Slashdot Mirror
Comcast's War On Infected PCs (Or All Customers)
thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood
of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.
Pardon me if I assume that everything Comcast does is anti-consumer unless proven otherwise. Their record certainly reinforces this skepticism. Sounds to me like they are trying yet again to scare people who torrent or use P2P oftware. Of course since they "can't" throttle, they are coming up with new ways to encourage their paying customers to use less of their "unlimited" bandwidth. Thanks for loking out for us Comcast.
and I'm glad they did so. I was being lazy and neglected to install a virus scanner on one of the PCs hooked up here, and it got infected with conficker. Basically my ISP (XS4ALL, a Dutch ISP) detects this and blocks most of the traffic (getting mail still works), shows a warning page when you try to open a website, and some instructions on how to get through the blockade with a proxy, and how to clean up your PC. They'll only unblock you once you have gone through a number of steps to clean up your PC (running some trojan scanners etc.). This may seem harsh, but I think if every ISP did this there wouldn't be some many huge botnets out there and perhaps a lot less SPAM as well.
"I don't think they will cut off customers. It would be a huge support hassle for them. We lost connection the other day and they sent out a tech guy the next day. That can't be cheap considering they are all contractors." They shut them down already. This is just a way to cut costs by automating the notification process and giving infected customers a chance to clean up the problems themselves before they spew enough spam that a disconnection is needed. I certainly hope that they disconnect customers who neglect these notices and allow their computers to continue being used for spamming, phishing, etc. until they've re-secured their systems. I've seen ISPs doing this sort of thing via walled gardens with a lot of success, and I hope it catches on.
I disagree. Using pop-ups as the notification method will likely trigger a new round of malware attacks that look like official Comcast notifications, complete with helpful links to download scanner and removal tools.
When AT&T ran things during the ATTBI days they would routinely shutdown connections for subscribers who had known issues (trojans, etc). It would set their cable modem config file to some dummy one which would only get them to AT&T internal network pages and they'd have to call in to get working again--if they fixed the problem.
I don't see why that type of thing can't be restarted. Maybe there are just so many infected machines (and based on my webserver logs from Comcast's IP ranges, I'd guess this is true) that their phone staff just wouldn't be able to handle the volume.
Ok.. so its Comcast and we can all assume they will handle it poorly, but I worked at a small local ISP and was responsible for implementing just such a system on our network. The system would notify our NOC engineers about suspected infections, they would investigate more fully, and if the traffic was really suspect, we would log a ticket with customer support who would then call the customer. If we were unable to contact the customer for 48 hours and they didn't call us back we would disable their service.
Now, it was a little different as we are small and local, and we would send a tech out to their house to help clean the virus off their machine. When customer service called that was part of the call.. It went something like this: "We have detected suspicious traffic coming from your connection. To protect our network and your neighbors who also use our service, if the traffic does not stop within 48 hours we will disconnect your service. If you need any information about the traffic in question we can have an engineer contact you. Also, if you need help installing, updating, or using virus and or spyware removal software, we will be happy to send a tech support engineer to your house to help you remedy this situation."
We didn't charge for that tech support house call, it was just part of providing excellent service. In short, if it were to be handled appropriately, I don't see any problem with this sort of system. That being said, I feel comcast will probably really botch this, just as any large telecom company would.
Our system never detected a false positive on for example bittorrent traffic. We did have some on the IRC ports, but less than 5% (not that many people actually use IRC anymore, on a residential ISP network, probably 95%+ of IRC traffic is botnet control). We never turned off someone's connection who was validly using IRC. The customer service tech would ask "do you use IRC?" almost everyone would say "uh.. what is that?" The few people who use it would say "Yes I do" and we would say "Oh ok, that explains it" and that would be that.
We only ever turned off 1 person's connection, they had left their machine on and left on vacation and it was on a botnet. We disabled their connection as we didn't get a response from them, when they got back they called in, we sent out a tech and cleaned up their machine and that was that.
That is so true it's painful.
Many years ago I fixed someones windows installation.
The user originally complained about a subtle windows annoyance, and a system that was running a bit slow.
What I found when I started digging, was the most badly infected computer I have EVER seen to date.
Many of the viruses were craftily avoiding all attempts at removal, so I backed up data only and reinstalled.
Some of the backup was useless due to an encrypting virus.
A week later that original annoyance was back. It turns out that on the same day, the user had downloaded kazaa and all the programs they felt were MUST HAVE, and with a combination of screen savers, custom mouse pointers, and other assorted crap recreated the exact same malware+virus infected state.
So basically everyone from lusers to geeks have in their mind what their ideal system is, and from a fresh install we tweak towards that OS ideal.
I'm undoing a bunch of moderation just to point out that you're an idiot. I hate to be so blunt, but it's the truth. If you want uninterrupted, business class service then pay for it and get an SLA in writing that explicitly spells out the obligations of both parties. In fact if you're on Comcast and you go ahead and just cross your fingers and hope for the best, I think a decent lawyer could sue you for negligence if Comcast's proactive measures impact your business. You are now aware that they might be doing this. If you don't take steps to mitigate it, you're the one who is at fault. As a business owner, you need to take steps to ensure that you can deliver what you promise to your clients. Trying to blame Comcast for a technical glitch strikes me as the digital equivalent of "sorry, the dog ate my homework".
Maybe I should have just modded you -1 and gone about my day.