Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
The Almighty Buck

Code Red Refunds? 377

Posted by CmdrTaco
from the something-to-think-about dept.
bubblegoose writes "In Washington state Qwest customers are asking for a refund due to losses of service during the Code Red thing. Qwest is refusing to give the refunds. Excite has a story about it here." I tend to think this is just complaining bull crap. My net connection when down too, and I don't run around demanding $5 back. I'd be more upset if I was a business and my server rooted by this. The irony is that this will probably end up just pushing subscription software.
This discussion has been archived. No new comments can be posted.

Code Red Refunds?

Comments Filter:
  • There are too many companies getting away with complete incompetance and expecting us to just shut up and put up. What's wrong with making them pay for their own stupidity? They waste your time and get surprised/upset when you express annoyance. I don't know about you, but my time is more valuable than that.
    • There are too many companies getting away with complete incompetance and expecting us to just shut up and put up. What's wrong with making them pay for their own stupidity? They waste your time and get surprised/upset when you express annoyance. I don't know about you, but my time is more valuable than that.

      Good point, but Qwest isn't the incompetant company here. Microsoft is. Mind you, it's not all M$'s fault -- people who run any server on any OS, but *especially* an IIS server on Windows -- should be sane enough to secure their systems.
      • Re:More of the same (Score:2, Interesting)

        by bendude (135729)
        When thinking about all these new "issues" that are arrising out of our new technologies, I usually try to find parallel proceedures in existing situations to use as a guide for working out the new problems.

        In this regard, I would look to a not-at-fault car accident, there are a lot of similarities.

        Imagine this: a car stops. The car behind it hits it and sends it carreering into the car in front.
        Now, if I'm in the middle car (the first one mentioned) the guy in the very front car, who was hit through no fault of his own, sues me. I, in turn, sue the car who hit me (who was at fault) and pass on the litigation from the front guy to the one who hit me (I was not at fault for either collision and the rear vehicle was for both.).

        Now lets bring this back home, Microsoft sell a product which has faults. Qwest buys said product from Microsoft and use that as a basis for their own product. I buy the Qwest product and use it to create my own product (say, a website). One day, Microsoft's product stops working. Qwest's product as a direct result, stops working. My product then stops working because of Quest's problems.

        My product cannot make me any money. I am running at a loss.

        I think it would be fair for me to turn around to my supplier and ask for compensation for lost earnings (at the hands of Quest's product), or at least refuse to pay for the portion of the service that was not delivered. Quest then have that option of passing on their costs to their supplier (should they be liable).

        On the other hand, I could just be being too simplistic.
    • While I didn't have any problems from my ISP (verizon [verizon.com]), I don't think I would have asked for a refund either. Hell, even if it was down, who is to say that it was their machine in the first place? What bothers me about the whole "CodeRed" virus is, from what I have been reading, the hole was public a month before the virus hit. A patch was available at least two weeks before the virus hit. The virus itself was made public at least a week before it took off. Why oh why did so many large ISP's not fix their machines before hand? I realize that you have to run these patches on test boxes, etc. But the risk was to large not to, and it was very public. I have a friend who still doesn't have his cable [comcast.com] modem service back up. To me it is as stupid as standing on a train track for a week waiting for the train to come and hit you. What happened?

  • Qwest is probably standing behind some small line in the fine print of their user agreement that says "Qwest will not be held responsible for interruptions in service," meaning they will not provide refunds in the event their service is temporarily offline or has other problems.

    Personally, my cable modem is sometime offline, but it's usually during the day while I'm at work hence I dont notice.
    • What is temporary (Score:2, Insightful)

      by Catskul (323619)
      So what happens if you are without service for a day, a week, a month? Does that count as temporary? This is a very gray area they could have a chance of getting the law on their side.
      • Yeah, this is still a really gray area. On the one hand, one can hardly expect an ISP to give you say a $0.50 refund every time the system is down for 6 hours. But on the other hand, what if it's an extreme case, and the system is down for the entire month? Surely you can't be expected to pay your monthly fee if you didn't get any service at all. So what about the cases in between?

        The only time I can think of that this became a legal issue was with AOL downtime and limited availability in early 1997 as they were switching from 20 hours a month free access to completely unmetered access. But they settled that by offering refunds (in the form of rebates on the next month's fee).
  • Qwest (Score:5, Informative)

    by Frijoles (16015) on Wednesday August 22, 2001 @09:41PM (#2206411)
    I use Qwest for both my DSL and ISP. I thought they were very helpful during this whole Code Red thing. Qwest called and left a message on my answering machine detailing how I could fix my DSL modem and patch my computer so that I would not be infected. They also called back to see if I had received their message and if I needed any help. I've been very happy with Qwest and was surprised by their customer support.

    Anyway, point is.. I think they do a great job. Keep up the good work Qwest.
    • Re:Qwest (Score:2, Interesting)

      by vulg4r_m0nk (304652)

      Funny, Qwest is my provider as well, and the only phone call I got was notification that my bill was overdue.

      On the whole I've been very happy with Qwest also, however I would like very much to know why they gave out bad information regarding the fix for more than a week. In case you didn't know, for some time they insisted that the only thing necessary was to disable remote web access to the Cisco router. This didn't work, and I suffered periodic outages for a week after I applied their prescription. It wasn't for quite some time that they revealed that blocking port 80 on the router was the only way to stop the scans from hanging it.

      As a telecommuter, my productivity was cut enormously over those two weeks. Now, if it turns out that Qwest was negligent, i.e., they knew that their original "fix" didn't work but wasted time releasing that info, then I would expect compensation. However I suspect that, as happens often in complex systems, it simply took them a while to figure out what worked and what didn't. If that's the case, then I cannot reasonably demand anything more from them.

    • I'm glad to see Qwest taking care of its customers. @Home hasn't done a damn thing to block the morons who are still propagating Code Red (my Apache box gets hammered by all versions, 99% of which are from @home IP blocks). I think asking for a refund is silly, but OTOH I think @home and other ISP's should be taking proactive measures to actively block the legions of fools who have no idea they've been rooted.
      • Brilliant idea (Score:3, Interesting)

        by mosch (204)
        Think about what you're saying. Code red infects people by making requests to port 80. So they have a choice of buying a whole lot of expensive hardware and blocking all default.ida?XXX requests, violating the privacy of their users. This is what you're actually asking for.

        The second option is that they can deny all incoming requests to port 80, since the UA forbids running servers anyway, and slowly wait for the code-red running machines to go away. This is what they did

        I don't want "proactive measure" anywhere near my net connection. You do realize that a proactive measure would have to monitor all your traffic in depth, and then try to guess when you're behaviour was dangerous. When it has a false alarm, then you'd blame @Home for using such an error prone method, instead of a simple reactive method.

        The trouble with listening to an idiot is that you might give them what they asked for.

        • Re:Brilliant idea (Score:3, Interesting)

          by pongo000 (97357)

          The second option is that they can deny all incoming requests to port 80, since the UA forbids running servers anyway, and slowly wait for the
          code-red running machines to go away. This is what they did


          Not in Dallas, they didn't.


          I'm not advocating any kind of port 80 blocking. It would be a trivial matter to simply block the offenders at their gateway. All @home has to do is set up a monitor on their IP block. This is proactive, but there's no need to monitor traffic in depth, as you say: The morons announce themselves.

        • Re:Brilliant idea (Score:3, Insightful)

          by fishbowl (7759)


          >The second option is that they can deny all
          >incoming requests to port 80, since the UA
          >forbids running servers anyway

          You are mistaken, and you have NOT researched
          the facts before posting this.

          *MY* agreement with Qwest expressly allows
          running servers. They are quite up-front and
          honest about the whole thing. It's what makes
          their relatively expensive, but somewhat slower,
          service an attractive choice in markets where
          there's cable or other dsl providers.

          They even offered to help me setup my LAN, my linux boxes, a static IP netblock, you name it.

          I would suggest that when you talk trash, you
          stick to subjects that you know something about.

        • How is routing packets based on the destination IP, which involves lookin in the packet, any different than routing based on the TCP level, such as transparent web proxies?

          And then, what's wrong with routing a packet containing default.ida?... into /dev/null? Either it's a worm, and the customer didn't intend to send it, or it's a cracker, who you don't want using the service.

          I think all ISPs should have dropped packets on port 80 that appeared to be CodeRed. It'd have stopped this thing quickly.

          But then I think the Anti-CodeRed scripts that use the same hole, but to apply the patch or shutdown IIS and display a message explaining it, should have been used, and should be legal.

          Attempted analogy. I shouldn't go into your car, even if unlocked. But, if your car was rolling slowly down the hill towards mine, would it be wrong if I opened the door and set the parking brake, to save both of us a large repair bill? Especially if I left you a nice note explaining the parking break, how to set/unset it, and why I did what I did.

          In fact, in some jurisdictions, you'd be held responsible for not preventing an accident if you could have safely/easily done so, regardless of it being your "fault" to being with.
    • Yeah, well, I think Windows XP is a great OS because I've never seen it crash. And I've never broken a bone. And I don't know any homeless people. So I think Microsoft, Dr. Harris, and George Bush are really good at their jobs.

      Anecdotal evidence is COMPLETELY irrelevant when you're discussing issues that address thousands or millions. UNLESS, of course, you have anecdotal evidence from every member of the studied population...
    • ...was a bit different than yours.

      I received the call (and the letter, for that matter) from Qwest about the Cisco/Code Red issues. I had already heard about it, but, I had a bit of a related DSL problem I had to ask them about. Oh no, the caller informed me, he couldn't help me with that. He gave me a phone number to call.

      Ok, says I, I'll just call them up right now and get this taken care of. I call, go through the system ... and am given another phone number to call.

      Well....this isn't so convenient, says I, but I'll give 'er a shot. I called up this second phone number and I'm told that all lines are busy now. They'll take my call as soon as they can. My estimated wait is... 60 minutes.

      Ok, I wasn't that desperate. So, I went to their website to request help through their online customer service form. They usually get back to people quite promptly, I'm informed.

      Five days later ... I get an email response saying that I'm going to have to call them to take care of this issue. Yeah...uhm...I guess I'll wait until I have a good hour or more free to sit on the phone... Right now, like you, I use Qwest for DSL and ISP service. When the change goes through to force people to MSN, I think I'm going to cancel my service.

  • by jchristopher (198929) on Wednesday August 22, 2001 @09:42PM (#2206413)
    Complaining? And why not? They are in business supplying a service - you trade your money for that service.

    I cheerfully pay my ISP every month, because they provide me with a reliable, stable, fast DSL line. If it wasn't that way, I'd be in line clamoring for a refund too.

    The computer industry is way too lax on quality of service - every program, OS, or hardware device has a disclaimer that they aren't responsible if it doesn't work. What am I paying for then?!?

    • I agree - I've had a two week outage from @home partially due to the fact they couldn't get a service person out here quickly. They gave me a month off my bill which is ONLY reasonable! I was without the service for half a month, what they did was "the right thing."
    • The question shouldn't be "why not" it should be "who".

      Whose responsible for the lax security in the #1 email client?

      Who lets the idiot users that use their idiot software run attachments?

      I'll give ya a hint. They have plenty o' cash, and his name is Bill. Last name Gates. Works for Microsoft. In Redmond, Washington. He's friggen rich, dumbass! Sue that guy! now your damn ISP which is gonna go out of business anyway! Good grief!

  • What is he talking about?

    The email exchange talks about refunds if you dont get a paper or if you lose your cable service.

    Did I miss something? My cable was down for 12 hours during a storm, would they prorate my bill and take off 1/60th or 1/62nd of the bill? I dont think so.

    Also, the article talks about "Microsoft software" that some Cisco devices where using. What software was that? IIS runs embedded in Cisco stuff now? My previous understanding was that IIS was overflowed with malformed URL, and that that URL/packet/volume of attacks caused many Cisco products to barf up lunch. Is that true?
    • the side effects some cisco routers became vulnerable to were (IIRC) the large packets being sent by code red to possible IIS servers, plus some routers simply couldn't handle the amount of extra traffic code red creates, especially as more machines behind a router become infected. Much like the slashdot effect - sometimes it isn't the server that is to blame, it's the connection the server has to the internet from routers, firewalls, etc.

      • It wasn't packet size, it was that CBOS (Cisco Broadband OS) versions earlier than 2.4 suffer the same vulnerability to specifically malformed URI's as IIS.

        • ok, thanks for the info. The thing I heard was simply a rumor from a co-worker who thought that because the packet containing the http GET request was considerably large, it potentially caused problems on some routers (Maybe he thought the malformed URI meant the packet was bloated or something) It sounded a little fishy to me because the concept of spliting packets up during their trip has been commonplace among routing systems long before the internet tookoff in the early 90s.
    • My cable was down for 12 hours during a storm, would they prorate my bill and take off 1/60th or 1/62nd of the bill?

      Yes. At least with AT&T@home the Tech Support people are authorized to give refunds for outages. At least that was the way it was when I worked there.

    • The configuration webserver on the Cisco 675 had serious DOS problems in the setups that various dsl providers were providing (i think it had to be in bridging mode or something), which were known even prior to the CodeRed problem. Essentially, if you did a getrequest with too much crap in it, it crashed.

      It hit bugtraq a few months ago, while cisco was fairly responsive and issued a patch, Qwest at that time declared that patch unsupported.
  • While demanding a refund may seem a little off, I'd have to admit that if I was a subscriber to a program such as this one [directvdsl.com], offered by my provider, and got "protected" by having my port 80 shut off, I'd be asking for a refund too.
  • I tend to think this is just complaining bull crap. My net connection when down too, and I don't run around demanding $5 back.

    Maybe you should. TimeWarner Austin (part of the evil AOL Empire) will give credits for service problems with RoadRunner. All I have to do is call up whenever there is a problem (outages, etc.) and they credit me for the inconvenience.

    Mister Black
  • Did the customers own the equipment that failed, or did they get it as part of the package? Every DSL service I've seen you get the hardware with the package. If this is the case, then if Qwest's hardware won't let you access the service you are paying the for, why shouldn't you expect a refund?? Now, if on the other hand, you buy your own DSL modem and you pick a lousy one that is prone to failue, then it is by no means your ISPs fault if it goes down.

    I look at it like my cell phone service: if the phone that I own breaks, it is my responsibility to get it fixed. If my providers towers all go down and I can't get service for a month, I wouldn't expect to have to pay!
  • hmmm (Score:2, Funny)

    by Beowulf_Boy (239340)
    While were talking about refunds, lets all get refunds from Microsoft because there crappy software has bugs and was affected by something as simple as the code red bug.
    Oh, I'm sorry, when we all sold our souls to microsoft when we signed the user agreement I bet that was covered.
  • Assuming that Qwest never guarantees a certain level of service, then these guys don't have a leg to stand on.

    Of course, the responsible thing to do would be any or all of the following

    • identify infected computers and notify account holders
    • kick infected computers offline
    • filter outgoing packets from infected machines (?)
  • Quoth Qwest:
    The problem is not the modem, the problem is the virus. Qwest is not crediting for the virus.

    What Qwest clearly fails to comprehend is that, by choosing the tools they did, which have a known history of virus vulnerability, they are responsible for the reprocussions.

    It's a well-settled legal principle that persons are held responsible for the actions of their agents when those agents act in the furtherance of their employers' wishes and in a manner not contradictory to responsible behavior.

    Microsoft and Cisco perhaps should be held independently responsible for their failings here, but it certainly does not follow that Qwest ought be absolved of all duty to its customers.

    The rationale behind such a legal relationship is readily apparent. The customers have their dealings with Qwest.

    The customers often are not provided the opportunity to inquire into the methods Qwest is using to provide customers with services.

    And even when they are, there is no reasonable expectation that these subcontractors will listen to these end customers. (After all, their customers aren't Qwest's customers. Their customer is Qwest alone.)

    But Qwest has no real reason to complain to Microsoft and Cisco, since Qwest can simply pass the costs on to their consumers as they're trying to do here.

    In the end, consumers are shafted, and everyone else profits.

    Only by extending legal reliability up the foodchain to people making the final decision can we attempt to ensure that moronic decisions like these accurately produce the reprocussions for decision-makers that consumers feel.
    • What Qwest clearly fails to comprehend is that, by choosing the tools they did, which have a known history of virus vulnerability, they are responsible for the reprocussions.

      Umm....Cisco has a long history of virus vulnerability? Please Explain. Because IIRC, it was a Cisco Bug that caused the Cisco router to crash/hang when Code Red hit the Management interface that Cisco has on port 80. And I was unaware of Cisco having a "known history of virus vulnerability".

      -= Rhyas =-

    • Microsoft and Cisco perhaps should be held independently responsible for their failings here, but it certainly does not follow that Qwest ought be absolved of all duty to its customers.


      This problem has been known for a few months prior to the CodeRed outbreak. Cisco was fairly responsive in issuing a fix (not as fast as their normal bug fixes... but this isn't an IOS so it's somewhat understandable.)

      Qwest should be somewhat held responsible because the fix had been out for a decent period of time, during which Qwest had declared the patch unsupported, leaving people who wanted to patch their routers without much of a choice but to leave it broken, and DOSable.
  • Isn't the downtime really the fault of the morons running unpatched IIS servers on DSL service? And who are, in the case of residential service, probably violating their service agreement? Qwest should give everyone the money, and recoup their losses by port-scanning their DSL subscribers and charging offenders an extra monthly fee. Every Qwest customer, redidential and business, who is running unpatched IIS is to blame.

    Or if Qwest doesn't wish to offend their customers, they should just blame Microsoft. I understand that this is standard practice... just yesterday, some Delphi fucktard (you know the type... "just drag and drop the components! yes, that all it takes to be a real programmer!" ha ha ha) was telling me that the ability to blame Microsoft -- even for things that aren't really Redmond's fault -- is an advantage of running NT! It's really getting difficult for me to defend Windows as a rightful player in the heterogenous world of computing when its users display such poor judgement and reasoning.

    • Read the article... The outage doesn't have anyting to do with IIS. I have qwest dsl also, and was affected. Code red requests overran some buffers in the Cisco 675 dsl router/modem. Disabling web management on the modem doesn't work, you have to move it to a different port
    • IIS and Cisco's DSL problem have nothing to do with each other except that they are both affected by Code Red. You only need one or the other to get hit. IIS servers are the worst player, since the propagate the virus at an incredible rate. Pre CBOS 2.4 Cisco Routers get nailed by the way the virus tries to infect other machines.
      Also, I happen to be a resedential Qwest DSL customer as well, and I made DAMN sure there was nothing in the language of the contract that restricted me from running a webserver, mailserver, or any other server I might get a hankerin' for. So no, you can't charge people for abusing thier lines.
  • Is there some irony there? like when MSNBC.com reports on the latest M$ security hole/virus/etc ???

    E.

  • It depends on what they were guaranteed, doesn't it? If the contract they signed stipulated an always-available Internet connection, and it wasn't always available (due to whatever circumstances), shouldn't a refund be in order?

    When a telephone pole near my house was struck by lightning last year, I lost cable (and cable modem Internet access) for a couple of weeks. The cable company not only happily refunded me half a month's worth of charges, but I didn't even have to ask.

    - A.P.
  • maybe if they *didn't run IIS*....

  • Excite has a story about it here


    I hope Excite@HOME [slashdot.org] customers don't demand refunds.


  • Damn (Score:5, Interesting)

    by banky (9941) <gregg@nOSpAm.neurobashing.com> on Wednesday August 22, 2001 @09:58PM (#2206465) Homepage Journal
    I've never taken the time to write an angry post about the editorial content... but sheesh.

    First, if you lost cablemodem service for almost a WEEK, WHILE BEING LIED TO about the cause, wouldn't you be a little mad? This was the case here in Fairfax. They tried to say it was "sheduled router upgrades", only to backpedal a couple days later after everyone figured it out (and they had to implore their users to patch, and their email system was down, etc etc).

    Second, I guess I'm wacky, but if I pay for something, I want what I paid for, as other people have said here. I pay $45 a month for cable service. I don't call and complain if it goes out during a storm for a couple hours. But if its down for DAYS, their tech support line is TURNED OFF, and no one will tell me when it's coming back up, I expect to not have to pay for this service! I am not being given anything but a blinking data light. Some of us do not maintain multiple backup dial-up accounts; yes, I'll freely admin I'm spoiled by broadband, but at the same time, I can't justify spending $25 a month in case I lose my connection for a week.All the DSL providers in my area are dead or dying; roadrunner is my only option besides modeming (which is a bad scene in and of itself, die to "multiplexed lines" or some such nonsense which means I get 28.8 tops).

    Third, if no one says anything and just rolls over, then the company will not be challenged to provide a high level of service, since they will know customers will just take it.

    Sorry, Taco, but you're a helmet.
    • amen brotha. i have both cox roadrunner and verizon dsl in fairfax. while my cable was wigging out, i bought a second router, hooked it up to the dsl and it worked fine the entire time. i think cable's working again but i dunno. agreed, we were lied to on the phone by roadrunner reps. i had my cable modem unplugged from everything while she was telling me "it must be your computer, i can ping your modem just fine..." - "are you sure it's mine and not someone else's?" - "oh yes, i'm definitely pinging yours and it's working fine..." uhhhh... riiiiiiiiight.


      anyway, where you at in fairfax? i'm right near the high school. mmmm, china gourmet. did you know that think geek is situated in fairfax too?

  • Lets see, a few hundred refunds of $5 a peice which the service contract does not require, OR the knowledge that you will only loose a handfull of customres because broadband is a monoply.
    Oh an option number 3: Be a pissed off customer and complain you want your $5 in this time of economic uncertanty for broadband companies and if enough other people do it the company is unable to pay its bills and you are left with no service at all.

    Lets just say that when my nntp connection goes down with @home for a few hours each month I do not call demanding a refund.
  • I will grant that they were probably pretty busy during all this so I could understand the 2 and 3 hour wait times. I wasn't really expecting techs to be able to help me anyway. ("poorly trained" was a really NICE way of putting it.)
    I just don't think that Qwest was proactive enough in coming to a solution. They tossed out "patches" and "quick-fixes" without really testing them. I just think that the whole issue could have been resolved much faster than it was. They *should* be handing out refunds, but they never will. I for one am looking into new ISP alternatives. This is not the first time my company has gotten screwed by Qwest.
  • You sue your ISP,
    then your dumb Microsoft product using ISP sues microsoft,
    Microsft disappears into the blackhole created by the massive gravitational effect caused by so many money-hungry lawyers rushing to Redmond to jockey for position at the trough.

    Lets see, microsft disappears and we lose the lawyers, perhaps human civilization might have a change to survive afterall

  • Seems to me that if an ISP is going to be held responsible for this type of problem, then shouldn't Microsoft be responsible as well? After all, ISPs are customers of the company with the flawed software.

    I have to wonder what the implications for responsibility would be if they were using open source code instead.

    Reminds me of the whole Ford/Firestone fiasco.
    Anybody who's ever blown a tire would know that you shouldn't get into an accident unless you do something stupid. (Car&Driver verified this with an elaborate road test). Ford and Firestone have to blame each other to avoid directly calling their customers idiots. (just for the record, I drive a Ford, so flame away ;-)

    Anyway, to get back on topic, this is a classic case of blaming the "fall guy" because it's too tough to go after the real problem.


    Flame Away!
  • I wonder what all these customers reactions would be if their ISP tried to bill them extra every time they clicked on a SirCam attachment and sent 5 gig worth of pr0n, resumes, and book reports through the mail servers? Shit happens people; unless you got an uptime agreement with your ISP, live with it.
  • Any company stupid enough to use Microsoft products in their infrastructure should not expect others to simply accept downtime as a result of this stupidity.

    If my line went down because the people that run my ISP are inept, I would DEMAND a refund of the time that it was down. If I had an option, I'd switch ISPs.

    Honest accidents, or causes like weather, are understandable. Large tech companies that have extensive tech staff running Microsoft products is unexcusable.

  • ...by the Code Red virus. A few entries in Apache's access_log but I didn't go down (nor did my PacBell DSL line). But I think I'll sue all of Qwest's customers (or maybe just the ones suing Qwest) for attempting to attack my system. That's cyber-terrorism, no? They should've been patched and my guess is a bunch of those morons were propogating the worm further. Who knows, maybe Qwest targetted some of their customers specifically who they thought (legitimately or not) were further propogating the worm.
  • I suppose this all depends on location and such.

    I think it sucks because I was told that Qwest waited to patch their servers not thinking that this was a big problem. A company as big and powerfull (bandwidth wise) as Qwest is should be carefull with their servers, especially with things like this that could take out service for everyone.

    Luckily my company was able to eventually get through to some semi-compietent people at tech support that helped us through it. Unfortunately my dads company wasn't so lucky. They had 6 hour waits just to get hung up on, and call back, wait 4 more hours just to get someone that avoided the fact that it was there.

    I eventually ended up giving him the way to fix it and they were up again in a few minutes. But without experiances with Qwest we are not in a position to highly reccomend them as an ISP. Though, when they're up, they're good. But so goes the story of broadband connections, right? :)
  • It takes all types, and obviously comuters and the internet are now rife with the types of the clueless. (Ok, I know, that ain't a news flash by any means) First off the TOS with any isp states that they are responsible for nothing, and if something happens that is not of their doing that interrupts your service then tough cookies. This is like asking the Cable company to refund your money because while your power was out you couldn't watch tv! or demanding a refund from the phone company because you couldnt use your phone while your house was burning down.

    Unfortunatly, the courts will either help these "poor" users. or it will be swept under the table.
    I just wish for once we'd get a judge that would publically announce that the plaintiffs in a friviouls lawsuit were morons and idiots... but then that'll bring more friviolus lawsuits... and so starts the spiral downward...

    If this case is won by the users.... when can we sue microsoft for all the lost productivity their operating system causes weekly?
  • ... their target be Microsoft or the creater of the virus? This is just as frivilous as suing mp3.com for allowing users to copy artist's work.
  • I guess it comes with being a telco and being used to screwing customers over, but Qwest are seasoned pros. It has become customary for them to try to sneak extra charges on my bill anytime I order anything from them (which I avoid when at all possible now). Currently, I am trying to get my ISP switched from Qwest.net to another local service provider. I was quoted Aug. 15 at 5 PM for the switchover. A few days after this, I realized I had not been switched and called to complain; they told me the switchover would be today (Aug. 22) at 5! Right now, it's 9, and I just called support, asking why I wasn't switched, and they had NO such switchover on file at all. Next stop is the Better Business Bureau and the Public Utilities Commission ...
  • 1) they have money.
    2) If you are runnng, oh say unix, you didn't agree to their licence.
    3) Their shoddy product is unsafe on the information superhighway, and create unsafe conditions for the others.

    Microsoft has had staffers and employees state the goal is to push out new product, andding features over 'good code' or fixing old bugs. You might just get #3 to stick.

    All you have to do is get a jury to buy #3. The lawyers will like 1 and 2.

  • Actually, I'm still being bombarded by packets (I'm on a cable modem) from recent worms and I've considered dropping my provider/changing it.

    It isn't "five bucks" for a loss of downtime. Most connections alone run between $30-50 in the DSL/Cable range a month, so 10 days, or 1/3 of that, is a loss of at least $10. Add to that work that cannot be completed over the internet, and the downtime can become severe.

    Also, I don't think this situation is helping my provider, @Home, stay in the business any longer. If they can't start blocking these packets they're going to lose subscribers, which is the very last thing they should be doing right now.

  • An uncontrollable net storm caused by a virus, or an idiot admins' decision to block port 80 on a whole segment vs pushing individual machines off
    as they were identified as infected. If you are looking for a refund for the FIRST you should sit down and be quiet, IF you are looking for a refund for the SECOND then I APPLAUD your efforts.
  • That's stupid to give refunds. It's not a network comapnies job to insure stupid users don't attack each other and bring down the network in the process. This is about liability -- you are ultimatly responsible for what your computer does. What do these people want a refund from? Their own foolishness?

    In some cases, there may be those whom had never actually had the bug, and had experienced a network outage because of the "other people.". This happens. Quest cannot control the weather from destorying a router station just as much as it can't control a virus. Downtimes are a fact of life, a network is dynamic. Shit happens.

    Avoid blaming at all, but at least when you need to, put blame where blame is deserved -- the Code Red virus. Don't sue the messenger.
  • by Alex Belits (437) on Thursday August 23, 2001 @02:12AM (#2206984) Homepage
    My provider isn't "The Wicked Q of the West", but I ended up downloading Cisco 675 CBOS upgrade from their site. This is what happened.

    1. I have received announcements about Code Red in everything security-related that I was subscribed to, and as usual, ignored it because I don't use IIS, Windows and other garbage of that kind.

    2. Cisco 675 router that connects me to my providers (ISP is Megapath, line was Rhythms) started hanging in the most outrageous manner possible, being not accessible even from its serial console that I have attached to one of my Linux boxes through USB multiport serial converter. It was "outrageous" and not merely "bad" because same Linux box happened to have still-working Ricochet modem attached to another USB port, and I was able to reach it from work even when DSL was down, but couldn't reset DSL until I was physically at home.

    3. Later announcements mentioned Cisco routers as vulnerability, and recommended to disable web administration on the router as a workaround, and upgrade the firmware. Cisco page mentioned an upgrade but did not offer anything to download -- required to call their phone number or email them and beg for firmware update. Knowing that everybody who ever bought Cisco 6xx, plus a bunch of people who didn't know how their company's Catalyst differs from bitty box 675, will be trying to reach Cisco, I have chosen to do a workaround.

    4. I have disabled web administration, it stopped working, but router continued listening on the port 80. I assumed, it will just ignore all data that it receives, so a bug won't be triggered.

    5. Router still hangs. I have set a filter to block everything that comes from outside to the port 80 on the router. It looked like router stopped responding to this, so I was confident that I am not vulnerable to that thing anymore.

    6. Router still hangs. Apparently my mind was not advanced enough to comprehend the brokenness of CBOS -- broken code was receiving packets BEFORE THEY PASSED THE FILTERS.

    7. I have looked at the Cisco site to check if they got the idea, how many requests for copies of CBOS patches they are supposed to process and posted the binaries. Nothing -- the page still contained a phone number and email address, and since I was at home, I could be pretty sure that people who were supposed to answer at Cisco weren't at work either.

    As opposed to other Cisco products, CBOS has no optional pieces, and is useful for a single puprose of upgrading shitty 6xx boxes, so why they needed my phone call to make sure that I am indeed going to use their software to upgrade their router and not, say, print as a hex dump and smoke it, is still a mystery for me.

    8. While constantly resetting Cisco, I have started IRC, and asked some of my friends if they know, where to find those damn patches. After few minutes I have received some rather unflattering description of CBOS, Cisco and Intel (who happened to be the real authors of this shit), and the URL on Qwest site with CBOS images.

    9. CBOS images were distributed as Windows executables, with Windows upload program but no instructions -- probably following the logic that if a customer has his servers infected by a virus, running downloaded executables is the least of his concerns. Fortunately, Windows executable was a wrapped zip file, and upload procedure over a serial console was in the router's documentation.

    10. Router worked fine ever since, but it looks like it's still impossible to filter or completely disable web administration on it.

    ---

    Of course, this was that simple only because I had a full access ("exec" and "enable" passwords) to the router. I am afraid to think, how Qwest technicians would have to work if they had to upgrade customers' routers over the network while routers were being attacked, or to distribute passwords to the customers to make them able to run the updater program (I have never seen it running, I assume that it uploads updates either by xmodem over console or by TFTP -- in the first case only customer can enter the password, and in the second one _someone_ has to login to the router and still enter the password), so I kinda understand why Qwest couldn't do much in this situation. OTOH, Cisco could at least issue binary patches as a public-accessible download.
  • by Frodo (1221)
    My net connection when down too, and I don't run around demanding $5 back.

    Very bad that you do not. If you did, and everybode around did the same, probably the current sore state of the security would improve, some knowledgeable sysadmins would be hired and some holes would be plugged.

    As long as the users agree to get crappy service, crappy software and crappy security for their money, they will get crap. The only way to not get crap is to refuse to tolerate that anymore. So if somebody sues their ISP that neglected to provide them the required service and to maintain secuirty, it's a very good thing. If people are promised 24x7 connection and support and then when the problem comes they are said "well, it doesn't work, just wait and maybe it will be fixed in a day or two or more" - they have the right to demand compensation.
  • Qwest shouldn't be held responsible for the worm, or it's direct actions.


    On the other hand, I believe they (along with others) had problems relating to bugs in the DSL modems. Bugs which they had a patch for but didn't inform their customers about immediatly. For that they are potentially responsible for.

  • I use Charter Pipeline cable service, through Earthlink, and I lost access for 2 full weeks. They're overcharging for the service as it is, and during the outage they stopped answering their phones and never let *any* of their customers know what was going on, what was being done, and when it was going to be fixed.

    If I'm paying through the nose for a high speed connection, and it disappears for 2 solid weeks, you can bet that I want some money back. They're giving us all a free month of service now.
  • With this kind of logic, does this mean I can ask for a tax refund from the department of transportation because people keep ramming my car?
  • The article doesn't say how the service didn't work.

    Did Qwest actually shut down stuff, or was it just so clogged with traffic that it was effectively unusable? If the former, it's QWest's problem and people deserve a refund. If the latter, it's just Life.

    • Read this [slashdot.org]. It contains links to other articles that will answer your question.

      Basically, Code Red somehow affected USQwest's Cisco DSL modems, which all stopped working and had to be reset. That's how they lost service: the USQwest equipment located in the customer's premisis failed, and USQwest left it up to the customer to fix it. The sooner you figured out what was wrong, learned how to fix it, and successfully performed the repair, the sooner you were back on-line. Since the delay in fixing USQwest's equipment was entirely due to the cusomer's inaction, ignorance, and/or technical inexperience, USQwest feel they don't need to offer any refunds.


      And since the Explorer wouldn't have rolled over and killed Uncle Fred if he wasn't driving it, it's Uncle Fred's fault, not Firestone or Ford's. Ain't Republ^h^h^h^h^h^hCorporate Logic wonderful?

  • The article referenced does not tell the whole story. Here are some stories that appeared recently in the Seattle Times and the Seattle P-I:

    Times:
    Qwest refuses refunds to DSL customers for Code Red outages [nwsource.com]
    Qwest falls short tackling Code Red worm, but other DSL customers appear to fare better [nwsource.com]
    'Code Red' wrigglings put users in knots [nwsource.com]

    PI:
    State pressing Qwest for refunds after 'Code Red II' DSL breakdowns [seattlep-i.com]
    Worm has Qwest DSL customers seeing red [seattlep-i.com]

    The real story is not in the articles about the State pressing USQwest for refunds, but the earlier ones describing how USQwest basically ignored the problem for as long as possible, then gave people like your Aunt Mildred complex instructions on how to patch their computers and DSL modems, which were broken by Code Red even though the affected customers were not running NT and ISS! Naturally, the Aunt Mildred's of the world had, shall we say, difficulty following the instructions, and if you didn't follow them exactly you only made it worse. It was USQwest's Cisco DSL modems that got hosed, not their customer's PCs, and the customers were first demanding that USQwest fix it and now are rightly demanding a refund for the DSL service they paid for and did not receive.

    As the excite.com article said, this is the same as not getting your newspaper or cable TV -- if a customer pays for a service they did not get, they deserve a refund. Unfortunately the outcome in this case will be less than optimal, because it won't result in USQwest leaving Washington State for good!

Old programmers never die, they just branch to a new address.

Working...