Online Ads Are More Dangerous Than Porn, Cisco Says 110
wiredmikey writes "The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco's report (PDF). There is an overwhelming perception that people get compromised for 'going to dumb sites,' Mary Landesman, senior security researcher at Cisco, told SecurityWeek."
TFA got the probabilities backward (Score:5, Informative)
The summary, and the Security Week article, write that "Users are more 21 times more likely to get hit with malware from online shopping sites than if they'd gone to a counterfeit software site".
Cisco's report says that "Online shopping sites are 21 times more likely to deliver malicious content than counterfeit software sites."
Those statements are not equivalent. Online shopping sites have many more visitors than counterfeit software sites, so they have more opportunity to deliver malware. The same goes for the factor of 27 for search engines.
Also, it's hard to check the factor of 182 for adult sites, since the report doesn't include that number, or in fact even the words "porn" or "adult".
Re:TFA got the probabilities backward (Score:5, Insightful)
Re: (Score:3)
Sure, but it's what we probably wanted to hear.
Now go tell it to the politicians and mention the children. Maybe the privacy-invading criminals finally get punished. I won't be holding my breath though.
Appropriate quote from Sir Winston Churchill:
'Statistics are like a drunk with a lamppost, used more for support than illumination.'
Re:TFA got the probabilities backward (Score:4, Interesting)
It is exactly what Cisco said see here: http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html [cisco.com]
Re: (Score:3)
More at 11, and tomorrow, and the day after, and the day after that...
Re: (Score:2)
Where Cisco's wording is really ambiguous. Deliver may mean indeed as you interpret it, the total number of successful infections, it may also mean the chance that if you visit that site, it gets you infected, which indeed would be my interpretation of the wording Cisco uses.
And now I'd have to go read the report and look at the actual numbers and methodology they used, to figure out the actual meaning.
Re: (Score:2)
Those statements are not equivalent
They're completely equivalent. The "than if they'd gone to a counterfeit software site" part takes care of that.
Re: (Score:3)
I'll assume that you hit the wrong link, and read something else, so here is from the article:
It can be more dangerous to click on an online advertisement than an adult content site these days, Cisco said in its latest version of the yearly security threat report.
An adult content website - that's probably porn.
The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines.....
Are you going to wordsmith this one> Yeah, it doesn't say "porn". It says "pornography. The section you quoted, below the sentence with pornography in the text, does speak of the counterfeit software site.
But you know why they used the "counterfeit site metric don't you? Because of the uproar that would ensue if they used actual
Risky != Risky??? (Score:1)
The popular belief is that security risks increase as the user engages in riskier ... behavior online
So security risks don't increase as I engage in risky behavior? How does that even work? If something doesn't increase risk, then it isn't risky. I can start downloading and executing everything I see without increasing security risks?
Re: (Score:2)
You would actually become safer.
Re:Risky != Risky??? (Score:5, Informative)
Re: (Score:1, Funny)
Re: (Score:1)
They meant risqué vs risky?
Why is this even news? (Score:4, Insightful)
It has been known for a long time that ads are a primary malware vector, this is the reason many sane people block them.
Re: (Score:2)
I would think that the problem here is that the people who this information would potentially protect, are unlikely to be people who would read the report to begin with.
The real beneficiaries of a report like this from Cisco is the firewall manager who needs to explain to the management team why the corporate firewall needs to be blocking online shopping sites, but he or she has been advised not to remind management that in most cases corporate productivity will probably go up if the employees are not shopp
Re: (Score:3)
It has been known for a long time that ads are a primary malware vector, this is the reason many sane people block them.
That is not the primary reason why I block ads. I block ads because I can't stand all the dancing, jiggling, flashing, gray overlays, slowdowns, green links, and noises, when I want to read something. If I incidentally block all the ads, well, I don't have the time to make my own ad block list that blocks only the bad ad providers. I tried it before, and I'm not convinced that there are any benign ad services.
PAID online porn is safe... (Score:5, Funny)
Thanks Google (Score:2)
Re:Thanks Google (Score:5, Interesting)
Full breakdowns by country here [google.com]
Let's get rid of online ads then. (Score:1)
Let's get rid of online ads then.
Re: (Score:1)
Seriously, what year is this? If websites can still drop an executable onto a users machine with nothing more than a drive-by then clearly the problem is much more than just a question of ads of no ads. Why do operating systems and browsers still suck?
Because Microsoft hasn't finished committing suicide yet. When IE finally approaches 0% then the suckage will start to lift.
Oh before you bitch about Microsoft bashing, they just killed off Direct X. Ballmer is driving it into the ground faster than an exploding 787 battery.
No surprise there, really. (Score:2)
It is long known that ads may contain malicious parts - especially bits of javascript. It happened before that major ad servers got compromised, it will happen again. I recall reports that some ads were trying to infect an unsuspecting user directly, and such ads are displayed on sites all over the place, including personal blogs and lolcat sites.
When clicking an ad you don't really know which site you're going to be sent to. When visiting a porn or a warez site, you normally go there intentionally. Those s
Re: (Score:2)
watch... (Score:1)
next week cisco unveils a new enterprise-caliber ad-scrubbing internet gateway...
This is why I block ads (Score:5, Insightful)
Re: (Score:1)
So do you block ads, or block content from unknown domains?
Re: (Score:3)
My ad blocking is accomplished by my DNS server, so it's not so much unknown domains as domains known to serve nothing but ads.
Re: (Score:2)
Re: (Score:2)
Considering how often this troll has posted that in this article alone (let alone the million other places) I don't see him changing any time soon. Of course using a hosts file is a better solution for people who have one single computer that connects to all sorts of networks. But for my particular situation it is just not ideal, and the DNS server offers a whole bunch of advantages, and almost no disadvantages.
For me, I administer one list on the DNS server, and it covers all my family's computers, all our
Re: (Score:2)
wow.... and the troll just will not give up... completely ignores everything I said, and wants to force his inferior system on the world. too bad the troll is too cowardly to log in.
Re: (Score:2)
Re: (Score:2)
Re:Just Chill Out Already (Score:3)
If your responses weren't canned and also formatted in such a way that you believe your target audience is capable of no thought then you might not get modded down so much.
Really your comments look like something an adman on bath salts would come up with, you are two bolded sentences away from being the Time Cube guy.
Relax, just provide a place for people to start, or if you want to provide more information a single link to a guide will suffice. Oh, and you really should just go back to using an actual acc
Re: (Score:2)
Giving people information is not a contest to see who can cram the most information down someones throat in the least friendly way.
It might be possible that there may be some useful information in your posts, but I would never know because you have to be a bit insane to be able to put up with how you present said information.
Think about how much information I just gave you in two little sentences, then look at your posts and try to distill that information into the shortest amount of words you can and I am
Re: (Score:2)
Considering you did not reference my post at all in your "rebuttal", why did you even bother replying?
I'm trying to interact with you in the hopes of finding out if there is an actual human being on the other end, and if there is one, perhaps help that person.
Re: (Score:2)
Have fun celebrating your victory.
You have slayed the mighty troll.
The troll that replied to you when you asked why you were down modded.
The troll that honestly tried to give you advice.
btw, I did look over your short list of non hostfile +5 moderated posts and they were not your usual copy/paste-athons with a ton of bolded lines and links to other posts. Your +5 moderated non-host file posts were more ontopic than most of your posts and more human.
But yes, I am a troll, I am not trying to help, you have w
Re: (Score:2)
You are the one who started this off-topic discussion about what you consider unfair down mods. I am staying on the topic of discussion you started, you are the one going off-topic. =P
Fine, what do you think of the hostfile modifications that Spybot does? Is their list comprehensive enough?
I have been saying this for a long time (Score:5, Informative)
I consider "Adblock" and similar browser and computer add-ons to be *security* tools as much as bandwidth and other management.
Since the first time I noted browser exploits coming across common news and sales sites, I realized that the current model requires not trust of the sites we visit, but of the advertiser's sites... you know, like google and double-click and the others. I don't want to trust "unknowns" and so I block them unless I need them unblocked for access.
Re: (Score:3)
Re: (Score:3)
I don't want to trust "unknowns" and so I block them unless I need them unblocked for access.
If I have to unblock too many sites, I just don't use a site. Problem solved. Anything actually requiring doubleclick is evil and must be destroyed.
Adblock and Noscript are necessities for security in a world in which the browser can't provide an adequate sandbox, which is the world we live in.
Don't Click On Me. (Score:3, Funny)
Actual context sensitive Google ads that I was too terrified to click on:
"Ball lightning: Browse a huge selection now. Find exactly what you want today."
"Ann Coulter Ringtone! Send this ringtone to your phone right now!"
Made me toss my browser cookies it did. After you toss your cookies these things stop for awhile, then build once again to a crescendo. Lately I have been getting ads with garden gnomes leering suggestively.
Re: (Score:1)
Re: (Score:2)
What's an ad (Score:2)
Isn't this an advert for some cisco snakeoil?
What About Ads INSIDE the Porn Pages? (Score:4, Funny)
Let's calculate (Score:2)
So. watching porn all year is just as dangerous as clicking two ads.
Users more likely to get hit with malware? (Score:2)