dslreports logo
site
spacer

spacer
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


view:
topics flat nest 
Comments on news posted 2009-10-08 17:09:13: Comcast reached out to us today to note that they're employing a new strategy to help deal with customers they've identified as having trojan-infected PCs. ..

page: 1 · 2 · 3 · next


snipper_cr
Premium
join:2002-01-22
Wheaton, IL

1 recommendation

trust?

Isn't that going to look like just about any one of those "Anti-virus" programs that pop up. "WARNING YOUR COMPUTER IS INFECTED, DOWNLOAD OUR PROGRAM NAAUUGHHH!" And then they turn into a virus themselves.

Even an email I could see being easily mistaken for a trap. Okay, even if they are not mistaken for traps, it will not be long until malware writers start making scripts to look like a comcast warning message.

I see this as a good idea, just not sure how well it will work in reality...
--
The early bird catches the worm, but the second mouse gets the cheese.
CPL:IA;ASEL/AMEL. CFI:ASE/AME; IA



screavic4
Premium
join:2006-08-11
Paron, AR
kudos:1

Hmmm

I foresee malicious software being made copying the comcast alert. Too bad there isn't way that makes the consumer feel safe about clicking on these.
--
Keyboard not found press F1 to continue.
My software never has bugs, they just develop random "features".



ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

This will really work...

For all those infected PC's that never go to the comcast.net web page.

Also, between the time the info is analyzed by these methods and the IP is returned to Comcast, what's to say that the ip hasn't been reallocated to someone elses modem giving false positives.



fifty nine

join:2002-09-25
Sussex, NJ
kudos:2

Comcast is too big

Ma cable needs to be broken up.



NSM998

join:2009-02-12
Philadelphia, PA

1 edit

1 recommendation

reply to ropeguru

Re: This will really work...

said by ropeguru:

For all those infected PC's that never go to the comcast.net web page.

Also, between the time the info is analyzed by these methods and the IP is returned to Comcast, what's to say that the ip hasn't been reallocated to someone elses modem giving false positives.
You may want to read the IETF draft on how the system works, which is posted at: »tools.ietf.org/id/draft-livingoo···n-00.txt


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to screavic4

Re: Hmmm

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
--
JL
Comcast



screavic4
Premium
join:2006-08-11
Paron, AR
kudos:1

Yeah, I've been brainstorming on it and the only thing I can think of is some type of "image verification" that your customers would pick and image and a phrase of their own and show it on all "official" Comcast messages via Web alerts. My bank does it, it can also be spoofed too though if they really wanted to try hard enough.
--
Keyboard not found press F1 to continue.
My software never has bugs, they just develop random "features".



pizz
bye bye twc. hello Comcast.
Premium
join:2000-10-27
Astoria, NY
Reviews:
·Time Warner Cable
reply to jlivingood

said by jlivingood:

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
Add a nice pamphlet inside their monthly bills telling them of this new service. So customers know before hand, as alot of people do read their bills and the flyers they stuff inside them.

but good luck on it, not a bad idea at all.
--
The more you talk, the less you listen.


screavic4
Premium
join:2006-08-11
Paron, AR
kudos:1

I too like it, it's one way to save bandwidth too. I also like that Comcast offers antivirus to their customers.
--
Keyboard not found press F1 to continue.
My software never has bugs, they just develop random "features".



jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to pizz

said by pizz:

said by jlivingood:

That's definitely something we are hoping to learn about in the tech trial. It's a tough problem to solve.
Add a nice pamphlet inside their monthly bills telling them of this new service. So customers know before hand, as alot of people do read their bills and the flyers they stuff inside them.

but good luck on it, not a bad idea at all.
I don't know if we're planning to do that or not. But we are sending emails to customers in the trial area, for what that's worth.
--
JL
Comcast


FreedomBuild
Well done is better than well said
Premium
join:2004-10-08
Rockford, IL
reply to NSM998

Re: This will really work...

I suppose this can be used as another way to inject ads as well...another way to skirt the system uh?
--
»www.freedombuild.net
Browse A lot - Sign In Little - Post Even Less



zalternate

join:2007-02-22
freedom land

1 edit

Phone?

Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a day(at least) to download a trusted, recommended anti-virus product. With a one week trial of restoration of service, to see that they are indeed clean.

DNS redirection hacking breaks the Internet, and as mentioned above, Virus writers will make small scripts to mimic the warning message and then take you to FAKE anti-virus products.
--
Consumer Rights is more than just a suggestion.



NSM998

join:2009-02-12
Philadelphia, PA

said by zalternate:

Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a day(at least) to download a trusted, recommended anti-virus product. With a one week trial of restoration of service, to see that they are indeed clean.

DNS redirection hacking breaks the Internet, and as mentioned above, Virus writers will make small scripts to mimic the warning message and then take you to FAKE anti-virus products.
Cutting off Internet access or blocking Internet access with a walled garden are approaches which have drawbacks...we discussed these in our Bot Mitigation IETF draft...its available at (reference section 6): »tools.ietf.org/html/draft-oreird···ation-03


treichhart

join:2006-12-12

1 edit

ISP disabling customers for virus problems

well see I work for a local ISP and if there was a virus on your computer and its messing up are network we disable the user intill the virus as been fix and that anti-virus as to be to update before we can re-enable the service.

also on are wireless network say your package is 768kbps/256kbps and if you have p2p or virus on your compute we can turn down the service to 47.1kbps intill you get the problems fix.



funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to FreedomBuild

Re: This will really work...

said by FreedomBuild:

I suppose this can be used as another way to inject ads as well...another way to skirt the system uh?
Well, it can, and that's a huge problem if it happens. What Comcast is doing doesn't trigger this problem (the page that Comcast refers people to isn't marketing anything that Comcast folks don't already get for free as part of their subscription). Rogers, on the other hand, experimented with this kind of system to sell people more bandwidth. That's a problem.

The ISP isn't paid to get in the way of desired communication. However, if you're infected, the ISP ought to shut you off. Comcast has figured out a way to avoid that shut off, and customers should find that as less objectionable. As long as it is not abused, like you point out.
--
Robb Topolski -= funchords.com =- District of Columbia -- KJ7RL
Test your Broadband connection today! -- »measurementlab.net/


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to zalternate

Re: Phone?

said by zalternate:

Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a day(at least) to download a trusted, recommended anti-virus product. With a one week trial of restoration of service, to see that they are indeed clean.
Did that really ever exist? Probably for a while. But Bots spread too fast. ISPs are not able to take on the cost of staying on the phone and handholding customers through the cleaning process.

Plus, the Internet has grown from a nice-to-have to a need-to-have. If Comcast puts you in their "screened garden" you can still do most things on the Internet essential to keeping you employed or schooled, but you're still prompted to take care of the issue. Phone and mail doesn't work because people often don't take unexpected calls or read unexpected mail.

If users will respond to it, and if things don't tend to break, this may be a better way. It's a good experiment to conduct and Comcast is being open about their conducting it.
--
Robb Topolski -= funchords.com =- District of Columbia -- KJ7RL
Test your Broadband connection today! -- »measurementlab.net/

dfxmatt

join:2007-08-21
Evanston, IL
reply to pizz

Re: Hmmm

that's a well intended idea, but people aren't necessarily going to *read it*.

Anything other than a bill in an envelope with a bill usually goes -> trash.


dfxmatt

join:2007-08-21
Evanston, IL
reply to funchords

Re: Phone?

I forsee additional difficulty in that if they are *only* blocking port 80 to the redirect that people who are gamers or for various reasons might not recognize the notice. Likewise do most bots operate on 80? I'd imagine not, so they would continue at the same time.

I still applaud the idea, it's a good start, but I think there are definitely kinks to iron out.



Uncle Paul

join:2003-02-04
USA
kudos:1

1 recommendation

reply to funchords

Re: This will really work...

Yes, this basically is a man-in-the-middle attack injecting code on top of your existing traffic. If I were to do this to someone, would there be an understanding officer at my door?

I agree that botnets need to be handled and applaud Comcast for trying to do it. But perhaps a phone call might work better, after all you know their call center's going to be flooded anyway.



woody7
Premium
join:2000-10-13
Torrance, CA
reply to NSM998

Re: Phone?

at school we use cisco clean access for wireless, and Norton Enterprise, and we haven't had virus problem in years. What is a given is that when something is brought up, people bring all the negative things about it, but the underlying problem is the important part. This website has made me more aware, and when I can I steer people to it. I think that most people if informed want todo the right thing, but some are lazy and don't give a $hit. When a company tries for what ever reason, they should be commended as one step, not derided. For full disclosure I get a lot of Starbucks cards from the ones that for lack of a good reason, are lazy and don't give a $hit that their computer is spewing out crap. When it grinds to a halt, I get the call. Some times I can't think of a way to inform people short of disconnection
--
BlooMe



richdelb
Go Hawks Go
Premium
join:2003-01-22
Algonquin, IL
reply to screavic4

Re: Hmmm

said by screavic4:

I foresee malicious software being made copying the comcast alert. Too bad there isn't way that makes the consumer feel safe about clicking on these.
This is the VERY first thing that came to my mind. How does Comcast deal with this issue? What a pain in the rear for them. Nice to see Comcast at least working on finding a way to address the issue, and in such an transparent manor.


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to dfxmatt

Re: Phone?

said by dfxmatt:

I forsee additional difficulty in that if they are *only* blocking port 80 to the redirect that people who are gamers or for various reasons might not recognize the notice. Likewise do most bots operate on 80? I'd imagine not, so they would continue at the same time.
Absolutely. I know one guy who is probably infected today but won't get the notice until Comcast figures out how to inject the message into World-of-Warcraft, somehow.
--
Robb Topolski -= funchords.com =- District of Columbia -- KJ7RL
Test your Broadband connection today! -- »measurementlab.net/

iansltx

join:2007-02-19
Austin, TX
kudos:2
reply to fifty nine

Re: Comcast is too big

They built the system with their own money.

However I'd totally be for municipal competition...



cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7

1 recommendation

reply to dfxmatt

Re: Hmmm

said by dfxmatt:

that's a well intended idea, but people aren't necessarily going to *read it*.

Anything other than a bill in an envelope with a bill usually goes -> trash.
Well, who's fault that then? Send it with their bill and they throw it away. Send it in an email and it gets flagged as spam or just ignored. Post it on a portal website and they never visit it. Doing all three might reach a significantly larger audience, but I wouldn't count on it.


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to dfxmatt

Re: Phone?

said by dfxmatt:

I forsee additional difficulty in that if they are *only* blocking port 80 to the redirect that people who are gamers or for various reasons might not recognize the notice. Likewise do most bots operate on 80? I'd imagine not, so they would continue at the same time.

I still applaud the idea, it's a good start, but I think there are definitely kinks to iron out.
Still lots to learn for sure. But to be clear we are not blocking port 80 or putting users in a walled garden - for precisely the reason you state. To wit, the user may not notice since they are just using VoIP or doing gaming or something else non-web-based.
--
JL
Comcast


tmh

@qwest.net
reply to zalternate

said by zalternate:

Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a d
Because the "Phone" is VOIP-based and went away right after you shut their connection down.

BosstonesOwn

join:2002-12-15
Wakefield, MA
reply to snipper_cr

Re: trust?

Another thing is how long before they change dns to route around it and disable the check of it all together.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!"


dfxmatt

join:2007-08-21
Evanston, IL

4 edits
reply to jlivingood

Re: Phone?

you know what works well JL?

a phonecall.

Yup, that's right. Get a two tier calling system in place.

tier 1: the person who calls and explains - make sure they have a damn good plan and not a script
tier 2: someone TECHNICALLY PROFICIENT who can explain what is going on and options available (suggesting free/open source is easy here - you're not asking the customer to spend money). Make sure it's someone who can tell people in layman's terms why using an antivirus program on an infected PC isn't going to detect anything, especially if they're using mcafee or symantec.

Just make sure both are people who can speak understandable english, and you have yourself that good ole customer service thing.

Hell, I'll do it myself, and I'll do it in the *evenings* when people are actually home (take note of that), if comcast wants to pay me to do so.

Part of comcast's shoddy record is that things can only be done 9-5, be it tech support or otherwise. Put in second shifts. People like that kind of thing. Am I going to call comcast or have an appointment when I'm on a 9-5 job? hell no.


bn1221

join:2009-04-29
Cortland, NY
Reviews:
·TowerStream
reply to tmh

Because the "Phone" is VOIP-based and went away right after you shut their connection down.

++++

Not sure how Comcast does it but around here TWC uses another VLAN for the VoIP phone. I would think its quite difficult to infect their Arris modem box so I can understand a 128Kb port with no filters on it for phone.



fifty nine

join:2002-09-25
Sussex, NJ
kudos:2

1 edit
reply to iansltx

Re: Comcast is too big

said by iansltx:

They built the system with their own money.
On the private property of others forcibly seized via utility easements.

I was actually referring to the whole walled garden concept though.