OT: Disable the Embedded Video from this site

[retired711]

Not a dumb question at all.

Ad scripts are a common malware vector. Ad blockers prevent those scripts from running, which in turn reduces the attack surface for malware.

More detailed non-technical explanation...

First, note that it's typically not the website you're visiting that's behaving maliciously. For example, if you visit the ABC news website, ABC is not out to harm you. But they ARE out to profit from your visit. So they typically host a bunch of ads and data-gathering scripts.

But ABC and most of the other popular websites you visit usually use third-party scripts to present ads and gather information about you. A third-party script is some Javascript that is hosted on a website somewhere other than the one you're visiting. Those third-party scripts are injected into your browser as part of the site you're visiting. (This is normal and happens all the time.)

The problem is, the site you're visiting may not be able to ensure that the scripts coming in from third party websites are uncorrupted and/or non-malicious. They don't always have a good way to know that they're allowing malicious code to run in their visitor's browsers.

Depending on context, malware encoded into ad scripts can do all sorts of nasty stuff within your browser. One of the more scary attacks works by putting up a facade that looks identical to the real website, but is in fact capturing and forwarding all your interaction (keyboard input, mouse clicks, etc.) to some evil web server. Users have no clue that's happening.

Imagine that, after being hacked, your financial institution's website is presenting a facade that looks exactly like their website, but instead of communicating to your institution's web server, your account credentials are scooping up and forwarded to some server on the dark web, where that information is packaged and sold.

Browsers nowadays can do a lot to prevent that sort of thing (such hacks used to be almost child's play). And financial institutions have some really good security these days. But it's just not technically possible for browsers to prevent every type of hack without fully disabling Javascript (and some other browser features).

So ad-blockers, NoScript, and multifactor authentication are all methods one can use to safeguard themselves as best as possible.

Thanks for the detailed explanation! Is multifactor authorization a protect against malware? I thought its only function was to keep someone from impersonating you.

 

[mildone]

Thanks for the detailed explanation! Is multifactor authorization a protect against malware? I thought its only function was to keep someone from impersonating you.

Criminals can use malware or spyware to steal your information, including stuff like banking credentials. Multi factor authentication helps ensure that when you log into your bank’s website, it’s really you and not a criminal working with your stolen credentials. It’s not foolproof. But it greatly increases the difficulty of fraudulent access.

MFA is part of comprehensive layered digital security, along with script-blocking or ad-blocking tools. It won’t protect you from a malware attack, per se. But will help protect you from potential downstream impacts after a successful malware attack.