And shortly after website ads arrived, so did the malware. Ad-ware, also called "malvertising", was born.
There are a few different ways website ads can cause problems:
- virus code in the ad itself - so clicking on the ad downloads or executes the malware
- malicious code that executes based on a mouse action - such as clicking on a flash animation or even just moving your mouse over an ad (called a "drive-by download")
- a link in the ad brings you to a different page that can have malware, asks for personal information or exploits your browser to grab information from another tab (kind of like phishing)
You may ask... why would someone allow a virus in an ad on their site? That's a great question. The issue is that most sites don't have a direct relationship with the people creating the ads. The way it typically works is that sites sell space on their pages to ad brokers, who resell that space either to someone wanting to place an ad, or even to other ad brokers. And often the ads rotate. It becomes pretty easy for crooks to insert malware into these ad spaces without detection.
This led to the creation of ad blockers. These are programs that work in your browser to block content from the 3rd party ad brokers. There was a big controversy about this in 2015. On one hand, websites that offer free content need to have a way to monetize. On the other hand, web and banner ads are annoying, collect our information, and can contain malware. Some businesses block ads on corporate systems as a way to cut down on malware... and it works.
To fight back, some sites block people who block ads!
And that's where things get interesting.
Let's look at Forbes.com for example. Many websites simply show their ads along with each page. If the ads are blocked, then those parts of the pages just don't load, or show a broken image icon. But when you go to the Forbes website, you first see a welcome page that counts down until you can click to the main page. While that is happening, the page loads hundreds of those 3rd party ad sites.
And earlier this year, the Forbes site was serving malware through ads!
So there's the bind... allow sites to display their ads, including those full sites that only display if ads are allowed; or open the enterprise to malware!
But shouldn't the responsibility for this malware be with the website that displays the ads? Shouldn't they test to make sure there isn't executable code in those ads? I think so.
I also understand that sites display content that is worth something and they deserve to be compensated.
There are some compromises. Some sites ask you to register to see additional content. You are "paying" by providing information about yourself that they can sell. Some sites charge nominal subscription fees (some sites charge high subscription fees!).
There is perhaps some middle ground with Google Contributor. With this consumer service you pay a nominal monthly fee. Then google distributes that to sites based upon your usage patterns.
What are your thoughts? Is there a middle ground? Should consumers have to pay for content? Do we need to be bombarded with ads? And who should be responsible when sites serve up malware or malicious links?