Comcast recently announced its Constant Guard Bot Detection service that emails customers if they have been infected with malware and directs them to central support to remediate the infection. Other service providers, such as Qwest, have taken similar measures to protect their customers and now Comcast’s tremendous first step deserves a big round of applause.
It is clear that all end users do not hold their computer security to the proper standard, either because of lack of expertise or lack of concern. Professionals in the industry know better, and that’s why steps such as Comcast’s Constant Guard are key to our overall safety. The more service providers can do to centralize Internet security without driving customer prices way up, the better. It is much easier to fight off infections at the service provider level, where all traffic flows through, than rely on millions of users to uphold proper safety standards.
Other service providers, like Virgin Media in the UK, have been responding to the botnet concern similarly by alerting customers whose PCs are infected and pointing them toward some form of customer support. In Australia, the government has started mandating that ISPs who do not maintain security protocol and block the RC content list are fined as much as $25,000/ day.
The German government has started the Anti-Botnet Initiative Program that enlists ISPs to participate in centralizing technical support. Their survey revealed that if the top five ISPs would participate in the program, 80% of Germany would be protected. The Internet has become a public utility and if service providers don’t adjust their security as Comcast has, the government is going to do it for them. Governments, service providers, and security vendors need to continue to work together to combat this threat with the best tools available.
Anti-botnets efforts such as block lists, dns zones, etc. are much more effective when implemented at the service provider level. In order for a cybercriminal to succeed, the individual bots must be able to communicate with the Command and Control (C&C) servers who send commands and data back and forth. The same way resources are saved by blocking malicious traffic at the C&C level, so does protecting your network at the service provider level. Accurate botnet data, like Dark Side Intelligence provides insight into C&C status and enables service providers to block malicious traffic in a manageable, effective way.
This is only one piece to the solution, but Constant Guard is certainly a great first step to botnet protection and I applaud Comcast’s efforts. ISPs are said to be the “gatekeepers” of the Internet, a place where all traffic passes through, and therefore the best place to address network filtering. Hopefully Comcast has started a trend among service providers to respond to the malware evolution in an effective way that directly benefits their customers.