Comcast’s Impressive System for Notifying Infected Users

Return Path's J.D. Falk reports on Comcast's efforts to let customers know when their home computers are infected: Pushing infectees into walled garden, redirecting them to a page warning them that their network connection is infected.

J.D. Writes: "As one of the world’s largest access providers, our partner Comcast has put a ton of thought into developing a notification system for their users. Their motivation is clear, and close to the heart of anyone working in security for end user systems: 'to advise the user that their computer is infected with malware, that their security is at severe risk and/or has already been compromised, and that it is recommended that they take immediate, corrective action NOW.'"

J.D. also touches on the concern over network neutrality, and the potential concern over this type of monitoring being considered at odds with network neutrality. I'm an advocate for network neutrality, for sure. But I am also an advocate for locking down and securing computers that are spewing infections and spam. I, personally, think this is the right thing to do, and I don't think that this process is incompatible with the broader goals of network neutrality. What do you think?


  1. This is what NetCologne (a German Broadband Provider) does for years now. With very good results.
    All broadband providers should do this or something similar.

  2. Saw something like this back in 2005 or 2006. Quite like the idea but, as with all ways in which "we" are trying to educate the users, I have one question: can this be abused by the bad guys? (Not entirely sure how yet, and don't want to give them too many ideas, but something like send all their traffic to a site controlled by the crooks where they're tricked into downloading a more damaging piece of malware.)

  3. Martijn, that's a very scary thought. I'd hope (and expect) that Comcast keeps the access to this system carefully locked down.

  4. J.D., maybe Martijn is meaning something different: what if the bad guys start masquerading as Comcast (without the need to access the Comcast system itself), faking a Comcast security warning trying to have people click on some link, which lead them to a malware infected site.

  5. Thanks, Rolf, that is what I meant. A lot of current scams are based on the fact that most users know that their computer might be infected, that it might be used to send spam etc. There are ways for the bad guys to send traffic to one/some/all websites to what looks like a Comcast-warning and have them download a trojan "to fix the problem".

    @Al: off-topic but is there a reason why your comments don't have RSS feeds? Would make following them a lot easier.

  6. (That was and still is Martijn. Not sure why I'm suddenly anonymous.)


Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.