OFFICIAL SECURITY BLOG
October 26, 2012 | BY Adam Kujawa
Last week I wrote a blog post on the dangers of ads posing as fake download buttons on various download web sites. Since then I received a lot of feedback from our readers and other security researchers on different tools available to help users avoid these dangers by blocking the ads entirely. Instead of adding to an already lengthy blog post, I decided to write a sequel post that gives step-by-step instructions on how to install what I have found to be 3 of the best ad blocker applications available to you for free.
As with any comparison and effectiveness study, we need to establish a baseline to work from. In this case, I decided to use a case from last week concerning numerous fake download ads covering the actual download page.
From this point on, all ad blocking applications I discuss will be tested against this page to see whether or not it does the job.
The first ad blocker I will discuss is “AdBlock”; it was developed for the Google Chrome browser and has been heralded as the “Most Popular Chrome Extension.” A guy named Michael developed it and he works on the development of the extension full-time. So let us get started with the installation:
When you finish installing the extension, a page will pop up telling you a little bit about Michael and his wife and asks to “Pay what you can” for the extension. I always like to support great software which is given out free and so I encourage you (if you can) to donate something to Michael to continue working on this great tool.
As far as our test goes to see how it fares against our baseline web page, here is what the same page looks like using the AdBlock extension:
Next up is an ad blocker extension for Firefox that recieved rave reviews from various security experts and average users. AdBlock Plus is just as easy to install as AdBlock for Chrome and takes donations to help fund the continuing advancements made to this tool. It is a community driven open-source project and been translated into 30 languages. This is how you install it:
The final tool I will be discussing is different from the other two and for multiple reasons. HostsMan…
HostsMan is more for advanced users who want to avoid any application reaching a blacklisted domain. It accomplishes this by modifying your HOSTS file on your system, which means that the blocking of malicious or ad related traffic originates from your system, protecting you even if your DNS configuration has been altered on your router or external routing server. Here is how you install it:
As you can see, one Ad is not entirely removed as with the browser extension ad blockers but it is nonetheless not loading and therefore you are safe. The benefits of using HostsMan over AdBlock or AdBlock Plus is that the blacklisted domains which HostsMan prevents you from visiting, also prevents you from accidentally being infected with malware from known exploit sites, the other applications only block ads.
My previous blogs have mentioned more than just ads being used as fake download buttons, but are also used to spread malware when malicious ads are injected into the queue for an ad server. By using an ad blocking application like the ones listed above, you protect yourself from these threats as well as free yourself from the tyranny of constant ads resulting in a much better browsing experience. If you have any questions about any of these tools and their use or installation, please either comment, post on the Malwarebytes Forums or contact the developers of the tools.
Adam Kujawa is a computer scientist with over eight years’ experience in reverse engineering and malware analysis. He has worked at a number of United States federal and defense agencies, helping these organizations reverse engineer malware and develop defense and mitigation techniques. Adam has also previously taught malware analysis and reverse engineering to personnel in both the government and private sectors. He is currently the Malware Intelligence Lead for the Malwarebytes Corporation. Follow him on Twitter @Kujman5000