from the watch-what-you-click dept.
The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn’t the case, Cisco found in its 2013 Annual Security report. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they’d surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they’d gone to a counterfeit software site, according to Cisco’s report (PDF). There is an overwhelming perception that people get compromised for ‘going to dumb sites,’ Mary Landesman, senior security researcher at Cisco, told SecurityWeek.
It has been known for a long time that ads are a primary malware vector, this is the reason many sane people block them.
It is apparently news to all the people who keep clicking them otherwise these findings would not exist.
The problem we have with online advertising is the fact that it isn’t just a ad you view. In most cases Ads are now videos, flash action scripts that allow for interaction or scripts that gather information to help future advertising. If people don’t realize that marketing is only in it for one thing, that thing is plain and simple. Get as many people to view the message as possible. Doesn’t matter how, what matters is the ensured method to get as many people to view your message, at the lowest cost.
Advertising agencies that market ads for their customers are the major problem in the equation. Because their process has turned automated. I’ll point out AT&T Yellow Pages. (I’m not bashing, I’m pointing out a FACT). I’ve caught much of the false advertising, and malware infected scripts come from AT&T Yellow Pages, than I have through Google AdSense network. I even found far less in malware when it comes through search engines than when you are interacting with a business website that uses a third party ad venue to market through the business site. It is these middleman advertisers who cause the most fuss, because of the lack of filtering out the malware as opposed to legitimate ads.
So what do the smart people do?
First we use third party web browsers. Instead of using Internet Explorer to surf the web, use Firefox, or even Chrome Browsers. You can import all your Favorites, and settings from IE to these browsers. Secondly install an Ad Blocking Plug-in like AdBlock Plus. I go a futher step by having NoScript installed. So I am forced to create a website ‘whitelist’ of trusted sources. If I click a malware link by accident, the malware never works. By default the new (never click URL) is blocked by NoScript. I have to take the extra step of authorizing the new website to load in my Firefox browser, this therefore defeats malware 100% of the time. It is left to the user to authorize a bad malware link.
Finally, having a decent Anti-Virus application really helps. I won’t “dog” on Symantec/Norton, because back in 2003 it was my BEST suggestion for a personal Anti-Virus product. Ever since the bloatware and cost increase has made it one of my least favorite Anti-Virus programs, I can say it is still one of the best products for people who have the hardware to support it. Otherwise I suggest Microsoft Security Essentials for personal use, especially if one is not so inclined to renew their yearly subscriptions for their Anti Virus products. Most people go for software they can install and never have to deal with. 9 times out of 10, what is installed on a user’s computer, the user doesn’t even know or even used what was installed. Some cases the user has 5 programs installed, and all of them do the same thing.
