Slashdot Mirror
Window Pain
Occasionally while I'm surfing the web and a pop-up ad opens, my Norton Anti-Virus will alert me that it blocked an "attack" on my computer, and then in Norton's logs of recently blocked attacks, it gives the URL of the content inside the pop-up ad that was blocked. Sometimes it indicates whether the "threat" was blocked under the category "scareware" (an ad that mimics a program scanning your PC for viruses and then claiming to find "infections," which you have to remove by purchasing the advertiser's software) or "malware" (an advertiser's page that tries to infect your computer directly by using JavaScript tricks to get around the browser's security features). I'm glad that Norton blocks the malware attacks, since even though I always have all the latest security patches installed for Internet Explorer, it's always possible that an attacker could be using an exploit that hasn't been patched yet. I don't really care about blocking the "scareware" ads, because I'm not going to fall for an ad that claims to be scanning my PC for viruses, but most Norton customers probably appreciate blocking those ads as well.
The problem in both cases is that it's hard even for an experienced user, and almost impossible for a novice user, to know where to send a complaint about the content in a pop-up window. You can usually figure out the URL of the content in the pop-up window (just right-click the window content and pick "Properties" in Internet Explorer or "View Page Info" in Firefox), but often the content itself is being served from an IP address in a jurisdiction like China or Cyprus where malicious operators are hard to shut down. What you really want is for them to stop serving their dangerous ads on reputable websites through the ad network. You could complain to the owner of the website that you're browsing, and say that a pop-up ad window from their site got blocked by Norton as a "virus," but if their site rotates ads from different providers, the site owner would have no way of knowing which advertising network served the ad. Even if you know the URL of the malicious content that was in the pop-up window, that's not enough to tell which advertising network it was served from (because ad networks typically don't serve the ads from their own domain; they just serve a redirect, which causes the browser to load the pop-up ad's contents from the advertiser's domain).
And even if you know which advertiser network served the ad, and the URL that the malicious pop-up content was served from (say, http://www.evilsite.cn/popup.html), so you can take your complaint directly to the advertising network, that may still not be enough information for them to figure out which of their advertisers served the malicious content and needs to be booted out of the network. Because all the advertiser network has is a list of ad pages for their different advertisers (http://www.advertiser-1.com/ad.html, http://www.adveritser-2.com/ad.html, etc.) — the advertiser buys the right to show ads, and the ad network displays ads that load content from those ad content pages. If one of those pages — say, http://www.adveritser-2.com/ad.html — redirects the user's browser to http://www.evilsite.cn/popup.html, the advertiser network has no way of knowing which advertiser is doing that. They would have to go through and check the ad-serving pages (http://www.advertiser-1.com/ad.html, http://www.adveritser-2.com/ad.html, and so one one at a time) for each of their advertisers, to see which of those pages redirect to http://www.evilsite.cn/popup.html — and by the time they do that, the advertiser might have altered the page so that it no longer redirects to the malicious content. While it's pretty straightforward to figure out what URL the malicious content is being loaded from, it's very difficult to figure out the chain of events that redirected you there, and who the responsible parties are.
So here's an idea for a simple browser feature that would make it a lot easier to hold malicious advertisers accountable, and get them kicked out of honest ad-serving networks. Simply give the user a way to right-click on the top of a browser window, and pick "View window origin" or something similar. This would display the sequence of redirects that opened the window, something like this:
Browser was visiting http://www.cnn.com/
http://www.cnn.com/ loaded JavaScript from http://www.advertiser-network.com/ads.js
http://www.advertiser-network.com/ads.js redirected browser to http://www.advertiser-2.com/ad.html
http://www.advertiser-2.com/ad.html redirected browser to http://www.evilsite.cn/popup.html
Then, if the user views an ad that is obviously scareware (or if Norton blocks the contents from loading and gives that as a reason), then the user can just right-click on the window and see the list of redirects. The user could then e-mail that to the website owner with a suggestion to do something about it ("The ad network on your page, has been infiltrated by an advertiser who is using the ad network to serve malicious content"), or the user could take the complaint to the advertiser network. The advertiser network would be able to see from the log, exactly which of their advertisers' ad.html pages served the malicious content.
(Yes, this comes on the heels of my article arguing that we should allow more intrusive ads as a way to help pay for services that can't finance themselves with normal pop-up ads. This may strike some people as "ironic" who haven't thought about it very carefully. Getting users to give larger amounts of their attention in exchange for premium service, is an honest and mutually beneficial transaction; scaring users with deceptive ads, or using ad space to try to infect their computer, is not. I think that Starbucks has the right to charge whatever they want for coffee; that doesn't mean they have the right to pee in your coffee.)
In order for this window-history-tracing feature to make a difference, at least the following two conditions also have to be true:
- The advertiser network has to be honest (honest enough to kick out advertisers who they know are serving malicious content), or at least, be located in a jurisdiction where they have to worry about being sued or prosecuted if they don't kick bad apples out of their network.
- When the malicious ads are served, enough users have to complain about them that the advertiser network takes notice. You wouldn't want the advertiser network to take action just based on a single complaint, since then anyone with a grudge could file a phony complaint against an advertiser in order to get them shut down, but if complaints start coming in from several sources, then they should investigate.
Fortunately, these would be likely to be true in many if not most cases where malicious pop-up windows are being served. With regard to the first condition, I've dealt with several advertising networks to find ads to serve on the proxy sites that I run, and they were all based out of law-and-order countries (the U.S., Canada, Israel, i.e. not China or Kazahkstan). As for the second condition, the advertiser would probably have to serve the ad to many different users in order to achieve their goal -- whether their goal is to infect users' machines, or to get them to buy the advertiser's fake anti-virus software, or whatever -- and as long as a fixed percentage of users viewing the malicious ads are inclined to file complaints about them, then the more the ads are served, the more complaints will come in until the ads are taken out of rotation.
Of course, if the URL that's actually serving the malicious content, is located in a law-and-order country, you could always just complain to the admins of the network where the content is being hosted. But that's likely to be less effective, since (a) the actual URLs that I've seen serving the malicious content, usually are located in cybercrime-infested nations like China, and (b) even if you get one of those sites shut down, the advertiser can instantly rotate in other sites with the same content, and make that the new URL that users are redirected to.
It is also of course true that some pop-up ads are spawned not by websites, but by malicious programs that actually infect your machine and force your browser to display pop-up windows. If some browser maker adopted the feature I'm suggesting, and stored a user-viewable "history" associated with each pop-up window, then a malicious program running on your machine might even be able to spoof the history associated with a pop-up window, so that the user would right-click on it and think it came from http://www.cnn.com/ instead of being spawned by malware. Once the user has their machine infected by a rogue program, nothing that any other application tells them can really be trusted after that point. So an advertiser network would have to be careful not to take action against an innocent third party, just based on a flood of complaints that were sent in by people whose machines were infected by malware that spoofs the origin of the pop-up windows. Fortunately, if the allegedly malicious ad is still in rotation, it would be easy for the advertiser network to check the validity of the complaint, by simply going to the advertiser's ad-content page, and seeing if it redirects to the malicious content. If it does, then you have grounds to boot the advertiser out of the network.
(You'd want to check the page's content from some anonymous IP address not affiliated with the advertiser network though. Otherwise, the advertiser might try to fool the ad network people, by showing "innocent" content when the page is loaded from the IP addresses associated with the ad network's office, and serving the scareware content to everybody else. Just trying to think of everything here.)
I'm sure there are other counter-strategies and counter-counter-strategies that would have to be taken into account, and kinks to be worked out, but probably not fatal to the whole idea. If a pop-up window opens on the user's computer that is possibly illegal, it is probably a good thing to give the user the tools to figure out where the ad came from, and which advertiser network to complain to. Right now, the ad window just floats there, and it's maddening not to have any way of knowing which ad-serving network put it there, or even if you can identify the ad-serving network, which of their advertisers created the content.
The main obstacle standing in the way of a major browser maker implementing this, may be that it doesn't bring any particular benefit to the users of that browser. When Microsoft adds SmartScreen to Internet Explorer, they can now claim that IE users are better-protected than users of other browsers. On the other hand, if the Mozilla Foundation adds the pop-up window right-click-history feature to their browser, they can't legitimately claim that Firefox users are better protected, since this feature wouldn't actually block anything. Firefox users would simply be better equipped to complain about malicious pop-up windows, and increase the chances of those rogue advertisements being taken down, or at least kicked out of ad networks where they would do the most damage. However, the benefits of that increased policing, would accrue to all Internet users, not just Firefox users.
Still, abuse desks get so many complaints about spam and spammers, that there are apparently plenty of people out there who get enough satisfaction from complaining about net abuse, that they would make use of the pop-up window-tracing feature if they had it. I know that when I see a stupid ad pretending to "scan" my computer for viruses, I get unreasonably disgusted, not from seeing the ad itself (which I can easily ignore), but from knowing that the advertiser has probably fleeced people of thousands of dollars with that ad. It would be nice to be able to help stop them before they cheat the next person.
who the F&ck cares
I can't recall the last time I have seen a pop-up ad with the above configuration. They literally aren't a problem for me. Oh, and I run Linux, so it doesn't matter anyway...the code won't execute.
wow .... i wonder if i should read this ....
Whatever happened to that guy? He posted a bunch of worthless articles, wrote (and promoted) a book here on slashdot, got laughed out of the community and nobody's ever heard from him since.
moox. for a new generation.
I mean did you really need to write this long-winded meaningless rant? just download firefox and ad-block pro.
Arash Partow's Philosophy: Be a person who knows what they don't know, and not a person who doesn't know.
no-script alone should solve most of the problems
Occasionally while I'm surfing the web and a pop-up ad opens, my Norton Anti-Virus ...
Huh, I fail to identify with your underlying scenario. I have the latest vanilla Firefox here (not even adblock or noscript) and it does a mighty fine job of blocking popups and letting me know if it did with a tiny bar that comes down. Now, if I didn't do something that would cause a popup on the site, I just ignore it. This works 99% of the time. The other 1% is some less than reputable video site using my "click to play" action in a Flash video to launch a popup that Firefox doesn't catch. Oh well, I make due just fine.
I'm glad that Norton blocks the malware attacks, since even though I always have all the latest security patches installed for Internet Explorer ...
This would be the point in your investigative security piece (which you are delivering to a pack of highly caffenated, know-it-all, technology sector employed nerds) that you point out that you are only using this to mimic the average user's experience or you're doing this to criticize Microsoft or just that you normally use a more secure solution than this. Otherwise at best your credibility may suffer and at worse a frothing melee of insults will ensue ... some possibly in Klingon delivered from a goeteed man pushing three bills. I find these to be most unpleasant experiences ... both as the victim and the bystander so I wish you the best of luck and remind the audience to please be gentle.
My work here is dung.
I agree 100% with Peter. Using that configuration, there are no pop ups and no ads.
Pop-ups in Internet Explorer? How quaint. I've forgotten what browsing in the late '90s was like since I've been using FIrefox for so long. Haven't seen a pop-up in ages. Thanks for the blast from the past.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Sounds like Micro$oft needs to implement a "remotely shock this user" feature.
What ads?
> head -5 /etc/hosts
##
# Host Database
#
# This MVPS HOSTS file is a free download from:
# http://www.mvps.org/winhelp2002/
Those are one of the annoyances blocked by AdBlock on FireFox, right? I can't recall seeing one for awhile.
Best Slashdot Co
File a feature request with the Mozilla Team. I'm sure they'd be happy to include this feature into their browser.
Generally speaking, bad actors will counter any move you make. Talking about miscreants who might respond with innocent content for requests from the ad network's IP space is naive; this has been happening for years already. It is quite common to see a lot of different defenses deployed to protect the bad actors, and accurately tracking them is rarely simple. It's part of the power and part of the problem that is HTML.
Frequent Slashdot contributor Bennett Haselton contributes the following piece on trying to get some measure of satisfaction in the struggle against pop-up adds, writing
"The most annoying thing about some pop-up ads
Jeez, how hard is this? All the editor had to do was ^c^v what the contributor wrote. (Yes, I know I'm misspelling "Jesus"; I'm trying to avoid going to hell. Fuck you.)
Simply having the "Block pop-up windows" option activated in Firefox is really quite sufficient most of the time.
Or, on a small business network, IPCop + URL Filter with transparent proxy on & the Ads category checked... That works well for IE & Firefox.
No, you fucking plebeian. Bennet Hasselton has two last names, and both of them are extra snooty, therefore you will read all of Bennet Hasselton's exquisitely crafted prose and you will like it. A genius like this is doing us all a service by sharing his wisdom, so get out a spoon and eat that shit up.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
It only reinforces that you saw the ad... This approach may backfire and incentivize this type of behavior.
A black hole is where God divided by 0
Yeah, but this article is discussing the state if the industry, not how an expert user can avoid popups and other scareware/malware.
.01% of us slashdotters that are the problem with malware infections, it is the millions of joe sixpacks that care not to go through the trouble that it takes to install and then browse with these specialized browsers and plugins.
There are loads of machines out there being infected today by doing normal browsing on reputable sites. With the current industry practice of n-number of redirects through n-number of networks for 3rd party ad serving it makes it near impossible to track down those of nefarious intent on an incident level.
Once again it is not the
I for one agree, something must be done; and "open letters" like this are often how the conversation starts.
I've noticed recently that many websites I visit are starting to use those huge overlay ads OR, even worse, those fuckers that appear right over a link just as you are about to click on it.
I WILL NOT buy products advertised in this fasion.
Living With a Nerd
He basically wants someone to tell him about Fiddler.
Always proofread carefully to see if you any words out.
Can i get a reader's digest version?
Pop up windows and malware make Hulk angry!
Firefox + NoScript + Adblock Plus alone does alright for me. NoScript has options to block embedded content under options so adding FlashBlocker is a little redundant for my taste.
I've lost all my marbles except one & It's fun to test angular & centripetal acceleration in my skull
Timothy - ads are not the same thing as adds.
That or privoxy with the browser of your choice.
But back to TFA, I can't believe it didn't occur to Haselton that sending email to a site that has these ads is a bad idea that will probably get you on more spam lists. People who have these ads are part of the problem for a reason, and the reason is usually greed.
Caveat Utilitor
Occasionally while I'm surfing the web and a pop-up ad opens, my Norton Anti-Virus will alert me that it blocked an "attack" on my computer
Wait a second... he has a computer powerful enough to get pop-up ads while running Norton Anti-Virus?
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
Hey, you stole my comment! :)
"Block pop-up windows" won't get rid of those stupid smiley face flash ads that shout "Oh No!".
I've lost all my marbles except one & It's fun to test angular & centripetal acceleration in my skull
I have helped a few sites track down and remove scareware. give them as many details as you can.
My host name and IP from http://www.displaymyhostname.com/
The time I was on the page. What page you were on.
One thing I do is leave the site alone for a day so when I report it, I can tell them it was the last visit to the site. A detail like that helps when looking at logs. The hostname gives them where your located so if the add network uses locations to send adds, this will help.
part of the problem is that these sites will take real adds for real services and have them link to the real site. This helps them pass, then they push out a redirect script later or built in with a trigger to cause the redirection.
Its not often they can or take the time to track it down. But it sure feels good when they tell you they tracked it down because of your help.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
I use firefox for everything except active directory related stuff at work. I have flashblock, adblock plus, ghostery, and a few other add-ons that make firefox fast as F@#$. I get virtually no pop-ups (only things i click that are supposed to open new windows). All the known malicious sites are blocked by adblock because it automatically updates based on your subscription.
--Jason--
If not Katz, then maybe someone who will stand in here in all the meaningfully Katz-like ways. We desperately need a Katz-figure here now to allow for some steam blowing off. I will say that, writing an article about pop-ups and IE, he's off to a fabulous start if he wants to pick up Katz's Post-Columbine Banner.
C'mon!! Go for it, D00D!
Agreed, I have NoScript in my FireFox, I haven't gotten any unexpected pop-ups.
My main problem is getting expected pop-ups, sometimes I forget to look at that little bar that appears at the top of the window.
I haven't seen a pop-up ad in years, but my understanding is that Google's Chrome browser handles this by keeping the pop-up inside the tab that created it. Not the full history of the page with redirects as was overly-verbosely proposed, but certainly a step in the right direction.
I had almost forgotten what a pop-up ad was. Like many of you, I have my own hosts file and I haven't even seen a pop-up in I-don't-know-when. Why doesn't the OP use one also? (No, I didn't read all TFA. Too many words.)
If I didn't have absolutely NOTHING to do, I wouldn't be here.
I haven't been able to stomach the excuse for coffee that Starbuck's sells for many years. Now I know why.
CUR ALLOC 20195.....5804M
It doesn't take an "expert" to install the portable version of Firefox.
Really. The dumbing down of the user base has gone a little too far here...
A Pirate and a Puritan look the same on a balance sheet.
Let's combat annoying pop-ups that require the user to stop what they are doing with...complaints for the user to fill out, thus stopping what they are doing! Wait, what?
1. Create Pseudonym of Harrington Carnegie Bartholomew & pimp newly created blog to
2. ???
3 Profit!
Well Bennett, it's not something I would be interested in but, sure, it seems like it's a decent idea. However, I do wonder why you think it should be wrapped in 3rd party anti-virus software like Norton when it seems like it would be easier to just wrap it in the browser itself. In fact, you could write a little script/program that interfaces with the browser and mods it to do what you want. In fact, you could call this program an, "add-on," as it would add on functionality to the browser. Maybe you could even register it with the owners of the browser itself to get it approved so that users know its trust worthy....Do you see what I am getting at here?
It seems like you have the technical chops regarding how the internet routes traffic to design a piece of software like this. So why not write a Firefox or Chrome (or even both) add on for the browsers that do just what you are asking for? I understand its a good idea and, I suppose, maybe you want some input regarding the best way to implement this function. However, as per usual Bennet, your long winded rants/ideas that you post to slashdot just come off as a male peacock flashing his tail feathers amongst other male peacocks. That is to say, it seems like you're just whoring for attention saying, "Look at me, look at me, look how clever I can be!"
So stop typing about it and demonstrate it. Crack out the old Camel book (or whatever O'reilly pet you prefer) and get to coding. Otherwise, please spare your fellow 'dotters the long winded theatrics.
Motorcycles, Robots, Space Gossip and More!
Really, I can't remember the last time i got a pop-up ad.
There are still ads, let alone pop-up on the Internet? I had no idea seeing as I use a real web browser that puts me in control of my net surfing experience.
There is a war going on for your mind.
Here's a solution, don't patronize any site that uses those types of advertisements. There is NOTHING on the site you can't get elsewhere with less crap. NOTHING.
I don't go to sites that have crap splashing all over my screen. I'll do without thank you very much. If a site expects me to use IE, I won't go. If a site wants to bombard me with flash for no reason other than to look ...well flashy, then I won't go. If a site wants to use javascript to do all sorts of stupid stuff to "look pretty", then it isn't getting me to visit again.
If you go away, and don't return, and you find sites that give you what you want without all the crapware pieces then they will learn. As for idiots who don't understand, stupid should hurt.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Get rid of Norton kid. You aren't doing yourself any favors by using or paying for that crap-fest.
There is a war going on for your mind.
I skip noscript, only use adblock plus on slower systems (I'd like to let the sites get ad impressions, but my netbook browses so much smoother when the ads are getting blocked) and use flashblock somewhat randomly across systems. Even with flashblock alone, some sites simply can not be made to function properly without whitelisting it and reloading the page. I don't know if there are funny overlays or scripts that trigger eachother or what but sometimes the little play button just isn't enough.
The average user is not going to go around whitelisting, reloading, and otherwise troubleshooting pages.
Bottles.
If you're using Norton I would wonder what kind of advice you are really qualified to give out.
The price is always right if someone else is paying.
Your equation is missing a critical element: map known ad hostnames to your hosts file and map them to 0.0.0.0. DNS gets short circuited within localhost and immediately returns nothing. Much less work for Firefox and the aforementioned plugins.
I have ~11,000 of these in my hosts file. I don't see ads. If some new ones sneak through, I add that host. Google seems to be tricky with their analytics stuff (Urchin), have to keep an eye on it.
Exactly. We need to have a way to protest, not just avoid.
Reading the first 100 or so replies makes me sick. Its just like spam. Out of sight, out of mind attitude. When you finally get someone who wants to stand up and try and CORRECT the problem rather than just fucking masking it, they get blasted into oblivion. Disgusting.
It's convenient that you can block ads in web browsers. That may be on the way out.
You can't block ads on the iPad. One of the "advantages" being touted to advertisers for the closed ecosystems of the various "ereaders" and "pads" is that they can have unblockable, unskippable ads. There hasn't been much about this in the popular press yet, but it's being of great interest in the advertising community, where more "control over the user experience", and less control by the user, is desired.
You can already see a trend in this direction, with Flash-based video players which insert unskippable ads.
1) Install live headers firefox plugin, keep a window open so you can scroll back once a popup arrives
2) Install squid on your local PC and set your web server to go through that. When you get a popup check where you went in access.log
Not at all. NoScript is too indiscriminate. If you allow a domain, it loads everything from it. If you prohibit Flash for trusted sites, you also block other things.
FlashBlock adds a bit more control.
Does this make sense to anyone who's really thought this through?
What magic does Symantec use that blocks unknown exploits? Or are you saying you update Norton AV hourly, and Internet Explorer only bi-annually?
Per the above, I expect, instead, that Norton is protecting it's marks from OTHER scareware, much as a worm that uninstalls other worms, to ensure it has sole and exclusive access to the resources of the host... I mean, hey, if you get fooled into buying some other program that removed non-existent infections, you don't have as much money now, and might opt to make up the difference by not paying for Norton in the future. After all, the new scareware found one more nonexistent virus than the old Norton scareware could...
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
http://www.requestpolicy.com/
RequestPolicy is an extension for Mozilla browsers that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit. It is the first comprehensive client-side protection against CSRF attacks and the first tool to enable the use of modern browsers without cross-site information leakage.
not just displays, as the original post was suggesting, but also allows to you block (or unblock) cross site requests.
-avi
I know that when I see a stupid ad pretending to "scan" my computer for viruses, I get unreasonably disgusted, not from seeing the ad itself (which I can easily ignore), but from knowing that the advertiser has probably fleeced people of thousands of dollars with that ad.
Ethics aside, those "scanning" ads are really quite ingenious for their ability to elicit a true "what the fuck" reaction when first encountered.
I am far more offended by that "lose belly fat" ad that AdSense drops seemingly everywhere...knowing that someone sat down and actually produced that uninspired elementary school-looking advertisement blows my mind. Moreover, it has been running for ages, so you know it is generating all sorts of clicks.
0 = 1 + e^(Alt something)
clues for the clueless
1- don't write wall of texts detailing how out of it you are
2- use a HOSTS file, solves 90% of problems. Good one here: http://www.fanboy.co.nz/adblock/opera/
3- use any browser that can block popups/flash/jscript. I personally use Opera.
The Cloud - because you don't care if your apps and data are up in the air.
I See a time when pop-up ads
or Help files are no longer needed
on wEb sites and we can just think
to Control our web browsers.
I Am a firm beliver that this will happen
aNd look forward to it.
IrRational advetisers are the source of pop ups.
To Educate people on how to browse is essential.
My bAit and switch idea for spammers should be effective.
Is buDding technology out there going to solve this
Or sYstems of control needed in meat space versus cyberspace?
As COntrols advance into HTML-5 how can we combat the Pop-Up?
I TUrn to the wisdom of my elders for advice on
a Realistic approach to pop up ads.
I Personally use a pop up block and it works but
on Other platforms this may not be an option.
One Such solution is adware and is well liked.
But sTandards for advertising are loose at best.
I was Submitting RFCs for advertising standards but gave up.
Given Los Angles Drag On Social servies it is clear they SERIOUS HELP!
-=[ Who Is John Galt? ]=-
I WILL NOT buy products advertised in this fasion.
When your electric power company and the only broadband ISP serving your area start advertising in this fashion, then what do you do?
For all of the TL;DR and "Oh god, not him again" crowd.. why don't you skip reading and skip commenting on any article that is from Bennett?
It just seems like it would be simpler.
Anti Virus programs already insert themselves in between your browser session and the web. I'm guessing that because this is the case, they can also easily generate the popup window origin redirect "strack trace" which you are asking for. This data could then be automatically sent back to the AV vendor, where they can aggregate it, and report malicious adds themselves. No user interaction required.
"Derp derp derp, I run Norton Antivirus. Derp derp de derrrrrrrp"
Why on earth would you assume that he doesn't generate a single-use email address for such correspondence?
stopped reading after Norton
Which would imply that the advertisers have a motivation to help you remove the offending ads. They don't. They get paid for them just as much as for anything else.
No, the most annoying thing about all pop-up ads is that they are ads that pop-up. All other annoyances are secondary.
Fortunately, pop-ups are usually easily blocked, which deals with that annoyance and any other secondary annoyances they might have.
Actually I think Firefox + NoScript + Adblock Plus + FlashBlocker is over kill. I use Firefox with NoScript. I don't get popups, or the most annoying ads, and flash does not work unless the script is allowed.
Many people wouldn't want to deal with enabling particular scripts to view video or other bits of websites on a regular basis. I don't mind. Truth is when I saw this story I thought, "People still get popups?!?" Then I remembered a recent foray online on another PC with IE and it was nothing but popups and popunders.
-- QED
Anyone who would manage to do that on their own could also just go customize their security settings and all pop-ups will disappear. (Actually... it's been a little while since I used IE, but I seem to recall that I would have had to go change the security settings in order to get the pop-ups to show in the first place. I could be misremembering that, though.)
Anyway. Right click + report and the computer can auto-send the file to the appropriate place. That's less complicated. If you're teaching the browser to associate a subset of history with an ad, you can teach it to associate a provider.
Geez, don't Windows browsers have the ability to block pop-ups?
I prefer to smear the shit all over my naked torso then roll around in vat full of millions of AOL installer floppies. Whatever gets me through the night!
Damping absorbs vibrations. Dampening is caused by moisture.
Oh yeah, yeah, look at ME, I'm so SPECIAL. I'm special because I run LINUX. That makes my computer SAFE. Yeah, nothing can mess up my computer because I run LINUX, the SAFEST operating system.
No one will ever be able to write a virus or exploit for MY system, nosiree. That makes me superior to all those that use the *popular* OS out there.
Never mind that the only reason no one has written a virus is because virtually no home users are on Linux. Never mind that one day someone will find a jagged shard of glass in the code and rape me with it, once enough non-security experts start using Linux.
Nope, I'm SAFE, which is why I'm BETTER than you.
(Where does this attitude come from?)
these comments miss the fucking point by a MILE -
the point is not solving this problem for those of us that already know how to (i.e. literally every reader of slashdot), the point is tracking down those responsible for the problem and punishing them.
just because we are all uber nerds who know how to avoid ads and malware doesn't mean that the average person does. and guess what else? the average person has no idea how to track down the people who are creating these infected ads either, which means it falls to those of us with the know how to do something about it.
seriously, saying "OH WELL ITS NOT A PROBLEM FOR ME" is what contributes to this being such a problem - the knowledgable aren't affected and therefore they don't care to try to fix it, so everyone without that knowledge are left to piss in the wind.
Maybe Joe sixpack shouldn't be using a computer.
Seriously, were entering an age when game consoles, cell phones and toasters have internet access.
Lets give common people common devices and leave computers to those intelligent enough to use them.
Joe sixpack is not going to right click, and send to the website the cut and paste.
This solution is not a solution. Those who know about annoying popups have already blocked them. Those who do not know about preventing annoying popups are unlikely to right click, grab the route, and email it off to the site owner. It would effect basically nothing.
Why on earth would you assume he does?
if someone cant be bothered to install a plug in on their browser, they are not going to bother to send all this information to an ad network that will probably ignore them anyway.
he uses norton. that doesn't exactly puy him on the top of the brighest kids list.
Why would my local power monopoly advertise?
To get people to buy things that use electric power instead of the alternatives that use other forms of power. For example, commercials claim the bidirectional air conditioner they call a "heat pump" is cheaper to run than a furnace when it's cold but not freezing outside. Or they might advertise in cooperation with auto makers to get people to buy plug-in electric vehicles like the 2011 Chevrolet Volt.
I mean beyond, "We're good guys. We bring you power, so you love us" when they face regulation.
That, and PSAs like those with Louie the Lightning Bug.
Doesn't everyone on here run a mailserver?
I believe you meant, "He uses Windows. That doesn't exactly put him on the top of the brightest kids list".
Correct. No one likes your article.
What the F#$% .
Are we practicing for April Fools. Is that it?
I mean I hate the way that with MS you have to press 2 buttons to shutdown your computer. You know I press shutdown and I it asks me if I want to Restart, or Shutdown. I mean really now, why can't I just press the button that says shutdown and the f$%^ing thing just shuts down.
Oh, sorry. Did I digress? Oh, excuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuussssssssssssssssssse me. Yeah, we got that viscous popup issue that everyone seems to have figured out the solution to, except "The Last Retard" (TLR @copyright JumpDrive). But I did happen to notice there were more than one of you, that had to jump into this, thinking this was an issue the cyber police should handle, you being one of it's elite members using IE and Norton.
I mean Jeeeesus H. Christ, WE ARE TECHNICAL GURUS, WE HAVE IMPORTANT SHIT TO DISCUSS. What would happen if we got distracted and missed an update on the latest splash screen changes on a linux distribution? And dam it man, there could be a game that is or isn't going to be produced? What if somebody had heard a rumor about "Duke Nukem Forever" coming out in 1Q of 2011? Holy shit, the force is definitely not with you.
On Mac OS X, Safari and a custom /etc/hosts file does it for me. Oh, and ClickToFlash FTW.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
If you create a free OpenDNS account, you can choose categories of website for which to block at the DNS level. Categories include, but are not limited to, pornography, drugs, alcohol, games and also advertisements. At the facilities that I manage, I use OpenDNS to block advertisements. What happens in the space where you would normally see an ad, either it will be a blank space on the page, or you will see an image saying that the ad was blocked by OpenDNS. It's been very useful and isn't a coincidence that the rate of virus infections dropped off almost instantly after putting the new DNS information in place.
Epic Beard Guy, is that you?
I don't know what you're talking about... I've NEVER seen such an add, although I have seen flash based ads that weren't easily handled by noscript/adblock. I haven't used flashblock.
Stupid, sexy Flanders.
I believe you meant, "He". That doesn't exactly put him on the top of the brightest kids.
What are these "flash ads" of which you speak?
Oh, yeah, "Flashblock". That must be those little grey boxes that I have to click on to play them, unless NoScript or AdBlock ate them first.
Occasionally, I see coworkers surfing the web on IE (we are company-bound to IE6, by the way). I look at their screens with all the boppity and the poppity and the flashity and I just wonder, how in THE HELL can they absorb any information at the web sites they are at with all those things sliding all over the place and everything moving and yelling LOOK AT ME!
The only way I like my popovers is for breakfast, with ice cream like the food Gods intended. Popunders sounds like something you do while sitting on the toilet that requires a courtesy flush.
"This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
The firefox addon Live HTTP Headers will provide all the redirect information you'll need although it's not the sort of thing an average user will be able to decipher.
The dumbing down of the user base has gone a little too far here...
IMO the "user base" has never been smart enough to dumb down. Actually it's more to the point that the user base doesn't care or want to know about such things, they just want stuff to work.
I still cannot find the droids I am looking for...
Maybe Joe sixpack shouldn't be using windows.
Fixed.
I still cannot find the droids I am looking for...
Oh, that's easy. It comes from your need to pretend you don't feel inferior for making and sticking with a stupid choice (Windows).
Hey it's ok with me; those of us who use other OSes are used to it. Besides, lots of us make a good living off you guys. Must be a bitch for you though...
Caveat Utilitor
I haven't seen a pop-up ad in years of daily heavy surfing with the above configuration. What's all the fuss about?
But that isn't the correct way to submit a copyright.
FlashBlock adds a bit more control.
I agree. For example, sometimes you want to load one particular flash object on a per instance basis while still blocking all of the rest. Flashblock allows one to pick and choose cafeteria-style which flash objects, even on an otherwise trusted site, will load and run and which ones will not. This is the sort of fine-grained and configurable control that geeks like us recognize and appreciate in our web browsing and computing experiences.
What are these "flash ads" of which you speak?
History. I added NoScript + Adblock Plus a long time ago.
Popunders sounds like something you do while sitting on the toilet that requires a courtesy flush.
Or the privacy of a sanctuary bathroom.
I've lost all my marbles except one & It's fun to test angular & centripetal acceleration in my skull
Amen to alot you said. Yeah, people are going on and on about adblock (which I use, and is great) but I still think you made some good points regardless. As the internet is growing up, we need more and more simple ways for the average browser to educate himself (where did this ad come from?) and be able to send that information to the host. Maybe today its feasible for the host to try to manage himself, but the internet is only going to get bigger and bigger.
I think this shows a more fundamental problem with browsers, (and even Operating System environments). I feel like we've been basing too much on just like, the first IE design of what a browser should look like.
I remember when tabs first came about, it was so revolutionary! It COMPLETELY changed how we browse the internet, and now every browser and their mom has tabbed browsing built in. I'd like to see more things like this.
For instance, if I've got open 15 tabs (on 3 different windows, between 2 different browsers, chrome and firefox), that should be completely managable. But then I get some pop-up that starts making LOUD noise (YOU WON AN IPOD!) and it takes me 10 minutes to go through all the tabs and figure out which page I need to block. I think there should be a built in browser equalizer. I should be able to mute and change the volume of my tabs at will; why not? Sound is becoming just as big a part of the internet as text. Not being able to change font sizes per page would be inexcusable, so why can't I change volumes?
Getting information about and control over ads is just another area where I feel browsers have alot of room to grow.
GCS/MU/P d- s:- a-- C++++$ UL++ P+ L++ E+ W++ N o K- w--- O M+ V- PS+++ PE Y+ PGP t+ 5- X R++ tv+ b++ DI++ D++ G+ e++ h-
Using Firefox. Install adblock+
Using IE, install ie7pro.
Yes I know it isn't nice and the sites need money to run. But it really speeds up your webbrowsing, it saves battery and some ad companies have had a poor history of servings ads with high CPU usage flash animations and not checking the content they serve.
For sites I like and I feel that are worth something to me, I disable adblock for that site. They rarely serve random generic ads but mostly ads that are relevant to the content of the site.
And then there is all the other crap.
Recently I spent an evening fixing my fathers computer and I had completely forgotten how many annoying messages you get about things that are doing what they are supposed to do in Windows.
Antivirus just updated the signatures or you are now connected to your wireless network , the computer is now on battery power etc. Shut up! Don't bother me unless something isn't working.
I've NEVER seen such an add
OMG! No Way!
I've lost all my marbles except one & It's fun to test angular & centripetal acceleration in my skull
If this becomes a normal Summary we'll have to retire "RTFM" and start using "RTFS." I sure didn't read it!
-- QED
... Katz went to the dogs?
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
The state of the industry is "broken". I'd argue fundamentally.
We depend on blacklists maintained by people we don't know but want our money to protect us from other people we don't know who want our money. We run crappy software (I'm looking at you, Symantec, but McAfee isn't far from my view) that slows down our computers and occasionally crashes then in an attempt to keep crappy software from slowing down our computers and occasionally crashing them. We freak out when Google knows our home address, then enter our unlisted phone numbers onto online forums.
The major player in the software industry has encouraged piss-poor security practices for so long that we assume those practices are the expected user experience, so as soon as they finally mend their ways people bypass it anyway because they don't know what it all means. When we start telling people that there are bad people out there and they should install locks on their electronic doors, there's a shitstorm about how hard it all is (if you can't replace the locks on your doors, you hire someone to do it for you. Same with computers, find a computer literate buddy and open the creaky old wallet and buy 'em a 6-pack fercrissake, most of us will spend a good chunk of the day with you for nothing more than a 6-pack and heartfelt thanks - a decent denomination gift certificate to a good local restaurant would also be an excellent choice, or a decent bottle of wine, or offer some services from your area of expertise in return).
Windows XP can be made to be secure, but a lot of the software that runs on it doesn't like it that way. Windows Vista or Seven are better choices for that, but you have to learn how they are trying to protect you, and work with them. Linux will protect you by default and makes it harder for you to mess it up. Linux can be complicated, but generally only during installation. Once there, it is as as easy to use as Windows. It's a tad different, expect to spend about a day getting used to where things are. You'll have many of the same problems when you go from XP to Seven, though, and Linux is free. There are hordes of people around you that will gladly install it for you or help you out. If you spend most of your time doing email and the web, chances are you won't even notice the difference. It's not for everyone, of course. But you may not need to buy new hardware or spend any money at all to make that crusty trusty old Windows XP machine run faster. In some cases, a LOT faster. So you might save some serious money while you're at it.
You can't run all of your Windows software on Linux (though a lot can run just fine), and if you're a gamer forget it and stick with Windows. However, if you need Windows, at least let someone have a look at it and install a few of the FREE tools that can help protect you.
Firefox is slightly different from IE, but you will hardly notice. Figure a 15-30 minute learning curve. And it does some pretty cool stuff. Windows or Linux, it's just a good idea.
NoScript requires that you intervene whenever you feel you can trust a web site and give that site permission to run stuff. It's a pain, sure, but so is putting on your seatbelt or checking your brakes from time to time. After about a week, it becomes a habit, and all the sites you frequent are whitelisted anyway. "Hey, this site doesn't look right, did any scripts get blocked - and is getting the site to look perfect worth the risk of unblocking them?"
Too many of us have been too complacent about security for too long. The computer is an appliance, but we also keep really important data on it and other people want that data, and we need to start acting accordingly.
"This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
are the problem with malware infections, it is the millions of joe sixpacks.
I disagree. It's the developers who are the problem by unnecessarily requiring said users to use insecure technologies to simply view a site that rarely has anything more than text and pictures on it.
The fact is that malware exists purely because of nerds. They either develop it directly, or they aid and abet it through the above. Joe Sixpack is nothing but a victim.
If the Internet were a car, web developers would require that air bags and seatbelts be removed in order for the car to function, they would install sharp metal spikes on the dash, and then blame the driver when he got in an accident and impaled himself.
"Disobedience is the true foundation of liberty. The obedient must be slaves. " ---Henry David Thoreau
I was all ready to jump on board. Then I read the following two things that made the skies cloud over on my parade.
Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine.
To view the HOSTS file in plain text form. (599 kb)
I've lost all my marbles except one & It's fun to test angular & centripetal acceleration in my skull
Just don't click the ad.
Advertisements are, by their very nature, not the least bit inclined to honesty.
Even if you could get users to agree to devote more eyeball time to, or simply abide, the more intrusive ads, you're still subjecting them to a flood of stuff they a) didn't ask for, or b) didn't want to see.
Remember, it was an advertiser that dreamed up the offensive popups; it was an advertiser that came up with the idea of spam; it was an advertiser that thought robo-dialers were a good thing. In fact, I can't think of any recent advertising advance that hasn't been intrusive, or invasive in some form or another.
Advertisers need to get off the high horse of "the world can't exist without us" and re-evaluate their entire approach to customer relations. Advertisers do not have a right to exist simply because they can create sales. If an advertiser chooses a business model using approaches that are hostile to a consumer's life experience, they should expect nothing more than a welcome to the world of Darwinian economics. Advertisers need to stop bitching about "why the customers won't do things our way..." and make a god-damned effort to communicate instead of dictate.
I'm not tense. I'm just terribly, terribly, alert.
Yes we need to address malicious ads, but short and sweet, they are there to generate revenue of sorts for legitimate business. SO, teach the user to not click on the pretty ad the comes up, and why, poof, problem solved? Maybe build a program that sends a signal to a special anti ad clicking mouse, every time you click, it shocks your poor little hand, until you stay away from those mean ol ads. Heh, no, that will never work. The idea to address the issue of malicious ads is not an easy one to address. I think this letter is a great starting point, and should hopefully open some thinking, but my point of the mouse example is that we have to address it not only at the redirects level, but the end user. If the "masses" of people out there would learn to not be afraid of technology, then we might make more progress. These ads move on through fear, and fear is strong. It gives the original writer a virtual (or maybe physical) hardon, because they know they have to the power to control thousands. I like my mouse idea.
mkilpatric, to all the mysterious people, I am the folded dollar.
We know that you don't have to be an expert - but if you are not into computers and/or technology in general, it's really hard to keep up with these things. Half my co-workers do not know Firefox, and 80% and we work with data processing, for God's sake. For some of them, it seems It's just more comfortable to keep using the browser you're used to.
And we must keep in mind that, among those who access the web, half of the demographic might not be computer-savvy. Take my aunt, for example: bought a laptop so she could do her work at home (she is a teacher), but that is pretty much the basics - word, excel, and a little internet on 'that program' that she don't even know the name.
Also, you must be new here! Welcome to Slashdot. ;-)
Ads are being served to users that do not want them - but the advertisers are paying. Who exactly is the customer here? The end user viewing the ad or the advertiser? What the poster missed here is that there are four players here:
OK, so who is in control of what here? Well, the web site operator is selling "time" or "visitors" and might like to exhert some kind of control over the ads but isn't offered any such control. Try convincing Google that you do not want to see any ads for multi-level marketing scams on your web site. Go ahead, try. No good, huh? No, you don't have much control - maybe you can say no to "adult" ads.
The ad purveyor has complete control, but they are being paid plenty to post ads. All kinds of ads. They are heavily isolated from the end user, such that even if the end user finds out the CEOs phone number what exactly are they going to do? The end user is not paying the ad purveyor - the advertiser is.
You will never find the advertiser to complain, and even if you did it wouldn't matter. If you are going to advertise on the Internet you have to be immune to complaints. Someone is going to complain all the time. And it doesn't matter because the end user has no control whatsoever.
Sure, the end user can annoy the web site operator - who, by the way, is getting paid plenty to sit and take the complaints and do nothing. Even if the web site operator wanted to do something they have no control. They have two choices - stop advertising and stop the flow of money, or ignore the complaints. The "threat" of moving to a different advertising purveyor is hollow - there are no "different" or "better" purveyors - just those that pay less. The object here for the web site operator is to get as much for their "product" (visitors seeing ads) as possible. End user complaints have no meaning unless you have four visitors that just keep coming back.
Oh, and the advertiser just doesn't care what anyone thinks about this process. After all, they are the ones pushing misleading or harmful content, right?
It is all about control, power and relationships. If you don't understand that you need to sit down and think this stuff through. The Internet today is a fundamentally abusive relationship for the end user. They are the "bottom boys" being dominated and get to take whatever is coming their way. Don't like it? Try a different browser that (hopefully) blocks ads better. If you visit web sites where there are ads, you are going to be subjected to ads - abusive, misleading and harmful ads. Your ability to affect this is small indeed - you can try to block the stream of ads coming your way or you can avoid the more heavily ad-laden web sites.
Moves Qzukk's post to the "wouldn't it be cool if" section and votes NO!
Mmm, works nicely.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Some of us want to keep ad-supported sites running. However, something has to be done. A couple reputable sites in the last two weeks have apparently served malware to me or people I know through doubleclick.net. The sites were wunderground.com and startribune.com (story here)
I don't want to pay to support those sites. Neither do I want to pay slashdot (gasp). For that reason, I allow all the ads on these sites by whitelisting nearly everything NoScipt asks me about on each.
Except now, I've had to blacklist doubleclick.net because it seems to be the site serving malware for its reputable clients, wunderground, slashdot and the Star Tribune.
Sites want to get paid for showing ads so they can keep running. I want to support my favorite free sites by allowing their ads. But I also want to keep my machine annoyance and security-risk free. Users and webmasters need to fight back somehow. Bennett's feedback idea sounds good enough to try. Let's give it a shot.
I mean seriously... almost -all- of the replies here have been about the usage of IE in general, or how he should just install popup blockers (he has one.. granted, it's Norton's, which results in the other replies ridiculing him for that), put sites in the hosts file, etc. etc. etc.
And you, good sir pizza, seem to be the only one who actually addresses his writings; although after a quick look at Fiddler - it doesn't seem like it would be able to give you a clear path from popup to originating script to originating iframe in originating page?
As that, I believe, is what the author was actually looking for. And I agree that it would be most useful - as trying to figure it out from all sorts of encoded javascript crap in temp filenames (if even stored at all), that it's not worth the bother. If it becomes worth the bother (by making it stupid-simple), then at least that gives a starting point for any potential further action.
And you can also add some hosts files to that list as well. But just by using two of those three you listed, popups are pretty damn rare.
I guess the only time I see them now is when using a computer at a place where I don't have control of everything, which isn't too often.
I would love to see such a feature, it would make the life of everyone hosting a advertising revenue dependent site a lot easier. The Slashdot standard answer of Noscript/Adblock/Hostfile doesn't solve anything - there will always be users who don't mind advertisement as much as you do, and it's our job to protect them from harm.
Yes, I run a site that have ad revenue. No, I don't deal directly with the scareware crowd, I sell my space to Google, Right Media, AOL etc. But if they make a mistake and a user gets served a bad ad, I'd love to know from which network it came, so I can demand they take down that ad ASAP and if this is repeated, I will take my business somewhere else.
But browsers just lack that information at the moment, so to report an ad, we ask our users to follow the procedure below:
It will contain a lot of useless info, but somewhere in between, there's the magical <script> tag plus the generated (=bad) content for verification.
I look at their screens with all the boppity and the poppity and the flashity and I just wonder, how in THE HELL can they absorb any information at the web sites they are at with all those things sliding all over the place and everything moving and yelling LOOK AT ME!
My company uses IE 6 too and I have no problems with popup stuff - I ignore it. Unless the popup takes control of the mouse or covers the text that I'm interested in, I simply don't see it...
Well, think "contagious AOL user expectations" at least for USA. Where do you think a whole generation raised by 1990's CD coasters and free floppies featuring 1000 free hours went? They certainly aren't dead, and it's been a whole 10 years. Some of us grew up and left without needing the training wheels.
Others left but never learned a thing about self service. They got too used to one-stop browsing IM, newsgroups, chats, 3 to 10 throwaway email addresses per paying account. Finding themselves without those things, it's natural that Eternal September is far from over because they feel entitled to those things without taking care to work for them.
Once dumbed down, things turn most people apathetic so that they are too busy demanding goods, using what they know, and being afraid of new choices that present themselves as replacement to the cancerous old ways. It's human nature: people who after decades are leaving cable service in these hard economic times will find themselves wondering why local channels are so few, if they even got an HDTV at all, and then will have a hard time figuring out how to set up and surf through channels like 5.1, 5.2, 5.3, 6.1, etc. Many of them will get right back to cable the second their wallets are full again.
I was running most of the configuration you suggest, but was still infected a few months back. The way that the infection entered was actually by clicking the "search" button in Azureus/VUZE. Rather than parsing the data and sending it back as a list, it used an in-client web browser and just went to the site; which then served me an infected ad with (if memory serves correctly) a 'pdif exploit.'
Morals of the story:
1: lazy programming causes all manner of unforseen consequences.
2: Added 'functionality' isn't necessarily a good thing.
3: Noscript, Adblock, and firefox won't close all routes of infection.
Norton and Internet Explorer.... hahahaha
hahaha
I thought computer savvy users stopped using BOTH of those programs years ago.
to be more precise, all decent browsers allow blocking certain sites.
if you can detect a redirect to evilsite.domain, just create a "no-way" entry for evilsite.domain in the table. the ideal traceback code would allow you to hover over the bad site and ask if you want that site blocked.
one-and-done, that's how to fix the evil site guys. eventually ad servers that want to stay in business and log the site entries would start policing themselves.
if this is supposed to be a new economy, how come they still want my old fashioned money?
You've been trained...like a sheep!
whats a pop-up? i remember a while back seeing ads on web pages too? Sounds like a relic from the past. Sounds like a job for some anthropologists.
Balderdash!
The more content-controlled features in your browser, the easier it is for malicious web pages to abuse them. But that's no excuse for the browser to allow them to do so untraceably - it should still show you where the window came from, and give you tools to block that, regardless of what else it's doing. (Of course, that doesn't stop the whack-a-mole moving target problem, but it should at least tell you what mole to whack, and let you limit popup-like things to known good actors anyway.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Ghostery is more of a privacy protection than an annoying-display protection, but a surprising fraction of the sites that I do allow to use Javascript have 2-6 widgets from sites I'd rather not trust. Typically they're ad-trackers of various sorts, or Facebook/Digg/etc.-submission widgets, but in general I block most of them. (I haven't figured out whether killing AddThis or Google Custom Search Engine will lose me useful features or not, but just about everything else gets blocked.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Google Chrome doesn't have NoScript. And some ad networks are grossly incapable of managing their ads.
block articles like this one.
I've got FF with Adblock Plus, NoScript.
I'm pretty strict with my settings, only whitelisting when necessary (and then often only temporarily), but I always get a popup from livejasmin.com when I click to play a video there.
That is the only site I know which manages to get a Popup or other unwanted stuff through to me.
Since the popup appears when I click to play, I guess it's Flash related.
I wrote a little Greasemonkey script that closes the window immediately, but that's just a hack.
Or they can install a single program, Opera, and be done with it.
Intelligence shared is intelligence squared.
It doesn't take an expert user to add a couple plugins, it just takes a bit of friendly advice from an expert. If enough people use them, they might become part of the browser by default.
You don't need to install any Plug-ins to avoid the more obnoxious ADs: simply disable client-side scripting and don't install Flash/Silverlight in the first place. It has always struck be a strange that you are supposed to install plug-ins for extra functionality, then even more plug-in to "roll-back" that extra functionality.
I understand the "Firefox + NoScript + Adblock Plus + FlashBlocker" method allows you to whitelist certain sites. However, some web-sites prohibit AD blocking software as part of their Terms Of Service. If you don't install the plug-ins in the first place, you are not blocking the ADs. Your browser is simply incapable of displaying them! Sure a few "fringe" site like YouTube and Ubisoft won't work, but they obviously don't want your business anyway.
the dns cache service in windows slows it down
mine is just over 4MB with no slowdowns that i notice
http://d01.megashares.com/?d01=GzIUf1I
I'm no gamer, but I am starting to think that games are not a valid reason for staying with Windows: If it doesn't work under WINE, the game is probably trying to use some kind of intrusive DRM. From that point on, the Windows machine can not be trusted: you essentially have to treat it like a console. If you are treating you computer like a console, just get a console instead!
The parent post goes on and on about how broken everything is, but when he hits on Linux, he becomes a salesman.
'Twas lengthy indeed, but I enjoyed entertaining the idea and its many facets. Good post, just watch the brevity.
The working solution I've found as the family support guy is simply Noscript by itself. Yes I have it configured to block all by default and only allow a very limited set of sites to run Javascript. The fact that they also get a flash block is considered a benefit now since most of them are using older systems that are barely adequate for anything else now.
I've combined it with a small local proxy server that simply logs connections to websites. The only purpose of this proxy server is to record a single entry that gets checked later for advertisers to enter into the Hosts file.Other then that and sometimes having to whitelist a new website and routine maintenance, I've managed to free up lots of time by simplying my work.
Mod me up/Mod me down: I wont frown as I've no crown
> ..it is the millions of joe sixpacks that care not to go through the trouble that it takes to install..
Sorry, but I hold to the belief that it is immoral to let suckers keep their money. Stupid is supposed to be painful, it is only the pain that eventually causes growth and learning... or death but then I doubt anyone has even been spammed to death yet.
That said, the root of this problem is simple. The ad networks themselves are the problem. Too many layers of indirection for any hope of accountability. The solution is fairly obvious, widespread use of browser tech that simply sets a limit on redirection. Real content isn't hiding behind several layers of scripts and redirectors. Force the content providers to host the ads in their own network (or at most one redirect away) like in the print and TV models and the malware problem goes away.
Democrat delenda est
I don't know about Windows, but I've been using their hosts files for forever, all the way back to 10.2 on an 800 MHz G3 iBook, with no noticeable slowdown whatsoever--and a HUGE speed INCREASE from not loading a zillion ads while browsing. Seriously--try it. Free, easy, and easy to undo if you happen not to like it. Just open the plain text version, select all, copy, switch to Terminal, type /etc/hosts
sudo pico
and enter your password when prompted. This will open up a basic text editor with the hosts file. Press the down arrow key 'till you're at the end of the file, 'paste' (command-V or 'Edit' menu -> 'Paste'), wait a couple minutes for it to fill in, then press
control-X (NOT command-X)
y
enter
to save the file, then quit Temrinal and enjoy browsing. (There are other, better ways to edit that file, but that's the easiest.)
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
I deal with the public, fixing their computers when they break. After they've called me a second time and I've had to reiterate using Firefox (ad-block is required) they get it.
To be perfectly honest, I sometimes have to wonder how stupid "Joe Sixpack" really is (Or perhaps, just how terrible Internet Explorer really is!) Why? Because I have a confession to make that should probably force me to turn in my geek badge.
I run Windows and Linux about 50%/50% of the time (maybe 60/40 since Windows 7 came out). When on Windows, I don't use No Script, Adblock Plus, or Flashblocker. I browse the internet with reckless abandon, rarely examining links before I click on them. I hit up shady torrent sites (I really don't pirate very much stuff...usually just books I own or installs for software I/someone else owns a license for but no disc). I install random pieces of freeware/trialware without considering the validity of the source. From the standpoint of secure browsing, I am probably the worst Slashdotter who ever lived.
I do Virus and Malware scans once in awhile and very rarely do I come up with anything more than tracking cookies. Perhaps an occasional Trojan (I can't remember seeing one in the last two years that I was concerned about in the slightest when I looked it up before I cleaned it) but even those are rare.
The only thing I really do to protect myself is to run Firefox in Windows, and do online banking type stuff on my Linux machine. That is it. On the other hand, I CONSTANTLY see people who use their computers a tenth as often as I do with machines riddled with malware. Most of these people use IE, despite me always tossing Firefox on their desktop and telling them that if they use that they won't end up paying me $60 again in a month to clean their machines. Seriously? Is IE that bad or do I have to go to even shadier places than I already do?
awesome plugin
He basically wants someone to tell him about Fiddler.
Fiddler likely won't run on the submitter's Gentoo box. Wine is not listed as a supported platform:
http://www.fiddler2.com/Fiddler2/version.asp
It is dangerous to be right when the government is wrong.
Aha, I was wondering why anyone would use Flashblock in addition to NoScript - thanks for clearing that up! :)
Assume all online advertising is deceptive and ignore it. If something is worth buying, someone you know will mention it.
I wonder if those ads that we ignore then become subliminal messages. Are we still being programmed?
eh? when i go to a site with more than one flash object on a page with noscript, i have to click every flash object individually to get them all to load. It's rather tedious when a website has 8 different flash objects for its navigation.
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
Well, if you want all that flash, then don't install flashblock. On the other hand, I rather not have all those flash elements slowing down my browsing, especially when I like to keep multiple tabs open at the same time, some of which contain numerous flash elements.
my point was that i DONT have flashblock installed. I just have noscript which everyone keeps saying doesn't allow individual flash objects within a page to be allowed selectively. They keep saying it's all or nothing. What i was saying is that is not true for me for some reason. Trust me, i really dont want flash running in my browser at all.
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
There are sites that I want to read that need Javascript, so I've got NoScript set to allow them - but Ghostery lets me block many of the third-party privacy-violators that many of those sites seem to have, such as advertising-statistic counters of various sorts. Doesn't seem to slow things down, and doesn't interfere much visually (there's an occasional floating stuff-we-blocked box in the browser tabs.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks