Advert Badvert
Advert Badvert: a reader asks…
Hey Coach, I’ve been reading about malware built into advertising and I see you have ads on your website. How do you keep your website safe and how do I keep from getting hit with malware in advertising?
Advertisements are (unfortunately) the only way most websites have of making any money to stay in business. After all, almost nobody would be willing to pay to read the content on most any news or information website. Even me! This is the path our internet culture has taken, for better or worse. Worse, in the case of ‘malvertizing’, where unscrupulous individuals embed malware into advertisements that get posted on other, clean websites.
What makes this insidious and effective is that nearly every website that has advertising uses a 3rd party to provide those adverts. So we have little control over what adverts display on our websites, and have to trust the 3rd party to scour their advertisements and remove ‘badverts’ – malware-laden advertising, aka ‘malvertizing’. Some advertising service providers are pretty scrupulous. For example, our own website uses Google to provide advertising, and just last year Google identified and removed over 780 million of these bad ads, which was double the number they found the year prior. Obviously it’s a big draw for hackers to use malvertizing – it allows them to infect even more computers. For the bad adverts that Google and other advertising service providers discover, about 70% of them contain ransomware as the payload. In case you haven’t been paying attention, ransomware is growing exponentially and costing individuals and businesses a lot of money. See my primer article: “What is Ransomware?”
So how I keep my website safe is that I only deal with the most reputable advertising service provider I could find – Google. But because I know even they can’t stop 100% of the badverts, I also have two different 3rd party scanning services (SiteLock and Sucuri) that are constantly watching my website to ensure it remains malware-free. My website is locked down as best I can make it. Now here’s what you should do to keep from getting hit with malware in advertising:
- Don’t surf the internet indiscriminately. Even when doing research, you should stick to websites that are well-known. Visiting dodgy websites is a sure-fire way to get hit with malware.
- Keep your system up-to-date. That includes updates to your operating system and all installed programs.
Skip the obvious vulnerable browser helpers. Pretty much any toolbar is suspect, so don’t install any, and uninstall any that have made it onto your system. Also get rid of Adobe Flash Player and Java, both of these are constantly being updated because they’re such horrible security risks. If you must use these, change the settings in your web browser so they don’t run automatically, but only on ‘click to play’ mode.- Use good computer and internet security protection. Users of Microsoft Windows computers should be using a good anti-virus program, a good anti-malware program, and a good anti-exploit program. My current favorites are Bitdefender Internet Security, Malwarebytes Anti-Malware Premium and Malwarebytes Anti-Exploit Premium. Unfortunately we’ve gone beyond the point where a single program (like Norton or Bitdefender Total Security) can provide adequate protection.
- Consider an ad-blocker program. I know this sounds self-defeating (for my website, which depends on advertising to survive), but most ad-blocker programs do have a way to turn them off for specific websites, and I hope if you install one, you’ll exempt my website from ad-blocking. A good ad-blocker is AdBlock Plus. These usually work as an add-on or extension to your web browser. Viewing a website with the ad-blocker engaged can change the way the site looks a little, or a lot.
Skip the obvious vulnerable browser helpers. Pretty much any toolbar is suspect, so don’t install any, and uninstall any that have made it onto your system. Also get rid of Adobe Flash Player and Java, both of these are constantly being updated because they’re such horrible security risks. If you must use these, change the settings in your web browser so they don’t run automatically, but only on ‘click to play’ mode.As always, your own vigilance in using your computer and the internet is the key to remaining safe. You can’t depend on protection programs to protect you from yourself. For more tips on how to practice safe computing, please see my article: Safe Computing Practices.
This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via
(send to @PosiTek), 
(send to Support@PosiTek.net), 
using any credit card (no Paypal account required), using Zelle, Apple Pay or Google Pay, or by mailing a check or cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182.
I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public.
Thank you!
Author: Chris Gardner
Your Tech Coach at PosiTek.net
There are currently 1277 reader comments on published articles, care to join in? Use the Leave a Comment form below/at the bottom of any existing comments. This is a good place to ask follow-on questions on this subject.
