dslreports logo
Qwest Employs New Malware Security
Infected broadband customers to be alerted of infection...

Qwest today announced that they've launched a new program designed to limit the spread of trojans and malware by notifying potentially infected broadband customers. Many ISPs have been doing nothing about infected systems on their networks, finding it's easier to swallow the cost of bandwidth they consume (as DDoS participants or spam relays) than to talk grandma through the PC cleaning process.

"Most people don't even know when their computers become infected, so Qwest's goal is not only to help customers get rid of the infections, but also to make sure customers are armed with information to maintain strong levels of Internet security going forward," says Qwest's chief security officer Melodi Gates.

From the company's press release:
quote:
The QwestŪ Customer Internet Protection Program (CIPP) notifies Qwest Broadband customers about viruses and malware that may be on their computers, informs them of safe Internet security practices and helps them clean viruses and malware from their computers. The CIPP is part of Qwest's ongoing commitment to make the Internet safer for customers and is available to residential and small-business Qwest Broadband ADSL(1) customers at no additional charge.
It's not clear if the system traps users in a security "walled garden" until they clean up, like successful systems deployed by companies like Cox do (more here). We requested more details this morning, but have yet to get a response. Can any Qwest employees offer additional technical specifics?
view:
topics flat nest 
81399672 (banned)
join:2006-05-17
Los Angeles, CA

81399672 (banned)

Member

They will lose customers soon

Qwest will soon learn that they will lose customers if they do anything beyond "notifying" customers of possible problem. Not only is that privacy concern, that isp is watching what users are sending but also bad pr when you trap users till they fix the computer to your standard

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5

Premium Member

Re: They will lose customers soon

said by 81399672:

Qwest will soon learn that they will lose customers if they do anything beyond "notifying" customers of possible problem. Not only is that privacy concern, that isp is watching what users are sending but also bad pr when you trap users till they fix the computer to your standard
I see you support anarchy instead of common sense.
81399672 (banned)
join:2006-05-17
Los Angeles, CA

81399672 (banned)

Member

Re: They will lose customers soon

said by FFH5:

said by 81399672:

Qwest will soon learn that they will lose customers if they do anything beyond "notifying" customers of possible problem. Not only is that privacy concern, that isp is watching what users are sending but also bad pr when you trap users till they fix the computer to your standard
I see you support anarchy instead of common sense.
If i pay for service, i want to get that service. ISP are entering dangerous water when they start "monitoring" what their users are doing. Unless Qwest are the only ones in the market, people will jsut tell them goodbye and switch to other providers. Most people will not care why they can't surf the net, all they will care is that they can't surf the net. If that to happen they will not pay for service that they can't use

S_engineer
Premium Member
join:2007-05-16
Chicago, IL

S_engineer

Premium Member

Re: They will lose customers soon

You'r both right.....
it sets bad precedent, however most people don't want to get smartsearch just because they inadvertently click on a link!

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

1 recommendation

NOYB

Premium Member

Re: They will lose customers soon

said by S_engineer:

You'r both right.....
No they're not both right. 'Worldvision' is dead wrong. PERIOD!
NOYB

1 edit

1 recommendation

NOYB to 81399672

Premium Member

to 81399672
said by 81399672:

If i pay for service, i want to get that service.
What service did you pay for? Did you pay for bot net member service so your computer(s) can be permitted to maliciously attack other peoples computer(s)?

I pay for using driving on the roads, but I still have to obey the laws of the road. It is not an anything goes free for all.

Hehe
@ssa.gov

1 recommendation

Hehe to 81399672

Anon

to 81399672
I guess if your house is on fire I should not tell you!

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK

KrK to 81399672

Premium Member

to 81399672
They don't have to monitor anything. The infected machine is transmitting and making itself obvious as a radio beacon.

You don't have to monitor your users. You need to just pick up their signals when they are blasting your network.
ydoucare
join:2003-03-12
Lafayette, IN

ydoucare to 81399672

Member

to 81399672
said by 81399672:

said by FFH5:

said by 81399672:

Qwest will soon learn that they will lose customers if they do anything beyond "notifying" customers of possible problem. Not only is that privacy concern, that isp is watching what users are sending but also bad pr when you trap users till they fix the computer to your standard
I see you support anarchy instead of common sense.
If i pay for service, i want to get that service. ISP are entering dangerous water when they start "monitoring" what their users are doing. Unless Qwest are the only ones in the market, people will jsut tell them goodbye and switch to other providers. Most people will not care why they can't surf the net, all they will care is that they can't surf the net. If that to happen they will not pay for service that they can't use
So, because you pay for the service, it's ok for your infected computer to waste their bandwidth for malicious purposes? If you keep your system clean, like you should, you shouldn't have any problems. So what's the big deal?
81399672 (banned)
join:2006-05-17
Los Angeles, CA

81399672 (banned)

Member

Re: They will lose customers soon

said by ydoucare:

So, because you pay for the service, it's ok for your infected computer to waste their bandwidth for malicious purposes? If you keep your system clean, like you should, you shouldn't have any problems. So what's the big deal?
Isp violating my privacy but seeing what is coming out of my computer. Most ips do not monitor virusses, spywares. So what do u think most people will do? That is right switch to another isp and continue on surfing the net

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB

Premium Member

Re: They will lose customers soon

Every web site you visit sees what comes out of your computer. And many routers along the way. If ISP sets up a few "dummy" systems that log access and your system accesses them, either by bot or by you. It is not a violation of your privacy. Get a clue or shut up and stop fear mongering about something you obviously know nothing.

Jafo232
You Can't Spell Democrat Without Rat.
Premium Member
join:2002-10-17
Boonville, NY

Jafo232 to 81399672

Premium Member

to 81399672
said by 81399672:

Isp violating my privacy but seeing what is coming out of my computer. Most ips do not monitor virusses, spywares. So what do u think most people will do? That is right switch to another isp and continue on surfing the net
I hate to tell you this, but your every move is logged by your ISP, in fact, I believe regulation demands it.

Your information is already there. Chances are, your TOS with your ISP allows this.

98% of those on the Net have no idea how to safely run their PC without it getting infected, and out of those, 99% would never know about the infection unless told.

I'm sorry, but if your walking around in public with puss filled sores, delirious, with your skin turning pink, covered with a rash, I think the public has a right to quarantine you for smallpox.. No difference with electronic infections..
81399672 (banned)
join:2006-05-17
Los Angeles, CA

81399672 (banned)

Member

Re: They will lose customers soon

said by Jafo232:

said by 81399672:

Isp violating my privacy but seeing what is coming out of my computer. Most ips do not monitor virusses, spywares. So what do u think most people will do? That is right switch to another isp and continue on surfing the net
I hate to tell you this, but your every move is logged by your ISP, in fact, I believe regulation demands it.

Your information is already there. Chances are, your TOS with your ISP allows this.

98% of those on the Net have no idea how to safely run their PC without it getting infected, and out of those, 99% would never know about the infection unless told.

I'm sorry, but if your walking around in public with puss filled sores, delirious, with your skin turning pink, covered with a rash, I think the public has a right to quarantine you for smallpox.. No difference with electronic infections..
You must be living outside us as i don't know of any regulation that requires ips to collect data on you. My isp is not collecting data, they have specifically stated that in the forum after at&t said they will

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB

Premium Member

Re: They will lose customers soon

said by 81399672:

My isp is not collecting data, they have specifically stated that in the forum after at&t said they will
Your ISP lied. You better go switch to another.

Hey a technician was just running a network sniffer in the data center at your ISP while troubleshooting packet storm caused by a few thousand bots, and guess what, she captured some packets of that porn site you just visited.

You probably should go switch to a different ISP right now so this does not happen again.

Jafo232
You Can't Spell Democrat Without Rat.
Premium Member
join:2002-10-17
Boonville, NY

Jafo232 to 81399672

Premium Member

to 81399672
said by 81399672:

You must be living outside us as i don't know of any regulation that requires ips to collect data on you. My isp is not collecting data, they have specifically stated that in the forum after at&t said they will
Inside the US.. See this:

»www.news.com/My-brief-ca ··· 267.html

»www.news.com/Your-ISP-as ··· 649.html

Besides, ALL ISP's use logging just to protect themselves legally, and to protect their network. Seriously, if you don't understand that, you haven't a clue.

And your ISP's AUP clearly states:
quote:
Using the Services for any activity which adversely affects the ability of other people or systems to use DSLExtreme’s services or the Internet. This includes "denial of service" (DoS) attacks against another network host or individual user. Interference with or disruption of other network users, network services or network equipment is prohibited. It is the customer’s responsibility to ensure that their network is configured in a secure manner. A customer may not, through action or inaction, allow others to use their network for illegal or inappropriate actions. A customer may not permit their network, through action or inaction, to be configured in such a way that gives a third party the capability to use their network in an illegal or inappropriate manner.

»www.dslextreme.com/aup.php
ydoucare
join:2003-03-12
Lafayette, IN

1 edit

ydoucare to 81399672

Member

to 81399672
said by 81399672:

said by ydoucare:

So, because you pay for the service, it's ok for your infected computer to waste their bandwidth for malicious purposes? If you keep your system clean, like you should, you shouldn't have any problems. So what's the big deal?
Isp violating my privacy but seeing what is coming out of my computer. Most ips do not monitor virusses, spywares. So what do u think most people will do? That is right switch to another isp and continue on surfing the net
lol, they're not sitting there in cubicles personally monitoring your traffic. This would obviously be an automated system that would only pick up malicious traffic, which is the entire purpose of the thing. I have to laugh at people who think everyone is out to get them. Seriously, think about it for 5 minutes.

Personally, i'd rather be with an ISP that is at least taking a proactive approach at keeping their network clean, while also helping educate the person harboring the infected machine.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

3 edits

NOYB to 81399672

Premium Member

to 81399672
said by 81399672:

If i pay for service, i want to get that service. ... Unless Qwest are the only ones in the market, people will jsut tell them goodbye and switch to other providers. Most people will not care why they can't surf the net, all they will care is that they can't surf the net. If that to happen they will not pay for service that they can't use
Good move to the competitor's service. Just another bot no longer on the Qwest network, making the Qwest service that much better. It will serve to further isolate the bot net infected machines at a few don't care ISPs, making it that much easier to block them (just block the entire ISP). Also the bot net machines can then all have at attacking each other unimpeded. When word gets around that ISP xyz is full of bots and they don't care no one will want their service.
itguy05
join:2005-06-17
Carlisle, PA

itguy05 to FFH5

Member

to FFH5
said by FFH5 See Profile
I see you support anarchy instead of common sense.
[/BQUOTE :


Common sense would to not use Windows. If you have platform x which is a cesspool for this junk and platforms y and z that are almost immune to it, you'd be a fool to stay on platform x.

braynes
Premium Member
join:2005-03-14
Waterville, ME

braynes to 81399672

Premium Member

to 81399672
We can hope.
Bruce
gaforces (banned)
United We Stand, Divided We Fall
join:2002-04-07
Santa Cruz, CA

2 recommendations

gaforces (banned) to 81399672

Member

to 81399672
said by 81399672:

Qwest will soon learn that they will lose customers if they do anything beyond "notifying" customers of possible problem. Not only is that privacy concern, that isp is watching what users are sending but also bad pr when you trap users till they fix the computer to your standard
It's not a privacy concern to monitor for traffic that degrades the network, or for otherwise illegal and harmful acvtivity. Isolating the problems should be sop for a network admin.
Id think it would be good publicity to see an isp that takes care of its network and customers. Offering education and help in the form of tech support is a good thing.

Its rediculous to consider that they would get bad pr for having a standard that doesnt allow worm infected pcs to send spam, ddos networks, and other worse things.

Qwest is setting a good example of what ISPs should be doing to help the botnet problem.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB

Premium Member

Re: They will lose customers soon

said by gaforces:

It's not a privacy concern to monitor for traffic that degrades the network, or for otherwise illegal and harmful acvtivity. Isolating the problems should be sop for a network admin.
Id think it would be good publicity to see an isp that takes care of its network and customers. Offering education and help in the form of tech support is a good thing.

Its rediculous to consider that they would get bad pr for having a standard that doesnt allow worm infected pcs to send spam, ddos networks, and other worse things.

Qwest is setting a good example of what ISPs should be doing to help the botnet problem.
Ditto that to the Nth degree.

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK

KrK to 81399672

Premium Member

to 81399672
Personally, if I had some noob on my network spewing spam, viruses, and scanning for vulnerabilities, I'd want them to fix it.... and if they didn't... well, See ya.... wouldn't wanna be ya.

Won't fix it? Well then, too bad.

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

1 recommendation

FFH5

Premium Member

All ISPs should wall off infected machines & assist cleanup

It is in their own interest to do so and it also will help drastically cut down on botnets controlled by criminals. I hope this is something the other major ISPs do as well.

braynes
Premium Member
join:2005-03-14
Waterville, ME

braynes

Premium Member

Re: All ISPs should wall off infected machines & assist cleanup

"It is in their own interest"
That and that alone will be the reason not the crap about they care etc.,
But why am I answering you anyway, your reply speak for themself.
Bruce

Andyg1
Will Work For Bandwidth
join:2001-12-23
New Rochelle, NY

Andyg1

Member

Re: All ISPs should wall off infected machines & assist cleanup

Why did I listen to my friend about this stock 2 years ago??? He was wrong when he introduced me to my X why did I think he was gonna be right this time!!!

ewth8tr
Premium Member
join:2005-04-03
Salt Lake City, UT

ewth8tr

Premium Member

Re: All ISPs should wall off infected machines & assist cleanup

said by Andyg1:

Why did I listen to my friend about this stock 2 years ago??? He was wrong when he introduced me to my X why did I think he was gonna be right this time!!!
LOL, that is the funniest thing I have ever read on this site, and that is saying a lot I am guessing you are either lying about buying the stock , or have never checked the stock prices. In October 2005, the low for Qwest stock was $3.92. It closed last night at $9.18........

»finance.yahoo.com/q/hp?s ··· 2007&g=m
Digidame
join:2007-10-02
New York, NY

Digidame to braynes

Member

to braynes
A few wireless ISP do that -- like Tiamet Communication in Virginia. The innovative ones get it
81399672 (banned)
join:2006-05-17
Los Angeles, CA

81399672 (banned) to FFH5

Member

to FFH5
said by FFH5:

It is in their own interest to do so and it also will help drastically cut down on botnets controlled by criminals. I hope this is something the other major ISPs do as well.
You know that is not going to happen, most ips will not follow them. You can dream but likely that is all it will be a dream. It cops ISP more in business to get custgomers to clean up then to ignore the problem

Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY

1 edit

1 recommendation

Transmaster

Member

Can't have it both ways

In the years I have been posting on BBR over and over again I have read people bitching about the ISP's failing do anything about Botnets, Zombies, and what not. Now that Qwest is going just that you are bitching about an ISP doing something about it. So what do you want? It is very unlikely I will ever get high jacked but if it does happen I sure would like to know about it so I can fix it. More importantly it will notify people who don't have a clue about this sort of thing. The fact Qwest will help such users clean up their computers is great. I really don't see the problem here.
81399672 (banned)
join:2006-05-17
Los Angeles, CA

81399672 (banned)

Member

Re: Can't have it both ways

said by Transmaster:

In the years I have been posting on BBR over and over again I have read people bitching about the ISP's failing do anything about Botnets, Zombies, and what not. Now that Qwest is going just that you are bitching about an ISP doing something about it. So what do you want? It is very unlikely I will ever get high jacked but if it does happen I sure would like to know about it so I can fix it. More importantly if will notify people who don't have a clue about this sort of thing. The fact Qwest will help such users clean up their computers is great. I really don't see the problem here.
If person is computer knowledgible then they would love to know about it. If all they using computer is to surf and check their email, they will not care and will not bother cleaning up. They will tell isp to mind own business and will cancel service, and switch ( assuming they have service to switch to). The people that bitch about the botnetz and zombies and knowledgible who are tired of getting "attacked". If qwest want to satisfy those users, that is fine but it likely will be at cost of them losing less experience users who really "need help"
MeKuN
join:2004-07-21
Eugene, OR

1 recommendation

MeKuN

Member

Re: Can't have it both ways

People that are knowledgeable will like this? People that are knowledgeable dont let there system or systems be part of a bot net to begin with. Its the people with no knowledge who are infected with some trojan, the same people who never update there AV program. Dont tell me this is good for me thx.

Gee and i wondered why my connection slows down everyday at the same time, na quest isnt doing anything. Why do i have to get the news here instead of from them.

no_one
@PHNX.QWEST.NET

no_one

Anon

Qwest does not block ports

Qwest does not block any ports. Now if they do monitor any traffic they would probably just monitor the major security risk ports. Most of those ports are not usually connected to the net and if so not used to a significant degree. I think monitoring for infected computers would be easy enough. Think mynetwatchman etc.
Probably would not even have to capture the traffic just know a computer is talking on bad port etc. every second or more. Then ask the user if they know what is going on. If yes fine, if no well maybe they should find out.
Still Qwest does not block any ports. If they start a little monitoring instead I may have to say ok. I again doubt if they have to capture the traffic just know x port that is a known malicious port is talking way too much.
Just by looking at my incoming logs I see there is a very strong likely hood of many infected computers In Phoenix on VDSL.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

4 edits

NOYB

Premium Member

Know Before You Speak


A few points for those of you who think this requires monitoring what the customer is doing.

1) Stop Being a SPAMer, or at least SPAMer friendly
2) Stop talking until you know what you’re talking about. It just amounts to fear mongering.
3) This does not require monitoring of customer activity.

Did you know if your vehicle does not meet certain safety requirements it is illegal to drive it on the roads? And if you do and get in an accident you can be held liable and negligent. Should be same for computers. If your computer is creating a “safety hazard” for others it should not be permitted on the information highway (internet).

Did you know it is illegal to ATTEMPT to burglarize or rob people. That is exactly what many of these bot net controlled systems are doing.

Did you know if you know of such illegal actions and you do nothing you may be an accomplice. ISP have ability to detect and wall off these bots with very low overhead (can easily be automated). And since they know they exist, and in fairly significant quantities, not doing so amounts to being an accomplice to an attempted crime.

If they (ISP) knowingly permit use of their private network for illegal activity and do not take reasonable action to prohibit such activity they can and should be held liable as an accomplice (it is their private network under their direct control and responsibility).

It is very easy to detect these infected systems, and without infringing on the privacy of customers. Just look at your own NAT/Router/Gateway log. You can see and detect them very easily. All an ISP has to do is set up a few “dummy” systems to log such attempted accesses and use an algorithm to weed out the ordinary inadvertent access attempts from the bots.

I am sure there are even more effective means, but this is just to illustrate the point that 'spying' on the customer is not required. Those such arguments are probably put forth by SPAMers and/or BOT NET operators engaging in fear mongering to protect their illegal operations.

I for one would like to see the rest of the ISP's follow suite. Especially the big cable and telecom operators. You know who you are Comcast and Verizon. How about it, can you match the challenge?

Unreasonable
join:2007-10-15
Portland, OR

Unreasonable

Member

Re: Know Before You Speak

My only reservation is that these are the same people who when I called in to advise them that a workman with a trencher had severed their cable, advised me to reboot my pc.

Simply put, I deeply mistrust the technical abilities of any isp, and I don't want my service impacted because some junior tech somewhere thinks that he knows normal activity from my network better than I do.

It's a good idea in theory, but I suspect that it will fail miserably due to poor execution.