Slashdot Mirror
Two Major Ad Networks Found Serving Malware
Trailrunner7 writes "Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize."
What do you expect from a company called "Doubelclick"? I bet Googel tampers with their search results too.
I doubt they check the scripts before they are put up for rotation, and this is their chance to find a scapegoat. As long as they get paid, I doubt they care to check.
Steve's Computer Service, Hobbs, NM
One more example of why ad blocking has its security benefits. What's worse is that doubleclick and friends are used by pretty much every site out there including Slashdot. It's a shame that although a lot of people would be willing to support sites like Slashdot allowing a few ads to load occasionally; doubleclick just isn't trustworthy enough to allow that.
Sigs are too short to say anything truly profound so read the above post instead.
Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago. With that in mind, I can't say I'm really all that surprised that advertisers would be the source of ad/spy/malware...
Oh wait... Google's doubleclick got tricked too.... okay, nevermind.
-The Anonymous Google Fanboy
I could have told you that. I narrowed down the issue to MSN/Hotmail a couple days ago and was advising users to stay away for as long as possible/use adblock/noscript.
I've been dealing with removing this horseshit from end users pc's all week.
Something interesting I noticed was the malware authors were amateurs- they forgot to setup the fake HDD defrag malware to run at boot on any other user profile besides the one that was infected.
Made disinfection pretty easy...
This is why I block all ads and all your moral arguments and begging be damned. Ad blocking is sensible risk management.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
No, here's some prior art... http://msmvps.com/blogs/spywaresucks/archive/2007/02/18/591493.aspx
The trust model of online advertising is in my opinion fundamentally broken. A big part of the security model of the web is domain-based - e.g. the same origin policy - but this goes down the drain with third party ads hosted on yet another third party's server.
With online advertising it was for the first time possible to measure the effect of ad campaigns better than "how many saw it and did we sell more after it?" What did this bring us? "PUNCH THE MONKEY!", "LOOK AT THE BLINKING LIGHTS!", "BEEP BLOOP BEEEEEP!!!" and perhaps most insidiously it broke the domain-based model of trust on the web since everything had to be put on the advertising hosters' servers to deter click fraud and whatnot.
AdBlock doesn't just save you bandwidth and reduces the annoyance of browsing the web, it is also one of the best tools for avoiding drive-by malware from ads.
________
Entranced by anime since late summer 2001 and loving it ^_^
and sandboxes, and no script, and external firewall devices, and backup drive images from previous weeks
Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit? How many things are you going to block before it makes the web safe? So many all websites are useless? That's why I found NoScript more annoying than not. Too often I was just saying yes to so much it wasn't really that much more secure.
Much better to have secure systems inside than walls trying to block everything.
Really, what kind of idiot to you have to be to run a machine configured like that these days?
How about 90% of the people on the internet, those who are in the "mom and pop" or "poor student" class of user and don't actually know anything about computers except for turning them on and off, and double-clicking the Outlook Express and Internet Explorer icons.
There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?
My MS messenger has been setting off the anti-virus alarms for several months now. They come in through the ads at the bottom of the main window.
For justice, we must go to Don Corleone
There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?
Then my mother would have no access to the internet. She only uses three or four functions on her ubuntu system and I reckon its pretty safe.
http://michaelsmith.id.au
For the very few oblivious people (esp on /.), here's your solution: Adblock
It's really just one more reason for me to not feel guilty about blocking ads. Sometimes I click on ads from sites which I trust and wish to support, but other than that, the hell with them.
DNA -- National Dyslexic Association
Because it's not the web server being comprimised per say. It's the Ad network either being fooled, or willfully putting up exploit code rather than any sort of hack going on. Also considering the turnover of data/files on an ad networks servers, it's much harder for them to keep this from happening
Normal people worry me!
Don't forget the folks who believe it's morally wrong to block ads. I had a long conversation with a college professor of programming who believes that quite strongly.
There really should be a license requirement for using computers on the internet
No way! Next you'll be demanding sobriety checks. So let's just nip that dumb idea in the bud, shall we?
For justice, we must go to Don Corleone
No wonder my centrifuges were running crazy..
For justice, we must go to Don Corleone
ad network should serve the images/text and a link URL, nothing more
stop letting advertising providers provide custom HTML and remote-load scripts/images into ads
The problem with IE is insecure defaults. A browser that allows auto-install by default is BROKEN.
People in glass houses, and all that.
The only time any PC I run has been compromised to my knowledge was a relatively recent drive-by download via a Java applet. The machine was running Firefox, and both it and the Java VM were fully patched. The machine was also behind a properly configured firewall, and running up-to-date anti-virus software and assorted security/privacy plug-ins in the browser. Unfortunately, none of that helps if you get hit by a zero-day exploit. Also unfortunately, I hadn't yet found where they moved the "enable/disable Java" functionality in Firefox 3.6, not that knowing that would have helped me much, because some tools I need for work actually do use Java applets and therefore the related plug-ins anyway.
BTW, I had just started browsing social news sites like Slashdot, opening a handful of tabs to normally reputable sites to read the articles (yes, really, some of us actually do). I'm pretty sure I got hit via either a third party source that AdBlock missed or a compromised comment on a blog post.
In any case, please don't kid yourself that this is only a problem for dumb Windows/IE users surfing for warez/pr0n/whatever. Just because you're running Linux instead of Windows, or Firefox/Chrome/Opera/whatever instead of IE, or visiting legitimate sites that are themselves not going to attack your system, that doesn't mean you're somehow immune. It just means you're a less likely target. Pride comes before the fall.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I find it a bit odd that an extra "f" would have duped "the system". I believe what may have been happening is that human verification part of the equation could have been "hacked".
You create an account, you specify where the banner data lives, it gets submitted for an approval.
Except in this case whoever looked at the data saw "trusted" domain and figured everything is fine. Heck, the "fake" domain could have served an innocent javascript up until owners knew that banner got approved, then swapped out the script and off the drive-by script malware goes.
And then Google/Doubleclick detects bait-and-switch ("hey, we didn't approve this virus!") and it gets flagged.
Hyperom.com
This is a strong argument for blocking DoubleClick and MSN's ad server at the corporate firewall.
Exhibit A: Beer Goggles for Gmail :)
well its bullshit every time an add tried to install something the package manager won't open them. Shit I've tried every distro out there and I still can't open them up. What am I doing wrong can someone please help me. I really want to see all these cool things the rest of the world is experiencing.
This is exactly why iPad type "computers" are the coming thing. Locked down in a walled garden and simple to use. Few people *really* need a 'real' computer when a small "device" will do everything they need.
If they had to pay real money proportional to the amount of damages the situation would be completely different. Estimate them number of visits to poisoned web sites, multiply that by the amount of time required to check for and fix damage, multiply that by a real per hour rate for someone to check all the machines, triple the dollar amount for punitive damages and present them with the bill. If this would happen one time I guarantee that neither Google or MSN would ever let this kind of problem happen again.
The same goes for Gawker loosing all those passwords and emails. So it puts them out of business. So what. Someone else will be glad to take their place. Good riddance to the fools who think that security is an unnecessary cost.
Put lame car analogy about exploding tires/engines/electronics here.
Why is Snark Required?
To expand on this; the job of an ad agency is to put you in touch with many groups who normally you wouldn't be in touch with. Preferably even groups who you wouldn't want to be in touch with. There's a differece between going to a place you trust which might be compromised and a bunch of such places having the chance to pay to get in touch with you.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
How is this news? 90% of the Spyware I see comes from banner ads that redirect to malware.
Pick your poison:
1. Ad redirects upon load to Malware
2. Ad appears normal, redirects after X seconds to Malware
3. Ad appears normal, then redirects to Malware upon closure
4. Ad redirects to Malware upon specific click event (mouseover, clicking something in the page, etc)
Where Malware in this instance is 99% of the time a PDF exploit. And since Flash lacks basic security measures (such as, say, an option to refuse to run scripts in SWF files, or to refuse to open URLs without you clicking through, or...) well, you're screwed.
The solution is simple: Block Adobe products and cheap knockoffs (like Silverlight) from your machine outright.
The only 'safe' way to serve ads is from your own databases, after having thoroughly checked the ads to be displayed for any malicious behavior.
As I stated yesterday, and got modded troll for; you can only be the provider yourself. You cannot trust anybody else. You must act as the filter or else you will hurt your customer base.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
It's annoying because you recognise that the pages often need scripts from sites you actually don't want to enable (e.g. more and more pages need googleapis, even pages where it's absolutely pointless).
The Tao of math: The numbers you can count are not the real numbers.
We require training and driving licences because failure to control a ton and a half of metal and plastic at high speeds can easily kill people, including the driver.
Your mom getting a virus, thus needing you to go and clean her machine yet again does not rise to quite the same level of public safety. What's the next licence, being allowed to use a mobile phone in a public place?
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
I started blocking ads when they started blocking me or my use of webpages.
Static banner ads were okay, but as soon as they started blinking, jumping, making noise, popping up or sliding in front, they were unacceptable and had to go. It's a simple as that.
Using Adblock Plus with NoScript have made sure I've yet to experience my first ad-borne infection.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
At the time Google bought DoubleClick, Google owned the advertisement network with the best reputation (Goolge AdWords/AdSense. Relevant, not-very-annoying text ads) and DoubleClick had perhaps the worst reputation (horrible flash banners, etc.) of them all. I couldn't understand why Google would buy that. Then again, these days Google is pretty horrible towards Ad publishers (closing or freezing accounts without offering any explanation, etc... If you aren't a big name, expect to get buttfucked by Google) while DoubleClick is decent-ish (they should really send their lawyers after dishonest advertisers more... But arguably that's the publisher's responsibility). So doubleclick screws the users but is good for the publishers, Google screws the publishers but is good for the users, both are pretty fine for advertisers. I guess it works out.
(Disclaimer: I work for an agency that does - among other internet related things - SEO, internet advertising and the like. I'm obviously not in any way assosciated with either of the companies unless you count the fact that we hold a number of Google certificates...)
MS for the security holes, MSN for the exploits. One stop shopping! We have you rooted the fastest! Where do you want someone to make you go today!
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Personally, I'd be surprised at the discovery of an ad serving network that DIDN'T serve malware on the side.
I have never understood why advert networks allow their "Partners" to cross-load javascript, and other scripted media objects. If the advert requires a "phone home" script, then it should have that script hosted, and vetted by the advert network they are partnered with, rather than playing a shell game of spot the malware.
Any advert that tries to hot-load a javascript or other scripted media object should be immediately rejected. (it should be pretty trivial to catch such hot-loading attempts with a submission filter, same with loading PDFs, etc. Likewise the use of obfuscated javascript techniques should auto reject.)
There really is no reason for this, other than that the ad networks themselves dont trust EACH OTHER. (EG, they dont want their partners to get their 'oh so important' metrics data instead of them-- or rather, they want to get that data directly themselves, and dont trust their partners to give it to them quickly enough, or accurately. [the potential for the ad-host to screw over the ad-producer over faulty serving metrics would be outstanding if the ad producer had to rely on metrics recorded exclusively by the ad-host, but fuck them.])
Internet advertising is one of the few things about the modern internet that could actually stand to have a little multinational regulation imposed on it. (And then, purely technical regulations intended to greatly frustrate malware distribution, and nothing else.)
I think thats a 2CV.
http://michaelsmith.id.au
88x31 and 468x60 animated GIF's.
I'm going to implement ad blocking at the router level at my house....
Nobodies Prefect
Tidbits for Techs Technology Blog
"There really should be a license requirement for using computers on the internet "
No. Mistakes on the internet are annoying and trivial compared to tens of thousands dead and far more maimed every year on the roads of the US alone.
Adding another government bureaucracy so we can feel good and accomplish nothing would be expensive and stupid. A
s for the idiots (this IS supposed to be a site for the technically literate) who agree with you on the license, may someone kill them in their sleep so they don't breed, That level of stupidity is not worthy of respect.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
and what i say to those people is
sure i will stop blocking ads when
1 every provider can certify under penalty of law that the ads being served are relevant safe to view and are less than 10% of the page content
2 everybody stops cramming 60% of a given page with various ads cross site links and widgets so that an article thats 4 paragraphs does not need to be on 8 pages because the content pane is smaller than a postit
3 everybody also stops doing videos for everything and actually writes articles (a video of a talking head should be replaced with what the talking head said)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
No wonder I saw a spike of GPcode infections at my workplace last week.....
New Economic Perspectives
There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?
The doctor is licensed. The accountant. The lawyer. The mechanical engineer.
Each are held to standards of professional competence and integrity.
But not the programmer. Not the geek.
Thanks for the gratuitous rude stereotyping.
Damon
http://m.earth.org.uk/
You forget that we tried this before, many times and each time the general purpose computer won out because...
A large number of people only use 10% of their computers but it's never the same 10%. People require different things and it's always been cheaper and easier to do it with a "jack of all trades" device then try to flood the market with 100 different devices and OS's that never meet that 10% exactly.
Trying to tell me that computers will be made safer by taking away their function is like trying to tell me that cars can be made safer by removing their ability to turn right (we drive on the left hand side of the road here). In theory this does make our roads safer by stopping people from crossing over oncoming traffic but in practice all you end up with is most people doing dodgy manoeuvres to turn right when they need to. This is why most people jailbreak their iDevice, because it can't do what they need it to.
So the Ipad is doomed, either by a more functional tablet or lack of actual need for a tablet. Neither will it be safe with a large majority willing to open up security holes just to do what they want with it.
Calling someone a "hater" only means you can not rationally rebut their argument.
1 every provider can certify under penalty of law that the ads being served are relevant safe to view and are less than 10% of the page content
How did you decide on 10%? I was just thinking that the Simpsons episodes these days are about 22:30 long. That means about 25% of the 30 minute "content" is ads. I wonder what percentage of a magazine or newspaper are ads... 50%?
And 4) Even under these conditions, ads will remain blocked on any connection for which there is a fixed transfer limit and overuse charge. I'm thinking mostly of mobile phones and internet. Ads are huge. Due to their need to attract attention, the old GIF banner just doesn't cut it any more: Many ads now are interctive flash files with many component graphics, scripts and even audio embedded.
n/t
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
There really should be a license requirement for using computers on the internet
Agreed. You just proved you're a massive douche, so I'm revoking your license.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
One of my honeypot VMs I use for Web browsing got hit by that when I was visiting a top named site.
In my experience, now that a lot of users are not just running executables willy-nilly, compromised ad networks serving up malicious pages to try to compromise browsers or add-ons is the #1 threat in my book.
To drive the point home, I use AdBlock on the main machine I use for Web browsing. I have yet to see a single script related to PC Antivirus. In reality, AdBlock provides more protection than most AV utilities, because once the Web browser is compromised, most AV utilities are completely useless in detecting and stopping that.
I have no sympathy for the suckers who got nailed by malware served by ad networks. Shit like this is why I block all ads and refuse javascript from sites I don't trust.
I write sci-fi for metalheads
Except that the iDevice walled garden has been broken already, and some of the newer exploits are actually browser-based. In many cases they're used as an easy way to jailbreak, but could likely be used for malware as well.
"Walled gardens" are not immune to exploits. They may have extra layers of protections, but an initial exploit followed with a privilege-escalation bump and they're done for. They may also be harder to "clean" in that regard as well.
On top of that, there's also the issue of data-protection and malicious apps. It's not like Apple-et-al actually goes line-by-line through the code of every app, and there have already been malicious apps in the iPhone Store, Android store, etc. IMHO blackberry seems to do the best at dealing with this as it asks *when an app tries to do something* whether to permit it (no, just now, or forever).
The scary thing about smart-devices and the "walled garden" is the path to obsolescence. iPhones are a bit better in the "keeps on trucking" aspect of things, but there are *plenty* of Android-based devices that will never see a current-gen OS and may be harbouring unpatched vulnerabilities.
Strictly from a security standpoint, before I get into any moral arguments, Ad blocking is wrong, Script and Flash blocking is the way to do it. Blocking ads instead of scripts & Flash is like having your airport security block brown people instead of terrorists. It's ineffective and - now I'm getting into moral stuff - harmful.
Say you allow ads on Slashdot.org, and their ad provider is carrying an ad with a malicious script which you run across on your Windows work machine (of course Linux viruses are theoretically possible and there have been a few in the past, but I'm being realistic here). Say it exploits a Flash (or possibly even Firefox) zero-day vulnerability, whoops you're pwned!
At the same time, the sites you browse regularly and would probably like to support are no longer getting those fractions of a penny from you viewing ads.
Now say you block scripts and flash. No Flash object loads without your permission, so you get no Flash-powered ads (they're too resource-hungry anyways). But most sites don't use those and you're still seeing their ads, although the scripts in them won't run, but sites usually still get paid for this. You can browse Slashdot while allowing ads that don't require JS/Java or Flash. They're harmless JPEGs, GIFs or text ads.
By doing this you're also voting with your eyeballs by blocking annoying, intrusive or resource-hungry ads, while allowing benign ads. This is good.
"When information is power, privacy is freedom" - Jah-Wren Ryel
But this is not new or news, unless you've been surfing along in that state of bliss^H^H^H^H^Hoblivion most do.
I visit a few somewhat unsavory sites, mostly celebrity news sites (no, not the celeb pr0n sites, but my protests fall on deaf ears I know) and the occasional programming-on-the-edge blogs, and these will take ads from most anyone. For at least two years I've been sending the admins specific reports of malware-laden ad postings, and until the past 9 months or so all I got was silence or the rare "didn't happen" or "not MY Site, a-h@le" response. Yup, some of them figure I have the time to write up false URLs and make fake screenshots... Sure, and I'm poor cause I'm smart, too.
Since then, all of these sites have gone from ignoring or denying my reports to terse "thanks" or "shouldn't see that any more".
My least terse comments, from a celeb photo site, seem to show that the owner and admin has finally figured out that some of the ad networks they are doing business with are not vetting their customers. In particular, I reported a nasty piece from Doubleclick, and after a week, got confirmation that my report was accurate. Most disappointing was that one ad I reported seemed to be for a Fortune 50 company, but now we know that some of these malware-ads are totally fake, taking the ad copy and source for a legitimate ad and sprinkling it with nasty dust. Both I and the site owners are hoping that these legitimate companies will take note and go after the bad boys.
Neither the site owners nor I actually expect the ad networks to stop this. The money is too good, actually checking the ad code is too laborious, and apparently their virus checkers are worse than mine.
At home, I'm still running all my anti-stuff on all my machines. My wife sometimes asks me what an alarm means, and I point out the warning message. She usually responds "but honey, it's Facebook..." and I assure her the warning is real. Somtimes she says 'But I got this from blablabla site, they aren't dangerous", and I get to tell her it was probably an ad, not the actual site. She gets a little miffed, but hey, it's cute and now it's entertaining for me. Until they get through, then it's re-imaging time.
I'm looking forward to fully virtualized systems and near-instant recovery. Until then, it' an arms race.
But I'm still innocently believing that the major ad networks are unwitting victims here, and that they don't have a few sales types taking money to turn a blind eye and knowingly sell to miscreants. And yes, there is little difference between selling ads for 'V1@5^' and selling ads for botware, but there is a difference. Can we puth them both out of business? Doubt it.
deleting the extra space after periods so i can stay relevant, yeah.
And this is why I use Noscript in Whitelist only mode plus a very nice hosts file that gets updated regularly from the many online versions.
The funny thing is, I started blocking Doubleclick and other advertisers over 10 years ago while still on dial-up since they caused lots of pages to load very slowly. Put em in the hosts files and suddenly many pages loaded very quickly as they weren't waiting on doubleclick/other advertiser and never changed things.
Mod me up/Mod me down: I wont frown as I've no crown
Clicksor is notorious for these malicious ads. I ran a fairly old site that received tons of traffic. I wanted to use a network other than Adsense, so I picked Clicksor. The advertisers were running all sorts of browser hijacking tricks, from java vulnerabilities to annoying javascript windows to auto-load random pages.
THIS is why class action lawsuits against the offending malware serving companies needs to be instituted, starting at the biggest baddest adware serving companies. If DoubleClick serves Malware, it is their responsibility and they need to be sued into oblivion.
Take the profit out of serving ANYTHING to everyone, and start making it cost money, and you'll see the changes you want.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
This happens quite often. Usually, the bad guys are quite sneaky as well. They start a campaign running on the ad network that is served the bad guy's ad server. During the normal week, Monday to Friday, the ads behave and do nothing malicious. Come the weekend, when the ad network has limited staff (or for some networks, only on call support), the bad guys change the ad to serve malicious code. If they make it through the weekend without getting caught, they change the ad back to the normal one before Monday morning.
Sometimes the bad guys will impersonate a reputable company, and they can be quite convincing about it.
The only real way to stop this is to make it so that advertisers cannot change active ads without them being reviewed by the advertising firm. That means ads only being served from the ad network's servers (which will not go over well with all advertisers), more staff to ensure ads are reviewed in a timely fashion, and a number of other changes that everyone needs to adapt to.
A software solution to spot and halt bad ads would be ideal. However, it is difficult for most antivirus/antimalware software to scan the ads for malware, because new stuff pops up all the time.
Andrew Borntreger
Champion of cinematic disasters
DoubleClick and MSN?
Let's just call it like it is, please.
Google and Microsoft.
Whoever posted my older list of points in favor of HOSTS files above here -> http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532574 originally in this thread wasn't myself (note the lack of BOLDING in it? I use bolds, so you KNOW that's not myself, but someone using my older points in favor of HOSTS files).
NOW?
Well - You, like other "naysayer trolls here" are now welcome to disprove and debunk (good luck, many have tried here) MY 20++ points in the current model of my points in favor of HOSTS files, below (which I did predict would occur here in others trolling me on this, as it always does)
I suspect that's the case, on being trolled on this here, because HOSTS files put a MAJOR DENT into malware makers' heinous machinations vs. end users, as well as webmasters & advertisers' profits (so they HATE hosts files) - that makes my naysayer trolls here probably 1 of those types in fact I suspect.
APK
P.S.=> 20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via NSLOOKUP, PINGS, &/or WHOIS though, regularly, so you have the correct IP & it's current)).
6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com
http://www.shadowserver.org/
REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)
And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhacker others online that is... not ALL do!)).
2 examples thereof in the past I have used, & not
why ads are bad.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You seem to assume root/admin access at the local workstation. Sorry, I don't have that at work. Also you assume that every workstation is only used by one person at a time (i.e. no remote login). Sorry, it doesn't work like this here.
Yes. I'm using FF, therefore it's not an issue.
But let me add another thing NoScript does, and the hosts file cannot do (unless you put much work into it which the NoScript developer(s) already did): Surrogate scripts. Some pages will not work properly if e.g. Google Analytics scripts are blocked. Surrogate scripts fix that problem.
And yet another thing RequestPolicy can do, but host files cannot: Block or not block depending on whether it's the main site you visit. For example, you might want to access facebook, but you don't want the facebook buttons to track you. What do you do? With RequestPolicy it's a no-brainer (indeed it's the default): Disallow other sites from accessing facebook. With hosts you only have the choice of blocking facebook completely, or not blocking it at all, unless you keep editing it (and even then, you may have both facebook and a site including facebook buttons open at the same time; no solution with hosts file).
Also, NoScript can save you from XSS attacks targeting your home router. Hosts files cannot (again unless you want to edit it twice every time you want to access the web interface of your router).
That URL is broken. Unfortunately that means I cannot see what technique Ars Technica used. However, the obvious ways I see to block content for people who block ads work quite well also if the ads are blocked through hosts files.
Yes, hosts files can be an effective measure against domains which you definitively never want to access, provided that you are in a position where you can edit them. No, hosts files are not the silver bullet.
The Tao of math: The numbers you can count are not the real numbers.
You don't want a license requirement. You really don't. What will happen is that a "license" for access to an open, unfettered device like a standard PC would be harder to get than a class 3 automatic weapons license for a pistol in NYC, DC, or SF. Someone with connections and a rich family would have it. Everyone else would end up with completely locked down desktops with F/OSS being a happy memory.
Instead, what we need is to focus on programs and research in this security arena. Some examples come to mind:
1: Sandboxie functionality on all platforms, where all writes are redirected, essentially a BSD jail, but with the ability for users to save files outside of it. When the browser is closed, everything that the user has not selected to keep gets wiped.
2: Kicking developers in the rear who do not provide adequate security. If one writes for Windows, their code needs to run under DEP, support ASLR, and use a least privilege model (see DropMyRights source for how to do this right.) This isn't hard -- almost all UNIX programs have been doing this for decades. We shouldn't see the lessons learned by sendmail have to be retaught over and over.
3: Backups. Ideally it would be nice to have a separate machine store backups and have both push and pull abilities, so the stored can't be tampered with once saved off. For the most part, backup technology is still in the 1970s. It would be nice to have an OS independent format that can replace tar, support block level deduplication, compression and encryption, have cryptographic signing capabilities, support ECC so data can be rebuilt if damaged, support filesystem extensions, and be able to be used on tape, DVDs, BD media, files, or raw hard disks, support snapshots, and be usable for not just bare metal restores (restoring the filesystems, but the ODM/Registry/NetInfo/System State), but machine cloning. This way, if a box gets compromised, it can be snapshotted for forensic reasons, then PXE booted and restored (if the time of the compromise is definitely known), or just reinstalled with the data being restored (if the time of the compromise is unknown).
4: PGP/gpg built into the OS, with an OS-protected area for cryptographic keys. Everyone on the Internet doesn't really need a license, but they do need a private key to start a WOT. PGP's WOT should not just cover other users, but it would be good to have functionality to mark repositories as trusted as well.
5: A move to signed repositories. Ideally, the only time one needs to download and execute an installer directly is if it is custom code, or the machine is not kept online for security reasons.
6: Built in TPM chips that ship disabled/turned off, but can be turned on by the user. TPMs are a double edged sword, but would be instrumental in protecting the OS in case the MBR or boot sector get modified by malware. Used right, it would go a long way in protecting the core parts of the OS.
Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit?
They can, of course.
But a compromised website is just one site. A compromised ad network means thousands, possibly millions of compromised sites.
It's all about risk management. And the risk associated with a compromised ad network is far greater than the risk associated with a single compromised site.
No PayPal is evil because they stole aid for victims of hurricane Katrina contributed by Something Awful members.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Reading comprehension: failed.
Or, to use your style: Reading comprehension: FAILED!
I wrote: "You seem to assume ..." not "You wrote ..."
Which means that if you are no network admin (which was the scenario I was talking about), you cannot change it. Case closed.
No Windows here :-) Anyway, I'm just a normal user here, so I can't change the hosts file anyway. Which is just what I originally said: If you are no admin, you cannot change the hosts file, period. So you have to decide:
Either, you continue to claim that I'm wrong. In that case, you should find a place where I'm wrong.
Or you admit that I wasn't wrong. Which is probably the simplest. :-)
Or you continue to argue about straw men which I was never talking about.
That's my guess, too (I had hoped for some information about it on the page). However the methods I could think of don't depend on why the content wasn't loaded, but only on that it wasn't loaded. Therefore it wouldn't matter if the content wasn't there because of a hosts file, because of an ad-filtering proxy, or because of Adblock.
Indeed.
No need to shout. I never denied that. I just pointed out that it's not always possible, and that it also has limitations (actually originally I even only pointed out the first; for reasons I don't actually understand that caused you to reply with lots of bold and SHOUTING, and a "solution" which doesn't work exactly in the case I was talking about: no admin rights).
The Tao of math: The numbers you can count are not the real numbers.
Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit? How many things are you going to block before it makes the web safe? So many all websites are useless? That's why I found NoScript more annoying than not. Too often I was just saying yes to so much it wasn't really that much more secure.
It's called limiting your exposure.
Scenario A: Default install, runs every scrap of Flash / JavaScript / Java / Shockwave that it runs across as you browse the web. This might number in the hundreds of sites, or thousands over the course of a month. Only *one* of those sites has to serve up malicious script in order for your PC to be infected.
Scenario B: NoScript/FlashBlock or AdBlock with a whitelist of only 100 sites. You're still pulling in content from hundreds or thousands of sites each moonth, but unless the attacker infects one of the sites in your whitelist, nothing bad happens. So it's still possible to be infected, but you've cut your risk factor by 1-3 orders of magnitude.
Which is generally limited enough that you're not going to see many (if any) infections. Whitelisting works.
Wolde you bothe eate your cake, and have your cake?
This weekend I got one of those false alerts from a fake anti-virus program. I'm guessing I got it from one of these ads. I've never run an adblocker before, but I will now if ads going to start infecting me with stuff.
Coder's Stone: The programming language quick ref for iPad
Noticed that security-software scans became rather less necessary once I discovered the wonders of AdBlockPlus.
I think I started using it for reduction of garden-variety annoyance, but talk about a side benefit!
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
I monitor the university network where I work and preach FF/AdBlockPlus to anyone who'll listen and even those who won't. The summary implies that the advertising is done through sleight of domain name to confuse the ad network, but that is certainly not always the case. Over the last 12 months we've had an escalating number of systems compromised due to "malicious ads" and it just keeps getting worse.
Antivirus tries to enumerate badness and is doomed to failure. The bad guys pack and modify their products constantly to avoid detection (there is enough money in it to be worth the effort). Heuristics have been promised by AV vendors for the last 20 years (from discussions back on the virus-l mailing list) with no noticeable improvement.
In order of decreasing importance:
- web browser with adblocker that prevents the advertisements from being fetched
- keep system and third party software (java, adobe, flash) patched
- don't login to windows as a user with admin privileges
- run antivirus
and, if you can manage it, run FF with NoScript in addition to AdBlockPlus. It takes discipline to avoid just temporarily allowing domains which is generally not worth it for users, but for those that NoScript is a good solution then AdBlockPlus is a good backup for when you *do* allow a domain that got their content spiked.
As far as I understand the relevant US banking rule (is it a new regulation?), you don't get overdraft protection unless you specifically opt into it. The couple accounts I've opened recently (Chase and Citizens), the bankers seemed to explain this clearly, and I was also under the clear impression that, not enabling overdraft protection, the card would be denied.
Shit hasn't *actually* hit the fan [yet? :(], but eh...
Furthermore, some accounts/cards could offer more protection than the legal minimum.
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
Don't you have anything better to do than follow me around posting bollocks? I wasn't even replying to you (and because of the lack of bold, I already knew that wasn't you ;))
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
I wonder if it costs the merchants much more (if any?) to take PayPal instead of the card directly. (I generally fund PayPal payments with one of my cards - in large part for my small handful of cashback)
If the retailer offers the choice of PayPal or using the card directly, I generally just use the card directly.
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
The ideal solution is probably a network appliance using transparent proxying and multiple levels of blacklisting with multiple levels of ad-blocking:
The first level is a whitelist, as a number of websites use third party ad spewers to handle CAPTCHAs. .swf files, Java executables, HTML, CSS, or whatever.
The second would be an IP level blacklist with an immediate drop of packets, so a connection doesn't hang, but returns unreachable.
The third level would be a database of URLs to remove.
The fourth would be updatable heuristics -- zapping potentially malicious/malformed files in transit, be it
The fifth would be heuristics related to the Web site visited. If a user is browsing a mainstream site, it should not be asking for connections to dodgy sites in Elbonia unless the user was clicking on an explicit link.
Of course, none of this is bulletproof, but stopping the ads before they hit the machine will go much farther than the current technique of AV which is intercepting IO calls and scans (neither do nothing against this generation of malware.)
How do we know it wasn't you? You don't have an account (a situation you have frequently defended) so one AC is as good as another. If it matters so much, login.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
...for reasons I don't actually understand that caused you to reply with lots of bold and SHOUTING, and a "solution" which doesn't work exactly in the case I was talking about: no admin rights).
Yeah, there's that Tourette's thing I was talking about...
Jesus was all right but his disciples were thick and ordinary. -John Lennon
I'm not ad hominem attacking you. I'm not trying to refute your points. I don't in any way, shape, or form have any desire to attempt rational discourse with you. I saw an opportunity to troll you and get you out of the woodwork. I saw a way to waste some of your time in a manner that I find amusing. Score: gmhowell 1; apk 0.
BTW, loved you in Family Ties. How is that Parkinson's going for you?
Jesus was all right but his disciples were thick and ordinary. -John Lennon
apk, the bollocks is this whole tirade on how you were supposedly right... 6 months ago. And I'm still uncertain how it is that you think my agreement that large files read slower than small files is some sort of amazing admission of defeat.
Really. I'd agree with twitter if he posted that, and god knows I almost never agree with him.
Let it go already.
Oh, and by the way... just stuck an entry in my hosts file on Windows 7, and Server 2008 (not R2 - so it's the same IP stack as Vista):
0 www.google.com
Wanna take a guess what happens?
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Looks like genuine apk, if a bit terse.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
We trolls win every single time we get you to post.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
I never denied trolling you. And the only person I troll under the AC banner is tomhudson.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
No. I admitted skimming over your mention of using NoScript in addition to host files. And since I assume you know what you wrote (and even if you have such severe Alzheimer disease that you don't, you could have looked up where the sentence I quoted was in your post), I can only assume that your "misunderstanding" is malicious. Therefore EOD.
The Tao of math: The numbers you can count are not the real numbers.
Adblock Plus. Should be a built-in Firefox add-on by default IMO.
I could probably be doing something else, but pulling your strings and getting a reply amuses me.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Why would I want to disprove anything?
Jesus was all right but his disciples were thick and ordinary. -John Lennon
I never denied trolling you. And the only person I troll under the AC banner is tomhudson." - by gmhowell (26755) on Tuesday December 14, @01:55AM (#34543612) Homepage Journal
Grow up.
APK
Kiss, kiss.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
easy to sort out the percentage you print out the page (it should be no more than say 3 sheets anyway) and then
subtract the print borders and then measure with a ruler the amount of space on the page and then the amount taken up by ads adspace/total space X 100 will give you the percentage.
so lets see 8.5X11 sheets half inch borders gives you 75square inches of space so you need to have less than 7.5 squares inches of ads per page
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Missing the point...how did you decide on 10%? Why should the web be lower than every other media form?
the problem I see with iPads is that all users are locked in the garden. That includes the people who only know enough to turn device on and click on the browser, but also locks out the few people who really need access to all capabilities to make crative use of the device.
i pretty much prefer Palm approach to webos (and probably other manufacturers and platform combinations) : out of the box, it's a "pop and mom" compatible walled garden. But an advanced user can type in a command (a command is still required to avoid clueless users doing it by accident but it's well documented), and switch the device into developper mode and do whatever pleases them, like for example installing an alternative application repository.
that's also the model used by linnux distributions which either let you use the default doctored repository or let you instal a 3rd party one. (but they don't child-proof it like webos)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
The tool who keeps going on and on about HOSTS files is turning himself into a bad Slashdot-centric meme.
A) HOSTS files are vulnerable to being overwritten.
B) HOSTS files are vulnerable to being overwritten.
C) Only complete idiots rely on just a HOSTS file.
@Mindless Drivel: 100% of Twitter posts ever Tweeted.