Online Ads Are More Dangerous Than Porn, Cisco Says

wiredmikey writes "The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco's report (PDF). There is an overwhelming perception that people get compromised for 'going to dumb sites,' Mary Landesman, senior security researcher at Cisco, told SecurityWeek."

TFA got the probabilities backward

[phaunt]

The summary, and the Security Week article, write that "Users are more 21 times more likely to get hit with malware from online shopping sites than if they'd gone to a counterfeit software site".

Cisco's report says that "Online shopping sites are 21 times more likely to deliver malicious content than counterfeit software sites."

Those statements are not equivalent. Online shopping sites have many more visitors than counterfeit software sites, so they have more opportunity to deliver malware. The same goes for the factor of 27 for search engines.

Also, it's hard to check the factor of 182 for adult sites, since the report doesn't include that number, or in fact even the words "porn" or "adult".

Re:TFA got the probabilities backward

[phaunt]

...and Slashdot's title for the story that "Online Ads Are More Dangerous Than Porn" takes it still a level further. It's certainly not what Cisco said.

Re:TFA got the probabilities backward

It is exactly what Cisco said see here: http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html

Re:Risky != Risky???

[phaunt]

What Cisco's report actually said is that behaviour often perceived as "safe" (such as online shopping) carries more risk than generally thought.

Why is this even news?

It has been known for a long time that ads are a primary malware vector, this is the reason many sane people block them.

PAID online porn is safe...

[K2tech]

Well thats what I heard...from a friend...he doesn't have that many accounts...

Re:Thanks Google

[History's+Coming+To]

Did you check out Google's information on government/police/court requests for info and takedowns in the UK? Around 4,000 incidents in total, and over 2,000 of them were regarding AdWords. Not Youtube, or Blogger, or G+ or Google Pages, but AdWords. Looks like they're well aware of the problems, to the point of government agencies taking regular action over it. Thing is, this is the thing that makes them an enormous amount of money...

Full breakdowns by country here

This is why I block ads

[jbmartin6]

This was always my response to the 'it is immoral to block ads' argument. I always said that if blah.com is hosting the ads itself I would be willing to allow them but as long as the content is from some unknown domain that I haven't chosen to trust, forget about it.

I have been saying this for a long time

[erroneus]

I consider "Adblock" and similar browser and computer add-ons to be *security* tools as much as bandwidth and other management.

Since the first time I noted browser exploits coming across common news and sales sites, I realized that the current model requires not trust of the sites we visit, but of the advertiser's sites... you know, like google and double-click and the others. I don't want to trust "unknowns" and so I block them unless I need them unblocked for access.