Feeds

back to article Senate slams ad servers for security failings

The US Senate has issued a report calling for the online advertising industry to improve its security against malware attacks, and for lawmakers to legislate tougher penalties should it fail to do so. The Committee on Homeland Security and Governmental Affairs said that the advertising landscape as it now exists "makes it …

COMMENTS

This topic is closed for new posts.
Silver badge

Better yet

Teach people not to click on ads.

1
4

Re: Better yet

Install web browsers with adware blocking addons / plugins installed and enabled

There, fixed that for you.

8
3
Bronze badge
Holmes

Re: Better yet

Make companies responsible for negligence and their incompetence. Then they would act in much more defensive ways rather than simply shucking the blame.

All of the other suggestions (at least so far) are kind of stupid for a lot of reasons, but I'm just going to focus on what I regard as the most obvious one. Children are naive and innocent and need to be protected from vicious criminals while they are growing up and learning how to defend themselves. If that isn't enough, then how many times do you want to recover your children's computers from being pwned by attack ads from websites with drive-by malware installers?

P.S. I mostly blame Microsoft for so firmly establishing the no-liability EULA. I offer two observations: (1) If Microsoft were held accountable for all of the economic damage inflicted by their mistakes, then they would be bankrupt. (2) If they faced the threat of liability for their mistakes, they would design MUCH better software. Perhaps the initial progress would have been slower, but what we have now is clearly a rotten house built on a rotten foundation. After 10 years of so-called security initiatives, yesterday's "routine" patches were more than 100 MB.

4
3
Bronze badge

Re: Better yet

Yeah, because it *always* requires a click.

There never, ever, ever, ever, existed a drive by.

Fucking moron.

Note to self, add to blacklisted idiot list.

5
2

Better Better yet

Make advertising strictly opt-in.

2
0

Re: Better yet

Blame Netscape and Macromedia first and second and sorting out which was worse will take some serious drinking time. All of the evil bits came from those two players. And if you want to sue them? Good luck. The former is now the Mozilla Foundation, the latter Adobe. [Ever hear of Flash?] Try you revisionism on someone else that wasn't alive back then or at least not in short pants. Sheesh!

2
1
Pint

Re: Better yet

On the whole responsibility/accountability thang? Right there with you. A bug or security hole in my code could cost lives, cause millions of dollars worth of damages, &c. For me, life in prison or the gallows was a very real consequence of my fucking up. Everything was proven, reliable, no holes, and so forth. I'd rather not spend my life in prison, being guarded by a bunch of pissed off Marines or hanging.

0
3
Silver badge

Re: Better yet

Not necessarily the problem. I recall building out a system once and failing to make my standard adjustment of switching the default for IE from MSN to Google. Fired it up to start the MS Update processs. It defaulted to MSN and ...

BOOM ! ! ! !

The malware Antivirus/Spyware 2005 (or some such year) was installed on the PC. I just turned it off and started over.

0
0
Silver badge

@ Shannon Jacobs

While I like the concept it has a problem which the Senate report has already identified: there are already so many parties involved nobody can determine who let the dogs in.

0
0
Silver badge

Oh joy!!!

Congress is going to legislate. $DEITY knows what we'll end up with. Mandated browsers? Mandated software? Some bloated bureaucracy with too much time and money on it's hands that will only cobble things beyond belief??? And naturally, it will all be monitored (unofficially of course) by the NSA and friendly security agencies everywhere.

2
1

Re: Oh joy!!!

I'm sure I'm not telling you, but feel I must say... one can't legislate morality,

2
0
Bronze badge

Re: Oh joy!!!

"The Committee on Homeland Security and Governmental Affairs said that the advertising landscape as it now exists "makes it impossible" for users to be protected against malware attacks while visiting sites."

First failure. A committee examines something.

Death to all facts, politics will bring consensus on non-reality. Insanity ensues.

That is the US, *normally*. Today, see suggestions of thermonuclear cleaning of something that is insane in the extreme to even have a nightmare about just visiting, let alone evaporating.

Frankly, I think a few well heeled folks have some, erm, issues. They want to vent their spleen *and* want to vent their political views.

Now, that really isn't a biggie, but when one vents one's spleen in a nationally destructive and internationally destructive way, that *is* a biggie!

The problem is, a substantial part of the US far right is of the insanity crowd. The other problem is, they are a massive minority, the reality is far different.

But, the US also has the best government that money can buy, buy Supreme Court decision.

Leaving us with scorched earth for all.

Figure the way out, I welcome you! I'm out of altitude, velocity and ideas.

0
1
Silver badge

Re: Oh joy!!!

It's one of the powers which is actually invested in Congress. Granted there are still operational issues with it, but legally I'd be okay with that.

Except of course that's not what they're planning to do. They're going to fob it off on an unelected and therefore unaccountable agency to write the laws regulations.

0
0
Anonymous Coward

Re: "Make companies responsible ..."

Close. Better would be:

Make company directors personally responsible for negligence and their incompetence.

Otherwise the costs of incompetence and even criminality are just passed on to the workforce and the other customers.

4
0
Anonymous Coward

Re: "Make companies responsible ..."

Agree! But it'll never happen because of politricks: "As it would hurt the holy economy"...

1
0
Bronze badge
Coffee/keyboard

I agree with Guus Leeuw

Put AdBlock Plus and Malwarebytes' Anti-Malware on your device, and be happy.

1
1
Silver badge

Re: I agree with Guus Leeuw

Or just disable Jscript (and run as user not admin). I've browsed without it for a decade and I've caught no malware, ever, and everything just runs faster.

Yes it breaks many web pages, worth it to me though.

1
0

Protection against malvertising ..

"The Committee on Homeland Security and Governmental Affairs said that the advertising landscape as it now exists "makes it impossible" for users to be protected against malware attacks while visiting sites."

Do your browsing from a bootable liveCD ..

1
1

Re: Protection against malvertising ..

On x86 I've been doing something similar here since VMWare Workstation v1.03. Boot up an instance of something and toss, do not save, the instance. Grab a copy of the Golden-Image for the next session. The host OS doesn't matter much, if at all. Pretty hard to break out of a VM although if anyone can, NoSuchAgency might be the ones who can.

0
0
Bronze badge
Coffee/keyboard

Re: Protection against malvertising ..

I agree if you can live without it, but I can't unfortunately!

0
0
Anonymous Coward

Advertising Industry + Tech + Congress

Its nice to see our millionaire overlords finally get the wake up call to do something about advertising's dirty laundry... I wonder how many of them got hit personally before they decided to do something? I recall a line from an Ad-man: FB and Google are advertising companies masquerading as tech companies....

0
0
Anonymous Coward

A decent article which breaks down the problem and has some choice quotes...

http://www.bloomberg.com/news/2014-05-14/self-regulation-fails-to-curb-web-ad-abuses-panel-says.html

1
0
Anonymous Coward

This story brought a brief moment of blissful Schadenfreude

"Yahoo’s advertising network was compromised in December by hackers, resulting in a virus being installed on computers of users when they visited ads on legitimate websites, according to a report released by Levin’s panel. In February, cybercriminals carried out a similar attack on Google’s YouTube video service through an ad delivered by the company, the report found. "

I'm so sick of online advertisers peddling self-righteous crap about 'expanding the user experience' when we all know its about $$$ only......

3
0
Black Helicopters

Do not do evil, doubleclick

All these ad sites should be blocked. The easiest way is to only surf with Firefox with NoScript and AdBlock Plus extensions. An added protection is provided by SpywareBlaster from Javacool Software. It includes 16,977 protections for no charge from things like AdRevolver and DoubleClick.

0
0
This topic is closed for new posts.