Comcast's War On Infected PCs

thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.

Seems fine to notify

[Dunkz]

As long as they don't act upon this information I don't see any issue with it. I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.

Sounds like a win-win for both Comcast and their customers if it's informational only.

Re:Seems fine to notify

[david_thornley]

I like the idea a lot, but I don't know that there will be enough information for everybody.

When my ISP notified me of problems, it took a while to get enough information to figure out what was going on. As it turned out, it wasn't on a Windows box, and it wasn't a virus per se, but rather an inadequate password on an unsecured port. A message like "YOU HAZ BEEN PWNED!!!! HAHA!!" wouldn't have been enough for me to go on.

Still, the ISP is in an excellent position to watch accounts for bot-like activity, and is likely to be the first one to know.

My guess would be that those Comcast customers who insist they don't need anti-virus and do know how to surf the Web safely are going to get unexpected notices.

Re:Seems fine to notify

[CopaceticOpus]

I agree, and I think it is surprising it has taken this long to launch this service. This is a chance for Comcast to save money on bandwidth, improve their quality of service, and do something good for their users and for the Internet at large. They can do the right thing while increasing profits!

That being said, I'm sure they can find ways to screw it up. A pop up notice in the user's malware-infected browser is not the way to notify customers.

Re:Seems fine to notify

[Darkness404]

No, because this is how the usual user acts.

Tech: "Ok, you've got a virus"

User: "But why? I have X protecting me!"

Tech: "Well, you downloaded these kitten screensavers that appear to have a trojan on them"

User: "So you're going to remove my kitten screensavers!?!"

Tech: "Um, well yes."

User: "But you can't do that!!!"

Tech: "Well you want the virus gone right?"

User: "Not if it endangers my kitten screensavers!"

Tech: "..."

Add that plus all the scareware floating around with rogue AV software leads to a perfect storm.

Re:Seems fine to notify

[cdrguru]

I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.

The problem is that most customers cannot do anything about their problems, except take the computer to someone that can help them. And because that is going to cost money, most people are going to wait until after Christmas, or after their vacation, or after their vacation after Christmas. Or until hell freezes over.

Assuming a pop-up of any sort is going to actually inform people is a mistake - almost everyone has some kind of pop-up blocking in effect today and the ones that get through are ignored.

The right thing to do is contact the person and see if they can explain the activity. No contact, cut off the account. No explaination, cut off the account. It does little good for the other 6 billion people on the planet to let infected computers continue to spew spam and phishing emails.

Re:Seems fine to notify

[coolsnowmen]

Yeah, Also, because If I got a pop-up that said, "your pc is infected" I would just close it and say "stupid phishers you'll never get me!" So, I'm guessing that pop-ups would be much less effective then a real piece of mail/phone message.

Re:Seems fine to notify

[Bakkster]

My guess would be that those Comcast customers who insist they don't need anti-virus and do know how to surf the Web safely are going to get unexpected notices.

My guess is that those same users will think that the ISP is obviously wrong, and will continue along their merry way, spamming the world.

Alternatively, they will attempt to fix it by clicking that little banner ad for 'free antivirus' that popped up and told them the same thing...

Bad subject, this is a GOOD thing...

[nweaver]

ISPs need to notify their customers. Many customers don't really have email contact from their ISP for various reasons (eg, me!). But injecting a pop-up for notification purposes DOES work.

Yes, the same technology can be used for evil abuses like ad injection, but this is exactly what SHOULD be done.

Re:Bad subject, this is a GOOD thing...

[i.r.id10t]

How many folks ignore popups though?

I'd think the solution could be more like what they do when they are messing with DNS - identify customers with issues, redirect their DNS queries to a box that puts up a page that describes what is going on, why they are seeing that page instead of google or whatever, and a number to call at the ISP for assistance.

Re:Bad subject, this is a GOOD thing...

[MadRocketScientist]

I disagree. Using pop-ups as the notification method will likely trigger a new round of malware attacks that look like official Comcast notifications, complete with helpful links to download scanner and removal tools.

When I think of Comcast, I think of progress.

[InMSWeAntitrust]

"The new service will eventually be rolled out in the rest of the country, replacing the phone calls Comcast has been using to notify customers to security problems, Opperman said."

So wait, instead of a personal phone call (which they apparently had been doing before anyway), now it'll be a popup just like the 50 other ones the user sees because he or she's infected with malware to begin with?

Nice.

Comcast Antivirus 2009?

[silent_artichoke]

Sure thing, users NEVER get popup warnings about being infected and promptly ignore them... Unless they are really from the virus itself and are asking for credit card information.

flyswattery.

[nimbius]

this proves and solves nothing, its a frogboil tactic they use to get customers familiar with their 'responsibility' on their network. soon it becomes "we kick you off if we find malware." Internet providers are already shovelling this bullshit with port scanning and automated warnings regarding account termination. Treating customers like dirt, redefining what "demand" is in terms of the business model, and shaping the services you supply sure is alot easier than actually scaling infrastructure to meet real-life demand.

If only they had some other means of communicating

[RingDev]

It's really too bad that a cable company doesn't have any other means of communicating with their customers other than the internet. If only some how they could find out where their customers live, which I admit does sound like a startling infringement on their customers' right to privacy, they could convey such a warning with out worrying about web etiquette or spam filters.

-Rick

PS: In case your browser doesn't support them, there are sarcasm tags on the proceeding paragraph.