back to article Senate slams ad servers for security failings

The US Senate has issued a report calling for the online advertising industry to improve its security against malware attacks, and for lawmakers to legislate tougher penalties should it fail to do so. The Committee on Homeland Security and Governmental Affairs said that the advertising landscape as it now exists "makes it …

COMMENTS

This topic is closed for new posts.
  1. Ole Juul

    Better yet

    Teach people not to click on ads.

    1. Guus Leeuw

      Re: Better yet

      Install web browsers with adware blocking addons / plugins installed and enabled

      There, fixed that for you.

      1. Shannon Jacobs
        Holmes

        Re: Better yet

        Make companies responsible for negligence and their incompetence. Then they would act in much more defensive ways rather than simply shucking the blame.

        All of the other suggestions (at least so far) are kind of stupid for a lot of reasons, but I'm just going to focus on what I regard as the most obvious one. Children are naive and innocent and need to be protected from vicious criminals while they are growing up and learning how to defend themselves. If that isn't enough, then how many times do you want to recover your children's computers from being pwned by attack ads from websites with drive-by malware installers?

        P.S. I mostly blame Microsoft for so firmly establishing the no-liability EULA. I offer two observations: (1) If Microsoft were held accountable for all of the economic damage inflicted by their mistakes, then they would be bankrupt. (2) If they faced the threat of liability for their mistakes, they would design MUCH better software. Perhaps the initial progress would have been slower, but what we have now is clearly a rotten house built on a rotten foundation. After 10 years of so-called security initiatives, yesterday's "routine" patches were more than 100 MB.

        1. Anonymous Coward
          Anonymous Coward

          Re: Better yet

          Blame Netscape and Macromedia first and second and sorting out which was worse will take some serious drinking time. All of the evil bits came from those two players. And if you want to sue them? Good luck. The former is now the Mozilla Foundation, the latter Adobe. [Ever hear of Flash?] Try you revisionism on someone else that wasn't alive back then or at least not in short pants. Sheesh!

        2. Anonymous Coward
          Pint

          Re: Better yet

          On the whole responsibility/accountability thang? Right there with you. A bug or security hole in my code could cost lives, cause millions of dollars worth of damages, &c. For me, life in prison or the gallows was a very real consequence of my fucking up. Everything was proven, reliable, no holes, and so forth. I'd rather not spend my life in prison, being guarded by a bunch of pissed off Marines or hanging.

        3. Tom 13

          @ Shannon Jacobs

          While I like the concept it has a problem which the Senate report has already identified: there are already so many parties involved nobody can determine who let the dogs in.

    2. Wzrd1

      Re: Better yet

      Yeah, because it *always* requires a click.

      There never, ever, ever, ever, existed a drive by.

      Fucking moron.

      Note to self, add to blacklisted idiot list.

    3. Pseu Donyme

      Better Better yet

      Make advertising strictly opt-in.

    4. Tom 13

      Re: Better yet

      Not necessarily the problem. I recall building out a system once and failing to make my standard adjustment of switching the default for IE from MSN to Google. Fired it up to start the MS Update processs. It defaulted to MSN and ...

      BOOM ! ! ! !

      The malware Antivirus/Spyware 2005 (or some such year) was installed on the PC. I just turned it off and started over.

  2. Mark 85 Silver badge

    Oh joy!!!

    Congress is going to legislate. $DEITY knows what we'll end up with. Mandated browsers? Mandated software? Some bloated bureaucracy with too much time and money on it's hands that will only cobble things beyond belief??? And naturally, it will all be monitored (unofficially of course) by the NSA and friendly security agencies everywhere.

    1. RedneckMother

      Re: Oh joy!!!

      I'm sure I'm not telling you, but feel I must say... one can't legislate morality,

    2. Wzrd1

      Re: Oh joy!!!

      "The Committee on Homeland Security and Governmental Affairs said that the advertising landscape as it now exists "makes it impossible" for users to be protected against malware attacks while visiting sites."

      First failure. A committee examines something.

      Death to all facts, politics will bring consensus on non-reality. Insanity ensues.

      That is the US, *normally*. Today, see suggestions of thermonuclear cleaning of something that is insane in the extreme to even have a nightmare about just visiting, let alone evaporating.

      Frankly, I think a few well heeled folks have some, erm, issues. They want to vent their spleen *and* want to vent their political views.

      Now, that really isn't a biggie, but when one vents one's spleen in a nationally destructive and internationally destructive way, that *is* a biggie!

      The problem is, a substantial part of the US far right is of the insanity crowd. The other problem is, they are a massive minority, the reality is far different.

      But, the US also has the best government that money can buy, buy Supreme Court decision.

      Leaving us with scorched earth for all.

      Figure the way out, I welcome you! I'm out of altitude, velocity and ideas.

    3. Tom 13

      Re: Oh joy!!!

      It's one of the powers which is actually invested in Congress. Granted there are still operational issues with it, but legally I'd be okay with that.

      Except of course that's not what they're planning to do. They're going to fob it off on an unelected and therefore unaccountable agency to write the laws regulations.

  3. Anonymous Coward
    Anonymous Coward

    Re: "Make companies responsible ..."

    Close. Better would be:

    Make company directors personally responsible for negligence and their incompetence.

    Otherwise the costs of incompetence and even criminality are just passed on to the workforce and the other customers.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Make companies responsible ..."

      Agree! But it'll never happen because of politricks: "As it would hurt the holy economy"...

  4. JCitizen Bronze badge
    Coffee/keyboard

    I agree with Guus Leeuw

    Put AdBlock Plus and Malwarebytes' Anti-Malware on your device, and be happy.

    1. BlueGreen

      Re: I agree with Guus Leeuw

      Or just disable Jscript (and run as user not admin). I've browsed without it for a decade and I've caught no malware, ever, and everything just runs faster.

      Yes it breaks many web pages, worth it to me though.

  5. cyberelf

    Protection against malvertising ..

    "The Committee on Homeland Security and Governmental Affairs said that the advertising landscape as it now exists "makes it impossible" for users to be protected against malware attacks while visiting sites."

    Do your browsing from a bootable liveCD ..

    1. Anonymous Coward
      Anonymous Coward

      Re: Protection against malvertising ..

      On x86 I've been doing something similar here since VMWare Workstation v1.03. Boot up an instance of something and toss, do not save, the instance. Grab a copy of the Golden-Image for the next session. The host OS doesn't matter much, if at all. Pretty hard to break out of a VM although if anyone can, NoSuchAgency might be the ones who can.

    2. JCitizen Bronze badge
      Coffee/keyboard

      Re: Protection against malvertising ..

      I agree if you can live without it, but I can't unfortunately!

  6. Anonymous Coward
    Anonymous Coward

    Advertising Industry + Tech + Congress

    Its nice to see our millionaire overlords finally get the wake up call to do something about advertising's dirty laundry... I wonder how many of them got hit personally before they decided to do something? I recall a line from an Ad-man: FB and Google are advertising companies masquerading as tech companies....

  7. Anonymous Coward
    Anonymous Coward

    A decent article which breaks down the problem and has some choice quotes...

    http://www.bloomberg.com/news/2014-05-14/self-regulation-fails-to-curb-web-ad-abuses-panel-says.html

  8. Anonymous Coward
    Anonymous Coward

    This story brought a brief moment of blissful Schadenfreude

    "Yahoo’s advertising network was compromised in December by hackers, resulting in a virus being installed on computers of users when they visited ads on legitimate websites, according to a report released by Levin’s panel. In February, cybercriminals carried out a similar attack on Google’s YouTube video service through an ad delivered by the company, the report found. "

    I'm so sick of online advertisers peddling self-righteous crap about 'expanding the user experience' when we all know its about $$$ only......

  9. Tree
    Black Helicopters

    Do not do evil, doubleclick

    All these ad sites should be blocked. The easiest way is to only surf with Firefox with NoScript and AdBlock Plus extensions. An added protection is provided by SpywareBlaster from Javacool Software. It includes 16,977 protections for no charge from things like AdRevolver and DoubleClick.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020