There are many reasons why you may despise banner advertising in your browser window. For a start, there are the badly-designed ones that can result in monstrous delays when opening a page. All the content you want to see has downloaded, but you can’t see it until the advert has been transferred and displayed as well. Infuriating yes, but what about when an advert appears in a separately-spawned infant window; the dreaded ‘pop-up’, or worse, the ‘pop-under’, which is concealed beneath the open window until you close it?

Next time your browsing slows to a crawl, don’t immediately blame the connection; minimise the browser window and make sure there aren’t a flock of pop-unders eating up system resources instead. If that wasn’t bad enough, there’s the added problem of ‘spyware’. Also known as ‘adware’, these are parasitical applications that stealthily install alongside a ‘free’ or ‘ad-sponsored’ utility that you’ve downloaded. Although some will announce themselves in the small print of the free use license you agree to (without often reading), others don’t bother with even this formality. What they all have in common is that you don’t want them on your PC invading your privacy. Most will be tied in to the banner advertising that comes as part of the ‘sponsoring’ deal, doing the usual ad tracking and click-trail compiling.

Doing a little bit of ‘googling’ before downloading and installing that latest tempting bit of free software is always a good idea. If there’s spyware involved, the community generally not only know about it, but will also be talking about it. Focus your search at groups.google.com and you’ll quickly tap into any such conversations. It’s also a good idea to regularly scan your PC for any spyware that might have sidestepped your defences already. While there are countless applications that will do this, some are actually spyware installers in disguise, others are as a good as useless, and the vast majority I’ve not heard of, let alone tried. Because of this, I’ll follow the personal recommendation route – which happens to concur with popular opinion online – and suggest the use of either AdAware (www.lavasoftusa.com) or Spybot S&D (www.safer-networking.org). Both spyware scanners will scan for existing applications and remove them for you. I tend to use AdAware as my primary scanner, which is run three times a week here, with Spybot (the S&D stands for Search and Destroy, rather sadly) running once each week to catch anything that gets missed. Their developers update frequently in order to catch all the latest threats. But if you think that installing these will solve all your unwanted advertising problems, think again.

Pop-up idol
Online advertising is here to stay. The commercialisation of the Internet has seen to that and, let’s be honest, it isn’t actually that bad a thing. After all, without advertising revenue there would be much less free content, or at least much less free ‘quality’ content. The truth is that everyone needs to turn a buck or three to survive, and that’s as true on the web as it is on the high street. Unfortunately, some people want to make more money than others, and so it was with the banner advertising industry. Not content with serving up their adverts to millions of eyeballs every day across the planet, or rather, not content with the relatively poor response (known in the trade as the click-through rate), they decided that the static and most certainly not in-yer-face banner ads of the day had to change. This is where all the trouble really started. First we were treated to flashing banner ads, then full-on animated ones, with download times getting increasingly longer. Allegedly, the user wouldn’t mind; connection rates are getting faster, so they’ll never notice.

Here’s a quick selection of tools to rid you of the things. Firstly, you could try an alternative web browser client – there’s more to the world wide web than Internet Explorer (shock horror, hold the front page, Microsoft doesn’t own the Internet yet). If you want to maintain the maximum Internet Explorer (IE) compatibility, then use something that wraps around the IE page-rendering core such as NetCaptor (www.netcaptor.com), which has a built in pop-up stopper called popupcaptor. Opera (www.opera.com) gives you a number of pop-up choices, and you can either allow all, refuse all, refuse unrequested pop-ups only, or open all in the background. Why anyone would actively want to create pop-unders is beyond me. Netscape (www.netscape.com) has the neat idea of letting you allow or suppress pop-ups, but with an exception list in either case, so you could allow pop-ups with the exception of sites known to be abusive in this regard, or suppress them all, apart from particular sites where you need the facility.

In my opinion, it’s the open source (surprise surprise) Mozilla Firefox (www.mozilla.org/products/firefox) that deals with intrusive advertising the best. This standalone client uses a system of extensions to add the functionality that you want, rather than taking the Internet Explorer bloatware approach, and throwing loads of stuff you don’t want at you anyway. This means that in addition to built-in pop-up blocking (with exceptions list) you can choose extensions such as AdBlock (adblock. mozdev.org), which will filter banner ads at source and can be toggled quickly with a shortcut key combo. Alternatively, how about the to-die-for ‘Flash Click to View’ extension (ted.mielczarek.org/code/Mozilla), which replaces any Flash content with a blank box containing just the words ‘Flash [click to play]’. If you want to download and see the Flash, click it, otherwise you’re left in peace. This is particularly helpful now that advertising is using Flash to create highly intrusive ‘multimedia event adverts’ that literally float across the browser window on top of the content you actually want to see. Internet Explorer users who don’t want to change browser can download one of the numerous pop-up stopper utilities, perhaps the best known being Pop-Up Stopper (www.panicware.com) and PopUpCop (www.popupcop.com). However, my favourite route for Internet Explorer 5.5 or later is to install the Google Toolbar (toolbar.google.com) which brings one-click Google searching onto a browser toolbar and includes a very efficient pop-up blocker as standard.

Web bugs
Banners aren’t only annoying, they can also compromise your privacy – although we must point out that the vast majority most certainly do not. Having said that, the very fact that a minority may abuse the system is reason enough to warrant a tough response from the client user community. The most common privacy abuse is aided by the use of web bugs, essentially 1 pixel GIFs that exploits a cookie’s vulnerability. Cookies are generally innocuous enough, small text files generated by a remote web site and stored locally on your PC that essentially act as an ID tag. These are used to aid automated log-ons, and site personalisation, help to keep track of your site visits and so on. However, a third-party cookie – that is one that originates from a different site to the one you’re actually visiting – when associated with a banner ad, can rather cleverly track your browsing habits and help the marketing droids build a better profile of you. They would say that this is for your own benefit, as it means banner advertising can be better targeted to meet your interests. But I say that I’m not interested in any banner advertising and it’s an abuse of my privacy. So whichever browser I happen to use I configure it to refuse third-party cookies, and I haven’t had any negative consequence yet. But unfortunately, a web bug deposited on your PC bypasses such cookie filtering.

The bug is simply a 1-by-1 pixel graphic, either the same colour as the web page background or positioned off screen. It’s served up by a remote site so that the server gets to know your IP address, the URL of the page you’re visiting, when you ‘viewed’ the bug, what browser you used and so on. This isn’t overly worrying, but they can also link with cookies already on your PC if they originate from the same remote server. This is where it gets interesting – if both happen to come from a company serving up banner ads, then it doesn’t take a genius to see that by combining massive cookie distribution and web bugs, you, or rather they, end up with a pretty good profile of your browsing habits. Throw in the fact that a web bug can be used within HTML email messages, and all of a sudden your privacy isn’t so private after all. So how do you combat these things? Well, for a start, privacy laws, data protection legislation, and so on go some way to help put the use of web bugs on the back foot. This doesn’t mean that they’re not being used by some folk, but I always like to err on the side of paranoia. You can check the HTML source for any page you visit and look for IMG tags which match up with cookies stored on your PC, which have HEIGHT and WIDTH values of 1 and load from a remote server. Alternatively, IE users can install Bugnosis (www.bugnosis.org). This Active-X utility works with IE 5+, and provides detail about what’s really going on in the background when you load a page.

Web jacking
Also known as ‘Homepage Hijacking’, this isn’t a new phenomena. Indeed, with my ‘New Media Consultant’ hat on I’ve been advising clients on how to avoid the problem for many years now. It’s another example of how assault methodologies seem to have a life cycle of their own. Once a problem has hit the media, the problem dies down and folk slowly start becoming complacent again. Almost parasitical in nature, those who would wish your data harm know when your defences have reached a low enough point to attack again, and so it goes on – and on. One of the most common jacking traits forces a browser client to use a specific proprietary search page, rather than Google or whatever the user actually asks for, but there are numerous more sinister aims. For example, you get taken to a porn site when you fire your browser up, the action of connecting to that one site then spawns window after window of other sites with yet more porn. The only way out is to kill the browser process, often by taking the three-finger salute route ([Ctrl]+[Alt]+[Del]) and using Task Manager. The hijacker gains financially from your misery because they get paid by the sites that pop up, who are in turn paid by their advertisers for getting the adverts in front of thousands, often millions more pairs of eyes.

Perhaps the most insidious hijacker is the one who hijacks so as to install a Trojan on your PC, thus allowing even more control over your resources and access to your data. These often exploit unpatched vulnerabilities (such as scriptlet.typelib/Eyedog) in browsers like Internet Explorer 5, and enable an unsigned applet permission to both create and use ActiveX controls, for example. The result of this could be a ‘dialler’ installation which takes over when you connect to the Internet and leaves you with a premium line phone bill to pay. There are many solutions for this problem, but as prevention is always the best defence, start off by making sure that your system is up-to-date on Microsoft patches. Do this by running Windows Update and letting it do its stuff, and by being aware of every click you make while online. Right Click Reflex (RCR) is a syndrome that I’ve noticed, and a term I’ve coined, which can be best expressed as the more dialogue boxes that appear on our screens, the less time we take to read what they say, and eventually RCR kicks in and we just click the ‘yes’ option to everything. But don’t fall into this habit, otherwise you’ll almost certainly become a hijack victim.

OK, sermon over, now what about if you’re already a victim and you need to get control back? First, try a search of your system for the .hta files that Windows Scripting Host uses on system startup. These tell Internet Explorer what the default homepage should be and what actions should be taken when you fire it up. Move the files to a temp folder, change your browser defaults to whatever ‘you’ want, restart, and see if things are back to normal. If they are, you can safely delete those .hta files. Deleting the ‘hosts’ file has the same effect, but again you need to be sure there’s nothing in there you should be keeping first. That’s the simple option. In a worst-case scenario, you may have to track down and eliminate an executable that’s run when you start your PC, and which no end of Registry fishing or .hta homicide will cure. In the case of such a ‘malware’ installation, you’ll have to track down the precise executable and zap it and its associated files. Sometimes this can be all but impossible, when a Registry-run key is used to add the malware keys to the Registry at start-up for example. The best advice is to delete nothing until you know exactly what you’re dealing with. In order to determine this, go to www.spyware info.com/~merijn/ and download the Hijack This utility. Follow the instructions to run this and produce a log file. Visit www.spywareinfo.com and post the details in the relevant forums, where those who really know what they’re talking about will decipher the information and provide you with the right answers with regard to deleting Registry keys and files.

The crux of the issue
It doesn’t take a genius to work out that there are two driving forces fueling the inappropriate advertising debacle – greed and sloppiness. There’s greed from the advertisers and marketing firms who are out to make as much money as possible, whilst the laxity lays with both Microsoft, for leaving too many holes in their Internet applications and operating systems, and the end user, for not bothering to fill these holes as the patches become available. At least the release of the Windows XP Service Pack 2, scheduled for this Summer, is a step in the right direction. Internet Explorer will catch up with the competition by providing built in pop-up blocking from the toolbar by way of a simple ‘click to configure’ button. Similar protection will be offered against what has become known as the ‘drive-by download’, where downloads are triggered in the background as you browse a rogue web site. The updated IE downloads will need user permission by way of following links that get listed below the toolbar. A step in the right direction – yes.

A final solution – no. The truth is that neither the law nor Microsoft can thwart the spammers – only we can. Until ‘we’ start to be proactive in the defence of our privacy, I doubt we’ll make much of a difference either.