Over recent years, online advertising has been a driving force in the growth of the Internet. As business owners, you never stop hearing about the benefits of having your own website and advertising your services on-line. I am guilty of preaching this sermon myself! However, because of the ever-increasing existence of badware, it has become increasingly difficult to know what ads or websites we can trust. Thankfully, tech giants such as Google, Twitter, Facebook, PayPal and others have joined forces with StopBadware.org and formed the Ads Integrity Alliance (AIA) in order to combat Badware, protect users from bad ads and maintain the integrity of the “online advertising ecosystem.”
StopBadware.org is a non-profit organization that is focused solely on protecting the public from badware websites. The organization started out as a project of the Berkman Center for Internet & Society at Harvard University but has grown significantly to include partners such as Google, Mozilla, Verizon, PayPal, Qualys, and VeriSign. The StopBadware Board of Directors consists of many of the biggest names within the Online industry such as Chief Information Security Officer at PayPal, Michael Barrett, (Currently the Chair of the Board), the Vice-President and Chief Internet evangelist for Google, Vinton, G. Cerf, Engineering Director for Google, Mike Shaver, Chairman and CEO of Qualys, Inc., Philippe Courtot to name a few.
The organization has been working to protect users from becoming victims of viruses, spyware, scareware and other forms of badware that are specifically designed for mischievous purposes. Over the last year and a half, they have assisted over 600,000 website owners in removing that which compromised their sites and avoiding future attacks, processed over 400,000 independent reviews for websites that were blacklisted, and served more that 10 million Google Searches and Firefox users with the content necessary to mitigate the risks of badware.
In a nutshell the Ads Integrity Alliance has seeks to serve three primary functions: (1) to develop and share industry definitions, policy recommendations and best practices; (2) to serve as a platform where information on “bad actors” can be shared; and (3) to share any relevant trends they find with law enforcement and policy makers to hopefully keep these things from continuing to happen.
“The Ads Integrity Alliance is a natural extension of StopBadware’s mission to make the Web safer by combating badware,” said the nonprofit organization’s executive director, Maxim Weinstein. “No one can address Internet-scale threats on their own, so we’re bringing together industry leading organizations to tackle the problem collaboratively.”
Although the Ads Integrity Alliance is in its infancy, StopBadware.org has been hard at work trying to combat the issues associated with badware since their inception in 2010. As a relatively new industry organization many are probably not acquainted with them, so I thought it would be interesting to learn more about the organization itself, as well as what it is they have to offer. Perhaps this will give us a better idea of the direction the Ads Integrity Alliance is looking to go.
WHAT IS BADWARE?
Sometimes referred to as malware, badware has been characterized as actions that include identity theft, stealing financial account numbers and passwords, stealing corporate trade secrets, tricking users into buying products that he or she does not need, sending junk email or spam, attacking other computers or networks and distributing viruses, Trojans, rootkis and spam bots.
Badware can be distributed in multiple different ways via badware websites including drive-by-downloads, which occur when a website automatically installs software on your computer when you visit their site. Another favorite tactic is referred to as a social engineering attack, which takes advantage of human nature by tricking people into installing badware onto their computers often taking the form of a “Free Virus Scan” or a required plug-in or codec in order to view the videos posted within the pages of the website. What makes badware difficult for many to avoid is because websites can facilitate the distribution of bad ware unintentionally, such as when a reputable site has been compromised. In fact in many cases, badware websites do this without the knowledge of the website’s owner. Of course, there are intentionally acting website operators that facilitate the distribution of bad ware as well.
HOW DO THEY DO TO HELP?
According to their website they “focus on giving website owners, web hosting providers, end users and URL blacklist operators the tools they need to fulfill their respective responsibilities in making the Internet safer.” StopBadware has come up with multiple ways to assist in the fight against Badware. They are as follows:
- Badware Website Clearinghouse – Most of the badware that is in circulation today comes from the websites that people visit. It can come in the form of intentionally distributed bad applications for profit, ads by third parties that attempt to automatically install harmful software, or by sites that have been hacked into which can download dangerous code onto their visitor’s computers without their or their visitor’s knowledge. StopBadware offers a comprehensive list of known websites that host, link or otherwise distribute badware. It includes a search engine that allows users to search for websites to determine which URL’s have been blacklisted
- Independent Review Process – A process by which the accuracy of blacklisted websites is tested. If your website is on the list, this is the process you would use to remove yourself from their list.
- Tips For Users and Website Owners – They provide information to users and website owners to identify, remove and prevent common types of badware infections. They also offer tips for cleaning and securing websites in order to protect visitors from badware infections on their computers when they visit a website owner’s site.
- Community Forum – They offer a volunteer-led online community for everyone from computer novices to security experts to request and offer badware assistance. It is a place where users can go to share their badware stories, and join in on the discussions of others who experience badware scenarios.
- Guidelines and Definitions – StopBadware offers guidelines for both badware websites and badware software applications to help clarify what specific behaviors and practices may cause applications and websites to be classified as badware. The Badware Guidelines for Software Applications establish a minimum set of standard behaviors an application must meet or exceed in order to be considered badware. The Badware Guidelines for Websites identifies the behaviors of a website that may cause it to be blacklisted as a badware website.
- Best Practices – StopBadware created 2 sets of best practices to create a “common industry standard for both reporting badware URL’s and responding to badware reports.” The Reporting Best Practices gives steps one should take to report different types of badware URLs to the correct parties who can best handle the clean up. The Best Practices for Hosting Providers offers high-level guidelines how hosting companies should handle the reports they receive of badware on their networks.
- Aggregated Data & Badware Trends – They offer research tools such as the Top 50 Networks and the Top 50 IP Addresses, where they publish aggregated data on badware to show trends that may require action on the part of network providers.
- Reports and Insight – This is where they offer insight to the government and the industry to facilitate positive change. This can include policy recommendations, analysis of data and news.
“Bad ads, such as those that facilitate malware distribution or deceive users, diminish the online user experience and threaten trust in the Web,” said Eric Davis, global public policy manager at Google. “The Ads Integrity Alliance will serve as a forum for us to work together to protect users from bad ads and strengthen trust in the advertising ecosystem.” Time will tell whether the industry can make a difference, but given the damage that can be caused by badware let’s hope they succeed.