1 edit |
Phone?Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a day(at least) to download a trusted, recommended anti-virus product. With a one week trial of restoration of service, to see that they are indeed clean.
DNS redirection hacking breaks the Internet, and as mentioned above, Virus writers will make small scripts to mimic the warning message and then take you to FAKE anti-virus products. |
|
NSM998 join:2009-02-12 Philadelphia, PA |
NSM998
Member
2009-Oct-8 4:09 pm
said by zalternate:Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a day(at least) to download a trusted, recommended anti-virus product. With a one week trial of restoration of service, to see that they are indeed clean. DNS redirection hacking breaks the Internet, and as mentioned above, Virus writers will make small scripts to mimic the warning message and then take you to FAKE anti-virus products. Cutting off Internet access or blocking Internet access with a walled garden are approaches which have drawbacks...we discussed these in our Bot Mitigation IETF draft...its available at (reference section 6): » tools.ietf.org/html/draf ··· ation-03 |
|
funchordsHello MVM join:2001-03-11 Yarmouth Port, MA |
to zalternate
said by zalternate:Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a day(at least) to download a trusted, recommended anti-virus product. With a one week trial of restoration of service, to see that they are indeed clean. Did that really ever exist? Probably for a while. But Bots spread too fast. ISPs are not able to take on the cost of staying on the phone and handholding customers through the cleaning process. Plus, the Internet has grown from a nice-to-have to a need-to-have. If Comcast puts you in their "screened garden" you can still do most things on the Internet essential to keeping you employed or schooled, but you're still prompted to take care of the issue. Phone and mail doesn't work because people often don't take unexpected calls or read unexpected mail. If users will respond to it, and if things don't tend to break, this may be a better way. It's a good experiment to conduct and Comcast is being open about their conducting it. |
|
dfxmatt join:2007-08-21 Crystal Lake, IL |
I forsee additional difficulty in that if they are *only* blocking port 80 to the redirect that people who are gamers or for various reasons might not recognize the notice. Likewise do most bots operate on 80? I'd imagine not, so they would continue at the same time.
I still applaud the idea, it's a good start, but I think there are definitely kinks to iron out. |
|
woody7 Premium Member join:2000-10-13 Torrance, CA |
to NSM998
at school we use cisco clean access for wireless, and Norton Enterprise, and we haven't had virus problem in years. What is a given is that when something is brought up, people bring all the negative things about it, but the underlying problem is the important part. This website has made me more aware, and when I can I steer people to it. I think that most people if informed want todo the right thing, but some are lazy and don't give a $hit. When a company tries for what ever reason, they should be commended as one step, not derided. For full disclosure I get a lot of Starbucks cards from the ones that for lack of a good reason, are lazy and don't give a $hit that their computer is spewing out crap. When it grinds to a halt, I get the call. Some times I can't think of a way to inform people short of disconnection |
|
funchordsHello MVM join:2001-03-11 Yarmouth Port, MA |
to dfxmatt
|
|
jlivingood Premium Member join:2007-10-28 Philadelphia, PA |
to dfxmatt
said by dfxmatt:I forsee additional difficulty in that if they are *only* blocking port 80 to the redirect that people who are gamers or for various reasons might not recognize the notice. Likewise do most bots operate on 80? I'd imagine not, so they would continue at the same time. I still applaud the idea, it's a good start, but I think there are definitely kinks to iron out. Still lots to learn for sure. But to be clear we are not blocking port 80 or putting users in a walled garden - for precisely the reason you state. To wit, the user may not notice since they are just using VoIP or doing gaming or something else non-web-based. |
|
|
to zalternate
said by zalternate:Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a d Because the "Phone" is VOIP-based and went away right after you shut their connection down. |
|
dfxmatt join:2007-08-21 Crystal Lake, IL 4 edits |
to jlivingood
you know what works well JL?
a phonecall.
Yup, that's right. Get a two tier calling system in place.
tier 1: the person who calls and explains - make sure they have a damn good plan and not a script tier 2: someone TECHNICALLY PROFICIENT who can explain what is going on and options available (suggesting free/open source is easy here - you're not asking the customer to spend money). Make sure it's someone who can tell people in layman's terms why using an antivirus program on an infected PC isn't going to detect anything, especially if they're using mcafee or symantec.
Just make sure both are people who can speak understandable english, and you have yourself that good ole customer service thing.
Hell, I'll do it myself, and I'll do it in the *evenings* when people are actually home (take note of that), if comcast wants to pay me to do so.
Part of comcast's shoddy record is that things can only be done 9-5, be it tech support or otherwise. Put in second shifts. People like that kind of thing. Am I going to call comcast or have an appointment when I'm on a 9-5 job? hell no. |
|
|
to tmh
Because the "Phone" is VOIP-based and went away right after you shut their connection down.
++++
Not sure how Comcast does it but around here TWC uses another VLAN for the VoIP phone. I would think its quite difficult to infect their Arris modem box so I can understand a 128Kb port with no filters on it for phone. |
|
jlivingood Premium Member join:2007-10-28 Philadelphia, PA |
to tmh
said by tmh :said by zalternate:Whatever happened to when the ISP detected your machine as being a virus infested plague on their network and just shut you down.Then the ISP uses something called a 'Phone' and tells the customer why they won't have Internet for a while. But the customer may get their connection for a d Because the "Phone" is VOIP-based and went away right after you shut their connection down. Which is why we are not testing a walled garden that would do just that. |
|
jlivingood |
to dfxmatt
said by dfxmatt:you know what works well JL? a phonecall. We've been doing phone calls for awhile and the problem is that it doesn't scale particularly well, especially in comparison to how rapidly malware is spreading. Phone calls do continue though, from our CSA team. |
|
|
to dfxmatt
Except phone calls cost a lot of money and having an engineer or technician on the other end instead of a script reader costs even more. A better solution would be to have the message say:
1. An infection has been detected on this network and may or may not be present on this computer.
2. That this message is from Comcast and users may experience fake alerts which is a result of malware on their system and as such they should not purchase or give their credit card information out to any popups that may appear including this one as these may be scams.
3. Provide a phone number to call for information about this problem and links to guides.
4. Tell users to scan their computer for malware or contact their support provider and if the user doesn't have one at this point it may make sense to provide phone numbers for local support companies which comcast could partner with based on an IP / Geolocation check. This bit is a bit dubious since it provides the potential for advertising, but at the same time it also would allow Comcast to funnel users to a trusted outlet.
I for one applaud Comcast for taking this approach and I wish them the best of luck. I think walled gardens are a bad idea for all but the worst infections, so with luck ComCast can do this right and provide the rest of us with a basic working model. |
|
|
to Eagles1221
said by Eagles1221:Because the "Phone" is VOIP-based and went away right after you shut their connection down. ++++ Not sure how Comcast does it but around here TWC uses another VLAN for the VoIP phone. I would think its quite difficult to infect their Arris modem box so I can understand a 128Kb port with no filters on it for phone. True if the cable provider was also supplying your phone service. For 3rd party SIP-based VOIP, it goes out over IP just like the rest of your data. If the connection gets cut and grandma croaks because her cardiac monitor couldn't phone home, there'd be a lawsuit in short order. |
|
|
to jlivingood
Disable/wall garden only port 80. Another idea is have a X hour timer for reenabling internet access to get tools, after a couple a couple times the reenable link is clicked (stop abuse by lazy), block the user until they call tech support. |
|
jjeffeoryjjeffeory join:2002-12-04 Bloomington, IN |
to zalternate
Uh, you cut me off, I don't pay all of the bill. Also, most networks at home have more than one device connected. That could cause major problems!
I like that it looks like Comcast is trying to do some good though... Kudos! |
|
jjeffeory |
to Eagles1221
People use 3rd party Voip that isn't on that VLAN. They would be SOL. |
|