Steve Smith talks about one of the current vectors of infection, advertisement based malware.
Episode #6-19 released on January 24, 2016
Forbes, MSN, and many thousands of web-sites have something in common, they were or still are plagued by issues with malware embedded advertising, and thus is a significant problem for many visitors coming to legitimate web-sites seeking information, news, entertainment, and more.
I'd like to remind you that this is not necessarily the fault of these particular publishers, but it is the visitor who is most often caught in the crossfire. Running a web-site, as I can even attest to, is not cheap. The majority of users will not pay for content, so a pay wall is usually out of the question, so the easiest way to make money then, is make the visitor the product, which means selling views to advertisers.
Selling views to advertisers is, also, a particularly difficult task, and many programs do exist, but a system managed completely by a platform like Google's Adsense, Bidvertiser, Media.net, etc. are usually used.
Meanwhile, running a web-site, handling databases, handling encryption, creating content, social networking, advertising, etc. makes anymore company too busy to do very much, and all this to say, that the third party advertisement platform is usually picked because of how hands off it truly is. We design pages to contain the advertisements, and the advertisement platform publishes an advertisement in that spot.
However, being from a third party, and not vetted by the web-site publisher, the chances of issues coming up like malware, illicit web-sites, fraud, etc. is an issue, and these days picking the right advertisement platform is just as important as solving the issue of third party vector vulnerabilities. But, in order to protect yourself, you definitely need to know more about how advertisements are usually delivered versus how some advertisers would like to be able to publish their advertisements.
Then pop-ups usually set to "Do Not Allow", make sure you don't change this. Location is useful for GPS based web-sites, weather, etc. and not generic content sites, this is, also, set to ask you for permission, usually. Things like Microphone, Camera, and Unsandboxed plugin access should always ask permission. Unsandboxed plugin access implies that it can access your computer, and is not limited to your browser. Basically, it comes down to this, everything should ask your permission. However, this may not be enough. It is still possible to be infected, even if you absolutely careful. You may want to consider using a service like Adblock Plus. Now, yes I know that various web-sites will block access to their content, and I definitely understand why, however, it is possible to use such a tool in a way that benefits every party, while preventing malware from infecting your computer. And, you can enable on a per web-site basis. Now, whilst blocking advertisements on web-sites makes it harder to make ends meet, and can be constituted as piracy in itself, a very controversial topic, it is important to note, that in this means, you will not be subject to advertisements that are loaded by malware. Although, I would love for them to make it possible to load advertisements by advertising platform, not just domain. Forcing manual plugin activation, allowing scripts manually, keeping everything in the sandbox, and blocking all unwanted content is basically all you can do to stay safe, and online. Otherwise, you might as well disconnect, permanently from the Internet.
Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions