Last weekend some of the world’s largest websites exposed millions of people to malicious software that encrypts data and demands money for its safe return. The incident adds weight to an argument made by some security experts that using software to block online ads is necessary to stay safe online.
Security company Malwarebytes reports that MSN, the New York Times, BBC, and AOL were among those that served up the ransomware, as such software is known. It happened because those sites, like many, use third-party companies to display advertising. Criminals have a strong incentive to sneak malicious ads into ad networks because their reach is huge.
This is far from the first time this has happened—Yahoo, Forbes, and the Economist have all been caught out in the same way in the past. And some research suggests the problem is growing.
Because of this, some security experts say that apart from the ethical and business questions of whether it’s okay to block online ads that support free content, you should do so just to stay safe. That was the conclusion of a study of the malicious ads problem led by the University of California, Santa Barbara, that singled out a popular ad blocker called Adblock Plus as the most effective defense against bad ads. Edward Snowden, the federal contractor who leaked information about NSA surveillance, also recommends ad blockers for safety reasons.
The way some popular ad blockers are trying to make themselves more acceptable to publishers and the ad industry could undermine their protective effect, though. Adblock Plus, for example, will let ads through if they meet certain criteria, such as not showing moving imagery. The company behind the ad blocker even charges companies including Amazon and Google to include their ads in that scheme. Adblock Plus’s criteria for “acceptable ads” don’t include mention of security, and it and other companies that offer ad blockers are unlikely to have the resources to screen out malicious ads.