Peter highlights a serious security issue -
malware delivered via web ads:
Like many of you, I'm sure, I run ad blocking software, a pop-up blocker, and a script blocker on my Web browser. In fact, I use multiple Web browsers. For Web pages that simply must allow scripting, cookies, etc. - such as Blogger, on which I'm writing these words - I use Chrome. For general browsing, where I don't want to allow Web sites to set cookies, run scripts, etc., I use Firefox, fully loaded with protective software. As backups, for occasional use when I want to visit a Web site, then instantly clean out whatever it sets in the way of cookies, etc., I use Opera or Edge. To add to my browsing security, I use a VPN (virtual private network)offering end-to-end encryption, and providing a 'location' that's many hundreds of miles away from where I am. I want to make life as difficult as I can for scam artists, hackers and intrusive corporate spyware.
I therefore get very frustrated when certain Web sites won't allow access unless I disable my ad blocker, or demand that I disable some or all of my security software in order to use them. I simply won't tolerate such nonsense.
This is a serious issue, one that I've blogged about several times. Web sites typically have little or no control over the ads they serve, and ads are increasingly used by the Bad Guys to serve up malware to unmatched web browsers. Peter lists a set of tools that I also recommend, but There's another trick that you can use that will deep-six a lot of the web clutter that slows your browser down - and may try to infect it.
Internet Black Holes. I just made that name up, but it gives you a picture of what this is doing. If you make as many of the ad sites unreachable to your computer, they can't send you an ad.
Web pages look all nicely formatted, but they're actually a jumble of text, pictures, links, and computer code (especially Javascript). Going to your browser's menu and selecting "View -> Source" will show you just how complicated and ugly things are. Your browser cleans this all up for you, pulling pictures down from links, formatting the text, loading video players, and fetching the ads that are encoded into the (mostly javascript) computer code.
And here is the weird trick: if you tell your computer that a particular ad location is at the Internet address equivalent of Never Never Land, your browser will never be able to pull down that ad. Sweet, huh?
What you do is basically override the Domain Name Service (DNS) for a particular set of bad sites. DNS is what translates names (say, "www.google.com") into an IP address (I'm too lazy to look it up, but it will look something like "172.63.108.7"). DNS runs automagically, where your computer asks a DNS server (typically your home router) to give it the IP address for the name that you're trying to reach.
Except you don't have to always use DNS. You can selectively (and most importantly, at no effort by you whatsoever) override DNS if you have some of these translations in a "hosts" file on your computer. Your computer actually looks there first, and only asks DNS if it doesn't find what it's looking for. If you have a bunch of ad sites in your hosts file, with an IP address pointing to Never Never Land, your browser will never send out DNS requests for those sites, and you will never see the ads (and the malware delivered with them). Cool, huh?
As a note to the curious, "Never Never Land" has an IP address of "127.0.0.1". This is called the "loopback" address and means that it's referring to your very own computer (whatever the real IP address is). Since you almost certainly aren't running a web server on your own computer, and certainly aren't hosting those ads on those URLs, your web browser will get a whole bunch of 404 messages instead of ads. And it will get them
fast, because it doesn't have to wait for DNS to reply.
The only thing you need to know is
"where can I get a hosts file that is already made up, because I'm far to busy to do it myself?"
The entries look pretty legit, although I can't vouch for everything. There is non-ad stuff (like Sitemeter - the Sitemeter host that this blog used to point to is listed there) which will break, but it doesn't look like it will break much (or anything) that you'd notice. And you want to zap a lot of the annoying stuff that Peter was talking about? This is your huckleberry.
There are installation instructions at the link, and it looks like the file is updated regularly, so give it a try.