Comcast Trials Browser Alerts for Bot-Infected Customer PCs
Comcast, the nation's largest residential Internet service provider, this week began rolling out an initiative to contact customers whose PCs appear to be infected with malicious software, by notifying these users via Web browser alerts.
The Philadelphia-based cable Internet company has already been alerting bot-infected customers via phone for the past year, but a pilot program in Denver that began Thursday will inform affected users with a so-called "service notice," a semi-transparent banner that overlays a portion of whatever page is being displayed in the customer's Web browser.
Customers can then either move or close the alert, or click "Go to Anti-Virus Center," for recommended next-steps, which may include downloading and running the McAfee anti-virus tools the company offers for free, or purchasing a cleanup package and allowing a Comcast technician to attempt to remotely diagnose and fix the problem.
Jay Opperman, senior director of security and privacy at Comcast, said the company opted to move to Web-based alerts due to an overwhelmingly positive response from customers who were alerted about bot infestations via telephone. To identify problem customers, the company is relying mostly on reputation information gleaned by anti-spam groups like Spamhaus.org, which track the Internet addresses of systems seen sending spam or participating in prolonged malicious activity online.
"These bots not only send spam, but [most of them] also steal financial and credit card information, and people are put at significant risk when their personal information has been stolen," Opperman said.
Customers who receive the alerts but do nothing will be reminded again in seven days if Comcast detects that the user's PC is still infected, Opperman said.
Opperman declined to say how many alerts the company has issued -- either via phone or through this new system, but said the company will focus on working out any kinks in the system before scaling it up.
"We could be serving a lot more alerts, millions really," Opperman said. "In general, the data we get [shows that] anywhere between 10-15 percent of [an average ISP's customers] is with these bots at any one time. Because it's a new system and a new experience for customers, we're going to start up slow and then scale."
Comcast is using the Denver testbed to fine tune their response to customer feedback, but the program is very much on track for completely deploying the service across the company's residential network: Opperman said he expects the initiative, which the company has dubbed "Constant Guard," to be rolled out to all of Comcast's 15.3 million residential customers by the first quarter of next year.
Opperman said he believes the project is the first of its kind in the industry, and that Comcast studied multiple alternative approaches before settling on this one. Specifically, the company considered placing problem customers in so-called "walled gardens," which attempt to limit the customer to browsing a small number of sites designed to help them clean up a bot infection. Canada's Cogeco and Cox Communications both have experimented with the walled garden approach (see my interview with Cox's Matt Carothers on this topic from back in April 2007).
"We looked at those mechanisms, and they're very disruptive to other services, like VoIP [voice over Internet protocol, or Internet-based telephone calls]," he said. "We felt the service notice was the best way to inform customers and get them to contact us so we can help. without being disruptive."
The primary challenge to this program, aside from actually helping customers rid their PCs of bot infections and keep them clean, may come from the criminals themselves. One of the most persistent threats to Internet users today are rogue anti-virus programs that use fake security alerts to trick consumers into downloading malicious programs or at the very least paying for worthless software.
Opperman said Comcast is attempting to combat this potential scam by including a link in the banner alert that explains "How do I know this notice is from Comcast?" Among the answers they will list is that Comcast will be sending affected users an e-mail alert at their primary account at the same time as the browser alert is displayed.
October 9, 2009; 3:51 PM ET
Categories: From the Bunker , Safety Tips | Tags: bot, comcast
Save & Share: Previous: Adobe Warns of Critical Threat to Reader, Acrobat Users
Next: E-Banking on a Locked Down (Non-Microsoft) PC
Posted by: Eremita1 | October 9, 2009 5:45 PM | Report abuse
Posted by: BTKrebs | October 9, 2009 6:06 PM | Report abuse
Posted by: amturnip | October 9, 2009 6:43 PM | Report abuse
Posted by: rhsimard | October 9, 2009 7:08 PM | Report abuse
Posted by: AlphaCentauri | October 9, 2009 8:24 PM | Report abuse
Posted by: jackrussell252521 | October 11, 2009 12:24 PM | Report abuse
Posted by: jbmoore61 | October 12, 2009 8:18 AM | Report abuse
Posted by: FaustoCG | October 12, 2009 10:07 AM | Report abuse
Posted by: burnfromwithin | October 12, 2009 10:24 AM | Report abuse
Posted by: jackrussell252521 | October 13, 2009 5:33 PM | Report abuse
The comments to this entry are closed.