This, which is what I said earlier about the Flash based ads. Tell the ad servers that until they get their shit together, you will only accept text or simple image (jpg, gif) based ads. If one or the other can’t limit the ones they serve to those, drop them and find an ad broker that can. The problems cannot be transmitted by text or simple images, only by complex (sorta) executable files like flash and java.
And malicious PDF files, which surpassed flash last year in the number of malicious attacks. Anybody still running an old version of Adobe Reader? Do you know what the current version is?
I use cars because they are actually very similar in that they are complex machines with many subsystems, can be operated incorrectly with negative consequences, but that most people can manage to keep them going with a little professional help and guidance here and there. Also in that minor maintenance and repairs can often be done by the average user with a little brainpower and common sense.
Even the very simple appearing google ads like you see here involve javascript.
She was askin’ for it, your honor. Lookin’ at me like that all night, wearin’ those skimpy clothes.
My post was in no way blaming the victim
Yep, wouldn’t wanna get them all cranky–why, they might just serve up a buncha malware to fuck up some troublemaker’s computer or somethin’! Oh wait…
And if the **Reverend ** had to spend the usual amount of time, effort and possibly cash to get his system unfucked, I’d say he absolutely DOES have a financial interest in their company.
This.
At this point anyone who has been infected by this malware deserves to know if the ads are in fact keeping the boards afloat, or if management is knowingly keeping affected ad providers around in an attempt to line their own pockets.
This malware issue has been going on for a better part of a year now and it’s time for some definite answers from the people in charge.
What steps are you taking to resolve this issue?
Are you going to demand that your advertisers only provide you with text/image based ads?
If not, are you going to temporarily drop one of them to see if this issue continues?
Is such a service even offered? And if so, while we may not know SDMB financials, if we can see the rate differences between the two can at least suggest to us if such a switch would be crippling or not.
Or if it would even help. http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx. This was fixed in 2004, so hopefully most people have this particular vulnerability, but you have to presume that it can happen again.
Honestly, though, this is the Straight Dope, for crying out loud. If someone posted a GD article asking “Does Website X serve up more malware than other places?” would answers of the form “Well, I went there once and I got infected and I’m pissed!” be considered good data to base a conclusion on, or would it rightly be noted that anecdotes are not data, and the fact that it happened to you does not make it any more valid?
From my view, I have not seen the SMDB having a significantly worse malware problem than other sites of a similar class. But I freely admit I don’t have the data, and I would be happy to be enlightened.
I own a computer shop, we see a dozen new infected machines a week easily. Most of these people have no clue how they were infected, just that something started sending them messages about how they were infected.
These people are not dopers. Some of them admit they were at a porn site, or were downloading music, but most of them are genuinely puzzled how it happened. Especially when they have the latest verson of MacNortsky 2010 now with secure offsite backup of virused files.
This is not just some technical glitch to solve and it goes away, it is an ongoing criminal enterprise. Even if we found one of these groups and executed them live on the internet as a warning to others, teams of people will still be working to write the next virus to try and slip under the radar.
Post 56 times a thousand. Actually not quite. I’m not issuing you a formal warning, but we don’t permit attacks by reference in The Pit, and they aren’t permitted in ATMB either. See, e.g., http://boards.straightdope.com/sdmb/showthread.php?p=12749652#post12749652
I’m making this a moderator note instead of a warning because I assume you thought it was ok to do this. It isn’t. Please don’t do it again. No warning issued.
Gfactor
ATMB Moderator
Please don’t make assumptions about what I do and don’t realize. Because you’re wrong. My point was *not *that all of the people being infected here are good at keeping everything up to date, but that keeping things up to date is demonstraby *no proof against *the infections, assuming that we take people at their word.
This is a terrible analogy. If I get food poisoning, I’m going to be mad at my immune system for not preventing me from getting sick. But I’m *also *going to be mad at the restaurant who kept buying vegetables from the supplier who sent them e. coli-tainted tomatoes last month… and the month before… and the month before.
You may not be blaming the victim, but you sure as hell are excusing the enabler.
Question: Could one say something like, “I agree with the sentiment of Post #54, but not its exact phrasing or rudeness”?
Why make reference to an obvious rule-breaking post that got an official warning? Why not restate your opinion in a non-rule-breaking manner? Or if you just aren’t that original of a wordsmith or want to save time, why not cite any of a dozen other posts that say essentially the same thing but do so in an acceptable and non-rule-breaking way?
How hard is that?
Gfactor, you’re the mod, but I’d have made it official. He basically said “what he said”. Well, what he said was a rules violation. Repeating it would be a rules violation, too, wouldn’t it?
“You’re a donkey breath.”
“What he said.”
Just out of curiosity, doesn’t this problem go away if you buy a membership? I don’t get any ads.
Membership in this place is cheap. If you use this board enough to kick up a big fuss over this, why not just pony up a little to help pay for it?
I try to give posters the benefit of the doubt, even if I have to squint pretty hard to see a doubt. I agree it is a rules violation, but I am willing to assume:
- that the poster did it thinking it wasn’t (we discussed that issue in The Pit, about a year ago, so he may not have seen the discussion); or
- That he intended to echo the general sentiment (fury?) of the whole post (sort of like **SFG **suggests), but not to repeat the attack.
In cases like that, I always do a note.
and the SDMB and the ad providers have the same problem.
Yet the tomatos always look clean when they check them at the door…
It wasn’t an attempt at a analogy, the same sets of antivirus profiles that defend the SDMB computers are very similar to yours. To make matters worse there are methodologies for these viruses that can make the links in question look totally legit.
Example, I create an affilliate account with company X, an antivirus software provider who allows me to resell their software via my site.
I post an ad selling AV software via rubicon, doubleclick, google, whomever with a mouseover behavior that could include opening a pop up with content drawn from my site or window to my site.
My annoying but harmless ad proceeds along normally.
Run ad for a week or so, no suspicious behavior.
No changes to ad, but I add a script to my site that is now launching a virus installer.
Because the links are following the same path, as far as the ad provider knows, nothing changed, therefore no problem. When the link triggers, the communication is between your machine and the virused site, not between you and the SDMB, Rubicon, Google, whomever. It is impossible to intercept this type of behavior except by your machines AV and firewall resources.
They think they are sending you to a site selling MacNortsky 2010, a legit product.
The guys writing this stuff are not stupid, in many cases they are fucking brilliant, they are keeping billions of dollars a year in industry alive fighting them.
But sure, blame the board, since they are somehow going to magically stop things that Symantec, Grisoft, etc cannot.
I think in many cases that would be fine. There are probably some cases where it would be tough to read the thing as anything other than an attack, nevertheless.
For example, if the entire post was some sort of personal attack and there was no sentiment beyond that (“Screw you, you dumb bastard!”) the “exact phrasing and rudeness” savings clause probably wouldn’t do the job, but in a case where there was a lot of content that was fine and a few choice words that weren’t, I think that would be fine.
Because I don’t like feeling like I’m being fucking strongarmed into ponying up money. Even though it’s not the intent, it reeks of things like a good old-fashioned protection racket. “Gee, this sure is a nice computer you’ve got there, Ms. SFG. It would be a shame if some malware were to somehow find its way in… But I can guarantee that won’t happen, if you just pay a small fee every year.”
By all means, *please *continue to treat me like I’m a fucking retard who doesn’t know anything about computers. That’s been working for you so well thus far. It’s not remotely insulting, and it’s very conducive to making me take you seriously.
And that’s why you don’t allow exploitable behaviors.
The board can choose not to run ads that are exploitable. Or they can choose to run as many ads as they can and consider a certain amount of infected users to be acceptable losses. Many of us in this thread take issue with the latter attitude, seeing it as particularly short-sighted, because in the long term, it may very well ensure *less income for the board *(through people leaving because of infections, new people not visiting because the site gets a reputation for causing infections, or people staying but turning on blockers that ensure they can’t even see the safe ads).
Thanks for clarifying.
Because that would be the same as paying the mob for protection money.
“Its a real shame that your place got wrecked up, if you pay up we can make sure it doesn’t happen again.”
Brilliant sales strategy! :rolleyes:
Even if I did pay for a membership, that doesn’t solve the malware issue. It will still be there waiting to hit another person, or me again if I’m not logged in or on a computer other than my own.
Now I like this place. When I had a job that allowed me to do so I would read threads all day long. When the merchandise section was still up I bought all the books and even a t-shirt. Then I didn’t have regular internet access for a few years. When I was online again regularly I came back here to find that things had changed, and even though I was in a position to pay for a membership, I decided against it since I didn’t think it was really worth it.
Other than not getting your computer infected there really aren’t any real perks to having a guest account over a paid membership.
Now imagine a potential new member is checking out the site, trying to decide whether or not to sign up. They get hit with something nasty and decide to not come back again. So by not solving the malware problems here is going to hurt this place in the long run worse than if they tried to fix it, even if that means dropping an ad provider.
Now this comes back to the question I asked in post #88, is the management of this site knowingly keeping an ad provider around that distributes malware because it’s the only thing keeping the board going, or are they just trying to make a profit at the expense of it’s users? And if it is because this is the only way to keep the board going, can they prove it? To use a phrase popular around here, cite?