Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Google Chrome Security

Superfish Injects Ads In 1 In 25 Google Page Views 91

An anonymous reader writes: A new report from Google has found that more than 5% of unique daily IP addresses accessing Google — tens of millions — are interrupted by ad-injection techniques, and that Superfish, responsible for a major controversy with Lenovo in February is the leading adware behind what is clearly now an industry. Amongst the report's recommendations to address the problem is the suggestion that browser makers "harden their environments against side-loading extensions or modifying the browser environment without user consent." Some of the most popular extensions for Chrome and Firefox, including ad-blockers, depend on this functionality.
This discussion has been archived. No new comments can be posted.

Superfish Injects Ads In 1 In 25 Google Page Views

Comments Filter:
  • by the_skywise ( 189793 ) on Thursday May 07, 2015 @06:07PM (#49643181)

    Google sez we must remove ad blocker functionality!

    I smell an ulterior motive..

    • First they came for the non mobile sites
      Then they came for the ad blockers
      ??????
      Profit!

      • by popo ( 107611 )

        Keep in mind that Google themselves promotes AdBlockPlus pretty heavily within their Chrome store, and that Google is whitelisted in ABP.

        If this is indeed an ulterior motive, then it would seem to indicate that Google has become concerned about other ad blockers that fall outside their control.

    • by swillden ( 191260 ) <shawn-ds@willden.org> on Thursday May 07, 2015 @09:21PM (#49644115) Journal

      Google sez we must remove ad blocker functionality!

      I smell an ulterior motive..

      Reading comprehension fail. The summary says:

      Amongst the report's recommendations to address the problem is the suggestion that browser makers "harden their environments against side-loading extensions or modifying the browser environment without user consent." Some of the most popular extensions for Chrome and Firefox, including ad-blockers, depend on this functionality.

      I'd expect that most users who install ad blockers consent to having it modifying the browser environment.

  • by cstec ( 521534 ) on Thursday May 07, 2015 @06:13PM (#49643225)

    As a serious coffee consumer, their main problem is you can't customize the cup of coffee. I drink so much coffee that I started making it weaker, and weaker, and then half strength. The last time I stayed in an office with a Keurig setup, I think I nearly killed myself before I realized what was happening.

    I'd love to have one, but the 'my way or the highway' reality of those little cups doesn't work. And don't even start on the cost.

    • by Anonymous Coward

      Lol wut

      • Re: (Score:3, Informative)

        by cstec ( 521534 )

        I have no idea. It looked a lot like the previous story on the screen!

        Shouldn't have used the words "no control"

    • by Anonymous Coward on Thursday May 07, 2015 @06:27PM (#49643317)

      So even the Keurig 2.0 is infected by Superfish? This is worse than I thought!

    • by SeaFox ( 739806 )

      How many cups do you drink total, though?

      1) Get double-capacity mug.
      2) Half fill with hot water.
      3) Make one K-cup of coffee
      4) Pour in larger mug.
      5) Ta-da. 50% strength coffee,

      • by cstec ( 521534 )

        How many cups do you drink total, though?

        1) Get double-capacity mug.

        As it happens, the SO got me this great TF2 'cup.' As it's double sized, I'm usually on #13-14 before I realize I need to Set the Twinkie Down and Step Away(tm)

        Adding water is just.... gads, equal parts repulsive and rational

    • by cstec ( 521534 )

      I am humbled the score 5 Funny for "No control is the real issue". I should reply to the previous post more often!

      I'd like to point out by "no control" I was really talking about Google, Apple, police brutality, congress, Depends, the morning after Super Sushi Night and memes with cats

  • that's what it's Supposed To Do.
  • by Spy Handler ( 822350 ) on Thursday May 07, 2015 @06:17PM (#49643251) Homepage Journal

    whoever thought running scripts from random sites and ads was a good idea?

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      90% of sites now don't work at all without javascript. It makes for a very boring internet.

      • by Futurepower(R) ( 558542 ) on Thursday May 07, 2015 @06:44PM (#49643395) Homepage
        Just allow JavaScript on the main URL.
        • Seems interesting and reasonable.
          How do you do this? With Ghostscript/NoScript/...?
          Does it work well? A lot of websites use 3rd party js plugins for map display for example.

        • That would prevent sites from using a cacheable common location, such as the CDNs that host YUI [yuilibrary.com], for assets that are reused across sites.
      • by Anonymous Coward

        Then leave. Those 90% of sites click baited you anyways. They never offered you anything that the 10% of actually functional sites can't do. Quit following the crowd if you despise it so much. Nothing I go to breaks from not allowing 3rd party connections and that includes here, YouTube, twitch...
        Anyways, your 90% is BS because YouTube is 90% and it's not broken.

      • 90% of sites now don't work at all without javascript. It makes for a very boring internet.

        Most sites work fine once you enable their main URL. The ones that show up with a list a mile long of script sources are the ones where you just click the "X" instead.

    • by Anonymous Coward

      whoever thought running scripts from random sites and ads was a good idea?

      Probably the person who never realized somebody could run malicious activities from programs executed on your own computer, and that networking would turn it into a giant furball for the rest of the world.

  • by Anonymous Coward

    Jeez!

  • Math check (Score:2, Informative)

    by Anonymous Coward

    Since when is 5% the same as 1 in 25??

    • Re:Math check (Score:5, Informative)

      by dotancohen ( 1015143 ) on Thursday May 07, 2015 @06:49PM (#49643417) Homepage
      5% are affected, Superfish is responsible for 80% of those affected, i.e. 4% total. Here is a restatement of the fine summary, with some noncritical interjections removed (and TFS was missing a comma anyway):

      5% of IP addresses accessing Google are interrupted by ad-injection techniques, and Superfish is the leading adware

  • by Anonymous Coward

    It also hijacks all your SSL/TLS sessions via MITM attack with the installation of a self signed root cert. It also goes to some unusual lengths to hide itself to prevent uninstallation, IIRC. It's straightup spyware.

  • Why should the add blocking plugin require side-loading without user interaction?

    It don't as far as I know.

  • by Anonymous Coward

    So Google, an advertising company, recommends that browser developers disable the capabilities that ad blockers rely on? Surprise, surprise. It sounds a little too much like the FBI saying we shouldn't use encryption because a few terrorists or perverts might take advantage. Sorry, I'm not into throwing out the browser with the bathwater.

    Firefox hasn't been doing so well lately, but getting out of bed with Google might have been a big benefit.

    • So Google, an advertising company, recommends that browser developers disable the capabilities that ad blockers rely on?

      Actually, they recommend browsers disable those capabilities unless the user consents to enabling them.

  • Buy Viagra!

  • I run two browsers, main one armored by Adblock Plus, NoScript, settings, etc and another one bare. If there is a hitch I move over to the latter. If it shows me a penis enlargement scheme guaranteed by Google top management I return to the first.
  • The relevant software products that are getting extensions sideloaded into them -- Firefox and Chrome -- are both open source. If a vendor like Lenovo wants to put ads in your browser with an extension, what do you think is going to happen when Google shuts off outside extensions in Chrome? That's right -- they're going to ship a fork of Chromium and call it "Lenovo Browser" and make it the default browser. You read it here first, folks.

    The solution, for consumers, is simple. Don't use the pre-loaded OS ins

    • You can't kill your way through an idea, unless you kill every last human on the planet.

      They're working on that, too.

To stay youthful, stay useful.

Working...