In his “Security Fix” blog at the Washington Post, Brian Krebs has an article about a new service being tested by Comcast. which warns customers that the ISP thinks their PC may be infected with malware, by opening a notification windows while the customer is browsing the Web.
The Philadelphia-based cable Internet company has already been alerting bot-infected customers via phone for the past year, but a pilot program in Denver that began Thursday will inform affected users with a so-called “service notice,” a semi-transparent banner that overlays a portion of whatever page is being displayed in the customer’s Web browser.
I had not previously heard that Comcast was doing the telephone alerts; they deserve credit for that. A user’s ISP is in a unique position to observe behavior by the PC that may indicate a malware infection, in addition to having available more technical expertise than the average subscriber; doing this is of course in the ISP’s interest as well, to avoid the plundering of network resources. So I applaud the idea of ISPs taking responsibility for the health of their customer networks.
Nonetheless, this is another one of those security approaches where the devil is in the details. One of the biggest dangers (which Comcast, to its credit, acknowledges) is that the Internet underworld will adopt forged notifications as a new way to distribute malware. This is not a trivial risk; one of the biggest sources of current infections is E-mail messages and browser pop-ups from bogus anti-virus sites, which claim to have detected an infection on your PC and offer a download of “anti-virus” software, which generally is nothing of the kind. Comcast says it will attempt to fight this by also sending confirmations to the user’s primary E-mail account. Whether this will be sufficient, given the almost complete lack of security in ordinary E-mail, remains to be seen.
Nonetheless, it is good that Comcast is taking steps to become a better Internet citizen by protecting the careless and clueless.