I’ve been wondering why everyone is having a problem, except me, especially when after I mentioned Firefox, people have been coming in saying they ARE running Firefox, when something occurred to me. I vaguely recall reading something on a computer security site about the black-hats getting stuff past the ad broker companies that indicated they were frequently only serving up their malware to certain IP addresses. Perhaps you people experiencing problems might want to PM the admins with your IP address, if you know it, or your city, state/province & country, if you don’t, so the management can see if there is some location-specific correlation to these problems. I don’t know if that is the issue, but it’s the only thing I can think of that would explain why I never have problems, but people running the same OS & browser versions do.
For the record, I don’t run Adblock, but I do run Flashblock, so I only block the Flash based ads. Not for security reasons, but because Flash sucks. It eats processor cycles unbelievably, so any website that has more than 1 or 2 Flash ads on a page slows the entire system down to a crawl.
Which brings up another possibility. Are the problems only in Flash based ads? If that’s the case, the solution is simple. Tell the ad brokers “no Flash ads”. If they can’t do that, then I imagine xash should be able to figure out how to get your server to refuse to send out any Flash file. I could do it fairly easily on systems I run, so I expect it’s not too hard on whatever you are running.
It is important to remember that the ad brokers are charging advertisers more than they’re paying the sites that run the ads. So losing a major site like the SD will hurt the broker more than it hurts the SD - particularly if that means that another broker gets to run more ads here.
According to Alexa, SD is #8,012 on the Internet and #2,242 in the US.
Just a little editorial from a guy Who deals with alot of these viruses on a daily basis.
The only option the sdmb has would be to dump the ad providers (although I highly doubt google is the problem child in this instance. These ad networks, are basically under attack by groups wanting to propagate these virii for financial gain. These are not bored teenagers, this is organized crime. In many respects the sdmb is just an unwitting host. When a new virus comes out, it takes time, sometimes weeks before the av suites are decisively handling it. There is no magical way to intercept every virus 100% of the time. If a handful of users get hit by something that slips through the ad companys filtering it’s probably about as good as it can get. The sdmb has far fewer resources than the ad providers who are fighting this problem daily. Scrutinizing every line of JavaScript in how many thousands of new ads a day is not gonna work.
The next problem is, all the major ad providers have the same problem. Leaving the sdmb without a primary revenue source.
I’m still discussing this issue with our tech staff, but the above is basically what I’m hearing. Some things it’s important to understand:
(1) This problem isn’t just happening with us; on the contrary, it’s become fairly widespread on the net over the past six months. Here’s a typical exchange from a Google support forum; you’ll notice the comments sound much like those heard in the thread above:
(2) We don’t have hundreds of ad brokers, we have two: Google and Rubicon. Each serves up ads from hundreds if not thousands of advertisers. Most of these ads are unobjectionable; the problems are likely being caused by a small number - on any given occasion, perhaps just one. Google and Rubicon are reputable companies that don’t knowingly send out ads containing viruses, but the bad guys are ingenious and stuff slips through.
(3) We’re not in a position to stop taking ads altogether; we need the money to keep the lights on.
(4) If as an experiment we were to stop accepting ads from either Google or Rubicon, and the virus reports also stopped, that doesn’t tell us anything. The virus reports stop anyway, either because the ad run has ended or the broker identified the problem ad and pulled it. In any case, knowing that G or R was the source of a particular bad ad is of little use; all ad brokers are getting hit.
(5) It’s possible to install software that (as I understand it) captures all the online code received by a given computer and then analyze it for suspicious bits. However, the process is laborious, and even if you succeed, identifying one bad ad doesn’t get you much. The bad guys operate on a hit-and-run basis; the next bad ad will look completely different.
We’re discussing options, none of them particularly palatable. More info when I hear it.
We realize you guys are getting screwed here, too, Ed, so thanks for the update. But when your rock and a hard place are “continue to display ads that you can’t guarantee don’t contain malware” and “lose some ad revenue for a while,” well, I hope you can see why we’d prefer the latter.
problem is you are asking the to sacrifice up to 50% of their revenues over a problem that impacts a tiny fraction of the the userbase (prolly 1% or less) many of whom are using older operating systems and java/flash installs that are more easily exploited. Just like keeping up the brakes, tires, and lights on your car makes for safer driving, the latest updates/patches make for safer browsing.
Keep in mind, as you’re scolding people, that knowledge of computer maintenance is far from universal. I don’t know what java/flash means. I don’t know what update/patches I would need. I don’t know what’s considered an outdated operating system and what isn’t. I don’t have to know refrigerator mechanics to keep that appliance running, and I shouldn’t have to know computer repair to keep that appliance running either.
FWIW, I have the latest everything. I just report 'em here when I see 'em, even if they don’t infect my PC.
The problems that happened with Rubicon breaking the back button and pages randomly popping up a username/password box don’t sound to me like they have their act together (Rubicon, that is). I’ll cut companies a little slack if they’re having a temporary problem, but the first was going on for weeks, and the second for a little more than a week.
Regarding “other sites”, as an example, I visit CNN more than I visit here. I’ve never had any malware / fake antivirus / ads with auto-playing sound there. Not to say it never happens, but that’s my experience.
To keep up the car analogy: The city installs billboards alongside their streets to earn some revenue. They have a nasty habit of falling down on occasion and thwacking a passing car or pedestrian (usually the slower ones). The city is aware of this.
But hey, they really, really need the money, and it it doesn’t happen all that often…“prolly” once every week or two.
Just get a faster car (or learn to run!) and it (probably) won’t happen to you.
Fuck you Zotti, because of either the incompetence of you and your staff, or your apathy towards the members here, my computer is fucked. I had the updates, I had the anti malware program, but because you’re just out to make a quick buck, myself and the other people affected by this issue have to put up with your bullshit.
You are a cunt of the highest order. Take responsibility that your decision to run ads here hasn’t gone as well as you had hoped, sack up and act like a man.
Kill yourself, preferably by lying on top of the unsold copies of Barn House while they are set ablaze, then pull the plug on this piece of shit board. You would be doing a greater service to the world then acting like the sniveling little shit that you are.
Hooo, boy! I wouldn’t put it that way, but I’d definitely advise that you need to have some measure of control over your advertisments. If you can’t have that, then you shouldn’t be allowing them.
*Up to *50%. Really, you’re pulling that number out of thin air and it’s meaningless. Personally, my WAG is that eliminating the infectable ads would bring them *more *revenue, since there are many users who only use adblockers *because of *the malware that’s popping up. And while it’s a moot point now since someone was nice enough to sponsor me, I’d like to think that the SDMB staff stepping up to eliminate any chance of malicious ads getting through to their posters would have motivated me to upgrade my account.
The sdmb can no more guarentee a virus free web experience than a city can guarentee that you cannot be mugged while visiting. It can make it unlikely, but it cannot be eliminated without destroying the boards revenues.
computers are several orders of magnitude more complex than computers and are not subject to the variables a computer is. A computers flexibility is part of why it is possible to get a virus where your pocket calculator cannot.
I’d like to see a cite that it a little more authoritative than a Google Forums post to show this a widespread problem. Because I have only ever had it happen on the SDMB.