if it works, great!
if not hopefully nobody notices.

I feel dirty as I type this, but Comcast is on to something here. Well done!

If I was a virus writer, the first thing I would do is try to spread my botnet through popups that said;

"COMCAST SERVICE NOTICE: Your computer is infected with a botnet, click here to download a fix."

I'm hoping this will bring a windfall for my home PC repair business.

Can they also include a notice -- "Warning, you're still using Internet Explorer 6, please upgrade!"

I don't know if "in browser" is something I could approve of... surely an email would suffice.

Comcast is...doing something right?

@oldgraygeek: yet for all of us IT geeks who ocasionally help out friend & family this is going to be horrid.

@Megalomania: Agreed. An "in browser" message from my ISP would seem creepy, actually.

I really want to know more about the "in-browser message." Is this if you go to their website? Or are they going to be injecting HTML into web pages I request from any server?

In the article(s) the screenshot shows a model dialog appearing over a Comcast home page, but I practically never actually go to comcast.com, except to pay my bill.

Though, I guess the demographic that would find this useful probably doesn't tend to change their homepage.

@Megalomania: I kind of agree, but how many people actually check their @comcast.net email?

@Megalomania: The problem is that they don't necessarily know an email address that you read regularly. I have an email address that's included with my cablemodem service (I could have up to 10, in fact) but I only check that email every week or two, and they don't have my primary email address.

@esd2020: I forward mine to my main Gmail one.

It doesn't seem like a vieled attempt to track our online behavior? I will be MUCH less likely to look at LOLporn if I think Comcast is 'in browswering' me!

@esd2020:

Yeah exactly. ISP-supplied e-mail addresses are so 1990s.

I don't have a problem with the browser-based message, I think it's the most effective way to notify people. Any "creepiness" is in your head.

@oldgraygeek: You mean you haven't gotten a mess of "I was using facebook, and the computer told me I had a mess of virii, so I downlaoded the program it told me to, and now the computer is acting funky" lately?

@katstermonster:

Yeah, well they can do things right when it benefits them. ;) If they clean up all the bots on their network, it should free up some bandwidth.

@Cant_stop_the_rock: Not just in your head.

"In your browser" notifications won't work for people who do all their browsing over a VPN. It won't work if the Javascript for the notification code doesn't interact well with the sites being visited. It won't work if the user accesses sites over SSL. It may not work with text-based browsers, a concern not only for throwbacks but also for people accessing the web via screen readers. It can break some applications which use HTTP under-the-hood for things other than displaying web pages.

And, most importantly, it requires putting a mutating proxy inband for the customer's Internet connections. ISPs are supposed to be dumb service providers -- you pays your money, and your packets get relayed on. Meddling in the bytestream may work for the common case, but the world doesn't consist of nothing but common-case scenarios.

And how much does making a phone call to your customer really cost?

@katstermonster: Detecting botnets and telling users about it -- yes, that's something right.

Using a mechanism as fragile and intrusive as putting those customers behind a mutating proxy -- boo! Notify them by phone, and block their ability to send mail over SMTP (and thus the botnets' ability to send spam) except through Comcast's servers with an error message including customer support's phone number.

@Charles Duffy: And of course, the most obvious problem, that anyone that is even moderately computer-savvy automatically assumes that any browser pop-up is nothing more than spam, scam, or .. well something that rhymes with spam and scam.

that wont help, what they need to do is call the customers home and tell them about it, they can use automated messages

then they can tell the user what to do and this can be done over the course of like 2 weeks and if the problem still happens then they disable their internet connection until they can get the user over the phone

@GearheadGeek:
You can change your e-mail address with Comcast. I get my bills via e-mail, and Comcast sends them to my MSN account.

I'm ~98% certain that none of my computers have been zombied and are sending spam, but would I know if they were? Is there a way I can check?

So the next spam attacks are going to be mirrored to look just like Comcast's "in-browser messages". No thanks. Just send me a damn e-mail.

An email would be appropriate. In-browser notices are not. When I load a page, I want to see the page I'm loading, not a special Comcast-modified version thereof.

@thomas_callahan: I think you can take it a step further and just drop the '6' from that.

I found that this has already been in effect, but in a different way. One of my computers got a virus about 2 months ago, and became part of a botnet while I was away on vacation. I got an email for comcast saying this and that they were going to block that port for the next 24 hours, after which they would return it back to a normal status. lucky there was someone home to shutdown the computer, but I feel that comcast did the right thing.

@LMacConn: "Put your hand in the CD drive if it starts chomping your flesh off.. you have a zombie PC" [www.answerbag.com]

@Charles Duffy: Ditto everything you just said.

And phone calls can't cost very much, since Comcast made a total of 7 calls my way (5 automated, 2 from people) to remind me about an appointment, with no option to say "stop calling me, I know."

@Megalomania:
I'm kind of wondering the logistics on this...how exactly are they monitoring my usage in a way that they will be able to notify me "in browser". I use firefox and have script blocker, popup blocker, etc. installed.

@LMacConn: Run a virus scanning software. I like to run AVG and Malware Bytes. Both are free downloads, despite that the company sells paid versions. So just look around.

@Saboth: Usage is by data being sent out on standard mail ports or non-standard outbound data (Anything not a http request really).

Notification is by inserting html/javascript into the last http request made. They are inserting html code into the page's source, so when firefox displays the page, its like its supposed to be apart of it. Nothing you can do will prevent it from happening (Except loading images).

@pjorg: The latter. Injecting html into your webpages.

Comcast uses their own Good Guy botnets to alert you of Evil Enemy botnets? FTW!

I think comcast is onto something good here. Now they have to have the balls to force the people to FIX their machines. Otherwise people will just ignore it and say "I don't care"

@pjorg:

Since most people use the DNS provided by Comcast via DHCP, Comcast could also use DNS to redirect any request to their home page, where they would display the message.

@Trai_Dep: Knology had this going two years ago. Found out the hard way when one of our computers didn't get the anti-virus activated properly before it went online and it was in front of the router. They did exactly that. You got your browser redirected to a screen that told you what was up and who to call.
In that instance it was correct. Got the anti virus working like it should have been, found the malicious program and removed it.

This is not new.

It's only a matter of time until criminals and other bad people use this to their advantage. Personally I think ComCast should simply disconnect the user's Internet until the user gets their act together. Why should the rest of the world be a subject to your infected PC's SPAM and DoS attacks because you refuse to understand the problem, or maintain your PC?

@Cant_stop_the_rock: Having your ISP edit the content of pages you request isn't creepy? I don't like that precedent.

@captainpicard: Charge them cookies. FRESH cookies.
Many squabbles - yea, even wars - could be avoided with the strategic use of fresh-baked cookies.

@Charles Duffy: A good deal more than having a script do it, actually.

@Radi0logy: ...God damn?

@pmcpa4: The way Time warner does it is disconnect your service, then tell you what was wrong, if you clean it up they turn it on and you are monitored, rinse and repeat until your computer is clean.

@vladthepaler: The issue iwth that is the email they have on file is usually not correct. Most ISPs give you an ISP email address (mine gave me 5) I dont use any of them, and dont check any of them (I already have to check my personal email, my work email, my personal business email, and my spam email address, I dont want a 5th)

The issue I see with this is it would be very simple to spoof the page.

Step 1. Set up page giving away free things
Step 2. Grab IP
Step 3. Do ARIN lookup to detemine ISP
Step 4. Forward to appropriate Spoof of ISP "OMG YOUR INFECTED!!!!!" page
Step 5. Collect fake info on that page or have them call a random number forwarded out of country and steal peoples CC info.

So yes, its a good idea, but its very easy to spook. I could build a page that does the above pretty quickly and easily and make some money off of it.

Emailing the customer has a major flaw as well in that a lot of people dont check their email, or dont update their email.

Shutting off the connection is really the only way to get immediate attention, but you also end up with an angry customer (I used to be the guy that turned off those connections).

@Charles Duffy: There are other ways to notify customers than proxies. A simple flag on the cable modem's MAC address which would cause all http traffic to re-direct to an alert page would work fine without causing all of the problems you listed.

As for calling the customer, it's more time consuming than you think. At the ISP I used to work for we would try to call offending customers. Sometimes it would be weeks before you would catch the customer live on the phone, and often times in their sheer ignorance they would flat out refuse to believe us, or wouldn't do anything to fix the problem. Sometimes it escalated to the point of blocking SMTP ports in their CPE's.

@Megalomania: What to the people's AOL email address (which they are still paying money to maintain)?

@tbax929 is just plain tbax929:

Exactly my thinking also that the next wave of pop up windows would be similar to Comcast's graphics and say "Comcast needs for you to download this anti-bot software! Please provide a credit card number so that we can validate that you are a real person."

@vladthepaler: To what email address? Most of folks don't use @comcast addresses.