Re: dumb. Comcast pop-ups

["Alex Lanstein" <ALanstein () FireEye com>]

I like that Comcast is at least trying /something/ to protect their users.  They've been at the forefront of these 
initiatives in the US for a while - first to block windows service ports, first to block outbound port 25, (one of 
the?) first to provide free AV, etc. 

Obviously they need to be an unobtrusive as possible, so I think it will move to some sort of walled-garden in the end, 
where the user can simply opt out for X days if they don't care about the infection.

Alex

________________________________________
From: funsec-bounces () linuxbox org [funsec-bounces () linuxbox org] On Behalf Of Jon Kibler [Jon.Kibler () aset com]
Sent: Saturday, October 10, 2009 12:05 PM
To: RandallM
Cc: funsec
Subject: Re: [funsec] dumb. Comcast pop-ups

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RandallM wrote:
> might have seen this...its just that the first thing I thought of is
> how much I "already" warn people about not clicking on popups and now
> comcast is going to give some. Real comcast, or mimic?
>
>
> http://tech.yahoo.com/news/ap/20091009/ap_on_hi_te/us_tec_comcast_virus

I saw this a couple of days ago when the announcement first went out. My
immediate thought was, "Great. Here is another major vendor with which Mom&Pop
interact, that is deploying already broken 'security' technology. Why don't they
just publish a formal invitation asking all crackers to further infiltrate their
network: 'Please use wget or curl to copy our "you are infected web page" and
then change all the underlaying URIs to point to your malware sites instead of
the links we provide.' How lame can you get, Comcast?"

A *much* smarter move on Comcast's part would be to simply null route any
suspected infected computer until it is cleaned up. Yes, that would put a
greater load on Comcast's support staff, but maybe they could do it smarter --
like limit access to only the Comcast and legit AV vendor's web sites. Not a
100% cure, but I would think it would create less problems than pop-ups that get
ignored and spawn rogue pop-ups that create even more malware infection.

I'll give you 2 to 1 odds that within 6 months Comcast users will have infected
more systems through rogue pop-ups than will have been cleaned by legit pop-ups.

My $0.02 worth.

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrQsMQACgkQUVxQRc85QlMjjACdEHlNjmeoWw7AVkfykuXbPRe3
7XMAoIy/C2c1rMPiBwiFHwFfZwIbHedp
=3Tz4
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.