A Spotify Ad Slipped Malware Onto PCs and Macs

An anonymous Slashdot reader quotes TechHive: Spotify's ads crossed from nuisance over to outright nasty this week, after the music service's advertising started serving up malware to users on Wednesday. The malware was able to automatically launch browser tabs on Windows and Mac PCs, according to complaints that surfaced online...the ads directed users' browsers to other malware-containing sites in the hopes that someone would be duped into downloading more malicious software.
It didn't last long -- Spotify quickly posted that they'd identified "the source of the problem." And they're not the only company dealing with hidden malware in ads, since the same thing has happened to both Google and Yahoo.

How difficult can it be

to have as a policy and requirement, that adverts only come as still images, or movie sequences? Why the f*ck would you allow actual 3rd party code to run inside your own software, to display an advert?

Re:How difficult can it be

[alvinrod]

Why the f*ck would you allow actual 3rd party code to run inside your own software, to display an advert?

Most savvy users wouldn't which is why they use some kind of ad blocker or no script plugin. Even if asa weren't vectors for malware infection, video ads and trackers tend to chew through bandwidth and batteries as well.

If websites limited themselves to static images without the massive number of trackers, I'd be far more likely to turn off the blocker. But for whatever reason, advertisers pay websites more if they use the world's most annoying shit.

Re:How difficult can it be

[nicolaiplum]

to have as a policy and requirement, that adverts only come as still images, or movie sequences? Why the f*ck would you allow actual 3rd party code to run inside your own software, to display an advert?

This is often quite surprising to those who don't know how modern Internet advertising works, but that is what people do. To have advertising on your site, you load a JS library from the advertising network and call into it to display the advertisement, and it does what it wants to show an advert. You're trusting them not to do anything evil - and the advertising network maybe trusting the advertiser not to do anything malicious, but you are certainly trusting the advertising network to screen for bad content.

You can have the above policy, but who will enforce it? You cannot, only the advertising network can, as they provide the content how they will. If a malicious advertiser can manage to sneak something in that passes whatever automated testing the advertising network uses, or exploits a bug in the browser, then the website operator can't do much about it.

This is the Web (and apps) of today - this is the exchange you have all made for the "free" websites you like. All the users of websites, all the ones who don't want to pay, have made this advertising software backdoor surveillance monstrosity that is the WWW today.

Re: How difficult can it be

Oh yeah, blame the victim. I'm not even old but I remember the dot com boom and bust. The real reason we have this monstrosity is because the internet changed from hobby to business. What was supposed to be an information sharing network became a huge advertising platform. We have nothing to blame but corporate greed.

Re: How difficult can it be

I suppose you also think that telling people not to walk through the bad part of town at 2am flashing expensive jewellery is also "blaming the victim".

Re: How difficult can it be

Yep, the victim is to blame. Own your music and avoid this nonsense

Re:How difficult can it be

[the_Bionic_lemming]

I run a website, and it is free from ads.

Had to disable a lot of rss feeds because the sites - like /. started to advertise on my website.

The only RSS feed left is the bbc.

I don't make money off of the site, but it's a hobby, and I enjoy doing it. Costs me less than a month of cable TV per year to do it.

Re: How difficult can it be

What was supposed to be an information sharing network became a huge advertising platform.

It's both. It's only an advertising platform if you have sold out to corporate services, they didn't exist before and you don't have to use them now. The issue is that they added value and that value comes at a cost that you don't want to pay but you still want those services. If you don't like them then don't use them and the internet will still be an information sharing network.

Re: How difficult can it be

[Z00L00K]

I'm more likely to click on text only ads. Even if that's a rare event too.

Re: How difficult can it be

[tinkerton]

I usually click in empty space in order to set the focus to the browser, only to discover that there's a ad link there. So plenty of inadvertent ad clicking here.

Re:How difficult can it be

[JaredOfEuropa]

So make it clear to the advertising networks that you want a "still image only" option. That'll be a huge improvement even if you're still using their JS to display it. And since a lot of them now seem to pay mostly per click (rather than per view), there's no need (or excuse) to offer a lower payout for banner-only ads.

Re:How difficult can it be

Because of trust, or rather the lack thereof.
The ad network doesn't trust spotify to be honest with the number of views so they need their own code to do the verification.
Then both of them cry foul when the end user doesn't trust a third party they never heard of to run software on their computer.

Just use adblock and if anyone complains, ignore them.
They could easily avoid the blocking by serving the ads from the page you are visiting, but that would require trust and liability when malware is served.

Re: How difficult can it be

I usually click in empty space in order to set the focus to the browser, only to discover that there's a ad link there. So plenty of inadvertent ad clicking here.

I click on the browser tabs, title bar, or the surrounding frame to put it in focus. Also, I use Linux exclusively, so the malware is less likely to affect me.

Re:How difficult can it be

I run a website, and it is free from ads.

I also run a web site, which is completely free from ads, and averages 100GB/month. Some months it's been 450GB.

... it's a hobby, and I enjoy doing it. Costs me less than a month of cable TV per year to do it.

I also enjoy doing it, but mine costs nothing at all to run. It's part of the symmetric 100Mbps service - no blocked ports, no capacity limits. We run a mail server at home as well as the web server. As you may be able to guess, we're in Europe.

Re: How difficult can it be

We have nothing to blame but corporate greed.

Oh for fuck sake if you weren't pouring your money into them then they would have nothing, but you support them because they provide you a convenient service. If you don't like it then don't use it.

Re:How difficult can it be

[Falos]

>implying requisite ads
Oh please, it's nothing more than opportunistic capitalism slurping every dollar in reach. It's the nature of the beast. They're going to cash in no matter what.
See also: Cable television

Ads are bad

Ads are malware

Re:Ads are bad

Use Adblock Plus and feel good about it. You aren't cheating honest businesses out of their money. You are protecting yourself from malware.

THEY can fix this problem when they start to self-police well enough to put a stop to this. Until then, adblockers are 100% justified.

Re:Ads are bad

Until then, adblockers are 100% justified.

Well, they also need to start to pay for their own bandwidth. I'm not paying to see their ads.

Re:Ads are bad

And their costs are added to every product we purchase. We are paying to have that crap served to us!

Re:Ads are bad

Adblock Plus causes major performance issues in Firefox, use Ublock Origin, it's far more lightweight.

Impossible!

I've been assured by random people on the internet that something like this can never possibly happen ever! If random people on the internet say it has to be true! /s

Shashdot has had this as well.

[stfvon007]

I have had something similar happen a couple times on slashdot - an ad redirects the whole page to a scam "You won a free apple laptop" page that tries to trick you into downloading malware. (for those who say it was a virus on the PC not slashdot, one of these times was on a fresh install of linux) This is why I have adblocker software and why slashdot is NOT whitelisted anymore. (Hint to slashdot's owners, Adopt the policy of the first poster and I may whitelist you again)

Re: Shashdot has had this as well.

I've had ads on Slashdot redirect me to the Apple Store page for stupid mobile games.

Re:Shashdot has had this as well.

I've had a few redirect to other sites, but mostly to various app stores.

Re:Shashdot has had this as well.

[Jesus_666]

(for those who say it was a virus on the PC not slashdot, one of these times was on a fresh install of linux)

When the installer asks you if you want to install systemd-scamd you say no.

For the Gentoo users: The openscamd project is set to announce their first release soon so you know what not to compile.

for the 8979814th time...

Do NOT allow untrusted sources to run javascript (or any similar thing) on your computer. Sure, block ads too if you want, but the real problem here is letting totally unknown entities run scripts on your machine, giving them control over anything the scripts can do, whether on purpose or because the sandbox sucks.

You are begging for problems if you do that. We've seen it over and over, with web sites, javascript served with ads, and others.

Do not give control of your computer to people who don't have your interests in mind.

Re:for the 8979814th time...

[Ol+Olsoc]

Do NOT allow untrusted sources to run javascript (or any similar thing) on your computer. Sure, block ads too if you want, but the real problem here is letting totally unknown entities run scripts on your machine,

Yeah, but bullshit. You're saying something like yeah, Jack in the box sold tainted hamburgers and it killed some people bgut hey - itwas their fault because they ate them. Sorry, you arent supposed to get that shit in the first place.

You are begging for problems if you do that.

Everything is the customers fault, eh? How bout this? Don't go to the sites that serve up this shit, or better yet, kill your computer. You can't get malware if you don't have a computer. If you have one and have a problem it is always your fault. Jerk

Re:for the 8979814th time...

Do NOT allow untrusted sources to run javascript (or any similar thing) on your computer.

The Android in my Galaxy S computer doesnt ask me to allow any javascripts. I plugged it into my Windows and my Windows asked me to allow connection to my Galaxy but nothing about javascripts. Is this like the Ubuntu? I tried an Apple but it said it wanted to install Java so and I think that might have had the scripts for Java and I didnt allow that but I still see popups on it that tell me I need mackeeper to fix it but I already put on mackeeper like 5 times and it doesn't fix.

Re:for the 8979814th time...

You're saying something like yeah, Jack in the box sold tainted hamburgers and it killed some people bgut hey - itwas their fault because they ate them.

No but you don't go around just eating anything off the street. Spotify is to blame here but users (or Apple & Microsoft in terms of protecting their users from malware) need to take some responsibility too.

Everything is the customers fault, eh?

No but just because people aren't supposed to rob your house doesn't mean you leave the door open when you leave, or leave the keys in the ignition and the doors unlocked when you park your car. In theory you should be able to but I bet you don't.

Re:for the 8979814th time...

[Zxern]

Yeah this isn't the old day where visiting a porn or warez site and you got hit with a virus, you deserved it. Today visiting CNN can get you infected with a virus.

Today you have to run ad blocks and no scripts to keep from getting infected, while the ad networks are actively working to undermine those same solutions while doing little to stop the malware.

Re:for the 8979814th time...

[Zxern]

No this isn't on the users. Spotify is serving up the ads to make money. It's their responsibility to not infect their customers with malware by simply visiting the site.

Re:for the 8979814th time...

No this isn't on the users.

I didnt say it was, in fact I quite clearly said: Spotify is to blame here

However things do slip through the cracks from time to time and sometimes not everybody follows the rules. Of course if you leave your car unlocked with the keys in the ignition and it gets stolen while you are away the thief is to blame, but do you leave your car unlocked with the keys in the ignition when you park it? Probably not, you take a reasonable step to mitigate the issue if somebody isn't following the rules.

Re:for the 8979814th time...

[AHuxley]

The problem is that sites now detect the lack of ads been allowed to run and lock up content and comments with a static demand to whitelist.
To keep on using a site the user has to open their computer to infection.

Re: for the 8979814th time...

[Z00L00K]

Today not many sites are trusted.

Re:for the 8979814th time...

[Dutch+Gun]

I used to use noscript (which sort of works like an ad-blocker itself), and it was getting to be too much of a pain, so switched to uBlock Origin (which also blocks known malware domains by default as a bonus). Even though scripting is used to perform the infection, these days, disabling scripting just isn't feasible for many modern websites. It seems like it's scripting in ads that are the most typical delivery vector, and even then, it often depends on known, unpatched exploits (like Flash or Java plugins) or simple social engineering. So, just blocking the ads is probably enough, unless you're a "belt and suspenders" type. Good for you if you're willing to put up the inconvenience of trying to selectively unblock domains until a site works again, but if you're making the suggestion for normal users, I'd recommend just the ad-blocker.

Incidentally, I really have nothing against ads themselves, unless they're intrusive and obnoxious (they were edging more and more this way, unfortunately). I block ads only because they're potentially dangerous. Once the industry figures out a way to create bulletproof-safe ads, I'll consider selectively unblocking sites I wish to support and which are useful or entertaining to me.

Re:for the 8979814th time...

Or they can say fuck you very much and move to a similar site. There's plenty more on the net.

Not that uncommon?

A couple of months ago, the ad in the register-me window of the Winrar trial version managed to escape on my Windows 10 and it popped up a paid referral URL to Aliexpress.com in my default browser. Maybe this happens more often than we think?

Re:Ho-hum

That was Clayton Williams who said it, in the 1990 Texas governors race. Ann Richards won that.

Interesting parallel though...

Jango

Jango never gave me malware.

Re: Jango

[Z00L00K]

Jango Fett? Isn't he dead?

I don't get it

Doesn't every browser now have built-in pop-up blocking? So how can new browser tabs be automatically launched?

Re: I don't get it

Spotify is a standalone app. Fortunately it can be configuted to use a proxy. Putting Privoxy between it and the internet prevents most of the 3rd-party ads...

Nothing personal

[Ol+Olsoc]

But unless the advertisements cann ot be a disease vector, the fuck your advertisements. I Want you to go out of business, and I wnat your CEO's to b in jail, and your stockholderd to lose every cent.

So we have Forbes? Fuck you and go out of business, the world will celebrate

Imagur? Fuck you and go out of business, the world will celebrate

Spotify? Fuck you and go out of business, the world will celebrate

Unyil you clean up your act, and quit fucking people's computers up, Fuck off, assholes. You're the problem, not the solution. Goout of business already.

Disable Ad Blockers?

[rholtzjr]

And they want me to disable my Ad Blocker? I think not!!

Yet another reason why Adblocking and Scriptblocki

[Dr.+Crash]

Yet another reason why adblockers and scriptblockers are essential.

Not just because ads chew up your pay-by-the-byte bandwidth, but because they are actively serving up malware.

Sorry, all you ad-supported sites... find another business model. Your current methods are dying a very painful death.

Enough of the IAB, ad networks and bad websites

[StandardCell]

It is beyond unacceptable that:

* Ad networks continue to be a vector for device infections both directly and indirectly
* Ad networks track and profile users across websites without their consent
* Websites use pop-over scripts to interrupt the viewing experience
* Ad scripts and other ads use deceptive means to generate accidental clicks/taps
* Websites redirect users unwittingly to app stores, particularly when said apps have nothing to do with the website content

While I sympathize with website owners trying to monetize their content, they have left users with no choice but to block ads indiscriminately. The mobile browsing experience is particularly out of control now and shows what utter contempt or incompetence websites have regarding their user experience.

The IAB and ad networks are complicit in allowing this situation to persist, yet focus all of their attention on trying to prevent ad blocking through technical and legal means rather than actually enforcing some standards of non-obtrusive advertising that doesn't threaten to direct you to some scummy malware site with a zero-day.

Maybe it will take a few lawsuits, or boycotts, or just an overall drop in revenue for these deluded parties to stop this nonsense once and for all. Maybe it will be something else. Until the economics of serving and designing ads is tied to a positive UX, there will be an endless technological war to protect users from malicious ads.

Re:Enough of the IAB, ad networks and bad websites

I've been on the Internet/Web for a long time. When Cantor and Siegel first spammed USENET, it had already been 15 years for me. I had been involved in the early protocol meetings concerning TCP/IP, (I brought donuts...), the Usenet "Great Renaming", and the creation of some of the first rec.(group.group) Newsgroups, some of which weren't meant to be taken seriously... (Dammit, the actual CFV for rec.humor.objectivism was supposed to be a joke in itself, and yet it roused so many humorless Objections...)

"The IAB [wikipedia.org] and ad networks [wikipedia.org] are complicit in allowing this situation to persist..."
They aren't just complicit, they are the very reason that this situation persists. Every time some Sanctimonious Bastard in Advertising or Marketing opens his mouth to address just about anything related to Advertising and the Internet, MY Internet, I want to wring their bloody neck until their eyes pop out of their sockets and green goo gushes from their ears.
Enough of this mild talk...

It's time to take blocking Advertising to the next level. It is no longer enough to just block it on our end. It has to be blocked at the Server level. There are several means of doing this, Dungeons Dragons or Snakes for instance, but these means shouldn't be addressed at the most egregious of offenders; no, the Sanctimonious Bastards are first in line. Just imagine what if... what if the IAB was held... I don't know of any other way of putting this... what if the IAB was held Ransom? All that they have to do is reign in the Worst of their Lot, or the Best will be obliterated. It's called their Taking Responsibility. And after all, _we_ killed Adobe Flash because of Abuse. This has happened before; there is no reason to stop now.

Sir, (Nobody quite knows for sure who actually Knighted him, or why...), John Hawkwood and his Knights in White, the White Company, tore through Europe in the 14th Century, when they weren't otherwise engaging in the 100 Years War or the Crusades. At times, they brought Commerce to a literal crawl, because raising one's head meant that it might be chopped right off, before the Goods were requisitioned. And at times, they could be quite civilized- Pay a Ransom, or Else. Ah, the days and origins of the White Knights...

I'm too old for all this nonsense of course; I might end up marooned in some distant land just like a distant Ancestor, Enguerrand VII, Sire de Coucy, dying from a Virus, (Or possibly the Plague.), while Hawkwood retired to fame and fortune, the ultimate Bribe, in what eventually became Italy.

No, this is a task for the Younger Folk, Errant Knights all, eager for yet another Crusade. (And this isn't meant to be taken seriously either. Or is it?)

Re:Enough of the IAB, ad networks and bad websites

It's high time we started fining the ad agencies and the sites that use them. Every malicious ad is a fine, every view of that ad is a fine, every click of that ad is a fine. This has gone on long enough. Companies should be bankrupted into oblivion for malicious ads. End of story.

Re:Enough of the IAB, ad networks and bad websites

[AmiMoJo]

Maybe if they went back to the old static image served from the same place as the rest of the page they could actually increase their profits. These days analytics have driven prices down, compared to the old model where you paid for a billboard or TV spot without really knowing much beyond roughly how much traffic the board/channel was getting at the time. Information is power and by giving too much of it to the ad buyers they were able to drive costs down.

Re:Enough of the IAB, ad networks and bad websites

And many ads are out-right scams, with the vast majority being at best deceptive. FREE PC CLEANER CLICK HERE

Ad networks ARE infection vectors.

Ad networks ARE infection vectors.

Stop blaming the goddamned users, it's the AD NETWORK that infected everyone.

Re:Ad networks ARE infection vectors.

[Ol+Olsoc]

Ad networks ARE infection vectors.

Stop blaming the goddamned users, it's the AD NETWORK that infected everyone.

THIS! A million times this.We don't watch ads on Television that screw up our Televisions.

Your computer is not supposed to be fucked up things that presumably reputable websites serve you. If a person's computr is bitched up that way, they aren't the guilty party.

Re:Ad networks ARE infection vectors.

Your television is not a general purpose computation device.

A computer is, and it does what you tell it to. If what you tell it is to let someone else give it orders, then it will do that. If the other party gives it malicious orders, well, it will obey.

It's not a difficult concept.

Re:Ad networks ARE infection vectors.

[Ol+Olsoc]

Your television is not a general purpose computation device.

A computer is, and it does what you tell it to. If what you tell it is to let someone else give it orders, then it will do that. If the other party gives it malicious orders, well, it will obey.

It's not a difficult concept.

Whooshes for pretty damn big whooshes.

The point you apparently don't get isn't about how software is written, or what Lda Lovelace or the abacus ever had to do with Windows 10 or the Intel line of microprocessors is that television ads don't screw up your television, that the "ads" served up mandatorily by websites do screw up your computer.

To attempt to take your silly missing of the point to it's logical conclusion, that makes television much superior to the intertoobz and the machines used to access them.

Re:Ad networks ARE infection vectors.

[uniquegeek]

Your television is not a general purpose computation device.

This is like arguing a cell phone isn't a computer, about ten years ago. It's well on its way to getting there. Our "SmartTV"s even get updates, but I'm sure it's all for the users' benefit, yes?

Noone takes ads seriously

It's all shell companies, that's the problem.

Spotify or whomever designate an area where ads are allowed to be shown, then give that area to an ad agency. There's nothing stopping that agency from renting out that space,to other less reputable sources, who are likely willing to pay more than your average (reputable) company.

Then an incident like this occurs, Spotify points fingers at their ad partner, and their ad partner points fingers at the bad actor, removes them from whatever "trusted" list they maintain, the bad actor changes their company name/email address and the cycle starts again. There's no accountability.

What ads?

Unless you're a free user and using the browser version of spotify, I'm not sure how else you would be presented with ads. Install the desktop/mobile client and buy a subscription.

Re:What ads?

[mrbester]

Remember how that didn't work with premium cable channels? Someone noticed there was a drop in ad revenue (ignoring the increase in subscription revenue) or they just wanted more money so there's ads where you've specifically paid to not have them.

This will keep happening until someone is sued.

[Leslie43]

I'm amazed no big company has stepped up to do it yet, how much are companies spending fighting all of these?

Microsoft only stepped up it's game to stop the fake updates when they wanted to display ads in the OS, which tells you exactly how much these companies really care about it, so long as it's not truly effecting their bottom line or putting them at risk of being sued they won't bother. There's a reason ads have such a bad reputation and it's one that's well deserved.

Besides adblockers, switch your dns to OpenDNS, they block most ad networks so your blocker has less to do.

Re: "Thru the mystic arts..." apk

Maybe he's planning on getting to that in SR5

Something I've wanted

[Pikoro]

I've always wanted an option in my browser to only display items on a page if they are from *.domain.com of the site I'm looking at. Cross site anything would simply stop working. Then, if a site is hosting it's own ads, it would display. No ad blocker required. It would also stop third party cookies, javascript, etc..

Re:Something I've wanted

[geek]

Install uMatrix, done

Re:Something I've wanted

What you're looking for exists as an add-on for the Firefox browser:

RequestPolicy

Re:Something I've wanted

[CastrTroy]

Firstly, you'd end up blocking a lot of content on sites that use CDNs to host their content. Secondly, it would be easily subverted by the site setting up a subdomain such as adnetwork.example.com pointing to the desired ad network so their ads could slip by your filter.

Re:Something I've wanted

Do kids these days not know about things like NoScript?

I'd tell you all to get off my lawn, but it's snowing here.

Re:Something I've wanted

The simple solution: update your Hosts file to cut out problem domains:

http://winhelp2002.mvps.org/hosts.htm

Re:Something I've wanted

If you think NoScript is a solution when browsing the sites of 2016 you might as well recommend lynx. The latter would probably give a better browsing experience than the regular browser with ecmascript turned off.

Re:Something I've wanted

[Pikoro]

There is another solution to sites that use CDNs. They could host their own content. If you're at the point where you need a CDN, you have the income to afford it. I ran a (I thought) rather popular site from a dynamic IP in my house. Received over 1 million unique users per day, plus forums, downloads, source code hosting, mail, etc. I also hosted my own ad network on the same system. This was direct advertising that I hosted and vetted myself, on my server. Bandwidth costs are cheap. If I can optimize a core 2 duo with 1Gb of ram to run that kind of traffic, using a CDN just seems lazy to me. Some months, I cleared around $5k. My cost, not counting my own time? About $50/mo. This was in 2004/5.

You're intentionally missing the point.

You're intentionally missing the point.

Acid

[bestweasel]

I had one of those malware infections and it was so bad, I had to acid wash my emails, bleach them, which was very expensive.

Re:Acid

Like wipe, with a cloth?

self defense

adblock and ghostery or hours of cleaning crap from your machine
this alone makes the apple tax worth it

Re: self defense

[phorm]

Apple tax? You realize that Macs were among the computers infected (per the fucking HEADLINE)

Re:self defense

Adblock allows "Ethical advertising" and Ghostery was bought by an analytics company.

uBlock Origin, RequestPolicy, NoScript, and uMatrix are the only ones worth considering.

So Spotify, how about you reimburse people?

[cerberusss]

It didn't last long -- Spotify quickly posted that they'd identified "the source of the problem."

Yeah well, you fucked up people's computers. How about you offer to let the affected people contact you, so you can make sure and reimburse them to get their computers reinstalled?

And these idiots wonder why

[Chas]

Seriously, the advertising industry wonders why we hate ads and ad delivery platforms so much.

Because of shit like this.

Re:And these idiots wonder why

[houghi]

While I agree that this does not help, I just dislike ads in general. Be it on a website, on tv, on the street or on my underware. I just dislike ads.

People are taking the piss out of you everyday. They butt into your life, take a cheap shot at you and then disappear. They leer at you from tall buildings and make you feel small. They make flippant comments from buses that imply youâ(TM)re not sexy enough and that all the fun is happening somewhere else. They are on TV making your girlfriend feel inadequate. They have access to the most sophisticated technology the world has ever seen and they bully you with it. They are The Advertisers and they are laughing at you.

You, however, are forbidden to touch them. Trademarks, intellectual property rights and copyright law mean advertisers can say what they like wherever they like with total impunity.

Fuck that. Any advert in a public space that gives you no choice whether you see it or not is yours. Itâ(TM)s yours to take, re-arrange and re-use. You can do whatever you like with it. Asking for permission is like asking to keep a rock someone just threw at your head.

You owe the companies nothing. Less than nothing, you especially donâ(TM)t owe them any courtesy. They owe you. They have re-arranged the world to put themselves in front of you. They never asked for your permission, donâ(TM)t even start asking for theirs.
http://readingfrenzy.com/ledge...

Re:And these idiots wonder why

i dont hate ads, i hate being infected, the ads on tv dont infect me, the ones on newspapers dont infect me, the ads on the side of the road dont infect me

but this incompetent fucktards infect me, that why we block them

Re:And these idiots wonder why

[sizzlinkitty]

And they can't hear your complaints over the ching's of money entering their pocket book.

Sandbox that iframe!

When embedding third-party content in your application or your website use a iframe and make sure to sandbox that iframe.

[iframe src="https://example.com" sandbox=""][[/iframe]

Re:Sandbox that iframe!

Or just don't allow javascript from sites that belong to the main page's domain:
www.foo.com --> allow js
bar.foo.com --> allow js
ads.somedomain.com --> don't allow js from non-"foo.com" domains.

It's the browser's fault for having lax security policies.

"Thru the mystic arts..." apk

"We harness energy & shape reality" https://www.youtube.com/watch?feature=player_detailpage&v=kNdM7b1Lm04#t=87/

"We travel great distances in an instant" https://www.youtube.com/watch?feature=player_detailpage&v=kNdM7b1Lm04#t=102/

"The Avengers protect the world from physical threats - we protect against more mystical threats" https://www.youtube.com/watch?feature=player_detailpage&v=kNdM7b1Lm04#t=31/

* Sanctifying it in front of us & making it FASTER (than you can go by default using remote DNS)!

"How do I get from here to there?" https://www.youtube.com/watch?feature=player_detailpage&v=kNdM7b1Lm04#t=107/

APK

P.S.=> ANSWER APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

AdBlock = inferior + 'souled-out' vs. hosts

Adblock can't do (or do as well) 16 things hosts do 4 speed, security & reliability:

1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C servers
3.) Protect vs. dynamic dns botnet C&C servers
4.) Protect vs. DGA botnet C&C servers
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS redirect poisoned/downed dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks & hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O use

APK

P.S.=> Ab+ does less vs. hosts less efficiently (a 128-151mb memory hog http://cdn.ghacks.net/wp-conte...)

ClarityRay defeats it

Ab+'s bribed not to work by default http://www.businessinsider.com...

AdBlock's SLOWER: http://superuser.com/questions...

Re:AdBlock = inferior + 'souled-out' vs. hosts

I know this is copypasta, but where's your link to something better? The hosts file is definitely a good start, but hosts alone won't protect against all of that (to my knowledge) and you won't convert people unless they know exactly how to fix their hosts file.

You also have to consider automation. People will want to automate the updating of their hosts file and/or use a nice tool to do so. Do those exist? Part of why adblockers are popular is they are accessible and intuitive. The hosts file can be that way too, but where are the tools?

You don't have to convince me, per se. I'm well aware a text editor's all you need, but I'm not the audience who will benefit from your campaign.

UBlock = inferior + inefficient vs. hosts

UBlock can't do these as well as (or @ all) hosts do 4 speed, security, & reliability:

1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C's
3.) Protect vs. dyndns botnet C&C's
4.) Protect vs. DGA botnet C&C's
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks/hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O use
17.) UBlock now uses hosts (no DNS benefits vs. dns issues) - poor imitation = "sincerest form of flattery"

Hosts = native vs. illogically "Bolting on 'MoAr'" & not ClarityRay blockable like addons.

APK

P.S.=> Hosts (1st resolver) do MORE w/ less in fast kernelmode & before slow usermode addons

Hosts ~3mb vs. UBlock = 64MB -> http://cdn.ghacks.net/wp-conte...

Over half of website exploit kits...

[sizzlinkitty]

are delivered via advertising networks. I learned this in a presentation about angular and nuclear web exploit kits. On the backside, some, if not all, ad networks sell advert space in a bidding format with multiple delivery granular controls.

For the BEST possible custom hosts file

See subject & APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

APK

P.S.=> It includes the hosts file you note + 9 others from reputable & reliable security community sources... apk

That's the beauty & ease of hosts... apk

IF you don't like the list from 10 reputable security community sources, edit entries out OR add them easily yourself by hand either using my program OR using any texteditor to do so (be sure to save your hosts file as type "all files" in notepad.exe though & to save it to %WinDir%\system32\drivers\etc, it's default location, you'll need administrator level/superuser rights (easy to assign to notepad.exe or to drag & drop OR copy it over there using explorer.exe) - notepad.exe, however, defaults to *.txt which will NOT work right so save it as noted (all files type)).

APK

P.S.=> By the way - I do block domains from adfly etc. (& iirc, the piratebay is blocked by most of my sources - piracy & what-not), so all that in addition to the fact you're obviously "trolling" replying as an unidentifiable ac poster? Well - see the above & that blows you away, easily (as usual)... apk

What items do you disagree with?

See subject: I'll convince you otherwise & yes hosts DO protect vs. all that doing far more for less vs. other methods (such as browser addon adblockers that don't even WORK fully by default & are inefficient as hell + don't nearly as much as hosts do (via far less complexity & resource use) natively from kernelmode speed (vs. usermode slowness)).

APK

P.S.=> You ask about automating hosts file creation - that's EXACTLY what this does (by "yours truly") APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk