Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comcast's War On Infected PCs (Or All Customers)

timothy posted more than 4 years ago | from the could-go-badly dept.

Security 304

thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.

cancel ×

304 comments

weak dollar (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29685355)

As a typical American with far more debt than savings, a weak dollar is in my interest.

I must also point out that our national debt is also in dollars.

To make a long story short, the less the dollar is worth, the less money I owe.

Re:weak dollar (-1, Offtopic)

richardkelleher (1184251) | more than 4 years ago | (#29685437)

Not seeing a relationship between your remarks and the news item in question, but I feel compelled to ask the questions: If your debt is in US $, aren't you also earning US $ to pay this debt off? How then are you ahead when the US $ is weak?

Re:weak dollar (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29685723)

My company sometimes sells my services overseas. I'm also likely to get significant pay increases in the not too distant future. As long as these pay increases take in to account the weaker dollar's purchasing power, I'm golden.

Everybody makes alot more now than they did in the 1950s. I don't see any reason for this trend to stop, and taking advantage of it is remarkably easy, irresponsible, and satisfying.

Re:weak dollar (-1, Offtopic)

PitaBred (632671) | more than 4 years ago | (#29685885)

Actually, most individuals make less than they did in the '50s. It's just that households make more on average [census.gov] , usually because both people are working.

Re:weak dollar (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29685991)

Nice work linking to a table that completely refutes your claim.

Re:weak dollar (0)

Anonymous Coward | more than 4 years ago | (#29686057)

Wow. Table reading fail. Check that one again, PitaBred.

Re:weak dollar (1)

Foobar of Borg (690622) | more than 4 years ago | (#29685955)

Not seeing a relationship between your remarks and the news item in question, but I feel compelled to ask the questions: If your debt is in US $, aren't you also earning US $ to pay this debt off? How then are you ahead when the US $ is weak?

His mom gives him his allowance in Euros. Although, to be fair, it could just as easily be in Indonesian Rupiah. That's right, even money from a third world country like Indonesia (don't take this as bashing Indonesia, I have relatives from there) is winning against the US dollar.

Re:weak dollar (0)

Anonymous Coward | more than 4 years ago | (#29685945)

You don't want a weak dollar. You want high inflation! They are seperate things, but usually come coupled together.

Seems fine to notify (5, Insightful)

Dunkz (901542) | more than 4 years ago | (#29685365)

As long as they don't act upon this information I don't see any issue with it. I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.

Sounds like a win-win for both Comcast and their customers if it's informational only.

Re:Seems fine to notify (1)

Krneki (1192201) | more than 4 years ago | (#29685401)

Agree, if they do it properly it could be useful service.

Re:Seems fine to notify (2, Insightful)

lgw (121541) | more than 4 years ago | (#29686069)

Agree, if they do it properly it could be useful service.

Except this is comcast we're talking about. They'll probbaly throttle and not notify.

Re:Seems fine to notify (-1, Offtopic)

Hognoxious (631665) | more than 4 years ago | (#29685421)

Yes but no but yes but no anyway it's unconstitutional because what abouut presumption of innocence and anyway she said I'm a slag and I never.

Re:Seems fine to notify (0)

Anonymous Coward | more than 4 years ago | (#29685589)

I didn't know Vicky Pollard had a slashdot account

Re:Seems fine to notify (0)

Anonymous Coward | more than 4 years ago | (#29685695)

it's unconstitutional because what abouut presumption of innocence

Comcast is not a governmental entity... they can presume guilt all they want.

Re:Seems fine to notify (1)

lessthanjakejohn (766177) | more than 4 years ago | (#29685445)

I don't think they will cut off customers. It would be a huge support hassle for them. We lost connection the other day and they sent out a tech guy the next day. That can't be cheap considering they are all contractors.

Re:Seems fine to notify (1)

0racle (667029) | more than 4 years ago | (#29685609)

A simple note on the account that you were cut off because of a suspected infection would prevent them having to send people out. I wouldn't want to see the call volume though.

Re:Seems fine to notify (3, Interesting)

Aoet_325 (1396661) | more than 4 years ago | (#29685625)

"I don't think they will cut off customers. It would be a huge support hassle for them. We lost connection the other day and they sent out a tech guy the next day. That can't be cheap considering they are all contractors." They shut them down already. This is just a way to cut costs by automating the notification process and giving infected customers a chance to clean up the problems themselves before they spew enough spam that a disconnection is needed. I certainly hope that they disconnect customers who neglect these notices and allow their computers to continue being used for spamming, phishing, etc. until they've re-secured their systems. I've seen ISPs doing this sort of thing via walled gardens with a lot of success, and I hope it catches on.

Re:Seems fine to notify (1)

be951 (772934) | more than 4 years ago | (#29686049)

It depends. It could be a good thing. Or if they use an overly broad interpretation of what might indicate virus or botnet activity, I could see it becoming a tool to shut down customers who just use a lot of bandwidth.

Plus, even if Comcast's intentions are good, it seems like a great way (for others) to phish. Think about it. Users are not used to seeing notices from comcast, but maybe they've heard about this initiative. So they get a pop-up saying "Comcast service notice. Your PC may be infected. Click here to go to our Anitvirus center". Then the user helpfully installs everything the site tells him to. How about an app that blocks the legitimate notices you're now getting from Comcast?

Re:Seems fine to notify (4, Insightful)

david_thornley (598059) | more than 4 years ago | (#29685507)

I like the idea a lot, but I don't know that there will be enough information for everybody.

When my ISP notified me of problems, it took a while to get enough information to figure out what was going on. As it turned out, it wasn't on a Windows box, and it wasn't a virus per se, but rather an inadequate password on an unsecured port. A message like "YOU HAZ BEEN PWNED!!!! HAHA!!" wouldn't have been enough for me to go on.

Still, the ISP is in an excellent position to watch accounts for bot-like activity, and is likely to be the first one to know.

My guess would be that those Comcast customers who insist they don't need anti-virus and do know how to surf the Web safely are going to get unexpected notices.

Re:Seems fine to notify (4, Insightful)

Bakkster (1529253) | more than 4 years ago | (#29686103)

My guess would be that those Comcast customers who insist they don't need anti-virus and do know how to surf the Web safely are going to get unexpected notices.

My guess is that those same users will think that the ISP is obviously wrong, and will continue along their merry way, spamming the world.

Alternatively, they will attempt to fix it by clicking that little banner ad for 'free antivirus' that popped up and told them the same thing...

OH, They have been acting for a while! (0)

Anonymous Coward | more than 4 years ago | (#29685553)

The second they detect spam on :25 for outgoing mail they block it. They won't unblock it. They won't give you info on what MAC triggered it, or the time and date the messages started, or even when they made the block.

I do lots of Removal {See Post (http://slashdot.org/comments.pl?sid=1388939&cid=29619053 for removal instructions!)}

I had one PC that was a bot zombie and while I was working on it (had it fixed w/in 24 hrs) they issued the block. no big deal for me, I want everyone to use more secure methods of E-Mail access. But I was floored that they couldn't give me any info about it or have any possibility to restore it. To unblock that port? They told me business class customers don't get any ports blocked. Hmm..... I look into that and it's $15 more a month same caps and only "benefit" was static IP (dynDNS... so I don't need it) and faster call-center response. What a rip! Oh they give you a domain name or something too, but those are like free now w/ any hosting company. They failed to mention if that included any kind of hosting services which might have swayed me, but probably not.

Re:OH, They have been acting for a while! (1)

clone53421 (1310749) | more than 4 years ago | (#29685679)

You hooked a bot zombie to your home internet connection before it was clean? Idiot.

Re:OH, They have been acting for a while! (1)

yurtinus (1590157) | more than 4 years ago | (#29685745)

Can you get the MAC address of a machine behind a NAT firewall?

Re:OH, They have been acting for a while! (0)

Anonymous Coward | more than 4 years ago | (#29685779)

No, but why is the NAT firewall letting the spam through to the outside world?

Re:OH, They have been acting for a while! (3, Informative)

ciggieposeur (715798) | more than 4 years ago | (#29685841)

> No, but why is the NAT firewall letting the spam through to the outside world?

Because having egress filtering on by default would piss off most users, so consumer NATs don't do that.

Re:OH, They have been acting for a while! (1)

John Hasler (414242) | more than 4 years ago | (#29686093)

> Because having egress filtering on by default would piss off most users, so
> consumer NATs don't do that.

And stateful firewalling is evidently beyond the comprehension of the manufacturers?

Re:OH, They have been acting for a while! (1)

Pentium100 (1240090) | more than 4 years ago | (#29685953)

Maybe because it's configured to let everything out, just filter the incoming traffic...
But probably it didn't do a good job there either, seeing as a computer behind it got infected (OTOH, it could have been an autorun virus)

Re:Seems fine to notify (1)

Em Emalb (452530) | more than 4 years ago | (#29685603)

I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.

I don't know about that. If I were Comcast, I'd probably do the pop-up thing with a link to a website with How-to instructions on virus removal.

Because if you notify the user, a lot of them are going to assume that since you made them aware of it, you have to fix it.

(which is obviously crap, but that's how a lot of people think...at least around these parts anyway. D.C.)

Re:Seems fine to notify (3, Insightful)

Mister Whirly (964219) | more than 4 years ago | (#29685937)

I think what you are describing is very close the the fake Antivirus 2009 malware that I have seen a lot of recently (popup with a link to software). I would imagine if ISPs started doing this, it would be easier for the bad guys to spoof users into installing software "to clean their infeced PC" that was "recommended" by their own ISP.

Re:Seems fine to notify (2, Funny)

John Hasler (414242) | more than 4 years ago | (#29686039)

I'll give you 2:1 odds that that is exactly what Comcast will do.

Re:Seems fine to notify (4, Insightful)

CopaceticOpus (965603) | more than 4 years ago | (#29685611)

I agree, and I think it is surprising it has taken this long to launch this service. This is a chance for Comcast to save money on bandwidth, improve their quality of service, and do something good for their users and for the Internet at large. They can do the right thing while increasing profits!

That being said, I'm sure they can find ways to screw it up. A pop up notice in the user's malware-infected browser is not the way to notify customers.

Re:Seems fine to notify (0)

Anonymous Coward | more than 4 years ago | (#29685795)

How can Comcast send these pop-ups? I try my best to run a clean system, removing all the extra junk (for example, comcast browser help objects) from my system, and using alternative browsers, etc.

Is comcast going to have to install software on my machine to monitor my usage and warn me? Or can they send a message straight from their IT dept when they see my IP address consuming mass bandwidth during a potential infection?

Re:Seems fine to notify (1)

Pentium100 (1240090) | more than 4 years ago | (#29685993)

No, but what they can do is redirect outgoing traffic that is destined to port 80 on some server to their server so that you go to google.com, but end up going to server.isp.com and getting the notice. Some of the ISPs in my country do this for other purposes too, for example to remind the user that he still hasn't paid for the connection this month.

Re:Seems fine to notify (5, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#29685665)

No, because this is how the usual user acts.

Tech: "Ok, you've got a virus"

User: "But why? I have X protecting me!"

Tech: "Well, you downloaded these kitten screensavers that appear to have a trojan on them"

User: "So you're going to remove my kitten screensavers!?!"

Tech: "Um, well yes."

User: "But you can't do that!!!"

Tech: "Well you want the virus gone right?"

User: "Not if it endangers my kitten screensavers!"

Tech: "..."

Add that plus all the scareware floating around with rogue AV software leads to a perfect storm.

Re:Seems fine to notify (0)

Anonymous Coward | more than 4 years ago | (#29686015)

"Rogue AV software" is a misnomer. It leads one to believe that the antivirus software on the user's computer has suddenly turned against them.

"False AV" would be a little more accurate, IMO, as it was never designed to actually remove any detections (not that it was designed to actually detect anything, either).

Working at a retail store that performs services, such as virus removal, on the general public's computers, I have actually seen instances where calling it "rogue AV" software will scare the customer away from wanting antivirus software at all. You wouldn't believe how difficult it is to explain to some people that this thing that keeps popping up claiming it found 7,000 detections is the virus.

Re:Seems fine to notify (4, Insightful)

cdrguru (88047) | more than 4 years ago | (#29685711)

I bet most run-of-the-mill users don't know they have the infection and could act upon it if they knew.

The problem is that most customers cannot do anything about their problems, except take the computer to someone that can help them. And because that is going to cost money, most people are going to wait until after Christmas, or after their vacation, or after their vacation after Christmas. Or until hell freezes over.

Assuming a pop-up of any sort is going to actually inform people is a mistake - almost everyone has some kind of pop-up blocking in effect today and the ones that get through are ignored.

The right thing to do is contact the person and see if they can explain the activity. No contact, cut off the account. No explaination, cut off the account. It does little good for the other 6 billion people on the planet to let infected computers continue to spew spam and phishing emails.

Re:Seems fine to notify (4, Insightful)

coolsnowmen (695297) | more than 4 years ago | (#29685959)

Yeah, Also, because If I got a pop-up that said, "your pc is infected" I would just close it and say "stupid phishers you'll never get me!" So, I'm guessing that pop-ups would be much less effective then a real piece of mail/phone message.

Re:Seems fine to notify (1)

nametaken (610866) | more than 4 years ago | (#29685983)

Or when their ISP tells them they have an infection they'll look at the BestBuy Geek Squad ad right next to it and take their machine in.

Re:Seems fine to notify (1)

John Hasler (414242) | more than 4 years ago | (#29686065)

> ...BestBuy Geek Squad ad right next to it and take their machine in.

After which there will be no doubt about it being infected.

Re:Seems fine to notify (0)

Anonymous Coward | more than 4 years ago | (#29686053)

IF your pipes leaks, it's your repsonsibility, if your computer eedds work then its your responsibility.
What water beauru isn't going to fix your pipes for free.

Re:Seems fine to notify (1)

rinoid (451982) | more than 4 years ago | (#29686083)

It's a segue way to deep packet inspection and bandwidth metering/shaping.

You all know how IT Dilberts can get away with pure lack of inspiration or willingness to provide service by using the "it's a security problem" trump card...

I am a spam comment (0)

Anonymous Coward | more than 4 years ago | (#29685377)

Now your bandwidth has spiked.

FP

IP, FP (2, Insightful)

Hognoxious (631665) | more than 4 years ago | (#29685383)

Thanks for spelling IP out for us.

Re:IP, FP (1, Insightful)

mcgrew (92797) | more than 4 years ago | (#29685467)

If they just said "IP" many here would think they were referring to Imaginary Property. Spelling out acronyms is a good thing, even if your audience probably knows what the acronym means.

Bad subject, this is a GOOD thing... (4, Insightful)

nweaver (113078) | more than 4 years ago | (#29685389)

ISPs need to notify their customers. Many customers don't really have email contact from their ISP for various reasons (eg, me!). But injecting a pop-up for notification purposes DOES work.

Yes, the same technology can be used for evil abuses like ad injection, but this is exactly what SHOULD be done.

Re:Bad subject, this is a GOOD thing... (4, Insightful)

i.r.id10t (595143) | more than 4 years ago | (#29685423)

How many folks ignore popups though?

I'd think the solution could be more like what they do when they are messing with DNS - identify customers with issues, redirect their DNS queries to a box that puts up a page that describes what is going on, why they are seeing that page instead of google or whatever, and a number to call at the ISP for assistance.

Re:Bad subject, this is a GOOD thing... (-1, Troll)

I'm not really here (1304615) | more than 4 years ago | (#29686115)

If Comcast redirected for my FTP upload of client data scheduled during the 1 hour downtime that we have worked 3 weeks to schedule... I'd sue for damages. Plain and simple.

I work from home. I am a contractor. I upload large amounts of data all at once, and do it late at night because the network uploads crawl during the afternoon and early evening. I'm trying to be conscientious to my neighbors who use Comcast by not overloading the upload bandwidth on our block during normal hours (as well as be efficient by avoiding sitting around waiting for files to upload), and Comcast decides to throttle or redirect my traffic because it was running at 1 AM and caused a large spike in traffic?

Trust me, I'd most definitely sue, and if I have a competent lawyer that can prove actual damages, I will win and hit them for all they are worth.

This is a very good thing (2, Insightful)

davidwr (791652) | more than 4 years ago | (#29685435)

Even better would be to give me my choice of notification mechanisms:
*pop-up
*email
*sms
*robo-phonecall
*no notification

Re:Bad subject, this is a GOOD thing... (1)

piojo (995934) | more than 4 years ago | (#29685461)

It seems like a good thing, so long as there's some way to tell Comcast, "No, my PC really isn't infected, I just run a mailing list," or something. I'm not sure opting out would be the right solution, though, because if someone is participating in a botnet, they should be subject to warnings (and eventually being disconnected).

Re:Bad subject, this is a GOOD thing... (1)

SBrach (1073190) | more than 4 years ago | (#29685803)

Running a mailing list is against many ISP's, including Comcasts I believe, ToS.

Re:Bad subject, this is a GOOD thing... (2, Insightful)

Anonymous Coward | more than 4 years ago | (#29685483)

How will it be distinguised from the "Your computer is infected?!??!" ads that customers are told to ignore.

Re:Bad subject, this is a GOOD thing... (5, Insightful)

MadRocketScientist (792254) | more than 4 years ago | (#29685495)

I disagree. Using pop-ups as the notification method will likely trigger a new round of malware attacks that look like official Comcast notifications, complete with helpful links to download scanner and removal tools.

Re:Bad subject, this is a GOOD thing... (4, Interesting)

garcia (6573) | more than 4 years ago | (#29685771)

I disagree. Using pop-ups as the notification method will likely trigger a new round of malware attacks that look like official Comcast notifications, complete with helpful links to download scanner and removal tools.

When AT&T ran things during the ATTBI days they would routinely shutdown connections for subscribers who had known issues (trojans, etc). It would set their cable modem config file to some dummy one which would only get them to AT&T internal network pages and they'd have to call in to get working again--if they fixed the problem.

I don't see why that type of thing can't be restarted. Maybe there are just so many infected machines (and based on my webserver logs from Comcast's IP ranges, I'd guess this is true) that their phone staff just wouldn't be able to handle the volume.

Re:Bad subject, this is a GOOD thing... (0)

I'm not really here (1304615) | more than 4 years ago | (#29685965)

Two words:

False Positives.

Ok, so I can't stick to two words... When a business is legally using their internet connection (a contractor uploading a very large set of files, including videos, etc., to update a client's live website, for example), and Comcast's actions cause that company to lose business or money due to breach of contract (deadlines are missed, live site goes down due to having only partially updated their files due to Comcast cutting the connection, etc.), there will be lawsuits, and Comcast will likely lose.

Re:Bad subject, this is a GOOD thing... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29685791)

Why not just create an automated telephone system informing users. Seems like trying to get the infected machine to show pop-ups would be more difficult.

Re:Bad subject, this is a GOOD thing... (1)

EvilBudMan (588716) | more than 4 years ago | (#29685809)

Really, paper seems to be the best way even though it might take a couple of days. But......knowing Comcast, they will probably just ax you, and tell you about it later.

Re:Bad subject, this is a GOOD thing... (0)

Anonymous Coward | more than 4 years ago | (#29685531)

Chances are the user infected the computer by responding to ... wait for it ... an unsolicited popup warning him of a possible infection! Click now to scan your computer!

So... well, maybe your idea would work after. We already know the user will click on anything.

If only they had some other means of communicating (4, Insightful)

RingDev (879105) | more than 4 years ago | (#29685787)

It's really too bad that a cable company doesn't have any other means of communicating with their customers other than the internet. If only some how they could find out where their customers live, which I admit does sound like a startling infringement on their customers' right to privacy, they could convey such a warning with out worrying about web etiquette or spam filters.

-Rick

PS: In case your browser doesn't support them, there are sarcasm tags on the proceeding paragraph.

Evil Abuses Such As (1)

dmomo (256005) | more than 4 years ago | (#29685905)

[comcast senses new p2p activity coming from a home IP]
Comcast Pop: Dear User, you recently installed a networked application. This application is spyware and is probably stealing your credit card information as we speak. For your safety, remove the software and any corrupted media downloaded by it.

Or... (1)

click2005 (921437) | more than 4 years ago | (#29685393)

It could also indicate software updates (like Linux)
Bittorrent vis a VPN
Someone working nights
Offsite backup

Theres any number of possible reasons for traffic spikes to a single IP but I'm guessing its more about encrypted Torrents.

What could possibly go wrong? (1)

HeronBlademaster (1079477) | more than 4 years ago | (#29685395)

For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus taking control of the system

... or it could mean someone decided to seed every ISO known to man at the same time.

I know that's probably not something Comcast is interested in supporting, but it's not against the ToS, so I really hope they aren't going to automate any disconnections (even temporary) based on this.

I thought this was a good idea? (1)

poetmatt (793785) | more than 4 years ago | (#29685409)

as someone says above, isn't notifying of possible infections a good thing? I mean enterprise supposedly has better ways to detect it than a normal consumer, especially since comcast in the ISP business?

Additionally, it's something that not only is good for consumers but good for comcast, assuming they don't use it as false positives to cut off bittorrent users (which I find unlikely to happen anyway).

When I think of Comcast, I think of progress. (5, Insightful)

InMSWeAntitrust (994158) | more than 4 years ago | (#29685413)

"The new service will eventually be rolled out in the rest of the country, replacing the phone calls Comcast has been using to notify customers to security problems, Opperman said."

So wait, instead of a personal phone call (which they apparently had been doing before anyway), now it'll be a popup just like the 50 other ones the user sees because he or she's infected with malware to begin with?

Nice.

Re:When I think of Comcast, I think of progress. (1)

dgatwood (11270) | more than 4 years ago | (#29685455)

Or the 50 other popups that say "Your computer is broadcasting an IP address" that everyone ignores because the supposed "virus scanners" install malware?

Re:When I think of Comcast, I think of progress. (1)

Kylock (608369) | more than 4 years ago | (#29685569)

Paying people to make these calls can be pretty costly. The article also states that by automating the process, they'll be able to reach out to more customers. I assume this means they will lessen the existing threshold for "evil traffic" notification.

If they are running some sort of IDS, and they are able to help people become aware of infections/backdoors/etc., they can probably salvage a good deal of bandwidth from garbage/unwanted traffic.

Re:When I think of Comcast, I think of progress. (0)

Anonymous Coward | more than 4 years ago | (#29685595)

Phone calls don't scale.

Nice try. (5, Interesting)

WiiVault (1039946) | more than 4 years ago | (#29685419)

Pardon me if I assume that everything Comcast does is anti-consumer unless proven otherwise. Their record certainly reinforces this skepticism. Sounds to me like they are trying yet again to scare people who torrent or use P2P oftware. Of course since they "can't" throttle, they are coming up with new ways to encourage their paying customers to use less of their "unlimited" bandwidth. Thanks for loking out for us Comcast.

Re:Nice try. (0)

Anonymous Coward | more than 4 years ago | (#29685537)

Can't? Last I heard in the news (granted it was 4+ months ago) was that Comcast still had plans - or had something in place, I can't remember - to either charge gobs extra for people who went over a cap, or throttle their service. You have a link, so I can catch up on the story?

I'm not a fan of having my usage monitored. If I don't bring down the servers, you have no reason to be tracking my usage, right?

Re:Nice try. (3, Interesting)

Kylock (608369) | more than 4 years ago | (#29685661)

A co-worker of mine recently had his service terminated because he had exceeded 1TB of downloading in a month. I'm not sure if this is a regional thing, but that seems like a really high cap. Ultimately, he called them and the solution was to upgrade to a business class connection. It ended up costing him an additional $20 (iirc) a month, but he now has a higher upstream and a static IP. He was cool with that as it seems this works out better for him anyway, but any sort of cap for an advertised unlimited service is a bit ridiculous.

Comcast Antivirus 2009? (4, Insightful)

silent_artichoke (973182) | more than 4 years ago | (#29685473)

Sure thing, users NEVER get popup warnings about being infected and promptly ignore them... Unless they are really from the virus itself and are asking for credit card information.

Re: Antivirus mostly == malware (1)

xiando (770382) | more than 4 years ago | (#29685741)

Sure thing, users NEVER get popup warnings about being infected and promptly ignore them... Unless they are really from the virus itself and are asking for credit card information.

This is so true. I was asked to look at a Windows box the other day because of numerous pop-up alerts about attacks from the Internet(s). I never heard of the "security software" which gave these warnings, so I disconnected it from the Internet. Guess what, it was supposedly still being "attacked" on random ports by random IPs. Who benefits from this crime? Me, obviously, since I secured dinner by removing the malware.

I agree, (2, Insightful)

popeye44 (929152) | more than 4 years ago | (#29685477)

But having to set a cookie on each machine I want to disable their fucking dns redirect doesn't give me much hope. Love the speed.. hate the company!

I think we're slowly but surely seeing the end of what was a really great thing. Open unfiltered internet. In a few years it will be an expanded version of tv with none to little user control about what we want to see. Soon it will be.. we noticed your IP has downloaded X amount of gigs in the last two days. It's impossible that you are doing anything legit and we are going to cancel or reduce your connection speeds for a month if you continue illegally downloading. PS. This may have been a virus and if so please take your pc to an **authorized vendor to clean it.

**Vendor may also scan for copyright infringements on your pc in which case it will be kept at evidence.

I can see where this is going... (1)

sloth jr (88200) | more than 4 years ago | (#29685487)

Greetings,

We recently detected abnormal activity on your computer associated with a virus infection. To protect your computer, please verify your name, password, and birthday, and then download this anti-virus software.

My ISP just blocked me for getting conficker.. (4, Interesting)

Anonymous Coward | more than 4 years ago | (#29685489)

and I'm glad they did so. I was being lazy and neglected to install a virus scanner on one of the PCs hooked up here, and it got infected with conficker. Basically my ISP (XS4ALL, a Dutch ISP) detects this and blocks most of the traffic (getting mail still works), shows a warning page when you try to open a website, and some instructions on how to get through the blockade with a proxy, and how to clean up your PC. They'll only unblock you once you have gone through a number of steps to clean up your PC (running some trojan scanners etc.). This may seem harsh, but I think if every ISP did this there wouldn't be some many huge botnets out there and perhaps a lot less SPAM as well.

What is it with Comcast (0)

Stargoat (658863) | more than 4 years ago | (#29685511)

What is it with Comcast, always messing with blocking ports, messing with DNS entries, and making the IT guy's life difficult in general?

Re:What is it with Comcast (1)

Firemouth (1360899) | more than 4 years ago | (#29685541)

What is it with Comcast, always messing with blocking ports, messing with DNS entries, and making the IT guy's life difficult in general?

Job Security!

Does it matter? (0)

Anonymous Coward | more than 4 years ago | (#29685523)

Is there anybody with a firewall left that still allows any inbound traffic from comcast IP space?

Opt-out? (3, Insightful)

Zortrium (1251080) | more than 4 years ago | (#29685533)

This seems harmless enough to me if Comcast provides an opt-out service (like they do for their DNS-redirection). Someone who's savvy enough to opt-out of this is probably not as likely to get malware-infected, and the rest of the population probably doesn't care very much about the service either way. As for the monitoring aspect, I doubt that Comcast is actually examining customers' traffic any more as a result of this -- they're probably just using their existing heaps of data to implement this.

Too little too late (1)

Batou (532120) | more than 4 years ago | (#29685557)

"when we see computers on our network that are doing things that are known bot activities--say, a computer is spewing out thousands of spam e-mails,"

Yeah, well done chief. How about you take that menace down until the idiot behind the box fixes it? How about that? How on earth does verified network abuse not warrant an immediate disconnect?

As an email admin, this is welcome news, but it's yet again not enough. Keeping botnets in check is admittedly not the easiest thing in the world for an ISP to tackle, but for fuck's sake, direct to MX smtp traffic from residential IP space couldn't be simpler to capture and redirect prior to leaving their network cloud, and if the morons at Comcast et al would get their shit together and act responsibly for a change, they might actually be part of the solution to the spam problem as opposed to one of the biggest contributers to it.

Pop-up "where"? (1)

kheldan (1460303) | more than 4 years ago | (#29685563)

I know TFA shows it on Comcast's page.. but still this is Comcast we're talking about. Are they going to just inject a pop-up while I'm randomly surfing?
Also, prepare for brand-new phishing tactics in 3, 2, 1..
Also, joining the chorus on this being tied to anti-P2P intentions.

flyswattery. (4, Insightful)

nimbius (983462) | more than 4 years ago | (#29685579)

this proves and solves nothing, its a frogboil tactic they use to get customers familiar with their 'responsibility' on their network. soon it becomes "we kick you off if we find malware." Internet providers are already shovelling this bullshit with port scanning and automated warnings regarding account termination. Treating customers like dirt, redefining what "demand" is in terms of the business model, and shaping the services you supply sure is alot easier than actually scaling infrastructure to meet real-life demand.

Or it could be a torrent, of course (1)

roc97007 (608802) | more than 4 years ago | (#29685593)

Will be interesting how they handle that.

I predict (1)

yup2000 (182755) | more than 4 years ago | (#29685599)

This will work great... until someone duplicates their warning popup, and take that poor customer off to a malware site!

Great...another thing for scammers to spoof (1)

BcNexus (826974) | more than 4 years ago | (#29685643)

This is another message that scammers will spoof. Know all those fake/rogue virus warning pop ups? Yeah, just like that.

Exactly HOW do they do this? (1)

xiando (770382) | more than 4 years ago | (#29685655)

Comcast story is that "we are testing a new "Service Notice" customer alert that lets people know if we have reason to believe their home computer has been infected with a bot. The Service Notice is sent to appear in their Web browser with a direct link to our Anti-Virus Center where they can diagnose the problem and take steps to fix it"

This sounds like they are going to inject the supposed "Service Notice" into tcp-streams on port 80 if you are using software Comcast never heard of such as GNU/Linux. Their story includes tidbits of information such as "They can also get the Comcast Toolbar which includes spyware and as well as pop-up ads with built-in phishing" (fixed that for them), but they do talk about the "Service Notice" they plan to inject into peoples web-pages as something different. I want my HTML pages as the server I fetch them from sends'em, I hope random "Service" (and eventually advertisement) injection does not become an industry standard.

More Phishing (2, Informative)

kcornia (152859) | more than 4 years ago | (#29685693)

Over under on new phishing e-mails is about 2 seconds.

From: Comcast
To: Joe Usar

NOTICE: Your computer has been infected

To who it may concarn:

Please be to aware that your computer has been infected by virus. Please click here and verify your payment information so we can authorize removal of your viruses. If you do not your account blocked!!!!

Prediction (5, Funny)

bistromath007 (1253428) | more than 4 years ago | (#29685701)

Comcast Gold PCGuard+ Express Pro has detected a significant overnight spike in your network usage that suggests your PC may be infected with a virus. This process has been identified as utorrent.exe. It is recommended that you delete all files related to this program immediately to keep your personal information secure.

Doomed from the outset (2, Insightful)

SirGarlon (845873) | more than 4 years ago | (#29685707)

I don't predict a good outcome from this. Comcast will be flooded with incoming tech support calls from customers, half panicked about a virus they don't have and the other half angrily denying a virus they do have. And Comcast will discover that the cost of all those calls far outweighs any benefits they receive from the new system.

Re:Doomed from the outset (1)

djupedal (584558) | more than 4 years ago | (#29685855)

> Comcast will discover that the cost of all those calls far outweighs any benefits they receive from the new system.

BS

This is Comcast - what better way to get customers on the phone so they can be upsold?

Oblig (2, Funny)

ParanoiaBOTS (903635) | more than 4 years ago | (#29685739)

That made me think of this: http://xkcd.com/570/ [xkcd.com]

Hey, it must have been introduced here. (3, Funny)

jtownatpunk.net (245670) | more than 4 years ago | (#29685781)

They even proactively installed AntiVirus 2009 on my system. Gosh, it's amazing how many viruses I had and didn't even know it.

My original DSL company (1)

Orion Blastar (457579) | more than 4 years ago | (#29685805)

one time shut off my DSL account. I was downloading a Red Hat Linux ISO file via BitTorrent. I called them up and they claimed they saw virus like activity on my connection and then shut off my Internet access to prevent my computer from infecting others. I told them I would remove the virus and they said they would restore access. I had to set my BitTorrent program to use a lower setting for bandwidth to avoid tripping off their false positive virus detection. I switched to a different DSL ISP after that.

Will they warn me about Comcast Spyware? (2, Interesting)

dmomo (256005) | more than 4 years ago | (#29685827)

I had a tech come by to fix a line issue. When his fix didn't work, he needed a computer to debug with. I let him use an extra laptop I had lying around. The jerk put some kind of Comcast toolbar on IE. I don't remember the details, but removing it was not trivial. Not insane, maybe, but definitely designed to be annoying for the average user to remove. I'm not sure if the tech was pressured to do that or if it was just something that the page he was told to access from users' machines did automatically. I just re-imaged the thing, but still. It left a bad taste in my mouth.

If handled properly.. (4, Interesting)

pavera (320634) | more than 4 years ago | (#29685861)

Ok.. so its Comcast and we can all assume they will handle it poorly, but I worked at a small local ISP and was responsible for implementing just such a system on our network. The system would notify our NOC engineers about suspected infections, they would investigate more fully, and if the traffic was really suspect, we would log a ticket with customer support who would then call the customer. If we were unable to contact the customer for 48 hours and they didn't call us back we would disable their service.

Now, it was a little different as we are small and local, and we would send a tech out to their house to help clean the virus off their machine. When customer service called that was part of the call.. It went something like this: "We have detected suspicious traffic coming from your connection. To protect our network and your neighbors who also use our service, if the traffic does not stop within 48 hours we will disconnect your service. If you need any information about the traffic in question we can have an engineer contact you. Also, if you need help installing, updating, or using virus and or spyware removal software, we will be happy to send a tech support engineer to your house to help you remedy this situation."

We didn't charge for that tech support house call, it was just part of providing excellent service. In short, if it were to be handled appropriately, I don't see any problem with this sort of system. That being said, I feel comcast will probably really botch this, just as any large telecom company would.

Our system never detected a false positive on for example bittorrent traffic. We did have some on the IRC ports, but less than 5% (not that many people actually use IRC anymore, on a residential ISP network, probably 95%+ of IRC traffic is botnet control). We never turned off someone's connection who was validly using IRC. The customer service tech would ask "do you use IRC?" almost everyone would say "uh.. what is that?" The few people who use it would say "Yes I do" and we would say "Oh ok, that explains it" and that would be that.

We only ever turned off 1 person's connection, they had left their machine on and left on vacation and it was on a botnet. We disabled their connection as we didn't get a response from them, when they got back they called in, we sent out a tech and cleaned up their machine and that was that.

Re:If handled properly.. (1)

The Angry Mick (632931) | more than 4 years ago | (#29686051)

We didn't charge for that tech support house call, it was just part of providing excellent service.

Sadly, I don't see Comcast caring a whole lot about "excellent service".

I sincerely wish they did, but here in Georgia, the only "excellence" they've demonstrated thus far is in an ability to increase rates, reduce quality of service, and infuriate existing customers.

significant overnight spike in traffic (1)

jDeepbeep (913892) | more than 4 years ago | (#29685981)

A significant overnight spike in traffic is a sure sign that I don't have to go in to the office the next day.

Who uses their Comcast email? (1)

slagell (959298) | more than 4 years ago | (#29686023)

I have lots of email addresses, but I have never used a Comcast email address even though they are my ISP. I wonder how many customers would even get these messages.

I count myself lucky... (4, Informative)

endofoctober (660252) | more than 4 years ago | (#29686029)

...that they called and told me that I had a zombie PC. I run updates, antivirus software and am very careful about where I go on the web, and what I download. Despite all my precautions, though, my PC got infected via an infected CD from my office (autorun is now turned off, btw). I got a call from Comcast saying that they'd noticed some odd traffic. The tech guy said it looked like my PC had been infected although it didn't seem to be actively sending/receiving any unusual data. After a quick re-scan with my antivirus software, it was gone, and all was right with the world (well, my tiny corner of it, anyway). I was used to Comcast sucking hardcore before this happened. Now my attitude is a little better toward them -- the Comcast tech guy knew his stuff, and was very helpful.

How about /. coming up with a solution? (2, Insightful)

HockeyPuck (141947) | more than 4 years ago | (#29686035)

Here's a question for the masses here on /.

How would you notify customers that their machine is spewing spam or part of a botnet? Would you continue with the phone calls? Surely paying people to call customers about a virus can't be cheap, and doesn't scale. What is your ISP doing about this?

Even if what comcast is doing isn't the best solution, it's gotta be better than doing nothing, or taking the draconian measures of turning off service until you call in and they tell you, "Sir/Ma'am we turned off your service because your home computer is sending out spam. Once you've fixed it, we'll turn your service back on." I work at a "large database company" and in our labs if a lab machine is detected to be infected, the lab admins will shut of the ethernet drop that server connects to until you fix it.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...