Slashdot Mirror

← Back to Stories (view on slashdot.org)

FCC Chair Calls On ISPs To Adopt New Security Measures

Posted by samzenpus on from the do-better dept.

alphadogg writes "U.S. Internet service providers should take new steps to protect subscribers against cyber attacks, including notifying customers when their computers are compromised, the chairman of the FCC said Wednesday. Julius Genachowski called on ISPs to notify subscribers whose computers are infected with malware and tied to a botnet and to develop a code of conduct to combat botnets. Genachowski also called on ISPs to adopt secure routing standards to protect against Internet Protocol hijacking and to implement DNSSEC, a suite of security tools for the Internet's Domain Name System."

42 of 110 comments (clear)

  1. Torrents by mehrotra.akash · · Score: 5, Interesting

    Will torrent clients be classified as malware as well?

    1. Re:Torrents by gman003 · · Score: 2

      Even if so, it's not problematic.

      All this is (going by the summary - article's still loading) is notification. "Hey, we noticed your machine seems to be infected with a virus and is part of a spam-spewing botnet. Here's some links to antimalware that'll clear that right up". "Hey, we noticed a lot of traffic from spyware sending every keystroke back to totally-a-legit-site,cn, you might want to scan for that". "Hey, you seem to be torrenting massive files 24/7, here's some MAFIAA propaganda telling you to stop copying those floppies".

    2. Re:Torrents by causality · · Score: 4, Interesting

      I doubt they want to piss off some big customers.

      If that's the only societal force that can spare us, then we're screwed. Big customers can be whitelisted or "undesirables" can be blacklisted.

      I think what we need is to promote an awareness of just how important the Internet is, that screwing around with it for any reason other than good engineering is a bad idea. For example, the DNSSEC mandate is actually a sound idea and stands a good chance of working better than what we have now.

      The moment an anti-malware system starts intentionally hindering many (or all) torrents is the moment it ceases to be a technical solution and changes into a political tool. You don't need to understand the technical details of how BitTorrent works to understand this. We need a general public that understands this, for the same reason we need to understand that "think of the children!" includes concern for what kind of authoritarian, regimented society we're leaving them to inherit.

      I have to assume that any mandate to "protect against botnets" that could ever be construed to mean bans on entire protocols is going to be inevitably abused. Authoritarian types look for such "opportunities" just as businesses look for new markets. Power is just a different kind of currency.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    3. Re:Torrents by DigiShaman · · Score: 4, Informative

      Time Warner has been disabling user for malware for about 6 years now. Actually, they get redirected to a web page telling them to call the abuse department to review why the account has been temporarily disabled, agreeing to clean up the pc, and then the account gets renabled.

      The web page they direct customers to is http://www.rrsecurity-abuse.com/abuse.php

      Actually, everyone should review it. It's nicely layed out for ISP standards.

      --
      Life is not for the lazy.
    4. Re:Torrents by parlancex · · Score: 4, Insightful

      Actually, there are probably a lot of malware authors giddy at the thought of a legitimate malware notification service. There have already have already been large phone campaigns by botnet creators with the phony premise that the callee's computer is infected, with phony instructions to remove the infection (install new malware, obviously). Once there actually IS a legitimate service doing this it will be even harder for less tech savvy people to tell the difference.

    5. Re:Torrents by Oxford_Comma_Lover · · Score: 2

      We need a general public that understands this

      Good luck.

      What we need is a court system that understands this and a way to apply the First Amendment to the ISPs. If it is spun as censorship rather than as requiring people to know stuff, it stands a much better chance politically.

      --
      -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
    6. Re:Torrents by PopeRatzo · · Score: 5, Insightful

      I think what we need is to promote an awareness of just how important the Internet is, that screwing around with it for any reason other than good engineering is a bad idea.

      First, we might need to promote an awareness of just what the Internet actually is. How it works and why.

      We've got young people who don't recall a time before Internet, and don't know how and why it came into being and know nothing about it's potential. To many of them, it's just another shopping mall/arcade.

      For my money, the Electronic Freedom Foundation is currently doing the best work in this regard, so I send them money. But it also takes those of us who do have some awareness of these things taking the time to explain it. To advocate for it. To protect it. We have to make sure our shared memories, our shared culture, survives.

      There are a lot of powerful forces that would love to turn the Internet into the home shopping network on steroids. Into a one-way media outlet that tells us what's what. Into just another "cool" medium.

      We have to use the power of our oral tradition and our written tradition to spread the word on a person to person level. One to one and one to many. We must fight on the blogs, we must fight in the comment sections, we have to fight on the streets and on the beaches, We must never surrender. (OK, I got a little carried away at the end there, but you get the idea).

      --
      You are welcome on my lawn.
    7. Re:Torrents by fluffy99 · · Score: 3, Insightful

      Even if so, it's not problematic.

      All this is (going by the summary - article's still loading) is notification. "Hey, we noticed your machine seems to be infected with a virus and is part of a spam-spewing botnet. Here's some links to antimalware that'll clear that right up". "Hey, we noticed a lot of traffic from spyware sending every keystroke back to totally-a-legit-site,cn, you might want to scan for that". "Hey, you seem to be torrenting massive files 24/7, here's some MAFIAA propaganda telling you to stop copying those floppies".

      The ISPs are really the only ones positioned to thwart attacks as well. For example, blocking an IP that appears to be port scanning or sending high rates of email. Or rate-limiting icmp packets to reduce the effectiveness of DOS attacks. Or perhaps help in backtracking and notify their clients that seem to be participating in DOS attacks or spamming. The slippery slope of course is that if we expect the ISPs to start inspecting and throttling traffic for good reasons, it's not much of a leap to start snooping and throttling for reasons less advantageous to the customers. Not much of a leap from, "Hey that web site you're visiting is hosting a zero-day driveby attack" to "Hey you shouldn't be looking at neekid girls".

    8. Re:Torrents by WaffleMonster · · Score: 2

      The ISPs are really the only ones positioned to thwart attacks as well.

      I disagree, the government goes after the botnets and shuts them down. They have all the needed logging and C&C data. Your best off letting the virus scanning companies deal with this and colloberate with the government where it makes sense.

      For example, blocking an IP that appears to be port scanning or sending high rates of email.

      What right does the ISP have to limit me from port scanning or sending bulk mail? I do both on a regular basis for legitimate reasons. Profiling is unacceptable. SMTP email is now worthless thanks to stupid algorithms with thinks every other legitimate message is spam and needs to be silently deleted.

      Or rate-limiting icmp packets to reduce the effectiveness of DOS attacks

      Please don't rate limit ICMP because it screws up PMTUD and anyone trying to troubleshoot real problems. Smurf attacks don't work anymore have not for many years. All ISPs need to do is enable ingres filtering.

    9. Re:Torrents by wisty · · Score: 2, Funny

      1) Registar an organization called "Electronic Freedom Foundation"

      2) ...

      3) Profit!

    10. Re:Torrents by fluffy99 · · Score: 4, Insightful

      I don't want the govt involved in the internet, and they have a crappy track record on dealing with botnets.

      If you're port scanning multiple IPs, then you fit the profile of an attacker and need to be looked at. Bulk mail is another issue. It would be reasonable to notify customers that their computers are sending large volumes of email. If the customer isn't aware of it, then they just got a clue that they might be infected. Sending bulk mail, especially not using the ISPs relay, is often against the TOS.

      I was talking about inbound as well as outbound. If your ISP sees someone port scanning through their address space looking for open ports, blocking them makes sense. It also makes sense to watch for users inside their space port scanning. It's no different than the cops stopping someone who is walking through the neighborhood checking the doors. Rate limiting stuff like icmp works just fine, as does ingress filtering stuff you shouldn't be seeing. If a connection is spewing 500 pings a minute for 10 minutes, it's pretty unlikely it's for a legitimate reason. Another example if dropping packets which appear to be from bogons. Or noticing clients that appear to be doing syn attacks or the like.

      Really, it's not hard to detect computers acting badly.

    11. Re:Torrents by WaffleMonster · · Score: 2

      If you're port scanning multiple IPs, then you fit the profile of an attacker and need to be looked at

      Are you sure? How many IPs/ports make you suspicious? Who decides?

      It's no different than the cops stopping someone who is walking through the neighborhood checking the doors.

      Where I live people are constantly going door to door selling crap... For all I know they could just be checking doors... Do I get to call the police whenever I see someone making their rounds down the block?

      If a connection is spewing 500 pings a minute for 10 minutes, it's pretty unlikely it's for a legitimate reason.

      Lets see MTR to a destination with 20 hops default refresh rate of 1 second. After a minute you just spewed 1200 pings. OMFG call the police!!

    12. Re:Torrents by msobkow · · Score: 3, Interesting

      More to the point, such legislation to disconnect "infected" machines implies that there is some standard for a "clean machine". And you can BET that "clean machine" model is based on known, locked down, PROPRIETARY operating systems, not someone running their own mods for a Linux distribution.

      --
      I do not fail; I succeed at finding out what does not work.
    13. Re:Torrents by msobkow · · Score: 2

      After all, if you aren't running Government and ISP Supported Operating Systems, you MUST be infected.

      So if you run Linux, BSD, or any other "fringe" OS that isn't supported, you get disconnected.

      Right?

      --
      I do not fail; I succeed at finding out what does not work.
    14. Re:Torrents by PopeRatzo · · Score: 3, Funny

      I believe it's the Electronic Frontier Foundation.

      Oh shit. I should have just said "EFF".

      I should never drink and comment. Hell, last night I played my harmonica and it registered a .23

      --
      You are welcome on my lawn.
    15. Re:Torrents by hairyfeet · · Score: 2

      Just don't let anybody light a match near that harmonica while you are blowing or you may end up with the most fucked up looking flamethrower you have ever seen. To be fair it does have some really nice overtones as the metal heats up, with the bluer flames giving it almost an octave overtone, well until your hair catches on fire or the harmonica gets too hot and you pass out only to find your friends have put it on YouTube the next day under "Dumbass with a harmonica" that is.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    16. Re:Torrents by jc42 · · Score: 2

      If a connection is spewing 500 pings a minute for 10 minutes, it's pretty unlikely it's for a legitimate reason.

      Lets see MTR to a destination with 20 hops default refresh rate of 1 second. After a minute you just spewed 1200 pings. OMFG call the police!!

      Yeah, and this reminds me that in several discussions on this topic, I've commented (or seen others comment) that various so-called "security experts" like to classify pings as attacks. This almost always gets pooh-poohed by other readers. But we just saw a /. reader claim that 500 pings per minute (about 8/sec) qualifies as an attack.

      I've often found that it puts things into perspective to mention that many of the claims of "attacks" that you read about are in fact counting ICMP packets. This is a good way to inflate your numbers in your scare story. But, as with the above suggestion, any numbers you read from someone trying to make things look bad are highly likely to be counting things that aren't attacks at all, but are just part of the normal traffic on the internet.

      In particular, I've worked on a number of projects to develop network-management software, and it's fun to point out occasionally that nearly everything we're developing would be classified as "attack" malware by most of the network-security folks. On a number of occasions, various management-type people have made it clear that they consider me a dangerous "hacker" simply because I've worked on such things, and seem to know a lot about them.

      We can expect that any laws like this will be used to block not just legitimate traffic, but also network-management traffic. Flagging 500 pings a minute for 10 minutes as illegitimate is as clear an example of this as you can get. I routinely run tools that ping a list of sites scattered around the network, typically at 10-second intervals, as a "light" way of measuring network speed. They would almost all be considered illegitimate under this scheme.

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  2. oh, great, that's all I need... by Tastecicles · · Score: 2

    a popup in Iceweasel saying "Attention! Your computer is compromised!" then some spiel about IE9 and no antivirus...

    oh, wait, now where have I seen this before? (link for information only! Do the clicky on "free scan" links at your own risk!)

    --
    Operation Guillotine is in effect.
    1. Re:oh, great, that's all I need... by Tastecicles · · Score: 2

      I've seen it before. In case you're not brave, I'll explain.

      I'm sitting in front of a LINUX BOX, using Iceweasel, a LINUX BROWSER. Suddenly this popup appears telling me my LINUX BOX has been compromised, tells me I'm running IE9 (ohreali?) on Windows XP (ohreali?). It further tells me, with the help of an "automatic detection tool", that my computer is infected with 100...200...14,000+ WINDOWS viruses (ohreali?). For just $29.99, this amazing tool will "remove all infections in seconds!" (ohreali? Maybe it can do something about this sore throat that's been bugging me...).

      At this point, I fell off my chair. I was laughing too hard even to tell my wife why I was in such paroxysms of hysterics. I could barely even inhale.

      For those not versed in spotting the scam; the popup contained nothing more than an animated image producing what appeared to be a self-executing security program detecting computer viruses, linked to the real piece of malware - or should I term it scumware? (which is how I described it to the police) - via a merchant account. Clicking on anything but the X in the top right hand corner took you directly to the payment page, but also a popunder which attempted to download a stealth backdoor program into the system (I tried it on the Linux box knowing that since "Linux can't run Windows programs", it surely couldn't run a windows virus - HAH!) (which in turn would have downloaded the biggest load of keyloggers, browser hijacks, IRC clients and botnet clients you ever saw from a SINGLE RUSSIAN SERVER had it the chance). At which point the merchant account then attempted to extort another $299 out of you to get rid of *that lot* - which of course, the scammer had no intention of doing nor did he have the technical ability to do so. Basically you were about to to get screwed out of $329.99 and end up with a doorstop. Best thing to do if you see that thing appear on your Windows box is hardcycle the power and keep the machine off the net until it has had a professional and thorough sweep for scumware.

      A variation on the theme (but the same exact scam) involves the user clicking a link on a page hosted on a compromised server. This will install a program into the system tray which changes the desktop background, hijacks your browser homepage, does some weird screwy shit with the registry and does the whole "You're-compromised!" dance all over your desktop. Again, the advice is hard power down and take the box to a shop.

      --
      Operation Guillotine is in effect.
  3. nothing better to do....... by scottp · · Score: 2, Insightful

    Of course, ISPs' employees have nothing better to do than to notify ~90% of their customers their computers have malware. It boggles my mind the ideas that people come up with (sopa/pipa/acta, logging all connections, etc.) and try to implement about monitoring the Internet with little or no thought to the logistics or funding of their stupid ideas.....

  4. How would they know you have a virus by Cutting_Crew · · Score: 3, Insightful

    unless they put some of their crappy bloated software on your computer? ISPs ought to be just that. An internet service provider. Give me an internet connection from point A to point B. PERIOD.

    1. Re:How would they know you have a virus by silas_moeckel · · Score: 2

      Virus that make outbound connections to command and control etc can be spotted.

      --
      No sir I dont like it.
    2. Re:How would they know you have a virus by chemicaldave · · Score: 4, Insightful

      They don't have to see the infection itself, just the symptoms. Frankly, ISPs could probably give a damn about viruses. It's botnets that are the problem. If they see traffic from your IP directed towards a known botnet command node then they can probably assume your machine was compromised.
      Unfortunately the issue of inspecting traffic is a tricky one, etc, etc.

    3. Re:How would they know you have a virus by wanzeo · · Score: 3, Informative

      My brother's windows 7 box started running slow two weeks ago, but other than that there was no sign of a problem. He attributed it to ageing hardware and kept it on. Within 24 hours the ISP called him and told him he had a serious malware infection. They sent him an exe (apparantly they knew exactly what was wrong), and it fixed it perfectly.

      This shocked me, because usually I love to hate the local ISP, but you have to admit, that is some good service. So I guess I would draw the line at being able to identify a specific problem. If it is just suspicious traffic patterns, innocent until proven guilty.

    4. Re:How would they know you have a virus by biodata · · Score: 3, Insightful

      So someone called up your brother, told him they were from the ISP, and manipulated him to run some software on his computer? That all sounds rather dangerous to me. How did he know he could trust this person?

      --
      Korma: Good
  5. Don't want your protection by Nonillion · · Score: 2

    I don't need your stinking protection, I've been doing just fine since 1993.

    Now excuse me while this strange web site forces my browser to full screen and scans my Linux Box for viruses...
     

    --
    "I bow to no man" - Riddick
    1. Re:Don't want your protection by Fluffeh · · Score: 4, Interesting

      Now excuse me while this strange web site forces my browser to full screen and scans my Linux Box for viruses...

      I recently started getting calls to our home phone number (which is a silent number mind you) from those lovely "Hey, I'm calling from Microsoft to say that you need to install this program to fix your computer..." folks in some nasty call centre. While I do have a few windows machines around, the majority are also linux. I find it strangely pleasing following their instructions, but seeing how long I can drag out the fun for - not pressing the right things, getting them to repeat the instructions over and over again, trying to get them to hang up. My current record is 21 minutes, while they are peddling crap, you got to hand it to them - they really are patient when trying to snarf your money.

      --
      Moved to http://soylentnews.org/. You are invited to join us too!
    2. Re:Don't want your protection by Neil+Boekend · · Score: 2

      I'm not very friendly if you get me out of bed in the morning at the weekend. In retrospect that may have been overly nasty.

      No it wasn't.

      --
      Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
  6. Customer Contact by Nethead · · Score: 4, Insightful

    Back in the late '90s that's how we worked at ISPs. If we notices weird traffic on an account or were getting spam complaints, we'd call up the customer. If we couldn't get a hold of them we would disable the account until they called. Some kid pumping out Make Money Fast emails, we'd call mom and have a chat.

    Then all the local ISPs got bought up by telco and cable companies. The price didn't go down, just the service.

    I'm glad I'm still on one of the last local Mom&Pop ISPs in the area, when I call support I get a guy that actually has enable to the routers. It costs about $15/month more but I'm willing to pay for the service I get.

    --
    -- I have a private email server in my basement.
    1. Re:Customer Contact by parlancex · · Score: 2

      ... when I call support I get a guy that actually has enable to the routers. It costs about $15/month more but I'm willing to pay for the service I get.

      I would gladly pay more than $15 extra for that level of support.

      My ISP has had a problem with what I suspect is a fibre media converter that is causing high packet loss with packet sizes 1350 to 1500 bytes. My friends and I who live in town all set our MTU manually to about 1300 to avoid the problem, but everyone else in town using this ISP is stuck with websites that time out randomly for no reason, web pages that fail to load randomly, etc.

      I tried to explain to support that they need to run a ping size sweep on their router so they can see the packet loss but they guy seriously fired up a windows command prompt from his support machine and ran ping with the default arguments to my home IP address, said all 5 packets were okay, and that nothing was wrong.

    2. Re:Customer Contact by TubeSteak · · Score: 2

      I tried to explain to support that they need to run a ping size sweep on their router so they can see the packet loss but they guy seriously fired up a windows command prompt from his support machine and ran ping with the default arguments to my home IP address, said all 5 packets were okay, and that nothing was wrong.

      1. The default # of packets for windows' ping is 4 (as far as I can recall)

      2. Sometimes you have to ask to speak to another support tech until you get escalated to someone who has the ability to understand you.
      If that fails, you can always try complaining on social media or launching an executive e-mail carpet bomb

      --
      [Fuck Beta]
      o0t!
    3. Re:Customer Contact by heypete · · Score: 3, Interesting

      Indeed. Cox, a cable ISP in the US, was silently re-writing DNS TTLs from whatever value the authoritative nameserver had set to 30 seconds. It didn't matter if it was a long-lived NS record or a short-lived dynamic DNS entry, everything got changed to 30 seconds. Even the entries for the root nameservers were cached for 30 seconds, increasing their load.

      When I had their service and this was affecting me I wrote to their customer support and prefixed the message with a "This is a specialized technical issue about Cox's DNS servers and is not addressable by customer support staff. Please forward this to the systems/network administration folks." The message included a quick summary of the problem, results of dig tests on both Cox's and third-party resolvers, etc.

      I got a response two days later saying "We're sorry you're having difficulty setting up your wireless router. You might find the instructions at $URL helpful..."

      After that point, I stopped bothering and switched to Google Public DNS. Google's nameservers respected TTLs, didn't do the SiteFinder interception of non-existent domains, and actually had better performance.

  7. One Has To Wonder About Motivation by Jane+Q.+Public · · Score: 4, Insightful

    Given that most knowledgeable people seem to think it's a bad idea... I have to wonder why government keeps coming up with schemes that essentially require monitoring by the ISP.

    I mean, when you consider that as a practical matter, an ISP is (or at least should be) just a common carrier, like a telephone company. In fact the FCC originally -- and even very recently -- wanted to classify ISPs as common carriers. Which would preclude any monitoring. So what's up with all these monitoring ideas?

    Are they maybe just trying to get some kind of monitoring in place, so that they can expand it later?

    1. Re:One Has To Wonder About Motivation by CodeBuster · · Score: 3, Interesting

      I have to wonder why government keeps coming up with schemes that essentially require monitoring by the ISP.

      Governments cannot abide anyone but themselves with secrets.

      Are they maybe just trying to get some kind of monitoring in place, so that they can expand it later?

      Yes. It's like the amphibian in the pot. Turn up the heat gradually and it will remain even after the water is boiling.

  8. make it opt-in and I will by jdogalt · · Score: 2

    There seem to be a lot of negative comments about this, and perhaps some with subtle good reason. But I really like the idea, if it's implemented as opt-in, and boils down to "if any existing software run by the ISP believes that my computer is running known malware based on known traffic patterns, send mail to either or both of the email address and physicial address I registered during the opt-in process". To me this sounds analagous to the security breach notification laws corporations are subject to in some jurisdictions, and I believe those are generally a good thing as well. Without them, you get the status quo, which is things like Nortel knowing they were compromised for years, and just not caring. I actually think this is likely the status quo at all major organizations. I mean really, do you think if microsoft/google/etc found out that major fractions of their internal infrastructures had been owned by foreign government X for the last 5 years, that without laws they would ever _do anything about it_ if the attackers were friendly enough to just be sucking data about their engineering and customers, and not actually impacting the day to day monetary business? I'm pretty sure what would happen in such a case would be some management screaming at some overworked internal security folks. And then the internal security folks would either brush the problem under the rug, or get fired when they explained exactly how many resources it would take to remotely adequetely stop the espionage threat from government X. Bottom line- forcing by law companies to notify their customers when existing software discovers exploits seems like a really good idea to me. Yes, there will be some resulting pressure to just turn off their internal checks, but honestly, that doesn't bother me at all if when those internal checks were finding things, they weren't going to bother telling the customers anyway. In fact, my optimistic hope, which I think is quite reasonable, is that when the actual scope of these things is forced into the public view, that the horrendous security practices responsible, will actually get remedied in the right ways. I truly don't get why there is so much resistence here to this idea- fundamentally (as I described above, i.e. not mandating new software be run, but just that if existing software already running thinks a customer is owned by hackers, that they take the trouble of notifying the customer.

  9. It will NEVER happen by Charliemopps · · Score: 2

    Having worked for multiple ISPs I can absolutely guarantee this will not happen.

    1. Most importantly: Figuring out who is infected is a huge amount of work. We'd need to scope out millions of dollars in project work to design a system to detect who has a problem, processes for creating tickets for people to notify them, hire people to do all of this work, then maintain this entire elaborate system every time we make a change to our network, our repair structure, etc... Even if the government funded a system, every ISP's internal structure is totally different. It would never work for more than 1. They'd have to fund every ISPs program individually, and the ISPs would suck up that funding like vampires and have little to show for it in the end.
    2. To notify the customer automatically you'd need to either A: send them an email, which about 98% of your customers don't use the email address you gave them or B: Redirect them via your DNS server to a warning page. But if they aren't using your DNS that's not going to work, and the people writing the malware/bots will figure that out and either block your warning page, or more simply change the customers DNS server to googles or something and your entire system is useless.
    3. When we do notify these people what is the very first thing they are going to do? Call the ISP. What is a virus? How did they get it? When are we going to fix it for them? Well they got it on our internet, they never had viruses when they had dialup... It's an hour long call at least. That just cost the ISP $20 and the customer is going to hang up and do nothing.
    4. It's of absolutely no benefit to the ISP to do anything like this. So what if the customers are infected? They have the internet, malware doesn't hurt the ISPs network unless the ISP itself is the target witch is rarely the case. Even if one of the ISPs customers is the target they just adjust a few routers and the problem goes away. The customer is blissfully unaware of their problem and paying their bill. You don't mess with that. And yes, customers really are stupid enough to think the malware they have had for years and didn't know about, but were suddenly notified of when they signed up for your service, came from you.
    5. Almost every ISP in the united states sells some sort of malware/antivirus package now. You're asking them to subvert their own product. Good luck getting that past product development.

    And lastly, I want to re-iterate... the customer will DO NOTHING. They already know they have malware. Their computer runs like shit. They have habits that lead to them having malware. They bought their computer 10 years ago, their way of "fixing" it is using the Dell system restore disk that game with it that reverts it to the original unpatched version of XP. Then they install the pirated versions of autocad and photoshop they got from their brother-in-law 6 years ago, they sure are glad they kept all those CDs he burned... Then they go to bed, their teenage son gets up and surfs porn with IE6 from that fresh XP install, for a couple of hours. He erases the history... his tracks are covered.

    1. Re:It will NEVER happen by Zebai · · Score: 2

      It already happens. Time Warner and Comcast both have botnet detection. They put you a restricted walled garden until you take steps to remove it. There is no email and there is no hugely complex packet sniffing software. Its quite easy to detect such botnet traffic as such traffic is very predictable in nature. Your computer sending large amount of traffic to some known botnet location? Redirect all traffic to some basic HTML page with instructions. Customer does nothing and just lets it stay that way? No prob you can pay for service that you don't use all you want to.

    2. Re:It will NEVER happen by Anonymous Coward · · Score: 2, Interesting

      4. It's of absolutely no benefit to the ISP to do anything like this. So what if the customers are infected? They have the internet, malware doesn't hurt the ISPs network unless the ISP itself is the target witch is rarely the case. Even if one of the ISPs customers is the target they just adjust a few routers and the problem goes away. The customer is blissfully unaware of their problem and paying their bill. You don't mess with that. And yes, customers really are stupid enough to think the malware they have had for years and didn't know about, but were suddenly notified of when they signed up for your service, came from you.

      *lol* - I'll second this: About a decade ago I saw a small business getting walloped by worm traffic to the point where it was suffering from the degraded link speed (firewall drops packets on the CPE side of the link, you see). I called the ISP and said "can you filter these ports, this traffic is getting heavy?" and the response was "no chance, once it enters the network we get billed from our upstream provider, so we need to deliver it somewhere so that we can charge for it" !

      [And three cheers to the captcha: plunder]

  10. FCC chair should mind his own store first by Karmashock · · Score: 3, Insightful

    The FCC is currently mismanaging radio spectrum sales and partitioning. That is their primary function. Do that and once you're doing your ACTUAL job then worry about the internet which you in fact have no authority over.

    The FCC seems to be trying to fail up. TV viewership is dying so they're trying to expand themselves into the internet. I get it. But first maybe they should sell off that radio spectrum and do their actual jobs.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  11. Comcast already does this by WrecklessSandwich · · Score: 2

    I got a robocall from Comcast a few months back advising me of an infected machine connected to my network. Sure enough, my parents' computer had a bunch of trojans on it that would probably have stuck around for a couple more weeks had they not called me.

  12. Good Luck With That by ThatsNotPudding · · Score: 4, Funny

    We need a general public that understands ...

    404 Not Found

  13. Re:Spam by hairyfeet · · Score: 2

    Actually I've seen this in action and all that happens in reality is the ISPs use this as an excuse to toss any customers that actually use the bandwidth they paid for. Both the local DSL and WISP providers will just say "You must have a virus" and turn off your connection if they decide they don't like what you are running or how much you are using, the WISP going so far as to say "You can't run our scanner so you must be infected" when i was running PCLOS on my laptop.

    Remember folks the ONLY customers these ISPs really want is what they call the "granny" customers, where all they do is check email and then log off like its 1994. This is because none of the major ISPs are rolling out shit for bandwidth upgrades, instead just sticking those profits in their pocket. Any excuse that lets them toss more people that actually use resources is quickly jumped on and this way they can say "We are protecting the network" instead of "he actually used HALF the bandwidth that is in his contract, can you fucking believe it?" and gives them a nice legally sound out even when the customer isn't hitting the caps, just using close to it.

    --
    ACs don't waste your time replying, your posts are never seen by me.