Slashdot Mirror
Comcast's War On Infected PCs (Or All Customers)
thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood
of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.
As long as they don't act upon this information I don't see any issue with it. I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.
Sounds like a win-win for both Comcast and their customers if it's informational only.
Now your bandwidth has spiked.
FP
Thanks for spelling IP out for us.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
ISPs need to notify their customers. Many customers don't really have email contact from their ISP for various reasons (eg, me!). But injecting a pop-up for notification purposes DOES work.
Yes, the same technology can be used for evil abuses like ad injection, but this is exactly what SHOULD be done.
Test your net with Netalyzr
It could also indicate software updates (like Linux)
Bittorrent vis a VPN
Someone working nights
Offsite backup
Theres any number of possible reasons for traffic spikes to a single IP but I'm guessing its more about encrypted Torrents.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus taking control of the system
... or it could mean someone decided to seed every ISO known to man at the same time.
I know that's probably not something Comcast is interested in supporting, but it's not against the ToS, so I really hope they aren't going to automate any disconnections (even temporary) based on this.
as someone says above, isn't notifying of possible infections a good thing? I mean enterprise supposedly has better ways to detect it than a normal consumer, especially since comcast in the ISP business?
Additionally, it's something that not only is good for consumers but good for comcast, assuming they don't use it as false positives to cut off bittorrent users (which I find unlikely to happen anyway).
"The new service will eventually be rolled out in the rest of the country, replacing the phone calls Comcast has been using to notify customers to security problems, Opperman said."
So wait, instead of a personal phone call (which they apparently had been doing before anyway), now it'll be a popup just like the 50 other ones the user sees because he or she's infected with malware to begin with?
Nice.
Pardon me if I assume that everything Comcast does is anti-consumer unless proven otherwise. Their record certainly reinforces this skepticism. Sounds to me like they are trying yet again to scare people who torrent or use P2P oftware. Of course since they "can't" throttle, they are coming up with new ways to encourage their paying customers to use less of their "unlimited" bandwidth. Thanks for loking out for us Comcast.
Even better would be to give me my choice of notification mechanisms:
*pop-up
*email
*sms
*robo-phonecall
*no notification
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Sure thing, users NEVER get popup warnings about being infected and promptly ignore them... Unless they are really from the virus itself and are asking for credit card information.
But having to set a cookie on each machine I want to disable their fucking dns redirect doesn't give me much hope. Love the speed.. hate the company!
I think we're slowly but surely seeing the end of what was a really great thing. Open unfiltered internet. In a few years it will be an expanded version of tv with none to little user control about what we want to see. Soon it will be.. we noticed your IP has downloaded X amount of gigs in the last two days. It's impossible that you are doing anything legit and we are going to cancel or reduce your connection speeds for a month if you continue illegally downloading. PS. This may have been a virus and if so please take your pc to an **authorized vendor to clean it.
**Vendor may also scan for copyright infringements on your pc in which case it will be kept at evidence.
Inane Comments are Generously Disregarded
Greetings,
We recently detected abnormal activity on your computer associated with a virus infection. To protect your computer, please verify your name, password, and birthday, and then download this anti-virus software.
and I'm glad they did so. I was being lazy and neglected to install a virus scanner on one of the PCs hooked up here, and it got infected with conficker. Basically my ISP (XS4ALL, a Dutch ISP) detects this and blocks most of the traffic (getting mail still works), shows a warning page when you try to open a website, and some instructions on how to get through the blockade with a proxy, and how to clean up your PC. They'll only unblock you once you have gone through a number of steps to clean up your PC (running some trojan scanners etc.). This may seem harsh, but I think if every ISP did this there wouldn't be some many huge botnets out there and perhaps a lot less SPAM as well.
What is it with Comcast, always messing with blocking ports, messing with DNS entries, and making the IT guy's life difficult in general?
Hoist Number One and Number Six.
Is there anybody with a firewall left that still allows any inbound traffic from comcast IP space?
This seems harmless enough to me if Comcast provides an opt-out service (like they do for their DNS-redirection). Someone who's savvy enough to opt-out of this is probably not as likely to get malware-infected, and the rest of the population probably doesn't care very much about the service either way. As for the monitoring aspect, I doubt that Comcast is actually examining customers' traffic any more as a result of this -- they're probably just using their existing heaps of data to implement this.
The second they detect spam on :25 for outgoing mail they block it. They won't unblock it. They won't give you info on what MAC triggered it, or the time and date the messages started, or even when they made the block.
I do lots of Removal {See Post (http://slashdot.org/comments.pl?sid=1388939&cid=29619053 for removal instructions!)}
I had one PC that was a bot zombie and while I was working on it (had it fixed w/in 24 hrs) they issued the block. no big deal for me, I want everyone to use more secure methods of E-Mail access. But I was floored that they couldn't give me any info about it or have any possibility to restore it. To unblock that port? They told me business class customers don't get any ports blocked. Hmm..... I look into that and it's $15 more a month same caps and only "benefit" was static IP (dynDNS... so I don't need it) and faster call-center response. What a rip! Oh they give you a domain name or something too, but those are like free now w/ any hosting company. They failed to mention if that included any kind of hosting services which might have swayed me, but probably not.
"when we see computers on our network that are doing things that are known bot activities--say, a computer is spewing out thousands of spam e-mails,"
Yeah, well done chief. How about you take that menace down until the idiot behind the box fixes it? How about that? How on earth does verified network abuse not warrant an immediate disconnect?
As an email admin, this is welcome news, but it's yet again not enough. Keeping botnets in check is admittedly not the easiest thing in the world for an ISP to tackle, but for fuck's sake, direct to MX smtp traffic from residential IP space couldn't be simpler to capture and redirect prior to leaving their network cloud, and if the morons at Comcast et al would get their shit together and act responsibly for a change, they might actually be part of the solution to the spam problem as opposed to one of the biggest contributers to it.
"Oh my God! The dead have risen! And they're voting Republican!" - Bart Simpson
I know TFA shows it on Comcast's page.. but still this is Comcast we're talking about. Are they going to just inject a pop-up while I'm randomly surfing?
Also, prepare for brand-new phishing tactics in 3, 2, 1..
Also, joining the chorus on this being tied to anti-P2P intentions.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
this proves and solves nothing, its a frogboil tactic they use to get customers familiar with their 'responsibility' on their network. soon it becomes "we kick you off if we find malware." Internet providers are already shovelling this bullshit with port scanning and automated warnings regarding account termination. Treating customers like dirt, redefining what "demand" is in terms of the business model, and shaping the services you supply sure is alot easier than actually scaling infrastructure to meet real-life demand.
Good people go to bed earlier.
Will be interesting how they handle that.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
This will work great... until someone duplicates their warning popup, and take that poor customer off to a malware site!
This is another message that scammers will spoof. Know all those fake/rogue virus warning pop ups? Yeah, just like that.
Comcast story is that "we are testing a new "Service Notice" customer alert that lets people know if we have reason to believe their home computer has been infected with a bot. The Service Notice is sent to appear in their Web browser with a direct link to our Anti-Virus Center where they can diagnose the problem and take steps to fix it"
This sounds like they are going to inject the supposed "Service Notice" into tcp-streams on port 80 if you are using software Comcast never heard of such as GNU/Linux. Their story includes tidbits of information such as "They can also get the Comcast Toolbar which includes spyware and as well as pop-up ads with built-in phishing" (fixed that for them), but they do talk about the "Service Notice" they plan to inject into peoples web-pages as something different. I want my HTML pages as the server I fetch them from sends'em, I hope random "Service" (and eventually advertisement) injection does not become an industry standard.
9/11: Never forget it was a false-flag operation
Over under on new phishing e-mails is about 2 seconds.
From: Comcast
To: Joe Usar
NOTICE: Your computer has been infected
To who it may concarn:
Please be to aware that your computer has been infected by virus. Please click here and verify your payment information so we can authorize removal of your viruses. If you do not your account blocked!!!!
Comcast Gold PCGuard+ Express Pro has detected a significant overnight spike in your network usage that suggests your PC may be infected with a virus. This process has been identified as utorrent.exe. It is recommended that you delete all files related to this program immediately to keep your personal information secure.
I don't predict a good outcome from this. Comcast will be flooded with incoming tech support calls from customers, half panicked about a virus they don't have and the other half angrily denying a virus they do have. And Comcast will discover that the cost of all those calls far outweighs any benefits they receive from the new system.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
That made me think of this: http://xkcd.com/570/
Sure thing, users NEVER get popup warnings about being infected and promptly ignore them... Unless they are really from the virus itself and are asking for credit card information.
This is so true. I was asked to look at a Windows box the other day because of numerous pop-up alerts about attacks from the Internet(s). I never heard of the "security software" which gave these warnings, so I disconnected it from the Internet. Guess what, it was supposedly still being "attacked" on random ports by random IPs. Who benefits from this crime? Me, obviously, since I secured dinner by removing the malware.
9/11: Never forget it was a false-flag operation
They even proactively installed AntiVirus 2009 on my system. Gosh, it's amazing how many viruses I had and didn't even know it.
It's really too bad that a cable company doesn't have any other means of communicating with their customers other than the internet. If only some how they could find out where their customers live, which I admit does sound like a startling infringement on their customers' right to privacy, they could convey such a warning with out worrying about web etiquette or spam filters.
-Rick
PS: In case your browser doesn't support them, there are sarcasm tags on the proceeding paragraph.
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
one time shut off my DSL account. I was downloading a Red Hat Linux ISO file via BitTorrent. I called them up and they claimed they saw virus like activity on my connection and then shut off my Internet access to prevent my computer from infecting others. I told them I would remove the virus and they said they would restore access. I had to set my BitTorrent program to use a lower setting for bandwidth to avoid tripping off their false positive virus detection. I switched to a different DSL ISP after that.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
I had a tech come by to fix a line issue. When his fix didn't work, he needed a computer to debug with. I let him use an extra laptop I had lying around. The jerk put some kind of Comcast toolbar on IE. I don't remember the details, but removing it was not trivial. Not insane, maybe, but definitely designed to be annoying for the average user to remove. I'm not sure if the tech was pressured to do that or if it was just something that the page he was told to access from users' machines did automatically. I just re-imaged the thing, but still. It left a bad taste in my mouth.
Ok.. so its Comcast and we can all assume they will handle it poorly, but I worked at a small local ISP and was responsible for implementing just such a system on our network. The system would notify our NOC engineers about suspected infections, they would investigate more fully, and if the traffic was really suspect, we would log a ticket with customer support who would then call the customer. If we were unable to contact the customer for 48 hours and they didn't call us back we would disable their service.
Now, it was a little different as we are small and local, and we would send a tech out to their house to help clean the virus off their machine. When customer service called that was part of the call.. It went something like this: "We have detected suspicious traffic coming from your connection. To protect our network and your neighbors who also use our service, if the traffic does not stop within 48 hours we will disconnect your service. If you need any information about the traffic in question we can have an engineer contact you. Also, if you need help installing, updating, or using virus and or spyware removal software, we will be happy to send a tech support engineer to your house to help you remedy this situation."
We didn't charge for that tech support house call, it was just part of providing excellent service. In short, if it were to be handled appropriately, I don't see any problem with this sort of system. That being said, I feel comcast will probably really botch this, just as any large telecom company would.
Our system never detected a false positive on for example bittorrent traffic. We did have some on the IRC ports, but less than 5% (not that many people actually use IRC anymore, on a residential ISP network, probably 95%+ of IRC traffic is botnet control). We never turned off someone's connection who was validly using IRC. The customer service tech would ask "do you use IRC?" almost everyone would say "uh.. what is that?" The few people who use it would say "Yes I do" and we would say "Oh ok, that explains it" and that would be that.
We only ever turned off 1 person's connection, they had left their machine on and left on vacation and it was on a botnet. We disabled their connection as we didn't get a response from them, when they got back they called in, we sent out a tech and cleaned up their machine and that was that.
[comcast senses new p2p activity coming from a home IP]
Comcast Pop: Dear User, you recently installed a networked application. This application is spyware and is probably stealing your credit card information as we speak. For your safety, remove the software and any corrupted media downloaded by it.
You don't want a weak dollar. You want high inflation! They are seperate things, but usually come coupled together.
His mom gives him his allowance in Euros. Although, to be fair, it could just as easily be in Indonesian Rupiah. That's right, even money from a third world country like Indonesia (don't take this as bashing Indonesia, I have relatives from there) is winning against the US dollar.
Similar to the upcoming US election results
A significant overnight spike in traffic is a sure sign that I don't have to go in to the office the next day.
Reply to That ||
I have lots of email addresses, but I have never used a Comcast email address even though they are my ISP. I wonder how many customers would even get these messages.
...that they called and told me that I had a zombie PC. I run updates, antivirus software and am very careful about where I go on the web, and what I download. Despite all my precautions, though, my PC got infected via an infected CD from my office (autorun is now turned off, btw). I got a call from Comcast saying that they'd noticed some odd traffic. The tech guy said it looked like my PC had been infected although it didn't seem to be actively sending/receiving any unusual data. After a quick re-scan with my antivirus software, it was gone, and all was right with the world (well, my tiny corner of it, anyway). I was used to Comcast sucking hardcore before this happened. Now my attitude is a little better toward them -- the Comcast tech guy knew his stuff, and was very helpful.
- Jack
Here's a question for the masses here on /.
How would you notify customers that their machine is spewing spam or part of a botnet? Would you continue with the phone calls? Surely paying people to call customers about a virus can't be cheap, and doesn't scale. What is your ISP doing about this?
Even if what comcast is doing isn't the best solution, it's gotta be better than doing nothing, or taking the draconian measures of turning off service until you call in and they tell you, "Sir/Ma'am we turned off your service because your home computer is sending out spam. Once you've fixed it, we'll turn your service back on." I work at a "large database company" and in our labs if a lab machine is detected to be infected, the lab admins will shut of the ethernet drop that server connects to until you fix it.
Wow. Table reading fail. Check that one again, PitaBred.
One way to partially address this issue, with users approval, is to offer a cheaper Internet connection which only allows for outbound connections.
Many customers have no need for inbound communications to their PC. As an option, provide them with an RFC1918 aka 192.168.x.x address, and let them save $5/mo.
This traffic would pass through the ISP's NAT firewall and would not support UPNP.
This would free up some IPv4 space for re-use by the ISP, and this would eliminate some BOTNET C&C. Obviously not all.
Another piece to this is to offer an alternate DNS service. Something like what OpenDNS and DynDNS are offering. Perhaps rebrand one of those services. These service track malware DNS and block them.
It's doesn't solve all the problems with Malware, but it does address several issues. It does place your non P2P customers into a separate offering, allowing you to bill P2P customers more. P2P customers would never go for this offering.
All that it takes is for the ISP to block traffic to any port 25 destination BY DEFAULT, and remove that block for any customer that asks for it to be removed. At the same time, the ISP should also provide assistance to customers that need to do things like send email through their office/work address, so that most of those customer would not need to ask for port 25 to be unblocked. Then, most of those that do ask for port 25 to be fully open would either be running an OS that doesn't get so infected like that, or would know how to properly secure their OS from viruses.
now we need to go OSS in diesel cars
> Comcast is launching a trial of a service that will warn customers via a
> browser pop-up...
And just how are they going to arrange for this pop-up to pop-up?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
How about the bigger war on direct tv that had VS taken away.
Don't allow outgoing connections to a SMTP server other than the one the ISP runs, and use SMTPAuth or similar would go a long way to stopping this. Heck, most of the ISPs in the area I live already do part 1 ...
Don't blame me, I voted for Kodos
Blocking SMTP just prevents the email flood from hitting the ISPs network, but doesn't do anything to benefit the customer.
as well intentioned as this particular case may be, it is not acceptable for an ISP to modify the traffic
Comcast is not the first to do this. At the university in The Netherlands where i used to study, you were automatically put in a different VLAN the moment a virus was detected. All websites you tried to visit automatically redirected to a page where you could unblock yourself once. If then the virus still was present, you were blocked again and the only way to get unblocked was to fix the problem and call them to get your connection back.
I've heard similar stories from other ISP's in this country. I think it's actually a good thing, provided the scanner does not result in many false positives. Perhaps it will help?
Took me a little while (post lunch coma) to figure out what the table is showing. The one thing I did find interesting is that it looks like single-income families (spouse not in workforce or filing single) are making today roughly what they were making in the late 70s, in terms of 2006 dollars as the reference. Maybe Reaganomics didn't work after all? (Hopefully I didn't table read fail, too. See above post lunch coma :) )
Down with the career politician! SUPPORT TERM LIMITS
I many people that I know have been caught be sites the claim that their computer had a virus and was nice enough to offer software to get rid of the virus. How long will it take for someone to use this well intentioned feature to trick users into installing the malware that it is intended to fight?
A couple years ago I wrote a paper for SANS [PDF] about a similar technique I used to fight recurring problems with zero-day attacks. This technique could be modified somewhat for the needs of an ISP. For example, instead of moving them onto a quarantine VLAN, the redirect rule could be created on a per-IP-address basis. It could present the page to a user informing them of their problem, and upon user acknowledgement, it could drop a cookie in their browser that would allow them to surf uninterrupted from that host from some period of time (after which it would remind them again). That way, every user on every computer behind that IP address would be able to see that there is likely an infected system on their network.
All I can say is, "Kudos, Comcast!"
Those are two words that just don't seem quite right next to each other, but yet there they are.
The idea of quarantine networks have been around for a few years in the enterprise market segment. Any hardware that hasn't been pre-authorized is scanned for compliance and if out of compliance, it is locked into a network DMZ where it can only access servers that assist in bringing it into compliance with network security policies (ie, servers that install anti-virus software, etc). Once it has passed the compliance tests, it gets access to the rest of the network.
Now it would be great if Comcast could pre-screen customers' computers for compliance, but lets face it, that won't happen. They are in the situation where they already have a bunch of compromised computers and they need to deal with them. So they quarantine the compromised computers and hijack their DNS settings so that when they browse the web, they get pointed toward a webpage that has basic cleaning instructions. Since we're talking about Windows boxes they would be forced to download the Microsoft Malicious Software Cleaning tool (or whatever the monthly tool that cleans all of the common infections is called these days). They could be given links to free anti-virus software pages like Microsoft Security Essentials, AVast, etc. They could be given links to alternate browsers like Firefox.
Once the customers run all of those tools, they could be given the number to phone support. Delaying the option to call support could mitigate the volume of support calls.
All things considered, Comcast is going out on a limb with this one. They risk losing customers who might find it easier to just go with another ISP. They are putting themselves at a competitive disadvantage if other ISPs don't follow their lead. I think we can all agree that more ISPs should be doing what they can to address the problem of malware infected PCs. I also think we're all mature enough to recognize that addressing the problem isn't simple, and is in a lot of cases, beyond the ability of the average consumer. The last couple malware infected boxes I've had to deal with I ended up formatting and re-installing the OS. Even booting to LiveCDs and scanning the drives from a clean environment wouldn't get rid of everything.
This is a needed first step towards a comply & connect policy for all computers that people want to connect to the internet. The very arguable question is how far to take that policy. I think simply making sure an approved anti-virus program is installed, and redirecting computers that don't to an AV download site (be it Comcast's or Cox's free McAfee versions or somewhere else) ought to be adequate. No AV, no connect until you install it.
It's really too bad that a cable company doesn't have any other means of communicating with their customers other than the internet.
Hehe, you're watching TV with the family, and at the next commercial break you see a guy in an easy chair, reading the newspaper. He looks up at the camera and says "Hi there Rick! I'm Jim, from Comcast. Enjoying the show? Hey I'm afraid I've got a bit of bad news - it looks like your computer is infected with BugBot32/A."
#DeleteChrome
A friend of mine is a tech support engineer. He helps big client companies babysit racks full of the million-dollar hardware that his employer sells. These devices have giant red lights on the front to tell you when something is wrong. They also send the sysadmin email if they detect a fault. Daily.
Between the big red flashing lights and the automated email warnings sent to the guy who is paid six figures to watch for the red lights, you would think that problems would be noticed before they went catastrophic. But all too often, the warnings are ignored, no matter how dire they sound.
Because of the clients' willingness to ignore the warnings, these expensive machines also send the manufacturer email when there is a fault. That way an engineer can call the sysadmin and warn him that things are about to explode.
I am glad Comcast is trying something but I am skeptical about its effectiveness. People ignore even the most carefully dispatched messages. If Comcast wants to get a user's attention, they should move up to making phone calls when the computer messages get ignored. Or maybe throwing bricks through windows.
Just shut them off. The customer will call. Solves that whole notification thing.
People talk about the ignorant customers having problems... but how the heck is my support call going to go:
Tech: "We've detected unusual activity across multiple ports on your network"
Me: "What services"
Tech: "It doesn't say, but here's the list...it's way more than normal"
Me: "Well...let's see, there's the ssh, fake ssh that lets anyone on, the protected proxy, tor, freenet, the ssh portknocker I'm playing with...."
Tech: "Well, our system says you have a virus and may be in a botnet."
(ramble)
Eventually, I might get to a tier2 tech, who'd talk about N kb/s of encrypted traffic... and still wouldn't understand that people run that.
The conversation will be like the time I told the guy at McDonalds that ordering 3 items couldn't possibly cost $10, because each item was less than $2--therefore they must cost less than $6, and even with a 50% tax it could've been at most $9--therefore, their math was wrong. The guy just kept repeating "the register says it's $10.26"
They couldn't understand me, and wouldn't rerun the numbers until I told them to get a manager or I'd walk out and they'd probably get stuck with the bill. And honestly--most customer support isn't much better than mcdonalds workers...
Comcast Gold PCGuard+ Express Pro has detected a significant overnight spike in your network usage that suggests your PC may be infected with a virus. This process has been identified as firefox.exe connecting to youporn.com. It is recommended that you delete all files related to this program immediately to keep your marriage secure.
and about time. Technically its not the ISP's responsibility that many people get infected in about 10 seconds because they plug their windows laptop directly into their cable modem, but nevertheless its the ISP whos in the ideal spot to monitor and address the problem. Bout time they actually did it.
Are they inserting pop-up code into the customers http fetches? If they are modifying their customers' traffic, even to warn them, this is as bad as those ISPs that insert ads.
Come right down to it though? Personally, I feel that COMCAST is doing "the right thing", absolutely.
(File sharers will hate this though, especially if their shared downloads start getting "hauled in" by a lot of folks - think about it, "food 4 thought", that...)
APK
P.S.=> This is better than not doing anything, & unlike a phone call, which will probably be "step #2" in their process if the person keeps showing continued 'burst uploads' etc. & spikes in traffic "overnite" as the article details? It's a good thing!
(and, no, I did not RTFA (yet), lol, so I am going right along with the program here (right guys?))
This is a good 1st measure that frees up their NOC folks too (or, whoever handled the phone calls before @ least) to do other tasks, besides helping folks that might be botnetted etc., @ least initially, because of an automated system (& that? That is what computers ARE FOR, largely - automation of drudgery &/or repetitive tasks)... apk
Encouraging people to provide Email addresses for ones ISP, potentially for sending electronic bills, would likely be more secure than web-site visits that can be hijacked. Who can't setup an email account to sort bills if you want to ignore them?
Now, that said I would not object to ISPs sending customer's email notices, or potentially even initial browser connection/request "popup" notices, of the form -- "Your machine has demonstrated Internet usage patterns that suggest that it has been infected by a virus". Your machine's access of various Microsoft web sites and/or browser agent fields demonstrate that you are using Microsoft Windows. You could end your enslavement to the Microsoft pseudo-monopoly by upgrading to one of the various Linux based operating systems, see http://www.distrowatch.com/ for various sources of free Linux distributions which would eliminate this problem."
Comcast would benefit because the machines would discontinue loading down the network with various Microsoft and/or virus manufacturer update requests.
The basis for this is that the Internet is a "shared public resource", just like the roads, the atmosphere, the public airwaves, etc. are. And just as it is reasonable for society to say "Friends don't let friends drive drunk," or "you cannot spew out atmospheric pollutants which are potentially harmful to others," or "you cannot build a house that represents a fire hazard to your family or neighborhood," or children which have potentially come down with H1N1 can be banned from school, etc. it is *NOT* unreasonable for society (and ISPs acting as the observers for society) to enact policies which make the Internet a safer place. Presumably that means a documented shared database of "typical" and "infected" usage patterns.
That said, obviously Comcast had better be intelligent about it what they are screening for, if I choose to contact lots of sites to download gigabytes of genetics databases (FTP, HTTP), get software updates (SVN), support various software pakages of interest (Folding@Home, Freenet, SecondLife, gaming, cloud computing), or even continuously download P2P Linux distributions (or anything else for that matter) up to the bandwidth I am paying for 24/7, then I should be free to do that. Any actions have to be based on public safety rationales and not on network load minimization rationales (or even worse "police-state" restriction rationales). Though it might be reasonable to switch 24/7 Internet pricing to 18/6/7 Internet pricing. Using the Internet significantly more than 75% of the other users during the 18 hour "peak" window could subject you to "peak period" user fees. (Either that or one moves to metered usage payment plans (just like other public utilities).) But metered payment plans are not likely to reduce the level of virus/bot infected machines given the sophistication of viruses/bots today [1].
Ultimately the bandwidth problem isn't going to get corrected until one has 3-4 ISPs in any region and that is going to require some combination of DSL + Cable + 4G wireless + WiMax + Satellite -- *then* one ought to see competitive rather than monopolistic pricing.
1. Truth be told, I doubt anything will eliminate the viruses short of replacing the installed Windows OS base with non-Windows systems.
Oh, goodness, now Comcast is displaying banner ads telling me that my computer is infected? Looks like I can't even avoid those fake ads on my ISP's homepage now... Since when has a banner telling me my computer's infected ever been true? Add another banner to the ignore list...
Oh, and Rick? That skirt really doesn't go with those pumps.
Help stamp out iliturcy.
I know TFA shows it on Comcast's page.. but still this is Comcast we're talking about. Are they going to just inject a pop-up while I'm randomly surfing?
Also, prepare for brand-new phishing tactics in 3, 2, 1..
Also, joining the chorus on this being tied to anti-P2P intentions.
Indeed, I'm thinking this could be a pretext to start routinely injecting crap into webpages... back to their old data falsification ways.
You mean "trickle UP economics" don't work? Well they did for the rich, the difference between rich and poor has never been greater.
"Be kind, for everyone you meet is facing a great battle." - Philo of Alexandria -
Thank goodness I'm not the only one here who thinks this will be an excuse for Comcast to do nasty things to our traffic. Consider that very many torrent connections are encrypted these days -- and so are malware connections.
I, for one, do not want to be harassed because I have traffic that Comcast can't deep-inspect, going to hosts that Comcast's IP lawyers may not like. Nor do I want to see them doing this via web injection, which is just another form of data falsification which Comcast used to defend to the hilt until the government said absolutely NO.
At the very least Comcast should have the decency to contact people out-of-band (phone or mail), which is always the best way to handle compromised security.
Ha ha - that was the funniest thing I've seen on here in a while!
#DeleteChrome
No it benefits the rest of us. Customer can still send mail with a client, using a username/password (hence the SMTPauth part). Of course, the nasties could grab that user/pass combo and use it adn the ISPs server but some rate limiting, etc. could go a long way towards fixing that as well.
Don't blame me, I voted for Kodos
Sounds like comcast wants to DoS all the customers legally and still make them pay...
This is exactly what we need. A way to push the internet into yet another one-way TV service. Maybe it should filter out http POST requests too.
I've ran Windows for over 15 years, from 95A~7. Not ever I have been infected with any type of virus, malware, spyware, w/e. I'm so stumped how anyone gets a virus to be quite honest, I have used AV software up till 98se since then I stopped for the past 10 years (99-09) from 2k-7 0! ZERO! ZILCH! NOTTA! virus/spyware/malware and using no AV software. I dont consider myself lucky or smart, I'm just not a dumbass I know there is no free playstation or laptop... No sexy stripper screen savers, nothing. I'm currently running Mint Linux based off of Debian, and obviously virus free. I'm just baffled by customers boxes riddled with virii. How does this happen? What do these people do? I've purposely hosed other boxes laying around the house with the latest and coolest viruses just to see what happens and its always good practice to clean up the pc's, and let me tell you it just didnt happen, I had to install the virus, I hate when customers say they did nothing... Seriously people this shit doesnt just happen, YOU happen! Ugh, why are we forced to take tests to get our driving licenses and then retake the test every few years to make sure we are up to code, that same rule should be applied to owning a computer. No one said you have to put us computer geeks out of work, I'm just saying that EVERYONE that even thinks about owning a pc should have some sort of basic training. Its a travesty every time some random idiot buys a new pc just so they can see that squirrel surfing on a cat being pulled by a motor boat in the ocean being chased by a shark or so they can send their friends and family god damn FWD:FWD:FWD:FWD:FWD:FWD:FWD:FWD: joke about the rabbi and the leprechaun or that poor little 6 year old girl that got raped and murdered and how by forwarding some magical email the girl will get brought back to life and it proves god exists! Damn people are so stupid...
Visit my Forums?
Thank Buddha Comcast is not in Nepal, as they would have to send out a notice daily to every single windows subscriber here. I suspect India, Burma, China, Pakistan, Afghanistan, Thailand, Sri Lanka, and the Maldives would be the same. It's a one-world multi-botnet internet on this side of the globe. And for the most part, users here could care less. Asians are a very community type (some would say hive-type) people. We'll do our part for the skynet cause. Comcast doesn't have a mantra in the bardo of stopping us.
I think therefore I can't be ~TTNH
Comment removed based on user account deletion
to Comcast when people try to update their games overnight.. i.e. WoW.
open source sub sim. I might start coding again for this. http://dangerdeep.sourceforge.net/contribute/
If they start re-directing or stopping your internet due to an uptick in late night activity... what happens when they start deeming people who do their downloads at night as troublesome activity?
A few separate replies state it's a good idea. I just looked at what they are actually deploying and the very first thing which jumped out at me is that all they are doing is introducing a new way to infect computers. From the description:
"Customers in Denver will begin receiving notifications that their system may be infected with a virus or other malware via a pop-up message in the browser as part of the new Comcast Service Notice, which is free. The notice will include a link to a Comcast security Web site where customers can follow a set of instructions to remove the malware from their computer."
How long before malicious websites show the exact same "notification popup" with a convenient link to download a "virus removal tool"? There is no way to authenticate the security warning as it is already an "injected" man-in-the-middle attack in itself (and no, most customers will not attempt to verify that in fact they were directed to a comcast security site, even if they use SSL certificates (the hack will simply have an unencrypted site, which I suspect the actual comcast page will also be). Fake antivirus popups already are one of the favorite infection methods, this is simply playing into the bad guys' hand by training your customers to fall for it.
Basically, Comcast is just going to be reminding users ( or "lusers", depending on your take) that they are running Vista.
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
Many customers have no need for inbound communications to their PC. As an option, provide them with an RFC1918 aka 192.168.x.x address, and let them save $5/mo.
Reality check: These customers would pay the same as at present for their 'crippled' internet access. The rest of us would pay $5+ *more* for the service we currently get.
"For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." .. it could mean that the aforementioned significant overnight spike is when my p2p software is allowed to run.
only seeding and leeching legal linux distros of course.
sorry, was hard to type that with straight face.
I was surprised to receive several such calls. Especially since I don't run Windows machines! However, I do run a tor server, so I expect that's what they were picking up. In any case, I didn't bother returning the call because I thought it would take too much effort to explain to them why they were getting false positives.
I've suffered no ill consequences or threats from Comcast, so I think they just trying to provide information and warning to users rather than being heavy-handed. A very nice approach in my opinion.......
(Sorry Comcast haters!)