world. A man in the middle approach is the easiest one for the man in the middle to take.
No. By definition, an internet service provider is a bridge and router. It is not supposed to mess with your traffic. It is not supposed to be looking at these layers. Comcast has shown many times they don't care about that, though. They messed with all HTTP traffic by sending RST packets at you to upset bittorrent, also breaking normal web connections, and anything else which happened to be on port 80, e.g a lot of games. They messed with DNS to redirect to their own advertising sites for failed lookups. Now they're messing with HTTP to insert their banners. What will that do to traffic which happens to be HTTP but isn't web? News for you (and from your comment this probably IS news for you): the internet is not the web. That'll break bittorrent, games, maybe even iTunes, twitter apps, facebook apps, simple wget/curl transfers, and anything else that just happens to be HTTP on port 80.
2. Perhaps the ISP should just terminate the accounts of users of infected machines, since I am sure running an infected machine on the net is a violation of the TOS somewhere.
Yes, that's what they should actually be doing. It's in the ToS and if they have a machine connected which is degrading their network and/or being used for malicious attacks on other computers connected via their network, they are completely in their rights to disconnect them. This stinks of them trying to save money from support calls, sending out letters, hey even automated voicemail (which they do ANYWAY) or email.
OR they could just cut them off until they call tech support. OR they could filter the traffic, seeing as they've got enough of a stateful packet inspector in place to a) identify and b) modify your HTTP connections anyway. They just proved they can do it!
I WANT them to break the service and force people to upgrade, instead of continuing to spew their filthy zombie attacks all over the net. The more dramatic and attention getting, the better. Face it - your mission critical systems should not be on a residential account anyway, RIGHT? That's what the premium priced business packages are for... So what if grandpa has to click on some links to download some software and fix his machine before he can read his paper today. It's worth it to clean up the net.
I have a theory that anyone using the phrase "face it" actually knows that what they're suggested is absurd. You don't seem to understand exactly what's being done here. There's plenty of ways for them to solve this issue, and this tactic is just plain wrong.
Hell, this drops their "neutrality" altogether. They're actively inspecting traffic and inserting their own. I reckon that opens them up to being liable for it, too.
Re:Mixed feelings (Score:3, Insightful)
Yes, but your business plan is probably just to profit from providing internet bandwidth to customers.
Comcast has a whole 'nother agenda.
The Case For Internet Licenses (Score:3, Insightful)
"Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."
If you call turning off your machines and running them one at a time to check each machine's response "difficult", then you can damn well pay the neighbor kid to come over and do it for you, just like you paid him to come over and get your Internet Explorer brand computers surfing on the infotube highway in the first place. While he's there, have him take out that "MOE - DEM" thingy. Those blinking lights are just slowing things down.
Re:Mixed feelings (Score:3, Insightful)
How about a message that comes with the monthly bill in snailmail?