Well, that’s where this logic of blaming the SDMB falls flat on its face and breaks its own nose. Google has served out malware, as well. There are no pure/clean ad purveyors, and pretending any of them can block all malware contained in ads that allow JavaScript or any other sufficiently powerful scripting language is a fantasy employed by people who don’t understand the core problem.
Also, an ad that covers your browser window really doesn’t qualify as malware. It’s a shitty ad that’s more likely to drive people away, but close the browser window and it’s gone. I get them while browsing the BBC, usually advertising RBS.
There’s also no such thing as a perfectly clean kitchen, but that doesn’t mean I’m going to frequent the diner that keeps getting closed down by the Health Department.
Pretending that the SDMB owners are somehow having these ads forced upon them despite their best and honest efforts is a fantasy employed by, well, you get the idea.
The SDMB serves worse ads than any other site I frequent. It’s the only site I frequent that I will not go to without an ad blocker. I voluntarily “whitelist” several news sites to allow them to serve ads through my ad blocker. No way I’d do that for SDMB.
There are qualitative and quantitative differences, and this board is worse on both counts. That can’t be an accident.
Ehh, this board is less bad than most of the internet, trust me. It’s not squeaky clean, but it’s a small board run by a newspaper. At work, they run an active web security firewall that blocks based on a lot of things, but the amount of malware a site is known to distribute is one of them. Lots of sites with legitimate information for my job get blocked, but the SDMB loads fine.
The ad provider and the SDMB both actually, really try to stop it. It costs them rep and money too. Comparing their efforts to those of one of the largest tech companies in the world is something you can do, but the outcome is probably going to be easy to handicap. Antivirus and malware protection suites do their best as well, but they miss new infections regularly. As far as I know, the actual malware that’s been reported hasn’t returned, and the intrusive ads that get reported with actionable info get squashed, too.
I can understand being angry that an ad was doing something it shouldn’t, and I certainly hope that anyone who gets an ad that ruins their experience reports it with enough information to act. But I don’t think that acting like the ads served here are particularly infectious is helpful. This report doesn’t even have any evidence of anything but an obtrusive ad, and there’s not even enough information presented to identify which ad, and if it even came from the SDMB. The original report states it’s worst “when following a link from another site”, which kind of makes me think it’s a problem with their computer, not necessarily from the SDMB.
Seriously, I now* track down problems in a security product for a living, and I know what actionable information is. This isn’t it. I feel for Fenris, because they obviously have an issue, but there’s not really much to go on here.
*Yep, new job. My old job was admin-ing what was probably the last 4000 or so boxes of the 1880s wild-west style internet hosted in North America. Working either side of this fence is crazy. I spent all of a day a couple weeks ago helping a customer come up with workarounds for their fallout from the latest not-really-ransomware. Ugh.
I love this site, but I won’t look at it any more on a mobile device, because every single time I try I get the exact same hijack behavior the OP describes. Without an adblock, this site is completely unusable.
This isn’t the first time people have complained about this. It’s a real problem, but as far as I can tell the powers that be just do not care. I’ve certainly been spending less time on the boards because of it. Is this really worth it? I think these shit ads are killing the board.
Google is slowly cracking down on non-SSL ( = non https:// ) sites, so maybe as SD can’t afford Let’s Encrypt that is a symptom.
I have no idea how a website steals ‘information’.
Ehh, support your ridiculous claim, first, since you’re bringing the accusations. I’d assume any ad provider isn’t getting paid more to distribute malware, and would rather not distribute it, as it makes people less confident in their business. If you’ve got a cite other than your post to prove that the one the SDMB uses (or hell, any ad provider) does, I’ll read it. snfaulkner, that warning means that the connection is unencrypted. If you were using a connection that someone was listening in on (in some situations, such as on a public wifi connection, this is trivial), they could do everything from know what pages on the SDMB you were reading, to steal your user credentials and start posting as you on the board. That’s probably extremely low on the priorities of pretty much everyone. In a world where Letsencrypt will give out publicly verifiable TLS certs for free, it’s kind of silly that the SDMB doesn’t support encrypted connections. But there’s more than the cert involved in the complexity and cost analysis of supporting or enforcing encrypted connections, and probably not a whole lot of benefit to implementing it.
In the end, it means you shouldn’t transmit anything over the SDMB that you wouldn’t feel comfortable putting on a bilboard. But it’s a public message board, so that shouldn’t be surprising. That’s about the extent of that warning’s direness in this context.
Say what you will, I choose to view the move from lame excuses to stoney silence, by management on the malware issue, as an improvement.
It makes it easier, in my opinion, for users to fully digest that nothing is going to change here, regardless of how much malware they spread, or how appalled users are by the nature of the advertising they accept and spread.
Removing any expectation of improvement ultimately helps everyone have a more realistic view, in my most humble opinion.
Or radically the Chicago Reader is implementing a cunning plan to wean people off Microsoft.
Linuxians hate to mention it, but as one obviously I never get this crap, particularly if you pick a blocker or two. But I do feel bad for other people reading of this; and think by now the internet should have deleted malware as a business opportunity.
One rarely hears of computer worms by now [ maybe WannaCry counts ], couldn’t these things and the associated ads be equally a thing of the past ?
Actually, I think they just say to each other, “Have you ever visited that little site we own ? You know the one, the Doppler ?”
Eh, Dreamhost just implements Let’s Encrypt for free on shared hosting; and last month I took a free 90 day trial of a Comodo basic SSL for another site. All I had to do was paste a couple of blocks of text in CPanel.
I am sceptical of extra-added value, but it stops Google downgrading a site.
Someone gets some benefit out of malware, (And the not-technically-malware-but-annoying-as-hell-browser-hijacks this site routinely serves) or it wouldn’t be so common. Just like some stores sell things as cheap as possible and others try to create a pleasant shopping environment, different web sites and different ad providers choose different strategies.
Do you look at the ads that come with this website? No one who is concerned about the long-term confidence of users of the site would distribute those ads. I personally think it’s quite short-sighted of whoever controls this site. But hey, free market and all that.
And maybe I’m wrong, maybe it’s really a clever way to limit new posters to people who run ad blockers. Maybe it will increase the average technical sophistication of the board and be good for it.
My assumption, based on the tactics employed, is that this site is just not all that profitable, and so they go with ads that pay the most, even though they are not nearly as good about stopping malware.
I mean, Ed made an announcement about a new type of ad that sticks to the bottom of the screen. (I’ve never seen it, since I always adblock here.) That suggests that even the current ads weren’t working. Then there are the popunders (which sometimes popover, apparently.)
It suggests this site is in a worst way than early Snopes, when they alone held on to popup ads.
So you have no idea at all who hosts the SDMB ads and thus your assertion "The ad provider … both actually, really try to stop it. It costs them rep and money too" is false.
I made no such assertion or claim.
Not paid more of course- just paid. If you are not picky about the ads, it costs you less to check them out, and more ad revenue comes in Google can afford to be picky.
“*Malvertising has gone unchecked because of the current lax conditions and low barrier for entry to ad networks. In order to advertise online, businesses merely sign up with a network and then bid in real time to have their ads appear on popular websites. However, not all advertising networks have strict criteria for advertisers. Not only that, but buying advertising space is increasingly being transacted automatically. Ad sellers don’t always know the buyers, and some ad platforms allow newcomers in cheap.”
*
And of course malwarebytes.com are completely unbiased, aren’t they? I mean it’s not as if they’re in the business of persuading people to use their product.