Cable modem or DSL: Which is better?

My Net connection approaches light speed with cable, but that doesn't guarantee victory over DSL.

Published September 23, 1999 4:00PM (EDT)

A high-speed battle for digital dominance is unfolding across the United States. In one corner are the nation's cable companies -- AT&T and RCN, to name a couple -- which have been busily upgrading their networks and deploying cable modems for high-speed Internet access. In the other corner are local telephone companies, like the Baby Bells, and dozens of Internet service providers, which are deploying their own high-speed systems using a technology called digital subscriber line or DSL.

This competition between cable and telephone giants is just what Congress had in mind when it passed the Telecommunications Act of 1996. But while competition has pushed companies to bring out new services and lower prices, it also has created consumer confusion. It doesn't make sense to get both a cable modem and a DSL connection. So if both are available in your area, which should you get? Which is better?

Lately I've been caught somewhere in the middle of this great battle. As a technology columnist for the Boston Globe, I've been routinely peppered by questions from readers. They want to know which is faster today -- cable or DSL -- and which system will be faster in a few years, once everybody else in their neighborhood is online. They're also nervous about the security implications of having their computer constantly connected to the Internet and the supposed "party line" nature of cable modems.

At the same time, as the co-owner of an Internet service provider on Martha's Vineyard, I'm nervously watching the movements of the island's cable provider, wondering if those sleek, high-speed Internet appliances might eventually put my ISP out of business --- or force us to do something entirely new. My ISP,, has spent thousands of dollars deploying its own DSL system---with very mixed results.

I've been engaged in the debate between the proponents of cable modems and DSL for nearly a year now, and I've become increasingly frustrated. Both sides seem to be speaking past each other, arguing half-truths and twisting the facts to suit their own arguments. This isn't entirely surprising, considering the amount of money on the table. But it isn't necessary, because both technologies have merits and should be able to stand on their own.

People who don't understand why cable modems are such a big deal have never used a cable modem. More precisely, these people have never had a high-speed, dedicated connection to the Internet. A dedicated connection blurs the boundary between where your computer stops and where the Internet starts. It's not just that Web pages come up instantly and e-mail downloads in a flash -- it changes the way you use the Net.

I don't crack the dictionary on my bookshelf anymore. With my cable modem, it's faster to fire up a Web browser and hit Merriam-Webster's Dictionary site. I've also stopped looking at the atlas that I carry around in my car. Instead, I hit an Internet map site and print out turn-by-turn directions to my destination before I leave home.

But not everyone has embraced cable modems with the same fervor. Lots of my readers are concerned about the performance, security and reliability of cable modems.

"Your available bandwidth decreases when the other users in your neighborhood are online. Have you had any problem with this?" asked one reader. Another wrote from California: "Some people here complain that because the bandwidth is shared with everyone on the block, and because cable modems are very popular in the Bay Area, that they don't have enough bandwidth ... Compared to DSL the speeds are not all that great."

Others are very concerned about the privacy of their personal information and the security of their home computers. A woman who works for a public relations firm in Silicon Valley shared this story: "My associate recently installed a cable modem in her home and was shocked to find that 'Network Neighborhood' was, literally, her neighborhood! She could see the desktops of all her connected neighbors. This seems like an enormous oversight on the part of cable modem companies, or maybe they just don't care (more likely the latter.)" Lots of readers want to know if it's possible for an attacker to break into their computers and access confidential files or plant viruses.

When it comes to reliability, people voice justifiable concern that their local cable company doesn't offer a high-quality television server, so it seems even more doubtful that they will provide high-quality Internet service. After all, wrote Sang Yul Shin, a reader of mine in Boston, "Cable companies tend to lag in technical expertise and service."

These fears about renegade cable modems have provided phone companies and Internet providers with noisy ammunition for their PR battle. This July, the New York Times ran an article "High-Speed Lines Leave Door Ajar for Hackers," discussing the security pitfalls of leaving a computer constantly connected to the Internet. A few days later Amy McIntosh, president of Bell Atlantic Consumer Data Services, wrote a letter to the editor saying the article "incorrectly implies that home computer users with 'always on' Internet connections are as vulnerable to attacks from hackers whether they use a cable modem or DSL ... DSL service is inherently more secure than using a cable modem because DSL provides a dedicated connection over your existing telephone line. A cable modem is more susceptible to hackers since it operates on a shared system, much like an old-fashioned party line."

When I wrote an article about the launch of Bell Atlantic's DSL service in April, I commented on the disappointing results: Bell Atlantic showed circuits that could theoretically deliver 600 Kbps and 7 Mbps. But my tests showed that both delivered roughly the same performance --- about half the speed of my cable modem. The next day, I received an e-mail message from John Johnson, a company spokesman. "I thought the emphasis on milliseconds of difference in cable modem/DSL performance was misplaced," he said. "The bigger picture, in my view, is that DSL gives users dedicated bandwidth. While you yourself may not have run into the slowdowns that other cable modem users have found at peak hours, I'm confident it's only a matter of time before you do. When that happens, I hope you'll describe the benefits of dedicated bandwidth to your readers."

Internet service providers have another legitimate fear about cable modems: They offer high-speed service at a price that most ISPs can't touch. Consider the cable modem service that I purchase from MediaOne. For $51.50 a month, I get a service that routinely delivers between 300 and 600 kilobits per second in both directions. For comparison, ISPs in Boston that are selling high-speed service are charging roughly $200 a month for 384 Kbps and $300 a month for 768 Kbps.

One of the reasons that cable service costs less than DSL is because it's a shared facility. A coaxial cable traveling in a neighborhood from house to house can provide high-speed service to thousands of customers. A single piece of equipment at the cable company's office can patch those thousands of customers onto the Internet. DSL, on the other hand, requires a separate pair of wires for each subscriber: The phone company needs to install a special DSL "modem" for each phone line at its central office. So high-speed Internet service delivered over cable should be less expensive than the same service delivered over a DSL link.

And cable companies are particularly eager to sign up cable modem users. Across the nation, customers have demonstrated that they are more than willing to pay between $30 and $50 per month extra for high-speed Internet access; that's substantially more than the cost of a typical premium cable channel like Showtime or HBO. What's more, the same two-way digital networks that allow companies like MediaOne to deliver the Internet can also be used to deliver telephone service, further increasing cable revenues. The Internet makes it possible for cable companies to double or triple their revenues -- using much of their existing infrastructure.

The argument that cable modem connections are inferior to DSL connections because the bandwidth on a cable link is "shared" is disingenuous as best. The entire Internet is based upon shared bandwidth. The bandwidth on an individual subscriber's DSL connection may not be shared; the DSL connection ultimately terminates at an Internet router, at which point the multiple streams are merged together into one or more shared upstream connections. Likewise, cross-country Internet links are shared between thousands of ISPs and millions of users. Even DSL circuits can be shared: Bell Atlantic's DSL deployment shares a single pair of copper wires that both voice and data can use simultaneously.

The issue isn't whether or not a link is shared. The issue is whether or not there is enough bandwidth on the shared link to satisfy all of the users at a particular time.

In bandwidth, cable is king: With the exception of fiber optics, there is no faster way to send a data stream from one location to another. In my tests, I've seen instantaneous speeds of 7 megabits per second over my cable modem -- that's the underlying speed of the data channel between my house and the next router on the network. Of course, I don't actually see 7 Mbps in my daily use. When I transfer more than a few packets of data, the cable modem is programmed to slow down the rate of transfer to roughly 600 Kbps. This prevents me from taking more than my fair share of the available bandwidth.

From the cable provider's perspective, the key to maintaining good performance is to keep a watchful eye on customers' bandwidth utilization, then deploy more facilities in advance of customer demand. For example, by monitoring my cable modem, I've determined that slightly more than 800 subscribers share my cable segment. That number will increase as MediaOne sells more cable modems in my neighborhood.

Despite its capacity, at some point the cable will reach saturation. MediaOne can then reduce the congestion by splitting the cable segment in half and installing another router at its office. I suspect that the reported problems plaguing cable modems in the Bay Area are occurring because demand has grown too fast for the cable company to keep up.

That's not the end of the bandwidth story, of course. Two factors determine just how fast the Internet will seem to the average home user. The first factor is the connection between the subscriber's home computer and the ISP. But the second factor, the one that's frequently overlooked, is the connection between the ISP and the rest of the Net.

MediaOne has done a spectacular job in the Boston area of connecting its cable modem subscribers with the rest of the global network. Packets take 12 milliseconds (20 hops) to make the round-trip from my desk to the Exodus hub in Pennsauken, N.J. (For comparison, a particle of light would take just 3.2 milliseconds to make the round-trip, implying that MediaOne has installed some awesomely fast routers between Cambridge and the Garden State.) I am 80 milliseconds away from Microsoft in Redmond, Wash. I can download Netscape Communicator 4.5 -- which resides on a server in San Jose -- in less than 4 minutes.

But I'm even more impressed by the way that MediaOne has worked to deploy connectivity within my metropolitan area. A high-speed connection between MediaOne and the Massachusetts Institute of Technology puts just 3 milliseconds between my desk and the Media Lab. That link is so tremendously fast that I can access machines at MIT about as easily as computers on my local area network. I can download and install the entire FreeBSD operating system from MIT in less than 10 minutes.

To gauge Bell Atlantic's DSL Internet service, I called up the company and had its InfoSpeed service installed at my house in August. The company sent me a DSL modem in the mail, and added the DSL service to my existing phone line. Bell Atlantic also sent me a dozen "microfilters" that I needed to install on the other telephones in my house. Without the microfilters in place, the DSL connection's high-speed data stream sounds like a loud hiss in every phone. (Truth be told, though, even with the microfilters in place I could still hear the DSL on some of my phones.)

The performance was disappointing. But the fault was not with the DSL technology, but with Bell Atlantic's Internet service provider,, which provides the connection between the DSL line and the Internet. Bell Atlantic, it seemed, didn't have very good connectivity in the Boston area. When I tried to connect to MIT, my Internet packets ended up going through New York or northern Virginia -- and sometimes both places. It took twice as long to download Netscape Navigator.

Now, to be fair, you can get DSL from companies other than Bell Atlantic. At my office in Boston, for instance, we have a 384K DSL connection from Concentric. It too has been something of a disappointment, but for a different reason. Concentric has been advertising heavily in the Boston subway system, but the company is fundamentally a West Coast ISP with delusions of grandeur. Specifically, Concentric doesn't actually have any employees in Boston. Instead, it contracts with a company called Covad to do all the grunt work.

Concentric's West Coast bias became clear when I looked at packet traces between my Boston office and the rest of the Internet. We have truly spectacular connectivity between our office and downtown San Jose -- we're just 40 milliseconds from MAE West. This speed is a good thing, because packets from our office destined for local sites, frequently go out to California, or Chicago or New York, before looping back to Beantown. Concentric, like Bell Atlantic, doesn't seem to be a peer with the major Boston Internet service providers or with the universities.

I have mentioned, somewhat offhandedly, that I had surveyed my cable modem and discovered that I was sharing my channel with roughly 800 other customers. If you are concerned about your electronic privacy, that statement should give you some cause for alarm. How is it possible that I could determine this information? And what else can I learn about my network neighborhood?

The answers to these questions are, alas, quite technical and vary greatly between one cable system and another. Some of today's cable modem networks are quite secure, while others are wide open.

Cable modem systems are roughly based on the Ethernet technology developed at Xerox PARC in the 1970s and popularized in the late '80s and early '90s. To the first approximation, a typical neighborhood cable network looks like a big local area network.

This structure also lowers the cost of deployment. Making a neighborhood network look like one big Ethernet saved a bundle of money for the cable modem companies, because it let them use off-the-shelf hardware and software. Practically every operating system in use today can speak the Internet's TCP/IP protocols over Ethernet. By making the cable modems look like little Ethernet hubs, vendors could avoid writing network drivers for Windows, MacOS, Linux -- and every other operating system, for that matter. Mimicking Ethernet also let cable companies use off-the-shelf Ethernet cards in desktop and laptop computers, further cutting costs. Overall, going with Ethernet was the right decision.

Unfortunately, Ethernet has a problem that makes it somewhat unsuited to a neighborhood environment: It's a broadcast network. On a typical office LAN, for example, you can run a program called a "network analyzer" and see the packets of every other machine. The computer underground has written programs called "packet sniffers," which exploit this feature to capture a victim's password as it is typed.

When the first cable modem networks were deployed in the Boston area, I loaded my favorite packet sniffer onto a floppy disk and headed over to my friend Richard's house. Richard had already told me that he could see other Macintosh computers in his neighborhood, using his Mac's "Chooser" program. Sometimes people even accidentally printed files on his printer. With packet sniffer in hand, I was prepared to capture the passwords and Web traffic of everybody else in the neighborhood. Then I planned to write an article about the total lack of privacy on cable modem networks

But when I got to Richard's house and set up the sniffer, something went wrong: I could see only a tiny fraction of the network's traffic. The engineers at the company that had built my friend's cable modem weren't bozos after all. Each cable modem on the network had been programmed to filter out packets destined for other subscribers. To use the jargon of Ethernet, the cable modems weren't acting as Ethernet hubs, but rather as "bridges" or "switches." Richard could still use his Mac's Chooser to see the other computers because AppleTalk's network protocol uses broadcast Ethernet packets to let the machines on the network find each other.

When a computer on an Ethernet network sends a broadcast packet, that packet is automatically received by every other host on the network. Microsoft Windows uses broadcast packets to find the hosts for the "Network Neighborhood" window. The Internet's "ARP" protocol uses Ethernet broadcast to determine which computer on a local area network has a particular address.

Cable modems transmitting Ethernet broadcast packets to every subscriber on the neighborhood are a significant vulnerability, easily exploited by a technically savvy attacker. For example, using a freely available program called "arpwatch," I can scan for the ARP packets and detect how many subscribers are on my cable segment. Since MediaOne has assigned host names that look a lot like user names (e.g., I can learn the names of my cyber-neighbors. I can also learn when the ARP packets are sent, and establish when my neighbors are using their computers -- and when they are at work.

Cable modems have another security risk. But that risk doesn't have anything to do with the modems themselves; rather, it arises from the Windows operating system. That vulnerability is called file sharing. If you have two computers in the same house, you can turn on file sharing to let one computer access the other's hard drive. The danger here is that many people turn on file sharing but don't set up a password. Put a computer configured this way on the Internet, and a hundred million people can look at any of the files on your machine.

Different cable companies have tried different approaches to address these security issues. MediaOne, for example, blocks the particular TCP/IP ports used by the Microsoft file sharing protocol. (The company can unblock the ports on a subscriber-by-subscriber basis, if you call them up and make the request.) Other companies leave the ports open, and warn their customers to disable file sharing. I prefer MediaOne's approach.

The ARP problem, meanwhile, will be solved by the next-generation cable modems that implement the so-called DOCSIS 1.1 protocol. Instead of broadcasting ARP packets over the entire cable segment, DOCSIS 1.1 makes sure that each customer will only see the ARP messages intended for his or her machine. As an added protection, DOCSIS 1.1 is capable of encrypting all information sent over the cable itself, with a separate encryption key for each customer. This security measure prevents an attacker from splicing their own cable modem into the backbone, the way that some people used to hook up unauthorized cable decoders to get free cable TV service.

DSL users have pretty much the same set of security concerns as cable modem customers. That's because DSL modems can be set up as routers or bridges. At my Boston office, the Concentric DSL modem is set up as a router. Concentric has given us 6 IP addresses for our own use, and we can't see anybody else's traffic. The Bell Atlantic DSL modem, on the other hand, is configured as a bridge, with potentially 253 other customers sharing the same network -- in this case, a VLAN, or Virtual Local Area Network.

Neither Concentric nor Bell Atlantic filter their DSL connections, potentially leaving customers open to file-sharing attacks. The service technician who installed the Concentric modem told me that I could have it configured as a firewall, if I wanted. Bell Atlantic, on the other hand, simply gave me a small pamphlet that explained the dangers of the Internet and suggested that I turn off file sharing on my Windows computer. As for the problem with broadcast ARPs, Bell Atlantic has its own, somewhat inelegant solution. Instead of filtering the broadcast packets, Bell Atlantic has simply programmed its computers to make it impossible for me to exchange packets with any of the 253 other subscribers on my local area network. Most of the time this shouldn't cause any problem, but if two customers want to play Doom with each other over the network, and they happen to be on the same VLAN, they're out of luck.

To the future

Whether or not cable modems will be more or less reliable than DSL is an open question. When it comes to delivering a consistently reliable service, cable companies certainly do not have a good history. This may be because they've never been forced to deliver a consistently high-quality service: Although it might be an inconvenience to go without cable for a few nights, nobody will die if they can't get their fill of "Star Trek" and "Gilligan's Island." Telephone companies, however, have been required for years to deliver highly reliable dial tone, since 911 is the basis of police, fire and ambulance services. As cable companies begin to provide their own dial tone, they will fall under the same regulations.

With that said, my experience has been the reverse. During the past year, my cable modem has been down only a single day. Meanwhile, I have lost dial tone on my primary phone line on no less than six occasions. Bell Atlantic says this is because I live in an old neighborhood where the wires aren't in very good shape; on the other hand, the cable was installed relatively recently.

If the history of technology is any guide, however, it's unlikely that the battle between cable modems and DSL will be won on technical merits. It's exceedingly difficult to find a single case within the past 50 years where a better technology won out in the marketplace against an inferior one. Beta lost to VHS, after all, and the sleek "RISC" microprocessors from companies like Sun Microsystems and MIPS lost out to Intel's technologically inferior Pentium chips. Ultimately, this battle will be won and lost on mundane issues like price and quality of service.

It's for these reasons, in fact, that I firmly believe companies like MediaOne should be forced to open up their cable networks to other providers. Gargantuan companies like Bell Atlantic ultimately will be able to compete against the cable modem providers: They'll just spend a lot of money to make their DSL offerings competitive with the cable systems. But given all of the natural advantages that cable enjoys, small-to-medium-sized ISPs really don't stand a chance. Unless these networks are opened for all to use, consumers may soon have just two choices for an Internet provider: their cable company or their Baby Bell.

By Simson Garfinkel

"Simson Garfinkel is a frequent contributor to Salon, the Chief Technology Officer of Sandstorm Enterprises, and the Chief Scientist of Broadband2Wireless, Inc."

MORE FROM Simson Garfinkel

Related Topics ------------------------------------------