Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast's War On Infected PCs (Or All Customers)

Posted by timothy on from the could-go-badly dept.

thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.

29 of 304 comments (clear)

  1. Seems fine to notify by Dunkz · · Score: 5, Insightful

    As long as they don't act upon this information I don't see any issue with it. I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.

    Sounds like a win-win for both Comcast and their customers if it's informational only.

    1. Re:Seems fine to notify by david_thornley · · Score: 4, Insightful

      I like the idea a lot, but I don't know that there will be enough information for everybody.

      When my ISP notified me of problems, it took a while to get enough information to figure out what was going on. As it turned out, it wasn't on a Windows box, and it wasn't a virus per se, but rather an inadequate password on an unsecured port. A message like "YOU HAZ BEEN PWNED!!!! HAHA!!" wouldn't have been enough for me to go on.

      Still, the ISP is in an excellent position to watch accounts for bot-like activity, and is likely to be the first one to know.

      My guess would be that those Comcast customers who insist they don't need anti-virus and do know how to surf the Web safely are going to get unexpected notices.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    2. Re:Seems fine to notify by CopaceticOpus · · Score: 4, Insightful

      I agree, and I think it is surprising it has taken this long to launch this service. This is a chance for Comcast to save money on bandwidth, improve their quality of service, and do something good for their users and for the Internet at large. They can do the right thing while increasing profits!

      That being said, I'm sure they can find ways to screw it up. A pop up notice in the user's malware-infected browser is not the way to notify customers.

    3. Re:Seems fine to notify by Darkness404 · · Score: 5, Insightful

      No, because this is how the usual user acts.

      Tech: "Ok, you've got a virus"

      User: "But why? I have X protecting me!"

      Tech: "Well, you downloaded these kitten screensavers that appear to have a trojan on them"

      User: "So you're going to remove my kitten screensavers!?!"

      Tech: "Um, well yes."

      User: "But you can't do that!!!"

      Tech: "Well you want the virus gone right?"

      User: "Not if it endangers my kitten screensavers!"

      Tech: "..."

      Add that plus all the scareware floating around with rogue AV software leads to a perfect storm.

      --
      Taxation is legalized theft, no more, no less.
    4. Re:Seems fine to notify by cdrguru · · Score: 4, Insightful

      I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.

      The problem is that most customers cannot do anything about their problems, except take the computer to someone that can help them. And because that is going to cost money, most people are going to wait until after Christmas, or after their vacation, or after their vacation after Christmas. Or until hell freezes over.

      Assuming a pop-up of any sort is going to actually inform people is a mistake - almost everyone has some kind of pop-up blocking in effect today and the ones that get through are ignored.

      The right thing to do is contact the person and see if they can explain the activity. No contact, cut off the account. No explaination, cut off the account. It does little good for the other 6 billion people on the planet to let infected computers continue to spew spam and phishing emails.

    5. Re:Seems fine to notify by Mister+Whirly · · Score: 3, Insightful

      I think what you are describing is very close the the fake Antivirus 2009 malware that I have seen a lot of recently (popup with a link to software). I would imagine if ISPs started doing this, it would be easier for the bad guys to spoof users into installing software "to clean their infeced PC" that was "recommended" by their own ISP.

      --
      "But this one goes to 11!"
    6. Re:Seems fine to notify by coolsnowmen · · Score: 4, Insightful

      Yeah, Also, because If I got a pop-up that said, "your pc is infected" I would just close it and say "stupid phishers you'll never get me!" So, I'm guessing that pop-ups would be much less effective then a real piece of mail/phone message.

    7. Re:Seems fine to notify by lgw · · Score: 2, Insightful

      Agree, if they do it properly it could be useful service.

      Except this is comcast we're talking about. They'll probbaly throttle and not notify.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    8. Re:Seems fine to notify by Bakkster · · Score: 4, Insightful

      My guess would be that those Comcast customers who insist they don't need anti-virus and do know how to surf the Web safely are going to get unexpected notices.

      My guess is that those same users will think that the ISP is obviously wrong, and will continue along their merry way, spamming the world.

      Alternatively, they will attempt to fix it by clicking that little banner ad for 'free antivirus' that popped up and told them the same thing...

      --
      Write your representatives! Repeal the 2nd Law of Thermodynamics!
    9. Re:Seems fine to notify by fafaforza · · Score: 2, Insightful

      Who uses their ISP's email service these days?

    10. Re:Seems fine to notify by Anonymous Coward · · Score: 1, Insightful

      would the average "dotter" even know if if his linux box was rootkitted?

  2. IP, FP by Hognoxious · · Score: 2, Insightful

    Thanks for spelling IP out for us.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    1. Re:IP, FP by mcgrew · · Score: 1, Insightful

      If they just said "IP" many here would think they were referring to Imaginary Property. Spelling out acronyms is a good thing, even if your audience probably knows what the acronym means.

      --
      Free Martian Whores!
  3. Bad subject, this is a GOOD thing... by nweaver · · Score: 4, Insightful

    ISPs need to notify their customers. Many customers don't really have email contact from their ISP for various reasons (eg, me!). But injecting a pop-up for notification purposes DOES work.

    Yes, the same technology can be used for evil abuses like ad injection, but this is exactly what SHOULD be done.

    --
    Test your net with Netalyzr
    1. Re:Bad subject, this is a GOOD thing... by i.r.id10t · · Score: 4, Insightful

      How many folks ignore popups though?

      I'd think the solution could be more like what they do when they are messing with DNS - identify customers with issues, redirect their DNS queries to a box that puts up a page that describes what is going on, why they are seeing that page instead of google or whatever, and a number to call at the ISP for assistance.

      --
      Don't blame me, I voted for Kodos
    2. Re:Bad subject, this is a GOOD thing... by Anonymous Coward · · Score: 2, Insightful

      How will it be distinguised from the "Your computer is infected?!??!" ads that customers are told to ignore.

    3. Re:Bad subject, this is a GOOD thing... by MadRocketScientist · · Score: 5, Insightful

      I disagree. Using pop-ups as the notification method will likely trigger a new round of malware attacks that look like official Comcast notifications, complete with helpful links to download scanner and removal tools.

    4. Re:Bad subject, this is a GOOD thing... by Anonymous Coward · · Score: 1, Insightful

      Why not just create an automated telephone system informing users. Seems like trying to get the infected machine to show pop-ups would be more difficult.

  4. When I think of Comcast, I think of progress. by InMSWeAntitrust · · Score: 5, Insightful

    "The new service will eventually be rolled out in the rest of the country, replacing the phone calls Comcast has been using to notify customers to security problems, Opperman said."

    So wait, instead of a personal phone call (which they apparently had been doing before anyway), now it'll be a popup just like the 50 other ones the user sees because he or she's infected with malware to begin with?

    Nice.

  5. This is a very good thing by davidwr · · Score: 2, Insightful

    Even better would be to give me my choice of notification mechanisms:
    *pop-up
    *email
    *sms
    *robo-phonecall
    *no notification

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  6. Comcast Antivirus 2009? by silent_artichoke · · Score: 4, Insightful

    Sure thing, users NEVER get popup warnings about being infected and promptly ignore them... Unless they are really from the virus itself and are asking for credit card information.

  7. I agree, by popeye44 · · Score: 2, Insightful

    But having to set a cookie on each machine I want to disable their fucking dns redirect doesn't give me much hope. Love the speed.. hate the company!

    I think we're slowly but surely seeing the end of what was a really great thing. Open unfiltered internet. In a few years it will be an expanded version of tv with none to little user control about what we want to see. Soon it will be.. we noticed your IP has downloaded X amount of gigs in the last two days. It's impossible that you are doing anything legit and we are going to cancel or reduce your connection speeds for a month if you continue illegally downloading. PS. This may have been a virus and if so please take your pc to an **authorized vendor to clean it.

    **Vendor may also scan for copyright infringements on your pc in which case it will be kept at evidence.

    --
    Inane Comments are Generously Disregarded
  8. Opt-out? by Zortrium · · Score: 2, Insightful

    This seems harmless enough to me if Comcast provides an opt-out service (like they do for their DNS-redirection). Someone who's savvy enough to opt-out of this is probably not as likely to get malware-infected, and the rest of the population probably doesn't care very much about the service either way. As for the monitoring aspect, I doubt that Comcast is actually examining customers' traffic any more as a result of this -- they're probably just using their existing heaps of data to implement this.

  9. flyswattery. by nimbius · · Score: 4, Insightful

    this proves and solves nothing, its a frogboil tactic they use to get customers familiar with their 'responsibility' on their network. soon it becomes "we kick you off if we find malware." Internet providers are already shovelling this bullshit with port scanning and automated warnings regarding account termination. Treating customers like dirt, redefining what "demand" is in terms of the business model, and shaping the services you supply sure is alot easier than actually scaling infrastructure to meet real-life demand.

    --
    Good people go to bed earlier.
    1. Re:flyswattery. by westlake · · Score: 2, Insightful

      Treating customers like dirt, redefining what "demand" is in terms of the business model, and shaping the services you supply sure is a lot easier than actually scaling infrastructure to meet real-life demand.

      The business model is to keep the mass market consumer product affordable and drive the geek who wants "unlimited" broadband into paying the going rate for business or professional grade service.

  10. Doomed from the outset by SirGarlon · · Score: 2, Insightful

    I don't predict a good outcome from this. Comcast will be flooded with incoming tech support calls from customers, half panicked about a virus they don't have and the other half angrily denying a virus they do have. And Comcast will discover that the cost of all those calls far outweighs any benefits they receive from the new system.

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
  11. If only they had some other means of communicating by RingDev · · Score: 4, Insightful

    It's really too bad that a cable company doesn't have any other means of communicating with their customers other than the internet. If only some how they could find out where their customers live, which I admit does sound like a startling infringement on their customers' right to privacy, they could convey such a warning with out worrying about web etiquette or spam filters.

    -Rick

    PS: In case your browser doesn't support them, there are sarcasm tags on the proceeding paragraph.

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
  12. How about /. coming up with a solution? by HockeyPuck · · Score: 2, Insightful

    Here's a question for the masses here on /.

    How would you notify customers that their machine is spewing spam or part of a botnet? Would you continue with the phone calls? Surely paying people to call customers about a virus can't be cheap, and doesn't scale. What is your ISP doing about this?

    Even if what comcast is doing isn't the best solution, it's gotta be better than doing nothing, or taking the draconian measures of turning off service until you call in and they tell you, "Sir/Ma'am we turned off your service because your home computer is sending out spam. Once you've fixed it, we'll turn your service back on." I work at a "large database company" and in our labs if a lab machine is detected to be infected, the lab admins will shut of the ethernet drop that server connects to until you fix it.

  13. Re:weak dollar by n0tWorthy · · Score: 1, Insightful

    You mean "trickle UP economics" don't work? Well they did for the rich, the difference between rich and poor has never been greater.

    --
    "Be kind, for everyone you meet is facing a great battle." - Philo of Alexandria -