Comcast's War On Infected PCs (Or All Customers) 304
thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood
of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.
Seems fine to notify (Score:5, Insightful)
As long as they don't act upon this information I don't see any issue with it. I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.
Sounds like a win-win for both Comcast and their customers if it's informational only.
Re: (Score:2)
Re: (Score:2, Insightful)
Agree, if they do it properly it could be useful service.
Except this is comcast we're talking about. They'll probbaly throttle and not notify.
Re: (Score:2)
Yep. Comcast does few things correctly.
From blocking as "possible spam" me@comcast.net from sending a nearly empty email containing just one URL to me@work.com where I want to use it. WTF?
To this week's episode where Comcast webmail was totally foobar/frozen after half loading, until I purged every one of the dozen or more comcast related cookies from my browser. They apparently trust the data the client gives them too much, and expect all these cookies to have consistent state.
Re: (Score:3, Insightful)
Who uses their ISP's email service these days?
Re: (Score:3, Interesting)
This is why I eventually decided it wouldn't be detrimental to me at all to outright block outgoing SMTP at my router - I exclusively use gmail for my email now.
Unfortunately, precedent says they will act on this by blocking all access if a compromise is detected - Time Warner has a "two strikes and you're out" deal - The first time ANY sort of complaint comes in, you get a temp-block that can be lifted by clicking a URL. Second report, even if it's 1.5 months later, will result in service shutoff until yo
Re: (Score:3, Informative)
Re:Seems fine to notify (Score:5, Insightful)
I like the idea a lot, but I don't know that there will be enough information for everybody.
When my ISP notified me of problems, it took a while to get enough information to figure out what was going on. As it turned out, it wasn't on a Windows box, and it wasn't a virus per se, but rather an inadequate password on an unsecured port. A message like "YOU HAZ BEEN PWNED!!!! HAHA!!" wouldn't have been enough for me to go on.
Still, the ISP is in an excellent position to watch accounts for bot-like activity, and is likely to be the first one to know.
My guess would be that those Comcast customers who insist they don't need anti-virus and do know how to surf the Web safely are going to get unexpected notices.
Re:Seems fine to notify (Score:5, Insightful)
My guess would be that those Comcast customers who insist they don't need anti-virus and do know how to surf the Web safely are going to get unexpected notices.
My guess is that those same users will think that the ISP is obviously wrong, and will continue along their merry way, spamming the world.
Alternatively, they will attempt to fix it by clicking that little banner ad for 'free antivirus' that popped up and told them the same thing...
Re:Seems fine to notify (Score:5, Insightful)
I agree, and I think it is surprising it has taken this long to launch this service. This is a chance for Comcast to save money on bandwidth, improve their quality of service, and do something good for their users and for the Internet at large. They can do the right thing while increasing profits!
That being said, I'm sure they can find ways to screw it up. A pop up notice in the user's malware-infected browser is not the way to notify customers.
Re:Seems fine to notify (Score:4, Funny)
A pop up notice in the user's malware-infected browser is not the way to notify customers.
Notifying anyone of anything was easy when the Windows Messenger service was enabled by default. ;-)
Re: (Score:2)
No, but what they can do is redirect outgoing traffic that is destined to port 80 on some server to their server so that you go to google.com, but end up going to server.isp.com and getting the notice. Some of the ISPs in my country do this for other purposes too, for example to remind the user that he still hasn't paid for the connection this month.
Re:Seems fine to notify (Score:5, Insightful)
Tech: "Ok, you've got a virus"
User: "But why? I have X protecting me!"
Tech: "Well, you downloaded these kitten screensavers that appear to have a trojan on them"
User: "So you're going to remove my kitten screensavers!?!"
Tech: "Um, well yes."
User: "But you can't do that!!!"
Tech: "Well you want the virus gone right?"
User: "Not if it endangers my kitten screensavers!"
Tech: "..."
Add that plus all the scareware floating around with rogue AV software leads to a perfect storm.
Re:Seems fine to notify (Score:5, Interesting)
That is so true it's painful.
Many years ago I fixed someones windows installation.
The user originally complained about a subtle windows annoyance, and a system that was running a bit slow.
What I found when I started digging, was the most badly infected computer I have EVER seen to date.
Many of the viruses were craftily avoiding all attempts at removal, so I backed up data only and reinstalled.
Some of the backup was useless due to an encrypting virus.
A week later that original annoyance was back. It turns out that on the same day, the user had downloaded kazaa and all the programs they felt were MUST HAVE, and with a combination of screen savers, custom mouse pointers, and other assorted crap recreated the exact same malware+virus infected state.
So basically everyone from lusers to geeks have in their mind what their ideal system is, and from a fresh install we tweak towards that OS ideal.
Re: (Score:3, Interesting)
Last time I encountered a system that badly infected, after cleaning it I put the free version of a decent AV on the machine and told them that if they tried to download anything dodgy again and the AV cut the connection, not to try to download it again.
A month later they came back and asked where to download the AV from, because some of their friends' pcs are in similar state and they're sick of getting virus-infected emails from them.
*happy ending*
Re: (Score:3, Funny)
Re:Seems fine to notify (Score:5, Funny)
I'm sure the conversation would be more like this:
Tech: "heylo plase tern off your computer and wait for ten seyconds"
User: "What are you talking about, I'm calling because you say I have a virus"
Tech: "Dayd you tern off your computer yet?"
User: "Did you hear anything I just said?"
Tech: "Comcast tern off not responsible kittens"
User: "Every word you say makes me angrier and angrier."
Tech: "Good, resolve glad issue. Bye"
Re:Seems fine to notify (Score:5, Insightful)
I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.
The problem is that most customers cannot do anything about their problems, except take the computer to someone that can help them. And because that is going to cost money, most people are going to wait until after Christmas, or after their vacation, or after their vacation after Christmas. Or until hell freezes over.
Assuming a pop-up of any sort is going to actually inform people is a mistake - almost everyone has some kind of pop-up blocking in effect today and the ones that get through are ignored.
The right thing to do is contact the person and see if they can explain the activity. No contact, cut off the account. No explaination, cut off the account. It does little good for the other 6 billion people on the planet to let infected computers continue to spew spam and phishing emails.
Re:Seems fine to notify (Score:5, Insightful)
Yeah, Also, because If I got a pop-up that said, "your pc is infected" I would just close it and say "stupid phishers you'll never get me!" So, I'm guessing that pop-ups would be much less effective then a real piece of mail/phone message.
Re: (Score:2)
Or when their ISP tells them they have an infection they'll look at the BestBuy Geek Squad ad right next to it and take their machine in.
Re: (Score:2)
> ...BestBuy Geek Squad ad right next to it and take their machine in.
After which there will be no doubt about it being infected.
Re: (Score:3, Interesting)
Here in the UK one of my previous ISP's claimed my computer was infected with some worm, but how did I find this _lie_ they told me?
Whilst I was using my internet connection they started to flood my router and pc's open ports with packets. Whilst the router and pc were able to repel their attack on my machine which lasted some minutes, they did not impress me with their accusation and then tactics against my machine, I thought it was under a "genuine" DDOS attack which was saturating my connection.
To end th
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
It depends. It could be a good thing. Or if they use an overly broad interpretation of what might indicate virus or botnet activity, I could see it becoming a tool to shut down customers who just use a lot of bandwidth.
Plus, even if Comcast's intentions are good, it seems like a great way (for others) to phish. Think about it. Users are not used to seeing notices from comcast, but maybe they've heard about this initiative. So they get a pop-up saying "Comcast service notice. Your PC may be infected. C
Re: (Score:3, Funny)
Comcast: You're using more bandwidth than we'd like you to, so you're obviously a spammer. Prove that your not infected and we'll turn you back on. /dotter: I run Linux!
Comcast: So you're not running antivirus purchased from a Comcast-approved vendor then? Please let us know when you've installed Norton or Mcaffee, and we'll be able to move to step two, where you prove you have the latest Windows Updates.
Re: (Score:2)
You hooked a bot zombie to your home internet connection before it was clean? Idiot.
Re: (Score:2)
I had a similar situation, somebody brought over a zombie XP machine that started spamming. They were house sitting while I was out of town. Anyway, if you talk around to the right person and call about 5 different numbers, you CAN get port 25 unblocked, it just takes you getting in touch with the correct department...
Anyway, now my firewall doesn't let any "untrusted" ip addresses unfettered access to the internet anymore. Which is a pain when I bring the work laptop home and the VPN won't connect (unti
Re:OH, They have been acting for a while! (Score:4, Informative)
> No, but why is the NAT firewall letting the spam through to the outside world?
Because having egress filtering on by default would piss off most users, so consumer NATs don't do that.
Re: (Score:2)
> Because having egress filtering on by default would piss off most users, so
> consumer NATs don't do that.
And stateful firewalling is evidently beyond the comprehension of the manufacturers?
Re: (Score:2)
Maybe because it's configured to let everything out, just filter the incoming traffic...
But probably it didn't do a good job there either, seeing as a computer behind it got infected (OTOH, it could have been an autorun virus)
Re:Seems fine to notify (Score:4, Insightful)
Re: (Score:3, Funny)
I'll give you 2:1 odds that that is exactly what Comcast will do.
IP, FP (Score:3, Insightful)
Re: (Score:2, Insightful)
If they just said "IP" many here would think they were referring to Imaginary Property. Spelling out acronyms is a good thing, even if your audience probably knows what the acronym means.
Bad subject, this is a GOOD thing... (Score:5, Insightful)
ISPs need to notify their customers. Many customers don't really have email contact from their ISP for various reasons (eg, me!). But injecting a pop-up for notification purposes DOES work.
Yes, the same technology can be used for evil abuses like ad injection, but this is exactly what SHOULD be done.
Re:Bad subject, this is a GOOD thing... (Score:5, Insightful)
How many folks ignore popups though?
I'd think the solution could be more like what they do when they are messing with DNS - identify customers with issues, redirect their DNS queries to a box that puts up a page that describes what is going on, why they are seeing that page instead of google or whatever, and a number to call at the ISP for assistance.
Re: (Score:2)
Wow, a little quick to sue, aren't we?
1 Corinthians 6:7 The very fact that you have lawsuits among you means you have been completely defeated already. Why not rather be wronged? Why not rather be cheated?
Re:Bad subject, this is a GOOD thing... (Score:5, Interesting)
I'm undoing a bunch of moderation just to point out that you're an idiot. I hate to be so blunt, but it's the truth. If you want uninterrupted, business class service then pay for it and get an SLA in writing that explicitly spells out the obligations of both parties. In fact if you're on Comcast and you go ahead and just cross your fingers and hope for the best, I think a decent lawyer could sue you for negligence if Comcast's proactive measures impact your business. You are now aware that they might be doing this. If you don't take steps to mitigate it, you're the one who is at fault. As a business owner, you need to take steps to ensure that you can deliver what you promise to your clients. Trying to blame Comcast for a technical glitch strikes me as the digital equivalent of "sorry, the dog ate my homework".
Maybe I should have just modded you -1 and gone about my day.
This is a very good thing (Score:2, Insightful)
Even better would be to give me my choice of notification mechanisms:
*pop-up
*email
*sms
*robo-phonecall
*no notification
Re: (Score:2)
It seems like a good thing, so long as there's some way to tell Comcast, "No, my PC really isn't infected, I just run a mailing list," or something. I'm not sure opting out would be the right solution, though, because if someone is participating in a botnet, they should be subject to warnings (and eventually being disconnected).
Re: (Score:2)
Re: (Score:2, Insightful)
How will it be distinguised from the "Your computer is infected?!??!" ads that customers are told to ignore.
Re:Bad subject, this is a GOOD thing... (Score:5, Insightful)
Re:Bad subject, this is a GOOD thing... (Score:5, Interesting)
I disagree. Using pop-ups as the notification method will likely trigger a new round of malware attacks that look like official Comcast notifications, complete with helpful links to download scanner and removal tools.
When AT&T ran things during the ATTBI days they would routinely shutdown connections for subscribers who had known issues (trojans, etc). It would set their cable modem config file to some dummy one which would only get them to AT&T internal network pages and they'd have to call in to get working again--if they fixed the problem.
I don't see why that type of thing can't be restarted. Maybe there are just so many infected machines (and based on my webserver logs from Comcast's IP ranges, I'd guess this is true) that their phone staff just wouldn't be able to handle the volume.
Re: (Score:3, Funny)
Two words: False Positives. Ok, so I can't stick to two words... When a business is legally using their internet connection (a contractor uploading a very large set of files, including videos, etc., to update a client's live website, for example), and Comcast's actions cause that company to lose business or money due to breach of contract (deadlines are missed, live site goes down due to having only partially updated their files due to Comcast cutting the connection, etc.), there will be lawsuits, and Comcast will likely lose.
so block only porn sites. then they can do all the useful stuff they normally do, but you can bet your ass they'll be calling in pronto. (the conversation will then go as follows: "some sites aren't working!" "for example?" "uh.. I don't recall specifically.")
Re: (Score:3, Interesting)
See my previous response to your other post. If you are a contractor who is promising to get things done, it is on you to ensure that you are able to get them done. That means either get an SLA with an ISP who won't cut you off and will promise in writing that they won't cut you off, or get a firewall that will fail over to a secondary connection in case you do run into problems with your primary ISP. If you want to really cover your ass, do both because as we all know, shit happens. The best SLA in the
Re: (Score:2)
Really, paper seems to be the best way even though it might take a couple of days. But......knowing Comcast, they will probably just ax you, and tell you about it later.
Re: (Score:2)
I mean, if people click on popups telling you they have a virus (and actually get one), why wouldn't they click on Comcast's window anyways.
People that don't click on popups or have them blocked, will simply keep ignoring them. It could be annoying though, but may work.
If only they had some other means of communicating (Score:5, Insightful)
It's really too bad that a cable company doesn't have any other means of communicating with their customers other than the internet. If only some how they could find out where their customers live, which I admit does sound like a startling infringement on their customers' right to privacy, they could convey such a warning with out worrying about web etiquette or spam filters.
-Rick
PS: In case your browser doesn't support them, there are sarcasm tags on the proceeding paragraph.
Re:If only they had some other means of communicat (Score:5, Funny)
It's really too bad that a cable company doesn't have any other means of communicating with their customers other than the internet.
Hehe, you're watching TV with the family, and at the next commercial break you see a guy in an easy chair, reading the newspaper. He looks up at the camera and says "Hi there Rick! I'm Jim, from Comcast. Enjoying the show? Hey I'm afraid I've got a bit of bad news - it looks like your computer is infected with BugBot32/A."
Evil Abuses Such As (Score:2)
[comcast senses new p2p activity coming from a home IP]
Comcast Pop: Dear User, you recently installed a networked application. This application is spyware and is probably stealing your credit card information as we speak. For your safety, remove the software and any corrupted media downloaded by it.
Re: (Score:2)
You're not willing to give them an email address, but you're willing to run some program that sits around waiting for them to send you a message, so that it can pop up? Weird.
I'm assuming, of course, that you didn't actually mean anything nearly as insane as suggesting they should intercept your http traffic and modify some web page to include some javascri
Or... (Score:2)
It could also indicate software updates (like Linux)
Bittorrent vis a VPN
Someone working nights
Offsite backup
Theres any number of possible reasons for traffic spikes to a single IP but I'm guessing its more about encrypted Torrents.
Re: (Score:2)
Re: (Score:2)
What could possibly go wrong? (Score:2)
For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus taking control of the system
... or it could mean someone decided to seed every ISO known to man at the same time.
I know that's probably not something Comcast is interested in supporting, but it's not against the ToS, so I really hope they aren't going to automate any disconnections (even temporary) based on this.
Re: (Score:2)
Depends how smart their profiles are. Many worms are distinctly different from bittorrent and any normal use in their scanning of address ranges and attempts to log in or go to known control sites or download known malware packages. I work at a large university and we use netflow info all the time to pinpoint infected machines on campus with a very high accuracy.
I thought this was a good idea? (Score:2)
as someone says above, isn't notifying of possible infections a good thing? I mean enterprise supposedly has better ways to detect it than a normal consumer, especially since comcast in the ISP business?
Additionally, it's something that not only is good for consumers but good for comcast, assuming they don't use it as false positives to cut off bittorrent users (which I find unlikely to happen anyway).
When I think of Comcast, I think of progress. (Score:5, Insightful)
So wait, instead of a personal phone call (which they apparently had been doing before anyway), now it'll be a popup just like the 50 other ones the user sees because he or she's infected with malware to begin with?
Nice.
Re: (Score:2)
Or the 50 other popups that say "Your computer is broadcasting an IP address" that everyone ignores because the supposed "virus scanners" install malware?
Nice try. (Score:5, Interesting)
Re: (Score:3, Interesting)
A co-worker of mine recently had his service terminated because he had exceeded 1TB of downloading in a month. I'm not sure if this is a regional thing, but that seems like a really high cap. Ultimately, he called them and the solution was to upgrade to a business class connection. It ended up costing him an additional $20 (iirc) a month, but he now has a higher upstream and a static IP. He was cool with that as it seems this works out better for him anyway, but any sort of cap for an advertised unlimit
Re: (Score:2, Informative)
A co-worker of mine recently had his service terminated because he had exceeded 1TB of downloading in a month. I'm not sure if this is a regional thing, but that seems like a really high cap. Ultimately, he called them and the solution was to upgrade to a business class connection. It ended up costing him an additional $20 (iirc) a month, but he now has a higher upstream and a static IP. He was cool with that as it seems this works out better for him anyway, but any sort of cap for an advertised unlimited service is a bit ridiculous.
Not likely since they had announced (october 2008) that their monthly cap was 250 gigs a month. If it was recently then there was a serious problem where he was breaking their TOS for nearly a year.
Re: (Score:2)
Comcast Antivirus 2009? (Score:5, Insightful)
Re: Antivirus mostly == malware (Score:2)
This is so true. I was asked to look at a Windows box the other day because of numerous pop-up alerts about attacks from the Internet(s). I never heard of the "security software" which gave these warnings, so I disconnected it from the Internet. Guess what, it was supposedly still being "attacked" on random ports by random IPs.
Re: (Score:2)
Since Linux does not use alphabetical letters as name for hard drives or partition
I agree, (Score:3, Insightful)
But having to set a cookie on each machine I want to disable their fucking dns redirect doesn't give me much hope. Love the speed.. hate the company!
I think we're slowly but surely seeing the end of what was a really great thing. Open unfiltered internet. In a few years it will be an expanded version of tv with none to little user control about what we want to see. Soon it will be.. we noticed your IP has downloaded X amount of gigs in the last two days. It's impossible that you are doing anything legit and we are going to cancel or reduce your connection speeds for a month if you continue illegally downloading. PS. This may have been a virus and if so please take your pc to an **authorized vendor to clean it.
**Vendor may also scan for copyright infringements on your pc in which case it will be kept at evidence.
I can see where this is going... (Score:2)
We recently detected abnormal activity on your computer associated with a virus infection. To protect your computer, please verify your name, password, and birthday, and then download this anti-virus software.
My ISP just blocked me for getting conficker.. (Score:4, Interesting)
and I'm glad they did so. I was being lazy and neglected to install a virus scanner on one of the PCs hooked up here, and it got infected with conficker. Basically my ISP (XS4ALL, a Dutch ISP) detects this and blocks most of the traffic (getting mail still works), shows a warning page when you try to open a website, and some instructions on how to get through the blockade with a proxy, and how to clean up your PC. They'll only unblock you once you have gone through a number of steps to clean up your PC (running some trojan scanners etc.). This may seem harsh, but I think if every ISP did this there wouldn't be some many huge botnets out there and perhaps a lot less SPAM as well.
Opt-out? (Score:2, Insightful)
Re: (Score:2)
Pop-up "where"? (Score:2)
Also, prepare for brand-new phishing tactics in 3, 2, 1..
Also, joining the chorus on this being tied to anti-P2P intentions.
Comment removed (Score:5, Insightful)
Re: (Score:3, Insightful)
Treating customers like dirt, redefining what "demand" is in terms of the business model, and shaping the services you supply sure is a lot easier than actually scaling infrastructure to meet real-life demand.
The business model is to keep the mass market consumer product affordable and drive the geek who wants "unlimited" broadband into paying the going rate for business or professional grade service.
Or it could be a torrent, of course (Score:2)
Will be interesting how they handle that.
Great...another thing for scammers to spoof (Score:2)
Exactly HOW do they do this? (Score:2)
This sounds like they are going to inject the supposed "Service Notice" into tcp-streams on port 80 if you are using software Comcast never heard of such as GNU/Linux. T
More Phishing (Score:3, Informative)
Over under on new phishing e-mails is about 2 seconds.
From: Comcast
To: Joe Usar
NOTICE: Your computer has been infected
To who it may concarn:
Please be to aware that your computer has been infected by virus. Please click here and verify your payment information so we can authorize removal of your viruses. If you do not your account blocked!!!!
Prediction (Score:5, Funny)
Doomed from the outset (Score:3, Insightful)
Re: (Score:2)
BS
This is Comcast - what better way to get customers on the phone so they can be upsold?
Oblig (Score:2, Funny)
Hey, it must have been introduced here. (Score:4, Funny)
They even proactively installed AntiVirus 2009 on my system. Gosh, it's amazing how many viruses I had and didn't even know it.
My original DSL company (Score:2)
one time shut off my DSL account. I was downloading a Red Hat Linux ISO file via BitTorrent. I called them up and they claimed they saw virus like activity on my connection and then shut off my Internet access to prevent my computer from infecting others. I told them I would remove the virus and they said they would restore access. I had to set my BitTorrent program to use a lower setting for bandwidth to avoid tripping off their false positive virus detection. I switched to a different DSL ISP after that.
Will they warn me about Comcast Spyware? (Score:3, Interesting)
I had a tech come by to fix a line issue. When his fix didn't work, he needed a computer to debug with. I let him use an extra laptop I had lying around. The jerk put some kind of Comcast toolbar on IE. I don't remember the details, but removing it was not trivial. Not insane, maybe, but definitely designed to be annoying for the average user to remove. I'm not sure if the tech was pressured to do that or if it was just something that the page he was told to access from users' machines did automatically. I just re-imaged the thing, but still. It left a bad taste in my mouth.
If handled properly.. (Score:5, Interesting)
Ok.. so its Comcast and we can all assume they will handle it poorly, but I worked at a small local ISP and was responsible for implementing just such a system on our network. The system would notify our NOC engineers about suspected infections, they would investigate more fully, and if the traffic was really suspect, we would log a ticket with customer support who would then call the customer. If we were unable to contact the customer for 48 hours and they didn't call us back we would disable their service.
Now, it was a little different as we are small and local, and we would send a tech out to their house to help clean the virus off their machine. When customer service called that was part of the call.. It went something like this: "We have detected suspicious traffic coming from your connection. To protect our network and your neighbors who also use our service, if the traffic does not stop within 48 hours we will disconnect your service. If you need any information about the traffic in question we can have an engineer contact you. Also, if you need help installing, updating, or using virus and or spyware removal software, we will be happy to send a tech support engineer to your house to help you remedy this situation."
We didn't charge for that tech support house call, it was just part of providing excellent service. In short, if it were to be handled appropriately, I don't see any problem with this sort of system. That being said, I feel comcast will probably really botch this, just as any large telecom company would.
Our system never detected a false positive on for example bittorrent traffic. We did have some on the IRC ports, but less than 5% (not that many people actually use IRC anymore, on a residential ISP network, probably 95%+ of IRC traffic is botnet control). We never turned off someone's connection who was validly using IRC. The customer service tech would ask "do you use IRC?" almost everyone would say "uh.. what is that?" The few people who use it would say "Yes I do" and we would say "Oh ok, that explains it" and that would be that.
We only ever turned off 1 person's connection, they had left their machine on and left on vacation and it was on a botnet. We disabled their connection as we didn't get a response from them, when they got back they called in, we sent out a tech and cleaned up their machine and that was that.
Re: (Score:2)
Sadly, I don't see Comcast caring a whole lot about "excellent service".
I sincerely wish they did, but here in Georgia, the only "excellence" they've demonstrated thus far is in an ability to increase rates, reduce quality of service, and infuriate existing customers.
significant overnight spike in traffic (Score:2)
I count myself lucky... (Score:5, Informative)
How about /. coming up with a solution? (Score:3, Insightful)
Here's a question for the masses here on /.
How would you notify customers that their machine is spewing spam or part of a botnet? Would you continue with the phone calls? Surely paying people to call customers about a virus can't be cheap, and doesn't scale. What is your ISP doing about this?
Even if what comcast is doing isn't the best solution, it's gotta be better than doing nothing, or taking the draconian measures of turning off service until you call in and they tell you, "Sir/Ma'am we turned off your service because your home computer is sending out spam. Once you've fixed it, we'll turn your service back on." I work at a "large database company" and in our labs if a lab machine is detected to be infected, the lab admins will shut of the ethernet drop that server connects to until you fix it.
Re: (Score:2)
Don't allow outgoing connections to a SMTP server other than the one the ISP runs, and use SMTPAuth or similar would go a long way to stopping this. Heck, most of the ISPs in the area I live already do part 1 ...
Re: (Score:2)
Blocking SMTP just prevents the email flood from hitting the ISPs network, but doesn't do anything to benefit the customer.
How to incremintally address this issue with appro (Score:2, Interesting)
One way to partially address this issue, with users approval, is to offer a cheaper Internet connection which only allows for outbound connections.
Many customers have no need for inbound communications to their PC. As an option, provide them with an RFC1918 aka 192.168.x.x address, and let them save $5/mo.
This traffic would pass through the ISP's NAT firewall and would not support UPNP.
This would free up some IPv4 space for re-use by the ISP, and this would eliminate some BOTNET C&C. Obviously not al
This has always been easy to fix (Score:3, Interesting)
All that it takes is for the ISP to block traffic to any port 25 destination BY DEFAULT, and remove that block for any customer that asks for it to be removed. At the same time, the ISP should also provide assistance to customers that need to do things like send email through their office/work address, so that most of those customer would not need to ask for port 25 to be unblocked. Then, most of those that do ask for port 25 to be fully open would either be running an OS that doesn't get so infected like that, or would know how to properly secure their OS from viruses.
How will they inject this thing? (Score:2)
> Comcast is launching a trial of a service that will warn customers via a
> browser pop-up...
And just how are they going to arrange for this pop-up to pop-up?
How about the biger war on direct tv that made VS (Score:2)
How about the bigger war on direct tv that had VS taken away.
This is how I'd do it (Score:3, Interesting)
The idea of quarantine networks have been around for a few years in the enterprise market segment. Any hardware that hasn't been pre-authorized is scanned for compliance and if out of compliance, it is locked into a network DMZ where it can only access servers that assist in bringing it into compliance with network security policies (ie, servers that install anti-virus software, etc). Once it has passed the compliance tests, it gets access to the rest of the network.
Now it would be great if Comcast could pre-screen customers' computers for compliance, but lets face it, that won't happen. They are in the situation where they already have a bunch of compromised computers and they need to deal with them. So they quarantine the compromised computers and hijack their DNS settings so that when they browse the web, they get pointed toward a webpage that has basic cleaning instructions. Since we're talking about Windows boxes they would be forced to download the Microsoft Malicious Software Cleaning tool (or whatever the monthly tool that cleans all of the common infections is called these days). They could be given links to free anti-virus software pages like Microsoft Security Essentials, AVast, etc. They could be given links to alternate browsers like Firefox.
Once the customers run all of those tools, they could be given the number to phone support. Delaying the option to call support could mitigate the volume of support calls.
All things considered, Comcast is going out on a limb with this one. They risk losing customers who might find it easier to just go with another ISP. They are putting themselves at a competitive disadvantage if other ISPs don't follow their lead. I think we can all agree that more ISPs should be doing what they can to address the problem of malware infected PCs. I also think we're all mature enough to recognize that addressing the problem isn't simple, and is in a lot of cases, beyond the ability of the average consumer. The last couple malware infected boxes I've had to deal with I ended up formatting and re-installing the OS. Even booting to LiveCDs and scanning the drives from a clean environment wouldn't get rid of everything.
Re: (Score:2)
His mom gives him his allowance in Euros. Although, to be fair, it could just as easily be in Indonesian Rupiah. That's right, even money from a third world country like Indonesia (don't take this as bashing Indonesia, I have relatives from there) is winning against t