Re: gift subscriptions. As I understand it, the situation is as follows.
The gift subscription module used in the previous version of vBulletin employed by the SDMB does not work under the current version of vBulletin the SDMB is operating with. Since this version of vBulletin (3.8.7) is also several years old, no one is writing add-on modules for it anymore. Unless we can stumble upon an add-on module that will work with this version of vBulletin or find someone able to alter the subscription module code in this version to produce a separate gift subscription module, we are at a standstill. One problem is that you cannot even look at code examples on the vBulletin forums unless you have a license to a copy of vBulletin and are logged in.
As mentioned before, the ad aggregators do not host the ads themselves. They just redirect to their ad provider clients- who can be any old slimeball anywhere in the world. Those people can sometimes be sophisticated enough to tell where the ad request is coming from, e.g., the aggregator or the host web site IP address blocks, and provide a safe ad to those.
Google has the resources to set up a lot of IP addresses under obscure names to scan ads via those addresses. The malware folk don’t have Google’s resources and can’t keep up with which blocks of IP addresses to block. In addition Google no doubt relies on other avenues for ad checking (employees machines at home or on the road, etc.).
Setting up a certification system costs money. In particular, each ad would have to have a digital certificate attached and digital certificates are either costly or easily faked.
Yeah, I got the message again in Chrome. It’s interesting how IE doesn’t seem to care if the site has malware or not. It lets me right in.
Others have explained this upthread. Chrome and Firefox both use Google to warm them about bad sites. IE uses some sort of Microsoft service.
IE doesn’t check; Chrome does.
And this may be a good example of MS’ security concept. :rolleyes:
You can also look at it from an economic perspective. Putting in all the effort to ensure your ads are malware-free costs money. Hiring competent people who make that effort effective costs money. Rejecting business of ad content providers who would really REALLY prefer you didn’t scan for malware costs money. Now you take all that money you didn’t spend making sure your ads are clean, and you entice websites to show them anyway by paying them a higher rate than Google would for AdWords. Ed has already said in the past that one reason they don’t just use Google is that Google doesn’t pay as well. This is what that gets you. They got paid to pretend that there was nothing they could do about the malware, and in the end it came back around and bit them in the ass.
5:08PM Chicago time. Chrome is still flagging this site as dangerous, even after a complete reboot of my system.
While I imagine this is caused by the slowness of data propagation, it illustrates why it is inadvisable to turn on ads just to test if they are OK. Bad Idea, as Dot Warner and her brothers said in Animaniacs.
Oops, sorry, double post. I’m not used to lynx. 
If I understand the process, SDMB needs to make it so Google won’t find nasties any more; THEN ask Google to rescan SDMB, THEN wait for Google to do that and accept the results, THEN Firefox, Chrome, and friends will pull down a new list of bad sites (hopefully with SDMB no longer in there). So anything you do on your computer won’t do much until the process is complete.
I’m reminded of something Nessus, the puppeteer says (I think in Ringworld) when he was told that laughter was a reaction to an interrupted defense mechanism. “No sapient being ever interrupts a defense mechanism.”
Still getting the warning on Firefox, but I tried first in IE, and it’s not happening there anymore. The first time the other day it did but apparently not anymore.
I just received the news of doom regarding the SDMB; I’m using Fire Fox and now I’m living with fear and trembling. I hope the powers that be won’t punish me unduly.
Although I’ve not had IE block the site during this or the previous misadventure, several people have reported intermittent blocking of parts of the site by IE. This tells me that MS is doing some effective screening for malware. You could argue that MS is being more selective and Google is being heavy handed. It’s funny that MS is treated as the right treats Obama - damned if you do, damned if you don’t. I’ve heard both described as mom pants wearing wimps and other times as iron fisted dictators.
FWIW, here is what MS has to say about their “SmartScreen” filter. (BTW, I mostly use Chrome since for me it’s significantly faster than both IE and FF.)
That’s all well and good but it’s the objective truth that Google was correct in this case. The SDMB has had ads with malware for years.
Has anyone mentioned that the Chrome warning has come back? (If the purpose is to stop SDMB from getting top-scored Google search results, I think there are easier ways.)
Am I safe with just AdBlocker, or do I need to disable Javascript?
Nitpick: I think what he said was “humor is associated with an interrupted defense mechanism,” and later there was fan discussion on the Niven mailing list that Nessus was saying that *laughter *was an interrupted defense mechanism, because humor was associated with laughter.
OK, now back on topic – I quite enjoyed the reference and its application to our situation. 
You miss my point. Since according to other posters IE has blocked the SDMB off and on today (and a couple of days ago) it’s “the objective truth” that IE was correct as well. Since the same ads are not shown continously and are targeted it stands to reason that some are potentially harmful and others are not. (This jives with Google’s stats.)
Therefore, it appears IE is blocking the site only when malware is present and not shutting it down entirely based on statistics as Google is doing. Since the SDMB is not on IE’s blacklist the entire site is not blocked. Note that I do not know exactly how the IE malware filter works, but we know as a fact that Google continues to throw up its warning page for some time even after ads are turned off.
Pretty much with Java off or removed.
Seriously, I’m not a giant fan of Google’s badsites list, but if you think that you’re safe roaming the internet without at least some of the above, you are mistaken. If you’re not minding the security of your machine, you probably should expect to be hacked eventually.
The SDMB was hit with this because they don’t have absolute control of their ad services. Almost any site that is run off of ad revenue will probably be hit by this kind of nonsense, and the SDMB was probably flagged earlier than most because it does figure highly on a lot of searches, and therefore is probably checked more often. Other ad-funded sites not being blocked isn’t a clean bill of health, it just means Google hasn’t caught them at it yet. Due to the nature of the services’ hosting, another site could be using that ad content, and Google will never know, because they didn’t check if often enough to catch it.
Like it or not, when you venture out on the internet, you’re opening your computer up to unknown inputs, all of which may leak data or allow the computer to be compromised if the unexpected cases are not accounted for. At least one of the pieces of software involved in your browsing the internet has a vulnerability that is unknown to its creator, and no one knows if someone else has discovered it. It’s yet another leap to figure out how to exploit it, but it’s almost a certainty of human logic that it exists. Therefore, you should limit the amount of executable code you allow random sites on the internet to run via some method.
People who pretend that complaining to the SDMB administration will keep them safe from malware/viruses infecting their computer are deluded. You need the kinds of protections listed in the quoted excerpt above. It’s the wild west out there.
Interesting… It appears that IE is not flagging this site after all.
There are two types of Malware advisories from Google. One is initiated from the Chrome browser, the other is initiated by the so-called “blacklist” that can be accessed by other browsers.
The Internet Explorer browser does not check Google’s blacklist. If you use Google search (www.google.com) from IE to search for “straightdope message board” you will get the link to the boards listed first, followed by the home page. You can click on the link to the home page and then onto the boards without getting any warning. However, If you click on the link to go directly to the boards from the search page, you will be directed to a Google.com warning message, “Warning - visiting this web site may harm your computer!”
If you go through this same scenario with IE using a different search engine (I used the previous SOTA Altavista :)) you will not get a warning message even when using the link direct to the boards. Therefore the IE browser is never querying the Google blacklist.
In the case of using Chrome (with Google search), clicking through to the SDMB home page and then onto the boards results in the warning, “The Website Ahead Contains Malware!” with the computer burglar graphic. Clicking on the link to go directly to the boards results in the same warning as IE (the Google search page warning).
Using Altavista search with Chrome provides the blacklist type message (“… Contains Malware”) in both cases since the Google search is not being used.
The Firefox browser works as would be expected except it has its own version of a warning, “Reported Attack Page!”, when initiated by the Google blacklist.
PLEASE NOTE: In the past, a Google search for “straightdope” would list the SDMB homepage, some sub-links and then the SDMB boards as the second major result. Now the homepage is still listed but with many more sub-links to Cecil columns on the SDMB front page. The direct link to the message boards is not listed on the first results page. You have to search “straightdope m…” to get that link. I thought that was interesting. Yahoo and Bing still list the homepage followed by the message boards.