Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast's War On Infected PCs (Or All Customers)

Posted by timothy on from the could-go-badly dept.

thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.

30 of 304 comments (clear)

  1. Seems fine to notify by Dunkz · · Score: 5, Insightful

    As long as they don't act upon this information I don't see any issue with it. I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.

    Sounds like a win-win for both Comcast and their customers if it's informational only.

    1. Re:Seems fine to notify by david_thornley · · Score: 4, Insightful

      I like the idea a lot, but I don't know that there will be enough information for everybody.

      When my ISP notified me of problems, it took a while to get enough information to figure out what was going on. As it turned out, it wasn't on a Windows box, and it wasn't a virus per se, but rather an inadequate password on an unsecured port. A message like "YOU HAZ BEEN PWNED!!!! HAHA!!" wouldn't have been enough for me to go on.

      Still, the ISP is in an excellent position to watch accounts for bot-like activity, and is likely to be the first one to know.

      My guess would be that those Comcast customers who insist they don't need anti-virus and do know how to surf the Web safely are going to get unexpected notices.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    2. Re:Seems fine to notify by CopaceticOpus · · Score: 4, Insightful

      I agree, and I think it is surprising it has taken this long to launch this service. This is a chance for Comcast to save money on bandwidth, improve their quality of service, and do something good for their users and for the Internet at large. They can do the right thing while increasing profits!

      That being said, I'm sure they can find ways to screw it up. A pop up notice in the user's malware-infected browser is not the way to notify customers.

    3. Re:Seems fine to notify by Aoet_325 · · Score: 3, Interesting

      "I don't think they will cut off customers. It would be a huge support hassle for them. We lost connection the other day and they sent out a tech guy the next day. That can't be cheap considering they are all contractors." They shut them down already. This is just a way to cut costs by automating the notification process and giving infected customers a chance to clean up the problems themselves before they spew enough spam that a disconnection is needed. I certainly hope that they disconnect customers who neglect these notices and allow their computers to continue being used for spamming, phishing, etc. until they've re-secured their systems. I've seen ISPs doing this sort of thing via walled gardens with a lot of success, and I hope it catches on.

    4. Re:Seems fine to notify by Darkness404 · · Score: 5, Insightful

      No, because this is how the usual user acts.

      Tech: "Ok, you've got a virus"

      User: "But why? I have X protecting me!"

      Tech: "Well, you downloaded these kitten screensavers that appear to have a trojan on them"

      User: "So you're going to remove my kitten screensavers!?!"

      Tech: "Um, well yes."

      User: "But you can't do that!!!"

      Tech: "Well you want the virus gone right?"

      User: "Not if it endangers my kitten screensavers!"

      Tech: "..."

      Add that plus all the scareware floating around with rogue AV software leads to a perfect storm.

      --
      Taxation is legalized theft, no more, no less.
    5. Re:Seems fine to notify by cdrguru · · Score: 4, Insightful

      I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.

      The problem is that most customers cannot do anything about their problems, except take the computer to someone that can help them. And because that is going to cost money, most people are going to wait until after Christmas, or after their vacation, or after their vacation after Christmas. Or until hell freezes over.

      Assuming a pop-up of any sort is going to actually inform people is a mistake - almost everyone has some kind of pop-up blocking in effect today and the ones that get through are ignored.

      The right thing to do is contact the person and see if they can explain the activity. No contact, cut off the account. No explaination, cut off the account. It does little good for the other 6 billion people on the planet to let infected computers continue to spew spam and phishing emails.

    6. Re:Seems fine to notify by Mister+Whirly · · Score: 3, Insightful

      I think what you are describing is very close the the fake Antivirus 2009 malware that I have seen a lot of recently (popup with a link to software). I would imagine if ISPs started doing this, it would be easier for the bad guys to spoof users into installing software "to clean their infeced PC" that was "recommended" by their own ISP.

      --
      "But this one goes to 11!"
    7. Re:Seems fine to notify by coolsnowmen · · Score: 4, Insightful

      Yeah, Also, because If I got a pop-up that said, "your pc is infected" I would just close it and say "stupid phishers you'll never get me!" So, I'm guessing that pop-ups would be much less effective then a real piece of mail/phone message.

    8. Re:Seems fine to notify by Bakkster · · Score: 4, Insightful

      My guess would be that those Comcast customers who insist they don't need anti-virus and do know how to surf the Web safely are going to get unexpected notices.

      My guess is that those same users will think that the ISP is obviously wrong, and will continue along their merry way, spamming the world.

      Alternatively, they will attempt to fix it by clicking that little banner ad for 'free antivirus' that popped up and told them the same thing...

      --
      Write your representatives! Repeal the 2nd Law of Thermodynamics!
    9. Re:Seems fine to notify by sakdoctor · · Score: 4, Interesting

      That is so true it's painful.

      Many years ago I fixed someones windows installation.
      The user originally complained about a subtle windows annoyance, and a system that was running a bit slow.
      What I found when I started digging, was the most badly infected computer I have EVER seen to date.
      Many of the viruses were craftily avoiding all attempts at removal, so I backed up data only and reinstalled.
      Some of the backup was useless due to an encrypting virus.

      A week later that original annoyance was back. It turns out that on the same day, the user had downloaded kazaa and all the programs they felt were MUST HAVE, and with a combination of screen savers, custom mouse pointers, and other assorted crap recreated the exact same malware+virus infected state.

      So basically everyone from lusers to geeks have in their mind what their ideal system is, and from a fresh install we tweak towards that OS ideal.

    10. Re:Seems fine to notify by value_added · · Score: 3, Funny

      A pop up notice in the user's malware-infected browser is not the way to notify customers.

      Notifying anyone of anything was easy when the Windows Messenger service was enabled by default. ;-)

    11. Re:Seems fine to notify by Carbaholic · · Score: 5, Funny

      I'm sure the conversation would be more like this:

      Tech: "heylo plase tern off your computer and wait for ten seyconds"

      User: "What are you talking about, I'm calling because you say I have a virus"

      Tech: "Dayd you tern off your computer yet?"

      User: "Did you hear anything I just said?"

      Tech: "Comcast tern off not responsible kittens"

      User: "Every word you say makes me angrier and angrier."

      Tech: "Good, resolve glad issue. Bye"

  2. Bad subject, this is a GOOD thing... by nweaver · · Score: 4, Insightful

    ISPs need to notify their customers. Many customers don't really have email contact from their ISP for various reasons (eg, me!). But injecting a pop-up for notification purposes DOES work.

    Yes, the same technology can be used for evil abuses like ad injection, but this is exactly what SHOULD be done.

    --
    Test your net with Netalyzr
    1. Re:Bad subject, this is a GOOD thing... by i.r.id10t · · Score: 4, Insightful

      How many folks ignore popups though?

      I'd think the solution could be more like what they do when they are messing with DNS - identify customers with issues, redirect their DNS queries to a box that puts up a page that describes what is going on, why they are seeing that page instead of google or whatever, and a number to call at the ISP for assistance.

      --
      Don't blame me, I voted for Kodos
    2. Re:Bad subject, this is a GOOD thing... by MadRocketScientist · · Score: 5, Insightful

      I disagree. Using pop-ups as the notification method will likely trigger a new round of malware attacks that look like official Comcast notifications, complete with helpful links to download scanner and removal tools.

    3. Re:Bad subject, this is a GOOD thing... by garcia · · Score: 4, Interesting

      I disagree. Using pop-ups as the notification method will likely trigger a new round of malware attacks that look like official Comcast notifications, complete with helpful links to download scanner and removal tools.

      When AT&T ran things during the ATTBI days they would routinely shutdown connections for subscribers who had known issues (trojans, etc). It would set their cable modem config file to some dummy one which would only get them to AT&T internal network pages and they'd have to call in to get working again--if they fixed the problem.

      I don't see why that type of thing can't be restarted. Maybe there are just so many infected machines (and based on my webserver logs from Comcast's IP ranges, I'd guess this is true) that their phone staff just wouldn't be able to handle the volume.

    4. Re:Bad subject, this is a GOOD thing... by dave562 · · Score: 4, Interesting

      I'm undoing a bunch of moderation just to point out that you're an idiot. I hate to be so blunt, but it's the truth. If you want uninterrupted, business class service then pay for it and get an SLA in writing that explicitly spells out the obligations of both parties. In fact if you're on Comcast and you go ahead and just cross your fingers and hope for the best, I think a decent lawyer could sue you for negligence if Comcast's proactive measures impact your business. You are now aware that they might be doing this. If you don't take steps to mitigate it, you're the one who is at fault. As a business owner, you need to take steps to ensure that you can deliver what you promise to your clients. Trying to blame Comcast for a technical glitch strikes me as the digital equivalent of "sorry, the dog ate my homework".

      Maybe I should have just modded you -1 and gone about my day.

  3. When I think of Comcast, I think of progress. by InMSWeAntitrust · · Score: 5, Insightful

    "The new service will eventually be rolled out in the rest of the country, replacing the phone calls Comcast has been using to notify customers to security problems, Opperman said."

    So wait, instead of a personal phone call (which they apparently had been doing before anyway), now it'll be a popup just like the 50 other ones the user sees because he or she's infected with malware to begin with?

    Nice.

  4. Nice try. by WiiVault · · Score: 5, Interesting

    Pardon me if I assume that everything Comcast does is anti-consumer unless proven otherwise. Their record certainly reinforces this skepticism. Sounds to me like they are trying yet again to scare people who torrent or use P2P oftware. Of course since they "can't" throttle, they are coming up with new ways to encourage their paying customers to use less of their "unlimited" bandwidth. Thanks for loking out for us Comcast.

    1. Re:Nice try. by Kylock · · Score: 3, Interesting

      A co-worker of mine recently had his service terminated because he had exceeded 1TB of downloading in a month. I'm not sure if this is a regional thing, but that seems like a really high cap. Ultimately, he called them and the solution was to upgrade to a business class connection. It ended up costing him an additional $20 (iirc) a month, but he now has a higher upstream and a static IP. He was cool with that as it seems this works out better for him anyway, but any sort of cap for an advertised unlimited service is a bit ridiculous.

  5. Comcast Antivirus 2009? by silent_artichoke · · Score: 4, Insightful

    Sure thing, users NEVER get popup warnings about being infected and promptly ignore them... Unless they are really from the virus itself and are asking for credit card information.

  6. My ISP just blocked me for getting conficker.. by Anonymous Coward · · Score: 4, Interesting

    and I'm glad they did so. I was being lazy and neglected to install a virus scanner on one of the PCs hooked up here, and it got infected with conficker. Basically my ISP (XS4ALL, a Dutch ISP) detects this and blocks most of the traffic (getting mail still works), shows a warning page when you try to open a website, and some instructions on how to get through the blockade with a proxy, and how to clean up your PC. They'll only unblock you once you have gone through a number of steps to clean up your PC (running some trojan scanners etc.). This may seem harsh, but I think if every ISP did this there wouldn't be some many huge botnets out there and perhaps a lot less SPAM as well.

  7. flyswattery. by nimbius · · Score: 4, Insightful

    this proves and solves nothing, its a frogboil tactic they use to get customers familiar with their 'responsibility' on their network. soon it becomes "we kick you off if we find malware." Internet providers are already shovelling this bullshit with port scanning and automated warnings regarding account termination. Treating customers like dirt, redefining what "demand" is in terms of the business model, and shaping the services you supply sure is alot easier than actually scaling infrastructure to meet real-life demand.

    --
    Good people go to bed earlier.
  8. Prediction by bistromath007 · · Score: 5, Funny

    Comcast Gold PCGuard+ Express Pro has detected a significant overnight spike in your network usage that suggests your PC may be infected with a virus. This process has been identified as utorrent.exe. It is recommended that you delete all files related to this program immediately to keep your personal information secure.

  9. Hey, it must have been introduced here. by jtownatpunk.net · · Score: 3, Funny

    They even proactively installed AntiVirus 2009 on my system. Gosh, it's amazing how many viruses I had and didn't even know it.

  10. If only they had some other means of communicating by RingDev · · Score: 4, Insightful

    It's really too bad that a cable company doesn't have any other means of communicating with their customers other than the internet. If only some how they could find out where their customers live, which I admit does sound like a startling infringement on their customers' right to privacy, they could convey such a warning with out worrying about web etiquette or spam filters.

    -Rick

    PS: In case your browser doesn't support them, there are sarcasm tags on the proceeding paragraph.

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
  11. Re:OH, They have been acting for a while! by ciggieposeur · · Score: 3, Informative

    > No, but why is the NAT firewall letting the spam through to the outside world?

    Because having egress filtering on by default would piss off most users, so consumer NATs don't do that.

  12. If handled properly.. by pavera · · Score: 4, Interesting

    Ok.. so its Comcast and we can all assume they will handle it poorly, but I worked at a small local ISP and was responsible for implementing just such a system on our network. The system would notify our NOC engineers about suspected infections, they would investigate more fully, and if the traffic was really suspect, we would log a ticket with customer support who would then call the customer. If we were unable to contact the customer for 48 hours and they didn't call us back we would disable their service.

    Now, it was a little different as we are small and local, and we would send a tech out to their house to help clean the virus off their machine. When customer service called that was part of the call.. It went something like this: "We have detected suspicious traffic coming from your connection. To protect our network and your neighbors who also use our service, if the traffic does not stop within 48 hours we will disconnect your service. If you need any information about the traffic in question we can have an engineer contact you. Also, if you need help installing, updating, or using virus and or spyware removal software, we will be happy to send a tech support engineer to your house to help you remedy this situation."

    We didn't charge for that tech support house call, it was just part of providing excellent service. In short, if it were to be handled appropriately, I don't see any problem with this sort of system. That being said, I feel comcast will probably really botch this, just as any large telecom company would.

    Our system never detected a false positive on for example bittorrent traffic. We did have some on the IRC ports, but less than 5% (not that many people actually use IRC anymore, on a residential ISP network, probably 95%+ of IRC traffic is botnet control). We never turned off someone's connection who was validly using IRC. The customer service tech would ask "do you use IRC?" almost everyone would say "uh.. what is that?" The few people who use it would say "Yes I do" and we would say "Oh ok, that explains it" and that would be that.

    We only ever turned off 1 person's connection, they had left their machine on and left on vacation and it was on a botnet. We disabled their connection as we didn't get a response from them, when they got back they called in, we sent out a tech and cleaned up their machine and that was that.

  13. I count myself lucky... by endofoctober · · Score: 4, Informative

    ...that they called and told me that I had a zombie PC. I run updates, antivirus software and am very careful about where I go on the web, and what I download. Despite all my precautions, though, my PC got infected via an infected CD from my office (autorun is now turned off, btw). I got a call from Comcast saying that they'd noticed some odd traffic. The tech guy said it looked like my PC had been infected although it didn't seem to be actively sending/receiving any unusual data. After a quick re-scan with my antivirus software, it was gone, and all was right with the world (well, my tiny corner of it, anyway). I was used to Comcast sucking hardcore before this happened. Now my attitude is a little better toward them -- the Comcast tech guy knew his stuff, and was very helpful.

    --
    - Jack
  14. Re:If only they had some other means of communicat by 93+Escort+Wagon · · Score: 4, Funny

    It's really too bad that a cable company doesn't have any other means of communicating with their customers other than the internet.

    Hehe, you're watching TV with the family, and at the next commercial break you see a guy in an easy chair, reading the newspaper. He looks up at the camera and says "Hi there Rick! I'm Jim, from Comcast. Enjoying the show? Hey I'm afraid I've got a bit of bad news - it looks like your computer is infected with BugBot32/A."

    --
    #DeleteChrome