For the last several months, some of the folks at Comcast have been working on a draft IETF document to inform ISPs about the role they can play in remediating bots on their customers’ computers. This is a tricky challenge: on one hand, ISPs are in a great position to detect bot activity, notify their customers, and potentially even block traffic. On the other hand, customers and net neutrality advocates don’t want ISPs mucking around with customers’ Internet use.
The document attempts to find a balance, encouraging ISPs to notify customers of bots and assist with remediation, while warning about some of the risks of more aggressive involvement (such as "walled gardens," in which users are cut off from most Internet access until they clean up an infection).
I wrote up a set of comments which I shared with the authors and now make available here.
Comcast isn’t just talking about this issue in theory. They recently launched a pilot program in Denver that inserts a warning message into web pages that a customer is trying to view if Comcast has detected bot activity on that customer’s account. It will be interesting to watch how this develops over time. How will customers react to the warnings? Will Comcast customers be tricked by fake warnings designed to look like the real ones? How will customers who learn that their computers are bot-infected go about getting them cleaned up? (Comcast offers some useful tools and information for this, as well as support forums. Will this be enough?)
There’s no question that ISPs have an important role to play in reducing badware on the Internet, and I commend Comcast for taking intiiative in this area. It will be interesting to see whether this proves effective and whether the potential side effects are able to be kept to a minimum.
