Comcast to monitor and inform subscribers when their PC is infected – Tech Products & Geek News | Geek.com
Filed under: Commentary, In case you missed it, News
This can’t be a good thing…
Comcast to monitor and inform subscribers when their PC is infected
Oct. 9, 2009 (9:01 am) By: Matthew HumphriesComcast alert
One of the biggest problems with an infected PC is that unless the user of that PC notices or realizes their machine is infected there is little that can be done about it. The emphasis is on the user to secure and monitor their own machine and therefore malware writers go to great lengths to ensure their infections remain silent and unnoticeable.
Comcast has decided it is going to take action and aid its subscribers by informing them if a machine is suspected of being compromised. It will do this by regularly monitoring the network activities of individual connections looking for the common signs of a machine being used as part of a botnet, for example. If such a machine is identified then a warning will be sent to that user as a service notice stating the following:
Comcast has detected that there may be a virus on your computer(s). For more information on how to clean your computer(s), please visit the Comcast Anti-Virus Center.
A security center link then takes that user to a page where they can find tools to clean up their machine. The message, as seen in the image above, is displayed on the Comcast website and a follow-up e-mail is sent, but other than that the company will not be contacting the user directly, so this warning can be ignored. No further action will be taken if the user doesn’t do anything, as this is just meant to be a helpful hint rather than the start of a process to get them running virus free.
Comcast has made it clear that the monitoring involved will remain anonymous with no data stored or looked at during the process. In order to determine what classes as a potential infection Comcast will employ independent help such as known infected IP lists from the likes of Spamhaus as well as its own analysis system. At worst a user may get to see one of these messages as a false positive. At best users who had no idea they were infected take action and clean up their machine.
Read more at DSLReports.com and a detailed description of the monitoring posted by Comcast on the DSLReports.com forums
Matthew’s Opinion
Malware writers are very good at covering their tracks and can make an infected PC act as normal while in the background it works as part of a botnet helping to spread spam. Most users wouldn’t even know their machine has been compromised and unless they run security checks how will they ever know? Some malware even blocks users going to security sites in an attempt to stop the compromise ever being found.
With that in mind this monitoring by Comcast should be welcomed. It is an anonymous check that just looks for the common signs of an infection and then its an unintrusive warning with no further intervention. You can’t get much more hands-off while still being helpful and it’s an important action to take. Spam levels are so high because there are so many machines out there on botnets pumping the stuff out to inboxes. Unless those PCs are cleaned up the spam will continue to flow and unless users know their machines are infected this will never change.
I’d argue Comcast should go further than just the message on a website and an e-mail. Why not phone up that subscriber and inform them that they may have an infected machine. Nine times out of ten I bet the response is one of “what do I do?” at which point they can be helped. A message or e-mail on the other hand may get overlooked or looked at with suspicion as a possible scam.
What do you think? Is Comcast’s idea one that should be copied across all ISPs? Should it go further than just a warning message on a website?
Related posts:
- Comcast: We’re Delaying, Not Blocking, BitTorrent Traffic – Bits – Technology – New York Times Blog
- More proof of Comcast port blocking
- Monitor Duty: The Lone Ranger To Ride Again
- ComicBase News: Tech Tips, Forums, and Windows Vista
- Wizarduniverse.com Infected?
Related posts brought to you by Yet Another Related Posts Plugin.
