This week numerous sources reported on news that Comcast will deliver popups to alert customers with infected machines.
I agree with Phil Lin, marketing director at network security firm FireEye Inc as reported in the linked AP story above, if this catches on we’ll soon see this used in social engineered attacks.
According to Brian Krebs in his Washington Post blog Security Fix, the alert is a
“so-called “service notice,” a semi-transparent banner that overlays a portion of whatever page is being displayed in the customer’s Web browser. Customers can then either move or close the alert, or click “Go to Anti-Virus Center,” for recommended next-steps, which may include downloading and running the McAfee anti-virus tools the company offers for free, or purchasing a cleanup package and allowing a Comcast technician to attempt to remotely diagnose and fix the problem.”
I’d love to see an escalation so that ignored notices eventually put you in a walled garden until remediation occurs.
There is debate in the industry about the responsibility of the ISP. Techies want a pipe. They dont use the ISPs email server, webhosting, or news server. They dont want blocked ports or managed traffic. There is another side that demands a clean pipe. I’ve seen this more in the business area where a business ISP partners with a Security as a Service vender to clean up or montior the Internet Traffic. John Pescatore takes this position in his post saying warning about a problem isn’t as good as preventing the problem from reaching the user in the first place.
I think its good to see a ISP want to be a good citizen. ISPs want to be more than just dumb pipes. Trying to clean up the neighborhood is a good start. This is a logical next step from blocking ports such as outbound SMTP other than through the ISPs mail server.