You may have read this week about our trial of scanning web pages. It’s certainly created a debate among those who follow our industry and on our Members Forum. It’s a discussion we welcome and I’d like to use this blog to answer questions and get feedback as we progress with the testing.
To provide some context, we’re doing this trial in advance of offering a free opt-in product that will warn customers if their computer or device connected to their home broadband is viewing a page that contains viruses or threats.
We see this as important as online security experts estimate that at least 70% of malware is caught from an infected webpage – with most of these web pages having been hacked. So if we scan these pages we can make the web safer without our customers having to install or update anything.
How do we do this? The scanning engines are given an anonymised list of webpage URLs that have been visited by our customers (so no personal data such as a telephone number, account number or IP address will be included). They then check to see if each individual webpage is on a whitelist or blacklist of scanned sites. If not, the webpage is scanned for threats.
Many customers tell us that they still see the web as being a bit like the ‘wild west’ and in just a few weeks the scanning engines have found tens of thousands of websites which are deemed threatening. While on the face of it that’s quite a worrying statistic it’s reassuring that the technology exists to identify these potentially dangerous sites.
As our trial progresses we will be inviting customers to test this new technology, ensuring that it meets the high standards that both TalkTalk and our customers demand.
We will be launching the network security service later in the year and it will be available to all TalkTalk customers for free if they opt in. In the meantime if you’ve got any views or questions you’d like answering please post here or via our Members Forum.
|
|
 |
|
|
|
|
|
|
 |
bob pewter
Sounds like a great service, are you really going to provide this for free ?
Sue James
Yes, will this really be “free” or will it be funded by behaviourally targeted advertising based on users browsing habits?
Concerned
How is that different from Phorm?
Mark Schmid
Thanks for your comment Sue. Yes, it’ll be free and no, it’s nothing to do with behavioural advertising.
Pete
I think you’re seriously underestimating the intelligence of your customers, and the web sites that serve them.
Brian
Hi.wouldn,t this technology be the same as is offered free in my macafee security suite or web of trust or crawler toolbar?
Clive Dorsman
Thanks for your comment Brian. All those methods are popular for offering protection against malware, viruses and other security threats, but our technology will work in a different way, across the network rather than relying on an applet sitting on the browser or software downloads. We believe this will mean it offers additional security for our customers as it will stop a greater number of problems before they even touch our customers’ computers.
Clive Dorsman
Thanks for all your comments and questions on our network security technology. In answer to one of the main questions you’ve asked: prior to deploying our network security technology a thorough review of all relevant legislation was undertaken. Following the conclusion of that review, we are confident that our network security technology is in compliance with all such legislation.
Clesmond
Even the bit where you visit a site using a URL string which identifies a specific individual? (e.g., a URL complete with the string at the end generated for a specific login).
It is fraudulent, if your bot replays a URL including all the session / query information. By definition you are trying to impersonate a person / session to gain access to the same information as the TT customer and to which no-one othr than the person originating that request has a right to view.
That is, as I understand it, fraudulent. It potentially falls foul of both the fruad act and computer misuse act
Neil O
If you have got to check that it is compliant with all such legislation you must know that what you are doing is wrong to your customer base!
rhys jones
keeping customers safe online ! prior to the thorough review of all relevant legislation what areas of this legislation did you consider you might be infringing by deploying your network security technology ?
Hatari
If it is all legal Mr Dorsman why is it not operating at the moment?
T. Trier
AVG 8.5 free is constantly trying to suggest purchase of AVG 9, which as a taster alerts me to a hundred-odd problems with my computer.
Filecure also identifies more than a hundred problems with security…
Does the inhouse Talktalk security to which I subscribe really protect me from every conceivable virus, etc…or am I just being subjected to exaggerated salestalk?
James Morton
I like the idea of not having to install or update things.
I use AVG and can’t remember the number of times it has missed something and ended up getting switched off by some virus that then kept on popping up windows and taking me off to websites I did not want to go to.
Then I had to use two or three other tools to get rid of it. Sometimes I’ve just had to give up and re-install the whole computer. That’s a real pain.
Any update on how many items of malware have been found so far and how does that compare to something like AVG, apart from the nasties switching it off which won’t happen with this?
Neil O
In trialling the new system, provided by Chinese telecoms equipment supplier Hauwei, TalkTalk allowed the online activities of its customers to be recorded in detail – something which the ICO says it wants to look into.
http://www.broadbandgenie.co.uk/news/20100907-talktalk-reprimanded-watching-where-its-customers-go-online
What does in DETAIL mean in this statement
Concerned customer
I personally believe there is more to the purpose of the software than what you are suggesting. Firstly there is many online scanners, blacklists, known spammer databases etc. publiccally available online, which allow the use of others to create api and software to access this info.
It would be far cheaper and avoid the privacy issues if you wrote a piece of code which checks these sies and creates a blacklist from them, rather than stalking your users.
Also it has been mentioned that you are not collecting PII, yet many of your clients will access sites such as FaceBook which gives each user an unique URL toidentify them?
Therefore you will be collecting some PII on your users