:rolleyes:
Yeah, this is as stupid an argument as the anti-vaxxers “THE AMA IS IN THE BUSINESS OF KEEPING PEOPLE SICK” crap.
Hint: The Straight Dope actually recommends Malwarebytes as a good source
Wanna try again without the stupid conspiracy-theory nonsense?
I quoted your assertion before. Here it is again.
Your claim is that they don’t care and don’t try, apparently because they don’t perform to your satisfaction. A vague assertion of how the market works from Malwarebytes doesn’t mean that the provider here works that way (thank you, I read it, it was light on hard evidence). That the ad provider has a method for the admins around here to report such problems implies that they care.
Your cite provides a clear explanation on how the ad system at the SDMB, ArsTechnica, and the BBC get gamed into running sketchy ads, even if they do care:
Even though that claim is short on evidence, it’s a pretty good explanation of how the offensive ads get placed. No collusion is necessary. Before you start screaming “Why don’t they scan it for malware?”, they do. Again, I work with a security product for a living. Even with several levels of antivirus and malware checks from several providers, including deploying the files in a virtual environment, the people who dedicate themselves to only detecting malware and viruses miss them. The easiest way to avoid the most careful checks is to use a novel method of exploit, and not execute it before a specific date. If you do it that way, your only risk is if someone else reveals your exploit to the white hats before your launch date.
Well, https can be more than just adding a cert to a site, especially when you’re supporting older browsers and/or are employing load balancers, etc. I don’t know the site’s configuration, but I expect it’s more complex than a shared hosting account. And as you note, Google search is the only thing that’s really going to be affected. Not much benefit for possibly a lot of work and maintenance.
And yeah, I don’t browse the internet at large on anything but a Linux box with NoScript installed unless I’m ordered to. Every other operating system more popular than Linux doesn’t have the tools necessary to make me feel relatively comfy that I haven’t been hacked. But! - We should shut up about this, or it’ll actually get popular and become a target.
That’s where you’re making the mistake, by thinking that anyone is in cahoots with the malware writers. The people who have to profit from the distribution of malware are the writers of malware. Full stop, no one else directly profits. If the ad provider could figure out how to block the malware and make it cost effective, they would.
Yes, I visited the site without logging in on my phone (due to its tinkertoy operating system, it’s a disposable device) again when I read the thread. The ads are certainly a hassle, but no worse than the ones on the other sites that I mentioned in this post. The only site I visit regularly that doesn’t have ads that are a pain in the ass on a mobile operating system is Wikipedia.
If there’s any sense in your post, this comes closest to hitting the mark. If it’s a nefarious plan, it’s one to get folks to fork over the cash for a membership through negligence of the ad system. I don’t think that’s the case, but if you want to grasp at conspiracies, that’s the more believable one.
Yep, that hews pretty close to my take. It’s not a good time to be anywhere but the top 25 or so sites of the internet.
Scabpicker, never did I claim the straight dope wants to serve malware. What I claim is that they do a much worse job of keeping it off their system than other sites, especially if you expand “malware” to include the stuff people mostly complain about here, which is ads that hijack a browser to the point where you need to exit the browser.
I spend a fair amount of time following links and browsing the web. Typically, when a site acts like that, I never return. And most sites have much more benign ads.
(A lot of news sites have auto-starting video with sound, which is my personal pet peeve. But that’s not as bad as a browser hijack.)
Scabpicker, you might be right that SDMB doesn’t serve more actual malware than other sites, but you are absolutely incorrect when you say that browser hijacks that force you to close the browser to escape them are no more common here than elsewhere. SDMB is the only site I go to that does that. Many other people have reported the same. And we aren’t all shrinking violets on the internet who only visit SDMB and Wikipedia. Even porn sites rarely do that anymore. If you want to claim that other sites regularly use browser hijacks in their ads, I need more specifics than just, “The only site I visit regularly that doesn’t have ads that are a pain in the ass on a mobile operating system is Wikipedia.”
It also would not surprise me at all if ad servers (and web pages) that allow such sleazy, obnoxious ads are also less diligent about scanning for actual malware in the ads, but I admit I have no actual evidence that this is the case.
Umm, no read it again “But they actually, really try to stop it. It costs them reputation and money. Google works hard to stop malware in their ads.” So my assertion is that Google does care and does try. I made no assertions at all about the SDMB ad provider as I dont know what it is (and you did make assertions about it, even tho you also dont know what it is). Certainly, they are letting a pretty large amount of malware thru, but I am not sure why.
Why would you think that ?
The intense sophistication of an elderly vBulletin ? The arthritic 2-minute search restriction, dating back I understand decades, and never touched ? The pensionable clinging to a pointless infraction system ? The indecent bareness of a puritan dislike of avatars and sigs known to the rest of the internet since the olden times ?
This place is heavy on bandwidth but low on storage, and could be spun off an Amazon AWS instance; URLJet would kick it out off the park. Shared has come a long way.
Is there anything about this board that you do like?
Well, you implied that they were willingly complicit, or did you mean to post this somewhere else?:
And even when Google throws a good part of its resources at making sure their ad service is pleasant, it still contains malware. That pretty much every other ad provider kind of sucks in comparison is not much of a surprise.
I already cited news.bbc.co.uk (which redirects to Home - BBC News, but I don’t know if the base domain even serves ads, I don’t go there), serving out ads for the Royal Bank Of Scotland that hijack the browser upthread. The ads on that site are just as likely to straight up crash this particular older version of Chrome in the present day as they are to successfully hijack it, but it’s not from a lack of trying. Arstechnica.com isn’t much better.
Well, again, I work with a security product for a living. I see stuff get by every type of scanner. We do pretty well, because the parent company has a hell of a lot of different routes to initially see the nasty files in question, and watch what they do. But even our tools don’t catch everything, depth in defense is what we advise.
We’re a big company, but we aren’t Google big. Besides being big, Google is particularly well positioned to catch malware in their ads. They control a lot of the food chain, from the induction of the ads, hosting them, hosting some of the internet connections, and actually building an operating system and a browser. The internet has never seen vertical integration like that. Only Microsoft comes close, and since they actually build an antivirus system, that group recently got to join the ranks of antivirus providers that had their protection turn into a method of intrusion.
And your saying that business in a thread about an obtrusive ad on the SDMB implies that you don’t think they’re trying hard. See above as to why Google is so successful, but still aren’t clean. It doesn’t matter who the “other” is, they’ll almost always come up short when it comes to being the first line of defense against obtrusive ads. I’m not going to waste my time on a computer that isn’t disposable to satisfy your curiosity. As far as you know, it’s Google.
Now, Google is the top game in town if you want eyeballs (or hosts to hijack or infect). If you’re sleazy, you probably can burn them once, and nevermore unless you come up with a good excuse. After that, you work your way down the chain of other providers, who have less resources to throw at you, and you deploy your next obtrusive ad.
Heh, if anything, it’d be the fact that it’s running an old application, and apparently a decent amount of traffic. I’ve had customers running older message boards that were popular, but less popular than this one, without multi-server front end setups, and this place is stable by comparison. Shared hosting shares disk I/O, and that’s still the bottleneck with any dynamic website.
First time of visiting today and I was redirected to bet365 when I signed up. Is anyone else having such an issue? This is on Android, btw.
Scabpicker, you describe the BBC website ads as hijackers and as ads that simply cover the screen and may crash an old version of Android’s browser, but can usually be closed. Those are two different things. Which is it?
Have you actually experienced the browser hijack that the SDMB serves to mobile devices? It comes up fairly often, but not frequently, and you might have looked at the website several times without seeing it. If you haven’t seen it, then I don’t think you can really comment on whether it is a normal or avoidable type of ad/malware.
Ehh, I don’t think I have to visit over and over again until one of these jerkwads gets their combo right and actually infects the browser. They may be actually trying something that won’t work on my phone’s browser and I’ll never see it. I’ve seen this behavior for quite some time, seeing the particular one you’re worried about won’t surprise me any more than what I’ve seen already. Misbehaving ads are misbehaving ads. The one that serves out the specific browser hijack you’re addressing probably isn’t even the nastiest one served out by the chain of ad networks, it’s just the one that misbehaves in the most obvious way.
Right, but it more obviously and obnoxiously bad (apart from actual virus-installing malware) than any ad on any other website I’ve been to lately. You might not care, but many of have complained and TPTB haven’t done anything. Saying there is nothing they could do and that it’s no worse than anywhere else are both factually untrue, and if you haven’t seen it, you aren’t qualified to comment on how obnoxious it is or isn’t compared to other ads.
I mean to imply that they are less concerned with the negative impact ads have on their readers than most other sites. “willingly complicit”? That’s a bit farther than I want to go. More like “don’t give a shit”. Or “don’t care enough to be more selective in their ad providers”
So I just checked out the straight dope message board, BBC news, and Ars Technica. I found all of them via google, using Safari on a Mac.
As far as I can tell, none of those has yet hijacked this browser. But SDMB has these really annoying ads that sit on top of some of the content, with suspicious little “x” boxes you can click, presumably to make them go away, but who knows. It also has something that claims it is trying (but perhaps, failing) to load at the top of the page. In contrast, the BBC and Ars Technica have ads to the side of the content, or below it. That is, everything is positioned so nothing is hidden by ads. The Ars Technica ads are all from companies I’ve heard of, and that I might possibly do business with. In addition to the weird “covering up content” thing, one of the pages started something with sound (that promptly crashed and stopped). I complained above that a bunch of legitimate new sites do that, too, but that is one of my pet peeves, and I mostly avoid sites that do that.
So just from my quick 15 minutes poke around (I read a couple of articles on each of the BBC and Ars, and I read a couple of threads here, in addition to typing out this reply) I have to say that SDMB has worse ads than the sites you mention as being “as bad”.
I dont know how hard they are trying, I just know they are not succeeding very well.
You really love to put words in other peoples mouths dont you?
You’re going to get different ads than I will based on our cookies, among other things. Also, what hijacks your browser isn’t going to hijack mine, and vice versa. Chrome is a bigger target than Safari, due to its larger number of users.
I was using Firefox for Mobile earlier on Android and had ad issues as described earlier - one of my tabs switched to bet365 by itself when I wasn’t looking.
I’ve now switched to my computer running Chrome with an adblocker and have no issues whatsoever.
I may have to either only post whilst on my computer, or install the Adblock Android Browser…
Oh, look, I got a pop-under ad, too. I can’t swear it’s from the straight dope, but it certainly seems likely.
I just tried Firefox, and it looks much the same as safari. Including the pop-under ad. I’m not willing to remove my as blocker from chrome to test that.
My guess is that the ad on the bottom of the page that sits on top of the content is responsible for a lot of the complaints. It would seem easy for it to go awry and sit on top of the whole page, especially on a little phone screen.
On the plus side, I’m not seeing the lurid click bait that made me decide I couldn’t look at this board from work (where I run Chrome or Explorer on Windows, with no as blocker. Those have got to be the top two targets.) There’s still click bait, but it’s just ordinary annoying click bait. Not the stuff I was afraid a co-worker might see.
I think that the PTB here are not working that hard to correct it, based upon "well they could always become members’.
There’s a problem with that. Sure they have promised that paid members will never see ads.
But Ed also promised they would never run the kind of ads that could cause malware.
Wow, looks like I wasn’t putting words in your mouth.