funsec mailing list archives
Re: Big Cheers for Qwest
From: security curmudgeon <jericho () attrition org>
Date: Tue, 2 Oct 2007 22:49:28 +0000 (UTC)
I'm CCing the Qwest media contact listed on their page for kick. Hopefully Johnna can shed some light on my questions and concerns. : Qwest would like you to know they've launched some fancy new "Consumer : Internet Protection." : : According to Qwest, the new program notifies you that your computer is : infected, gives you information on how to remove the infection, and then : provides you with anti-virus software. : : More: : http://consumerist.com/search/internet%20qwest-launches-customer-internet-p : rotection-program-306153.php/ : : Qwest: : http://www.qwest.com/about/media/pressroom/1,1281,2234_archive,00.html : : I applaud Qwest in this endeavor -- they have taken the lead among ISPs : to at least begin seriously addressing the botnet problem: This will be interesting. Since Qwest gives their broadband customers a crappy little Actiontec router (i can't do half of my legitimate business work from my home network), which does manage to act as a decent firewall, most infections are likely from browsing bad web sites or double clicking attachments. Since they can't scan their customers computers, they are looking for this bad traffic by: Qwest proactively monitors its network to detect viruses or malware. When one of these is discovered, the Qwest Customer Internet Protection Program notifies the specific customer of the infection; gives the customer information on how to remove the infection; educates the customer on good Internet security practices; and provides the customer with additional resources, including downloadable or online anti-virus software. The Qwest CIPP only acts on malicious network traffic on the public Internet; the program does not scan or otherwise monitor content on customers' computers. This makes me wonder what they are using to monitor, and what they are monitoring for. If I send Ferg a .zip with malware for him to study or reverse, will I be flagged? How updated are the signatures, since the big breakouts are often due to spyware/antivirus software not having the signatures for recently developed malware? They monitor for malicious network traffic, and they don't monitor content on my computer. Clever wording or honest mistake? Do they monitor for *content on the network*? Even more amusing, from their recommendations: * Make sure there's an up-to-date firewall operating on each computer and on broadband Internet modems. Qwest ships a router that does not let you load software on it really. For those who can, it is a very very small and very technical minority. The Actiontec router has a web based management interface that has a facility to upload new router firmware, telnet access to the router and it runs BusyBox (http://www.busybox.net/) that last I checked, violates the license (http://www.busybox.net/license.html). * Use passwords and strong encryption on wireless (WiFi) access points to ensure networks are secure. The router they ship comes with a blank or default password and upon setup, does not force you to pick a new password. If you do, there is no password length or complexity requirements. It also ships with WEP turned off. * Visit www.incredibleinternet.com for resources on how to have safer online experiences and to learn more about identity theft prevention and keeping children safer on the Internet. Check out that site and poke around. You may notice several glaring security problems. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Big Cheers for Qwest Paul Ferguson (Oct 02)
- Re: Big Cheers for Qwest security curmudgeon (Oct 02)
- Re: Big Cheers for Qwest Dude VanWinkle (Oct 02)
- <Possible follow-ups>
- Re: Big Cheers for Qwest Paul Ferguson (Oct 02)
- Re: Big Cheers for Qwest security curmudgeon (Oct 02)