dslreports logo
 
    All Forums Hot Topics Gallery
spc
view:
topics flat nest 
Comments on news posted 2009-10-08 17:09:13: Comcast reached out to us today to note that they're employing a new strategy to help deal with customers they've identified as having trojan-infected PCs. ..

page: 1 · 2 · 3 · next

snipper_cr
Premium Member
join:2002-01-22
Wheaton, IL

1 recommendation

snipper_cr

Premium Member

trust?

Isn't that going to look like just about any one of those "Anti-virus" programs that pop up. "WARNING YOUR COMPUTER IS INFECTED, DOWNLOAD OUR PROGRAM NAAUUGHHH!" And then they turn into a virus themselves.

Even an email I could see being easily mistaken for a trap. Okay, even if they are not mistaken for traps, it will not be long until malware writers start making scripts to look like a comcast warning message.

I see this as a good idea, just not sure how well it will work in reality...

screavic4
Premium Member
join:2006-08-11
Paron, AR

screavic4

Premium Member

Hmmm

I foresee malicious software being made copying the comcast alert. Too bad there isn't way that makes the consumer feel safe about clicking on these.

ropeguru
Premium Member
join:2001-01-25
Mechanicsville, VA

ropeguru

Premium Member

This will really work...

For all those infected PC's that never go to the comcast.net web page.

Also, between the time the info is analyzed by these methods and the IP is returned to Comcast, what's to say that the ip hasn't been reallocated to someone elses modem giving false positives.

fifty nine
join:2002-09-25
Sussex, NJ

fifty nine

Member

Comcast is too big

Ma cable needs to be broken up.

NSM998
join:2009-02-12
Philadelphia, PA

1 edit

1 recommendation

NSM998 to ropeguru

Member

to ropeguru

Re: This will really work...

said by ropeguru:

For all those infected PC's that never go to the comcast.net web page.

Also, between the time the info is analyzed by these methods and the IP is returned to Comcast, what's to say that the ip hasn't been reallocated to someone elses modem giving false positives.
You may want to read the IETF draft on how the system works, which is posted at: »tools.ietf.org/id/draft- ··· n-00.txt

jlivingood
Premium Member
join:2007-10-28
Philadelphia, PA

jlivingood to screavic4

Premium Member

to screavic4

Re: Hmmm

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.

screavic4
Premium Member
join:2006-08-11
Paron, AR

screavic4

Premium Member

Yeah, I've been brainstorming on it and the only thing I can think of is some type of "image verification" that your customers would pick and image and a phrase of their own and show it on all "official" Comcast messages via Web alerts. My bank does it, it can also be spoofed too though if they really wanted to try hard enough.

StevenB
Premium Member
join:2000-10-27
New York, NY
·Charter

StevenB to jlivingood

Premium Member

to jlivingood
said by jlivingood:

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
Add a nice pamphlet inside their monthly bills telling them of this new service. So customers know before hand, as alot of people do read their bills and the flyers they stuff inside them.

but good luck on it, not a bad idea at all.

screavic4
Premium Member
join:2006-08-11
Paron, AR

screavic4

Premium Member

I too like it, it's one way to save bandwidth too. I also like that Comcast offers antivirus to their customers.

jlivingood
Premium Member
join:2007-10-28
Philadelphia, PA

jlivingood to StevenB

Premium Member

to StevenB
said by StevenB:
said by jlivingood:

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
Add a nice pamphlet inside their monthly bills telling them of this new service. So customers know before hand, as alot of people do read their bills and the flyers they stuff inside them.

but good luck on it, not a bad idea at all.
I don't know if we're planning to do that or not. But we are sending emails to customers in the trial area, for what that's worth.

FreedomBuild
Well done is better than well said
Premium Member
join:2004-10-08
Rockford, IL

FreedomBuild to NSM998

Premium Member

to NSM998

Re: This will really work...

I suppose this can be used as another way to inject ads as well...another way to skirt the system uh?

zalternate
join:2007-02-22
freedom land

1 edit

zalternate

Member

Phone?

Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a day(at least) to download a trusted, recommended anti-virus product. With a one week trial of restoration of service, to see that they are indeed clean.

DNS redirection hacking breaks the Internet, and as mentioned above, Virus writers will make small scripts to mimic the warning message and then take you to FAKE anti-virus products.

NSM998
join:2009-02-12
Philadelphia, PA

NSM998

Member

said by zalternate:

Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a day(at least) to download a trusted, recommended anti-virus product. With a one week trial of restoration of service, to see that they are indeed clean.

DNS redirection hacking breaks the Internet, and as mentioned above, Virus writers will make small scripts to mimic the warning message and then take you to FAKE anti-virus products.
Cutting off Internet access or blocking Internet access with a walled garden are approaches which have drawbacks...we discussed these in our Bot Mitigation IETF draft...its available at (reference section 6): »tools.ietf.org/html/draf ··· ation-03

treich
join:2006-12-12

1 edit

treich

Member

ISP disabling customers for virus problems

well see I work for a local ISP and if there was a virus on your computer and its messing up are network we disable the user intill the virus as been fix and that anti-virus as to be to update before we can re-enable the service.

also on are wireless network say your package is 768kbps/256kbps and if you have p2p or virus on your compute we can turn down the service to 47.1kbps intill you get the problems fix.

funchords
Hello
MVM
join:2001-03-11
Yarmouth Port, MA

funchords to FreedomBuild

MVM

to FreedomBuild

Re: This will really work...

said by FreedomBuild:

I suppose this can be used as another way to inject ads as well...another way to skirt the system uh?
Well, it can, and that's a huge problem if it happens. What Comcast is doing doesn't trigger this problem (the page that Comcast refers people to isn't marketing anything that Comcast folks don't already get for free as part of their subscription). Rogers, on the other hand, experimented with this kind of system to sell people more bandwidth. That's a problem.

The ISP isn't paid to get in the way of desired communication. However, if you're infected, the ISP ought to shut you off. Comcast has figured out a way to avoid that shut off, and customers should find that as less objectionable. As long as it is not abused, like you point out.
funchords

funchords to zalternate

MVM

to zalternate

Re: Phone?

said by zalternate:

Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a day(at least) to download a trusted, recommended anti-virus product. With a one week trial of restoration of service, to see that they are indeed clean.
Did that really ever exist? Probably for a while. But Bots spread too fast. ISPs are not able to take on the cost of staying on the phone and handholding customers through the cleaning process.

Plus, the Internet has grown from a nice-to-have to a need-to-have. If Comcast puts you in their "screened garden" you can still do most things on the Internet essential to keeping you employed or schooled, but you're still prompted to take care of the issue. Phone and mail doesn't work because people often don't take unexpected calls or read unexpected mail.

If users will respond to it, and if things don't tend to break, this may be a better way. It's a good experiment to conduct and Comcast is being open about their conducting it.
dfxmatt
join:2007-08-21
Crystal Lake, IL

dfxmatt to StevenB

Member

to StevenB

Re: Hmmm

that's a well intended idea, but people aren't necessarily going to *read it*.

Anything other than a bill in an envelope with a bill usually goes -> trash.
dfxmatt

dfxmatt to funchords

Member

to funchords

Re: Phone?

I forsee additional difficulty in that if they are *only* blocking port 80 to the redirect that people who are gamers or for various reasons might not recognize the notice. Likewise do most bots operate on 80? I'd imagine not, so they would continue at the same time.

I still applaud the idea, it's a good start, but I think there are definitely kinks to iron out.

Uncle Paul
join:2003-02-04
USA

1 recommendation

Uncle Paul to funchords

Member

to funchords

Re: This will really work...

Yes, this basically is a man-in-the-middle attack injecting code on top of your existing traffic. If I were to do this to someone, would there be an understanding officer at my door?

I agree that botnets need to be handled and applaud Comcast for trying to do it. But perhaps a phone call might work better, after all you know their call center's going to be flooded anyway.

woody7
Premium Member
join:2000-10-13
Torrance, CA

woody7 to NSM998

Premium Member

to NSM998

Re: Phone?

at school we use cisco clean access for wireless, and Norton Enterprise, and we haven't had virus problem in years. What is a given is that when something is brought up, people bring all the negative things about it, but the underlying problem is the important part. This website has made me more aware, and when I can I steer people to it. I think that most people if informed want todo the right thing, but some are lazy and don't give a $hit. When a company tries for what ever reason, they should be commended as one step, not derided. For full disclosure I get a lot of Starbucks cards from the ones that for lack of a good reason, are lazy and don't give a $hit that their computer is spewing out crap. When it grinds to a halt, I get the call. Some times I can't think of a way to inform people short of disconnection

richdelb
Go Hawks Go
Premium Member
join:2003-01-22
Algonquin, IL

richdelb to screavic4

Premium Member

to screavic4

Re: Hmmm

said by screavic4:

I foresee malicious software being made copying the comcast alert. Too bad there isn't way that makes the consumer feel safe about clicking on these.
This is the VERY first thing that came to my mind. How does Comcast deal with this issue? What a pain in the rear for them. Nice to see Comcast at least working on finding a way to address the issue, and in such an transparent manor.

funchords
Hello
MVM
join:2001-03-11
Yarmouth Port, MA

funchords to dfxmatt

MVM

to dfxmatt

Re: Phone?

said by dfxmatt:

I forsee additional difficulty in that if they are *only* blocking port 80 to the redirect that people who are gamers or for various reasons might not recognize the notice. Likewise do most bots operate on 80? I'd imagine not, so they would continue at the same time.
Absolutely. I know one guy who is probably infected today but won't get the notice until Comcast figures out how to inject the message into World-of-Warcraft, somehow.
iansltx
join:2007-02-19
Austin, TX

iansltx to fifty nine

Member

to fifty nine

Re: Comcast is too big

They built the system with their own money.

However I'd totally be for municipal competition...

cdru
Go Colts
MVM
join:2003-05-14
Fort Wayne, IN

1 recommendation

cdru to dfxmatt

MVM

to dfxmatt

Re: Hmmm

said by dfxmatt:

that's a well intended idea, but people aren't necessarily going to *read it*.

Anything other than a bill in an envelope with a bill usually goes -> trash.
Well, who's fault that then? Send it with their bill and they throw it away. Send it in an email and it gets flagged as spam or just ignored. Post it on a portal website and they never visit it. Doing all three might reach a significantly larger audience, but I wouldn't count on it.

jlivingood
Premium Member
join:2007-10-28
Philadelphia, PA

jlivingood to dfxmatt

Premium Member

to dfxmatt

Re: Phone?

said by dfxmatt:

I forsee additional difficulty in that if they are *only* blocking port 80 to the redirect that people who are gamers or for various reasons might not recognize the notice. Likewise do most bots operate on 80? I'd imagine not, so they would continue at the same time.

I still applaud the idea, it's a good start, but I think there are definitely kinks to iron out.
Still lots to learn for sure. But to be clear we are not blocking port 80 or putting users in a walled garden - for precisely the reason you state. To wit, the user may not notice since they are just using VoIP or doing gaming or something else non-web-based.

tmh
@qwest.net

tmh to zalternate

Anon

to zalternate
said by zalternate:

Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a d
Because the "Phone" is VOIP-based and went away right after you shut their connection down.
BosstonesOwn
join:2002-12-15
Wakefield, MA

BosstonesOwn to snipper_cr

Member

to snipper_cr

Re: trust?

Another thing is how long before they change dns to route around it and disable the check of it all together.
dfxmatt
join:2007-08-21
Crystal Lake, IL

4 edits

dfxmatt to jlivingood

Member

to jlivingood

Re: Phone?

you know what works well JL?

a phonecall.

Yup, that's right. Get a two tier calling system in place.

tier 1: the person who calls and explains - make sure they have a damn good plan and not a script
tier 2: someone TECHNICALLY PROFICIENT who can explain what is going on and options available (suggesting free/open source is easy here - you're not asking the customer to spend money). Make sure it's someone who can tell people in layman's terms why using an antivirus program on an infected PC isn't going to detect anything, especially if they're using mcafee or symantec.

Just make sure both are people who can speak understandable english, and you have yourself that good ole customer service thing.

Hell, I'll do it myself, and I'll do it in the *evenings* when people are actually home (take note of that), if comcast wants to pay me to do so.

Part of comcast's shoddy record is that things can only be done 9-5, be it tech support or otherwise. Put in second shifts. People like that kind of thing. Am I going to call comcast or have an appointment when I'm on a 9-5 job? hell no.

Eagles1221
join:2009-04-29
Vincentown, NJ

Eagles1221 to tmh

Member

to tmh
Because the "Phone" is VOIP-based and went away right after you shut their connection down.

++++

Not sure how Comcast does it but around here TWC uses another VLAN for the VoIP phone. I would think its quite difficult to infect their Arris modem box so I can understand a 128Kb port with no filters on it for phone.

fifty nine
join:2002-09-25
Sussex, NJ

1 edit

fifty nine to iansltx

Member

to iansltx

Re: Comcast is too big

said by iansltx:

They built the system with their own money.
On the private property of others forcibly seized via utility easements.

I was actually referring to the whole walled garden concept though.
page: 1 · 2 · 3 · next