Two Major Ad Networks Found Serving Malware 330
Trailrunner7 writes "Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize."
Of course! (Score:5, Interesting)
What do you expect from a company called "Doubelclick"? I bet Googel tampers with their search results too.
Re: (Score:2, Insightful)
Doubleclick is Owned by Google, so they probably don't need to tamper.
Oh, ah, Whooosh, I guess.
I always wondered that acquisition (Score:2, Insightful)
At the time Google bought DoubleClick, Google owned the advertisement network with the best reputation (Goolge AdWords/AdSense. Relevant, not-very-annoying text ads) and DoubleClick had perhaps the worst reputation (horrible flash banners, etc.) of them all. I couldn't understand why Google would buy that. Then again, these days Google is pretty horrible towards Ad publishers (closing or freezing accounts without offering any explanation, etc... If you aren't a big name, expect to get buttfucked by Google)
Re: (Score:2)
umm... not in violation of one click shopping patents?
Noscript wins again (Score:5, Insightful)
One more example of why ad blocking has its security benefits. What's worse is that doubleclick and friends are used by pretty much every site out there including Slashdot. It's a shame that although a lot of people would be willing to support sites like Slashdot allowing a few ads to load occasionally; doubleclick just isn't trustworthy enough to allow that.
Re:Noscript wins again (Score:5, Insightful)
What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines, but I just can't justify exposing myself to whatever that week's ad-based crazy shit danger happens to be. It's similar to how I feel about porn sites - the responsible part of my wants to subscribe and send them a little cash for the assistance rendered by their presentation of jiggly bits being jiggly...but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.
So now I find myself chosing between doing that right thing - supporting the services I use - and the secure thing. And as it happens, the secure thing wins out.
Re:Noscript wins again (Score:5, Interesting)
What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines,
Ad views have become the defacto micropayment system. If we had an alternative, sites wouldn't have to be dependent on privacy-invasive and security-breaking ad systems. I'm sure that many would anyway, but they would at least have other options.
but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.
Micropayments could solve that problem too - anonymous microcash would be almost completely immune to the kind of abuses that you are avoiding.
Re:Noscript wins again (Score:5, Interesting)
A "push" credit card transaction would also solve those problems. Why is it that I can only pay for something by giving my entire credit balance to someone and trusting them to give me back everything but what their invoice says? Why can't I say, "Hey, MasterCard, give this guy $50." He gets an email, his automatic email-getting-password-sender-outer tells me how to get to his jiggly bits. ... I mean, the jiggly bits he has video of, not the ones between his pockets.
Re: (Score:3)
I use a debit card for online transactions. It has its own separate bank account, with no overdraft or other type of negative balance facility. When I want to buy something online, I get to the checkout page, see how much the total is, use online banking to transfer just enough money into the account from my main account to cover the cost, and then proceed with the purchase. If a retailer tries to take too much, or tries to take payment twice, or if the card number is compromised and is used fraudulently, p
Re: (Score:3)
Be careful with that, even tho you have no formal overdraft facility some banks will give you an "unarranged overdraft" and charge you stupid fees for it...
I used to use a card with an extremely low credit limit for online purchases, until i found that the credit limit isn't the limit that you can spend, its just the limit that you can spend without being charged extra fees.
Re:Noscript wins again (Score:5, Informative)
You think that is smart eh? Oh, boy, are you in for a suprise!
Using debit cards to be "safer" is the worst idea possible. All credit cards have fraud protection. If someone uses it fraudulently, as long as you catch it within a couple of months, you are not responsible for paying it. When you give your credit card number to someone you are giving access to your credit line, provided by your bank, not your money directly, and when they charge your card they won't draw money from you, they will post a charge for which they will get paid later by the bank and you will be asked to pay for it.
Now, if you give your debit card, you are giving your bank account. A transaction draws money from your account immediately, good luck trying to reverse that later, I mean it is YOUR money gone, not the bank's money. Then, the fact that you don't have overdraft protection does not mean much. First of all you will have the bounce fee. Secondly, there have been many instances where banks go ahead and honor the overdrawing (it has happened to me once, they charged both the fee AND overdrew the account, it was either Wacovia or Chase...) and when you ask them about it they say "because you are a good customer our system allowed it".
There are of course many other reasons for using a credit card. For example you get extended warranty (AMEX doubles 1-year warranties), cashback etc.
If you want to be secure there are virtual account numbers that many CC provide. Some of them can be set with a pre-set limit. But be careful, similar to a bank account there are times where the bank will still honor going over the limit. The difference is, you will NOT have paid it with your money. You will receive a bill showing the fraud and you will file for it to be cleared. It has happened to me a couple of times and I shudder at the thought of that being my debit card...
Re: (Score:2)
Please tell me how's a Visa debit card is worse than a Visa credit card? And how is it better losing your own money vs losing someone elses money that you have to pay back?
Re: (Score:2)
Well in the UK the COnsumer Credit Act 1974 means you have no liability for fraudulent transactions. That does not apply to Debit Card transactions.
Comment removed (Score:4)
Re:Noscript wins again (Score:5, Insightful)
You are not bad on the insulting department. Not great on the how things work department though, but with that attitude you can't possibly be helped.
Just so we are clear, originally I did not think you were dumb. My tone was aiming to make it clear to you and to other people that debit cards are a bad idea regardless how well you think you have thought things through. In my second favorite forum (FW Finance) I have read so many stories about how people have gotten screwed, it is not even funny. For example, do you know that debit card transactions are processed by the end of the day in an order the Bank decides? What do you think will happen with a fraudulent charge the same day as a legit purchase? Also, did you know that normally a merchant asks for authorization before putting a charge through (and gets declined in your case if you don't have funds), but at least the VISA network also allows charges WITHOUT authorization (and think whether a fraudster will ask for authorization)? That was probably how I got a negative charge on an account that had no overdrawing and if you think a negative balance on your bank account does not mean that is your money missing, you are sadly mistaken.
Anyway, I at least hope you don't use a really bad (customer-friendly-wise) bank (like, say, BofA).
And to re-iterate, no, I did not think you were dumb, but you did come out as a douche with your second post.
Re: (Score:2)
Re: (Score:3)
In most of the world there is a thing called "bank transfer". For most transactions it is even free. All you need is to know the recipient's account number, which is published by everyone interesting in receiving non-cash payments.
Re: (Score:3, Interesting)
Re: (Score:2)
You kinda can, eg with EntroPay that I was a founder of, you can create a new card (new number) with just enough credit/balance on it to support the transaction you want to do.
Rgds
Damon
Re: (Score:2)
I say, "Hey, MasterCard, give this guy $50." He gets an email, his automatic email-getting-password-sender-outer tells me how to get to his jiggly bits.
You mean like PayPal?
Re: (Score:2)
I like to think of ad views as the squeegee guy at the red light intersection. He'll mess up your windscreen while you're stopped, and then on top of that, he expects you to pay him for it.
Re: (Score:2)
Re: (Score:2)
Sure, but nobody wants to subscribe to many sites. One or two is fine but twenty or more? Especially when most only have interesting content once a fortnight.
(I know that's not what you meant but it gets to the heart of the problem as I see it.)
Re:Noscript wins again (Score:4, Insightful)
Well I thought I was running a properly configured box. Everything up to date, not using IE etc. Clicked on a link and got a Google warning about the sit. Fine I thought, I'll use the get me out of here button and suddenly I'm being bombarded by AV warnings. Noticed a Java console icon in the Systray, so that was how it arrived. What was unbelievable was that within seconds every HTML doc was infected with fucking vbscript. .net stuff.
I gave up on windows for home use there and then and now use Linux full time (instead of occasionally), and just windows for
As an aside, time to install Ubuntu, about 40 minutes. Time to install XP (from slipstreamed SP3 CD), half a fucking day including a call to India to ask for an OEM number that fucking worked. None of the driver bullshit either.
Re: (Score:2)
Time to install XP (from slipstreamed SP3 CD), half a fucking day
That's odd, it took me less than 20 minutes to install it into a VM this morning.
Re: (Score:2)
I've done it a couple times recently and found it was closer to the half-day mark. Don't forget the time to create the slipstream CD, then to set up the drivers that the slipstreaming ignored for some reason (audio and video, in my case), and then to download basic software and updates (IE8, Firefox, and about 84 security updates, in my case), plus associated reboots.
Re: (Score:3)
Agreed.
I use OpenDNS to block doubleclick but they have a lot of domains they serve under in addition to their own.
I don't begrudge the advertising, I've even been known to click on it occasionally if it interests me. And I don't worry too much about the malware, running Linux and tight filters. But a few jerks like ADShufffle.com screw over all the advertiser. And I wager nothing at all happens to them.
Re: (Score:2)
Aye!
Adblock, No-Script.
I use AVG, not sure what is best free virus scanner. Don't think the commercial scanners are significantly better (maybe not better at all) than the free ones.
Comment removed (Score:5, Informative)
Re: (Score:2)
Ditto on MS Essentials. I made the switch about a year ago after many years of AVG, including corporate licensing. AVG is still a decent product, but more naggy and has gotten more resource hungry over the years. MS Essentials isn't perfect but seems to use less resources and catches as much or more than others. Being free is also nice. Being updated very regularly, almost daily, is also good.
Re: (Score:2)
Getting around that wait was as simple as opening the MSE interface, disabling 'real time protection' (whereupon said directory would immediately open) and then re-enabling 'real time protection'. But... why have to do that, so often? And having to do that, kind of makes
Can't say I'm surprised... (Score:3, Informative)
Re:Can't say I'm surprised... (Score:4, Informative)
Oh no, between you and the AC, you've mentioned HOSTS files twice. If you mention them a third time, the apk troll shows up, like a techno Candyman with Tourette's.
Re: (Score:2)
Let me add one disadvantage of host files vs. AdBlock/NoScript & Co.:
The host file approach is completely unusable on machines where you have no root/admin access. And even on networks where you have root/admin access, but don't own the network and are not the one responsible for networking, you may get into troubles if you try to change host files. OTOH, Firefox plugins can be installed at the user level, without a need for root/admin access, and since user-installed plugins only affect the single user
Re: (Score:2)
They're also completely useless in proxied environments. Or at least, properly configured ones.
MSN sucks! This would never happen to Google! (Score:3, Funny)
Oh wait... Google's doubleclick got tricked too.... okay, nevermind.
-The Anonymous Google Fanboy
Re:MSN sucks! This would never happen to Google! (Score:4, Informative)
Quote Story:
A spokesman for Google, which owns DoubleClick, told the IDG News Service that the malicious ads were only being served for a short amount of time, and that the company's own malware filters detected the ads, as well.
So, MSN was clueless. Google was merely slow to act.
Re: (Score:2)
Does seem a little odd. Google has malware filters for ads, the filters detected the malware but (and this is the big but) not before it had been served out for a while.
That sounds rather more like a human malware filter than a machine one.
Re: (Score:2)
No no, MSN is right on the ball (Score:3)
MS for the security holes, MSN for the exploits. One stop shopping! We have you rooted the fastest! Where do you want someone to make you go today!
coulda told ya (Score:2, Interesting)
I could have told you that. I narrowed down the issue to MSN/Hotmail a couple days ago and was advising users to stay away for as long as possible/use adblock/noscript.
I've been dealing with removing this horseshit from end users pc's all week.
Something interesting I noticed was the malware authors were amateurs- they forgot to setup the fake HDD defrag malware to run at boot on any other user profile besides the one that was infected.
Made disinfection pretty easy...
Praise for adblock (Score:2, Insightful)
This is why I block all ads and all your moral arguments and begging [arstechnica.com] be damned. Ad blocking is sensible risk management.
Re: (Score:3, Interesting)
Queue people whining and crying that people are thieves and all that because they block ads. Sorry, but if you can't be sure you'll never serve malware. You'll never be allowed to serve ads which might infect my machine with something...nasty. Especially now that ransomware is starting to become the next trend.
Re:Praise for adblock (Score:5, Insightful)
Let em whine. I'm sorry, These ad firms put themselves into this mess.
The day ad firms decided to allow advertisers to use Flash and JavaScript in their advertisements is the day I started blocking them. Seriously, What was wrong with simple images and text? Was the monkey way too easy to punch or something?
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
add animated GIFs to that list.
I started blocking ads when two things happened, pretty much simultaneously:
One, ad content took over a considerable part of the screen real estate and
two, ads started to distract from the actual content through animation, blinking, sound, etc.
I know advertisement is all about getting your attention, but it tries to do that in contexts where I don't want my attention diverted to something else. I don't mind advertisement on the WC or on the bus that much, it's not as if I had
Re: (Score:3)
But statistically, those annoying ads *work*. They wouldn't be used otherwise - I'm sure the advertising industry has done many studies of this.
Yes and no. Mind you, my marketing class has been more than 10 years ago, but I'm not sure if the basics have changed so much. True is that the marketing industry does invest a lot into research and studies. However, like in many other areas in business, that doesn't mean those results actually get applied. And while results of ad campaign get regularily checked, more often than not the results tell you whether it worked or not (i.e. sales increased) but not why. Which results in many, many legends that hav
Re: (Score:2)
Re: (Score:2)
I agree, ad firms have put themselves into that mess. The reality is, they don't even realize it. I'm still wondering who had the brainwave to allow flash and js, to play outside of the sandbox.
Re:Praise for adblock (Score:4, Informative)
Cue.
Trust model (Score:5, Interesting)
The trust model of online advertising is in my opinion fundamentally broken. A big part of the security model of the web is domain-based - e.g. the same origin policy - but this goes down the drain with third party ads hosted on yet another third party's server.
With online advertising it was for the first time possible to measure the effect of ad campaigns better than "how many saw it and did we sell more after it?" What did this bring us? "PUNCH THE MONKEY!", "LOOK AT THE BLINKING LIGHTS!", "BEEP BLOOP BEEEEEP!!!" and perhaps most insidiously it broke the domain-based model of trust on the web since everything had to be put on the advertising hosters' servers to deter click fraud and whatnot.
AdBlock doesn't just save you bandwidth and reduces the annoyance of browsing the web, it is also one of the best tools for avoiding drive-by malware from ads.
Re: (Score:2)
... it broke the domain-based model of trust on the web since everything had to be put on the advertising hosters' servers to deter click fraud and whatnot.
Erm? I would say the trust model works exactly as promised.
I trust slashdot.org (I know, silly me) and ask my browser to download and display HTML content from their domain /.org instructs my browser to go get and display some other content from an ad domain
The HTML at
I do not trust that ad domain and refuse to display their content
Everybody happy?
*Browsers*, however, need to become more explicit about this and realize that if I instruct them to get a page from x.com I don't really want to get images, fram
Re: (Score:2)
You want RequestPolicy [requestpolicy.com]
I have to warn you that many sites have REALLY obscure dependencies.
Adblock is not that great a protection on its own (Score:2, Interesting)
Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit? How many things are you going to block before it makes the web safe? So many all websites are useless? That's why I found NoScript more annoying than not. Too often I was just saying yes to so much it wasn't really that much more secure.
Much better to have secure systems inside than walls trying to block everything.
Re: (Score:3)
Re: (Score:3)
Anti virus isn't totally useless (Score:2)
My MS messenger has been setting off the anti-virus alarms for several months now. They come in through the ads at the bottom of the main window.
Solution (Score:3)
It's really just one more reason for me to not feel guilty about blocking ads. Sometimes I click on ads from sites which I trust and wish to support, but other than that, the hell with them.
When the fuck will ad networks learn? (Score:2)
ad network should serve the images/text and a link URL, nothing more
stop letting advertising providers provide custom HTML and remote-load scripts/images into ads
Re:When the fuck will ad networks learn? (Score:4, Insightful)
And if sites start puting bullshit javascript on the main domains then fuck em.
Re:When the fuck will ad networks learn? (Score:5, Insightful)
Your idea, while clever, isn't going to solve the problem. Javascript will just wind up being pulled in at the server side rather than through <script src="http://dooberidooberidoo....">
The problem is a combination of idiot ideas concerning computer security. Read something like "The Six Dumbest Ideas in Computer History" [ranum.com] some time - it's eye-opening and it explains a lot. In the case of web browsing and Javascript, you've essentially integrated four of those ideas into basic computer use.
For those who haven't time to read the article, I'll summarise the idiot ideas that have made it into web browsing:
1. Default Permit. Why on Earth is it the default for most web browsers to run every single little thing they download? It's completely insane - seriously, I can't think of a better way to transmit malware than to sit somebody at a computer and give them a nice easy way to download and automatically run every silly thing they can find, even if the only thing they will run is supposedly sandboxed.
2. Enumerating Badness. We tell ourselves that it's OK to do this, as long as the end user (if they must run Windows at all) does so with half-decent AV installed. But AV works by keeping a list of "things that are bad" and blocking them all - you know how long that list is these days? You only need one thing to slip the net and your system's 0wned anyway. It's the computer equivalent of having sex with every disease-ridden cheap whore you can find working the streets and hoping to Christ the condom never breaks. The bad thing only needs to be lucky once, you need to be lucky every time.
3. Penetrate and Patch. Today the issue is at the server end. Four days ago, the issue was in Firefox (latest release was on the 9th December, it fixes a number of security holes). Next week it might be in Adobe Reader or Chrome. Exactly when did it start making good sense to play whack-a-mole with security holes? You don't see them building high-security prisons out of temporary Portakabins and then tacking extra things on in a blind panic every time inmates escape, so why are so many pieces of software that are likely to be exposed to malware designed in exactly this way?
4. Educating users. Telling people not to click blindly on every ad doesn't work, as anyone who's ever done serious amounts of user support can attest. You always have some people who will click on everything that appears on their PC, if education was going to fix that it would have stopped being a problem years ago. There's a damn good reason why larger companies frequently lock their PCs down so thoroughly they may as well be dumb terminals, and it's not because the IT department is run by a bunch of power-thirsty mini-hitlers. It's because it's the only way to stop the helpdesk being overrun with people ringing in to say "I clicked on this attachment and now I've got everyone complaining that I emailed them a virus. I didn't!".
Re: (Score:2)
Some one should put an option in firefox( a native option mind you not a whole extension) that basically says break third party javascript. We'll see who wins the damn war then.
That would break CDNs serving JS for the site owner and cookieless domains used for the same purpose, both are considered good practice at the moment for faster web sites. In addition, it would need countless (hardcoded?) exceptions for sites like ajax.googleapis.com which are used to help users reduce traffic by caching frequently used JS libraries more.
I use NoScript and although it has its deficiencies, it generally works very well.
Human factor? (Score:3)
I find it a bit odd that an extra "f" would have duped "the system". I believe what may have been happening is that human verification part of the equation could have been "hacked".
You create an account, you specify where the banner data lives, it gets submitted for an approval.
Except in this case whoever looked at the data saw "trusted" domain and figured everything is fine. Heck, the "fake" domain could have served an innocent javascript up until owners knew that banner got approved, then swapped out the script and off the drive-by script malware goes.
And then Google/Doubleclick detects bait-and-switch ("hey, we didn't approve this virus!") and it gets flagged.
Block Doubleclick and MSN ads at firewall (Score:2)
This is a strong argument for blocking DoubleClick and MSN's ad server at the corporate firewall.
This drive by thingy everyone is talking about (Score:5, Funny)
Re: (Score:3)
well its bullshit every time an add tried to install something the package manager won't open them. Shit I've tried every distro out there and I still can't open them up. What am I doing wrong can someone please help me. I really want to see all these cool things the rest of the world is experiencing.
don't worry. I hear WINE is adding support for that.
Who bares the cost? (Score:2)
If they had to pay real money proportional to the amount of damages the situation would be completely different. Estimate them number of visits to poisoned web sites, multiply that by the amount of time required to check for and fix damage, multipl
How is this News? (Score:2)
How is this news? 90% of the Spyware I see comes from banner ads that redirect to malware.
Pick your poison:
1. Ad redirects upon load to Malware
2. Ad appears normal, redirects after X seconds to Malware
3. Ad appears normal, then redirects to Malware upon closure
4. Ad redirects to Malware upon specific click event (mouseover, clicking something in the page, etc)
Where Malware in this instance is 99% of the time a PDF exploit. And since Flash lacks basic security measures (such as, say, an option to refus
This goes to show you (Score:2)
The only 'safe' way to serve ads is from your own databases, after having thoroughly checked the ads to be displayed for any malicious behavior.
As I stated yesterday, and got modded troll for; you can only be the provider yourself. You cannot trust anybody else. You must act as the filter or else you will hurt your customer base.
Re: (Score:2)
To add, this same statement holds true to my LED business. If I do not serve as the filter for all the marketing bullshit, I end up losing sales even though I never sold anything, because the potential customer base has become jaded and distrustful, either from personal experience with sham lights or through hearing about stories from other users about said sham lights.
There is no other way around this, it is a fact and cannot be changed. It is logical, and anyone that ignores it, especially content distrib
Block ads! (Score:2)
I started blocking ads when they started blocking me or my use of webpages.
Static banner ads were okay, but as soon as they started blinking, jumping, making noise, popping up or sliding in front, they were unacceptable and had to go. It's a simple as that.
Using Adblock Plus with NoScript have made sure I've yet to experience my first ad-borne infection.
Why should this surprise anyone? (Score:2)
Personally, I'd be surprised at the discovery of an ad serving network that DIDN'T serve malware on the side.
I have never understood why advert networks allow their "Partners" to cross-load javascript, and other scripted media objects. If the advert requires a "phone home" script, then it should have that script hosted, and vetted by the advert network they are partnered with, rather than playing a shell game of spot the malware.
Any advert that tries to hot-load a javascript or other scripted media object s
This is why we need to go back to.... (Score:5, Insightful)
88x31 and 468x60 animated GIF's.
I'm going to implement ad blocking at the router level at my house....
GPCode virus (Score:2)
No wonder I saw a spike of GPcode infections at my workplace last week.....
Re: (Score:3)
I doubt they check the scripts before they are put up for rotation, and this is their chance to find a scapegoat. As long as they get paid, I doubt they care to check.
Re: (Score:2)
Re:I've seen stuff coming from MSN for quite somet (Score:5, Insightful)
One of my honeypot VMs I use for Web browsing got hit by that when I was visiting a top named site.
In my experience, now that a lot of users are not just running executables willy-nilly, compromised ad networks serving up malicious pages to try to compromise browsers or add-ons is the #1 threat in my book.
To drive the point home, I use AdBlock on the main machine I use for Web browsing. I have yet to see a single script related to PC Antivirus. In reality, AdBlock provides more protection than most AV utilities, because once the Web browser is compromised, most AV utilities are completely useless in detecting and stopping that.
Re:I've seen stuff coming from MSN for quite somet (Score:4, Interesting)
THIS is why class action lawsuits against the offending malware serving companies needs to be instituted, starting at the biggest baddest adware serving companies. If DoubleClick serves Malware, it is their responsibility and they need to be sued into oblivion.
Take the profit out of serving ANYTHING to everyone, and start making it cost money, and you'll see the changes you want.
and sandbox (Score:2)
Re: (Score:2)
"Que" is what the Spanish waiter Manuel said in the cult British sitcom Faulty Towers. ITYM "cue"
Oh, and pure Javascript/social engineering driven malware is starting to appear. Right now it's only annoying (it does silly things like spams all your friends on facebook) but it does exist and it runs on OS X just fine, TYVM.
Re:is there anyone left NOT running adblock? (Score:4, Insightful)
Really, what kind of idiot to you have to be to run a machine configured like that these days?
How about 90% of the people on the internet, those who are in the "mom and pop" or "poor student" class of user and don't actually know anything about computers except for turning them on and off, and double-clicking the Outlook Express and Internet Explorer icons.
There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?
Re: (Score:2)
There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?
Then my mother would have no access to the internet. She only uses three or four functions on her ubuntu system and I reckon its pretty safe.
Computers are a dying breed (Score:4, Insightful)
Re: (Score:2)
Thats true. She is mainly interested in "passive" content. She loves the Bureau of Meteorology site [bom.gov.au] for example because she loves to garden, but needs to correlate her gardening with the weather. I set up an RSS feed reader with links to blogs such as boingboing, and news sites, but she is not so interested in those. A tablet would be fine but we are kidding ourselves if we think malware is going to just go away.
Re: (Score:3)
BadAnalogyGuy, is that you?
Trying to tell me that computers will be made safer by taking away their function is like trying to tell me that cars can be made safer by removing their ability to turn right
It's more like making cars sound an alarm if the seat belt's unbuckled. Yes, some people jailbreak this feature.
Re: (Score:3)
I think thats a 2CV.
Re: (Score:3)
Thanks for the gratuitous rude stereotyping.
Damon
Re: (Score:3, Funny)
Re:is there anyone left NOT running adblock? (Score:4, Insightful)
and what i say to those people is
sure i will stop blocking ads when
1 every provider can certify under penalty of law that the ads being served are relevant safe to view and are less than 10% of the page content
2 everybody stops cramming 60% of a given page with various ads cross site links and widgets so that an article thats 4 paragraphs does not need to be on 8 pages because the content pane is smaller than a postit
3 everybody also stops doing videos for everything and actually writes articles (a video of a talking head should be replaced with what the talking head said)
Re: (Score:3)
1 every provider can certify under penalty of law that the ads being served are relevant safe to view and are less than 10% of the page content
How did you decide on 10%? I was just thinking that the Simpsons episodes these days are about 22:30 long. That means about 25% of the 30 minute "content" is ads. I wonder what percentage of a magazine or newspaper are ads... 50%?
Re: (Score:3)
Re:is there anyone left NOT running adblock? (Score:5, Funny)
There really should be a license requirement for using computers on the internet
No way! Next you'll be demanding sobriety checks. So let's just nip that dumb idea in the bud, shall we?
Re: (Score:3)
Re: (Score:2)
We require training and driving licences because failure to control a ton and a half of metal and plastic at high speeds can easily kill people, including the driver.
Your mom getting a virus, thus needing you to go and clean her machine yet again does not rise to quite the same level of public safety. What's the next licence, being allowed to use a mobile phone in a public place?
Re: (Score:2)
"There really should be a license requirement for using computers on the internet "
No. Mistakes on the internet are annoying and trivial compared to tens of thousands dead and far more maimed every year on the roads of the US alone.
Adding another government bureaucracy so we can feel good and accomplish nothing would be expensive and stupid. A
s for the idiots (this IS supposed to be a site for the technically literate) who agree with you on the license, may someone kill them in their sleep so they don't bre
Physician, Thy Self. (Score:2)
There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?
The doctor is licensed. The accountant. The lawyer. The mechanical engineer.
Each are held to standards of professional competence and integrity.
But not the programmer. Not the geek.
It's not just IE (Score:3)
The problem with IE is insecure defaults. A browser that allows auto-install by default is BROKEN.
People in glass houses, and all that.
The only time any PC I run has been compromised to my knowledge was a relatively recent drive-by download via a Java applet. The machine was running Firefox, and both it and the Java VM were fully patched. The machine was also behind a properly configured firewall, and running up-to-date anti-virus software and assorted security/privacy plug-ins in the browser. Unfortunately, none of that helps if you get hit by a zero-day exploit. Also unfortunately, I hadn't yet found
Re: (Score:2)
A plugin which probably wouldn't have missed it (unless it comes directly from a site you explicitly surfed to, e.g. because the site became compromised) is RequestPolicy. It by default blocks any request from one
Re: (Score:2)
Oh, I know that noooooow... :-)
Unfortunately, what I didn't know was that in the minor version upgrade that moved this particular parameter, they silently turned Java back on even if you'd explicitly disabled it before, so instead of enabling it only when work required, I was running with it enabled by default. By the way, if anyone is interested in a tragi-comic demonstration of people on the Firefox team completely missing the point when it comes to security issues, here you go [mozilla.org]. Please try not to throw ro