Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Constant Guard - Combating Bots

From: Dave Farber <dave () farber net>
Date: Thu, 8 Oct 2009 16:42:50 -0400




Begin forwarded message:


From: "Livingood, Jason" <Jason_Livingood () cable comcast com>
Date: October 8, 2009 15:35:47 EDT
To: Dave Farber <dave () farber net>
Subject: Constant Guard - Combating Bots




Dave – for IP if you like:
We announced a new security program, called Comcast Constant Guard, focused on end-user security. One technical aspect of that is a (web-based) Service Notice, which we will start testing in a small part of our network later today. What I think is important to keep in mind is that ISPs often have systems, such as email anti-spam systems, that provide information about customers that have been infected with malware (primarily bots). For years we and others have simply treated the symptoms of this massive rise is malicious software. What we’re trying to do now is go right to the source and start to help customers by first advising them that they may have b een infected with a bot, and second by trying to lead them through a remediation process.
With respect to bot removal, this is a big part of the trial as well and we think we (and the security industry more generally) have a lot to learn. We need to determine how effective the tools available today for removal are, or if much more sophisticated and difficult removal is needed.
Below is the text of a CNet story on this today. We have also updated our Network Management disclosure page (http://networkmanagement.comcast.net ). Tech-savvy users may also like to take a look at an IETF draft on remediation options at http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03 and the technical details of how the Service Notice delivery system works (no DPI) at http://tools.ietf.org/html/draft-livingood-web-notification-00 .
We have a lot to learn about how to identify and remove bots from ISP networks, but I thought it was important for us to start trying different approaches and seeing what works. This is a challenging problem space. 

http://news.cnet.com/8301-27080_3-10370996-245.html

October 8, 2009 10:25 AM PDT
Comcast alerts customers to infected PCs
by Elinor Mills
Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving like they have been compromised by malware.
For instance, if the amount of traffic being sent from a particular IP address spikes significantly overnight, that could signal that a computer is infected with a virus that takes control of the system and uses it to send spam as part of a botnet.
The alerts are triggered "when we see computers on our network that are doing things that are known bot activities, say a computer is spewing out thousands of spam emails," said Jay Opperman, senior director of security and privacy at Comcast.
Comcast, which is the largest residential ISP with 15.3 million consumer customers, also is alerted to compromised customer computers when the IP address is identified as being the source of spam on industry spam lists, he said.
Customers in Denver will begin receiving notifications that their system may be infected with a virus or other malware via a pop-up message in the browser as part of the new Comcast Service Notice, which is free. The notice will include a link to a Comcast security Web site where customers can follow a set of instructions to remove the malware from their computer.
If customers don't have anti-virus software they can download McAfee Internet Security Suite for free. Comcast also offers a Comcast Toolbar that includes spyware detection and removal, a pop-up ad blocker, anti-phishing software and anti-spam protection for email.
The company first started notifying customers about the security issues about a year ago, with support representatives calling customers on the phone, Opperman said.
"We learned that customers love it," he said. "We wanted to reach more people and to automate the process."
This appears to be the first service where an ISP proactively notifies customers about security issues on their computers. For years, security experts have complained that ISPs are uniquely positioned to and should do more to help customers combat security problems. But ISPs have been reluctant to assume additional responsibilities that are not central to their core service offering and for which they would then have to maintain a standard going forward.
"I would hope that the government would do things to encourage this, if you alleviate some of the potential concerns that others may have about giving that kind of notification," said Jerry Upton, executive director of the Messaging Anti-Abuser Working Group. "I think it's the beginning of many ISPs and network providers realizing that customers need a little better knowledge of what the problems are out there."
Alissa Cooper, chief computer scientist for the Center for Democracy and Technology, said the organization welcomes Comcast's initiative.
"ISPs have a helpful role to play in helping subscribers mitigate these kinds of security threats," she said. "The challenge is ... when users get these notices do they understand them? Do they trust that they are real? Do they follow through to the point where they clean up their computers?"
The new service will eventually be rolled out in the rest of the country and will replace the phone calls Comcast has been using to notify customers to security problems, Opperman said.
Asked how many alerts have been sent to customers with Macintosh computers, Opperman said he could not provide a specific number but said there had been some. 

Regards,

Jason Livingood
Internet Systems Engineering
Comcast Cable Communications





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: