Topic: Internet Explorer 8's Malware-Blocking Madness

[Samker]

Since its launch, Internet Explorer 8 has blocked access to over 560 million sites that it determined were serving malware, or about 3 million blocks per day, said Brandon LeBlanc in a blog post on Friday: http://windowsteamblog.com/blogs/windowsexperience/archive/2010/04/07/protect-yourself-from-malicious-advertisements-with-internet-explorer-8.aspx
However, it is unclear how many of those sites were legitimate, duped into serving malware laced ads, sent to them from their ad network.

For the record, Firefox and Google will block sites they deem to be serving malicious code, too. But IE8 has been found to be best at it, according to a study by NSS Labs commissioned by Microsoft: http://nsslabs.com/test-reports/NSS%20Labs%20Browser%20Security%20Test%20-%20Socially%20Engineered%20Malware.pdf
NSS Labs found that IE8 caught 69% of the malware sites it tested, versus the runner up, Firefox 3.07, which caught 30%. Safari caught 24%, Chrome 16%, Opera 9.64 5% and IE7 4%. (See related blog post: Which browser is more secure?)

While IE8 deserves kudos for keeping users away from the dangers of the Internet, I can't help but wonder if there's a better way to do it than to block the entire URL when the ad is to blame. Crooks have figured out that they can buy ads to lure people to their nefarious sites. Sometimes the ads themselves contain malware. LeBlanc recounts a recent, infamous incident.

"TechCrunch (a favorite website of mine) is a recent example of a website unknowingly delivering malicious advertisements from 3rd parties to their readers. A few pages on TechCrunch were blocked by Internet Explorer 8’s SmartScreen Filter. The SmartScreen Filter in Internet Explorer 8 was blocking several posts from TechCrunch due to malicious content being included in ads that TechCrunch’s ad network was serving to the readers of TechCrunch."

He also (rather gleefully, in my opinion) points out that Microsoft's ad serving competitors are to blame: http://blog.avast.com/wp-content/uploads/2010/02/js_prontexi_chart.png
A research report by antimalware vendor Avast notes that "The most compromised services are yieldmanager.com (Yahoo) and fimserve.com (FOX Audience Network).": http://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/
Between the two of them, they serve up 50% of the nasty ads. When you add the No. 3 in there, Advertangel.com, that accounts for about 75% of the bad ads. The rest of the top 8 most infiltrated services are bannerimg.com, jambovideonetwork.com, myspace.com, zedo.com, vestraff.com. Google's Doubleclick also earned an honorable mention for serving up over 4,000 malware ads during Avast's 60-day, 4-hour-window test.

Microsoft's aQuantive wasn't named. Microsoft deserves another pat on the back for that, and for its ongoing war to put an end to the issue.

But IE8 blocks the entire URL, not just the bad ad. Imagine if you visited the New York Times -- another site infamously duped -- and your browser tells you it's an unsafe site, aren't you going to think the browser has lost its silicon-based mind?

I know that I would, and I would be tempted to switch browsers and proceed, using one that doesn't catch and block as many sites as IE8 does.

Another scary prospect for me is that users will turn more heavily to ad-blocking software. I hate annoying ads as much as the next gal. I think that those flashing, blinking, and noisy ads have gotten what they deserved with ad blockers. But I'm a journalist and magazines have always been supported by ads. Although I work in service of the reader, readers don't pay me. Neither are they entitled to have an entire newspaper and magazine industry serving them pro bono.

I would like to see the browser makers, particularly Microsoft, create intelligent ad blockers so that it's not an all-or nothing choice for the user. If the ad is bad, block it and let the reader see the content.

IE8 uses reputation-based filtering in the form of a feature called SmartScreen Filter: http://windows.microsoft.com/en-US/windows-vista/SmartScreen-Filter-Information-for-administrators-and-website-owners
Would it be that difficult to combine that with some sort of ad filtering software so that the criminals were hurt, not the news sites?

(PCW)