funsec mailing list archives
Re: dumb. Comcast pop-ups
From: Rich Kulawiec <rsk () gsp org>
Date: Sat, 10 Oct 2009 12:42:04 -0400
On Sat, Oct 10, 2009 at 12:05:24PM -0400, Jon Kibler wrote:
A *much* smarter move on Comcast's part would be to simply null route any suspected infected computer until it is cleaned up.
Absolutely. Infected systems should be walled off *in toto* (not in part, as some on NANOG have recently suggested, not grasping the true nature of the problem) until they're fixed.
Yes, that would put a greater load on Comcast's support staff, but maybe they could do it smarter -- like limit access to only the Comcast and legit AV vendor's web sites. Not a 100% cure, but I would think it would create less problems than pop-ups that get ignored and spawn rogue pop-ups that create even more malware infection.
I'm with this as far as it goes. (And I certainly agree that sending pop-ups is off-the-scale idiotic.) But...the first improvement I'd make to this would be to gain agreement from those AV vendors to host mirrors of their sites inside my own walled garden so that no external traffic at all is permitted. Surely an entity the enormous financial resources of Comcast could make this happen, and surely it would be in the interest of AV vendors to collaborate. The second would be to dispense with this approach entirely: too many people, in fact, I'd say *most* people, labor under the delusion that it's possible to boot a known-infected system off known-infected media and get the desired outcome. But Comcast won't even attempt this, because the accompanying support costs would cut into their massive profits. Let us also not forget that Comcast is *finally* taking this first, bumbling, feeble step most of a decade after the problem was very well-known among the clueful portions of the community. Any competent organization would have acted within days, at most, even if that action was being scripted on-the-fly. (Compare/contrast with the speed and efficiency of the response to 11/2-3/1988.) ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups), (continued)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Rich Kulawiec (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Rich Kulawiec (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Rich Kulawiec (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Nick FitzGerald (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Rich Kulawiec (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Michael Collins (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Michael Collins (Oct 13)
- Re: dumb. Comcast pop-ups Toralv_Dirro (Oct 10)
- Re: dumb. Comcast pop-ups Jon Kibler (Oct 10)
- Re: dumb. Comcast pop-ups Michael Collins (Oct 10)
- Re: dumb. Comcast pop-ups Jim Murray (Oct 11)
- Re: dumb. Comcast pop-ups Jon Kibler (Oct 11)
- Re: dumb. Comcast pop-ups Michael Collins (Oct 11)