More than 5 percent of all visitors to Google's Web sites have at least one ad injector knowingly or unknowingly installed on their operating systems, according to a research report from Google and the University of California-Berkeley. Often simply unwanted -- but sometimes outright malware -- ad injector software inserts additional or replacement advertising into sites during online browsing.
The Google/UC-Berkeley research -- to be published May 1 -- found ad injectors on every operating system and browser studied, including Windows, Mac, Google Chrome, Firefox and Internet Explorer. Half of the site visitors affected by the ad injector software had at least two installed and nearly one-third showed at least four on their systems, according to Google. The study examined data from more than 100 million page views of Google sites around the globe.
On Chrome alone, researchers found 192 deceptive extensions that affected 14 million users, Safe Browsing Software Engineer Nav Jagpal said in a post on Google's Online Security Blog. Google has since disabled those extensions and is using its findings to scan for and identify other problematic extensions in Chrome, Jagpal added.
An Unhealthy Ads Ecosystem
Google has recently made improvements to its Safe Browsing technology to make it easier to identify and avoid malware and phishing Web sites that spread ad-injecting software. It's also continued to refine its Unwanted Software Policy to discourage programs that are deceptive, installed without a user's knowledge and are difficult to remove.
Ad injectors, a common type of such unwanted software, "aren't part of a healthy ads ecosystem," Jagpal said in his post. "They're part of an environment where bad practices hurt users, advertisers, and publishers alike."
For users, ad injectors interfere with their browsing experiences by disrupting otherwise legitimate Web sites with unwanted advertisements. "Advertisers often don't know their ads are being injected, which means they don't have any idea where their ads are running," Jagpal added. "Publishers, meanwhile, aren't being compensated for these ads, and more importantly, they unknowingly may be putting their visitors in harm's way, via spam or malware in the injected ads."
'Not a Pretty Picture'
Google's policies don't ban ad injectors, as long as the software is installed with the user's full knowledge and approval. However, they do prohibit programs that are slipped into systems via deceptive advertising or are piggybacked on other software user actually want. When users are about to visit sites that might install such software, Google shows a red warning box noting that, "The site ahead contains harmful programs."
Earlier this year, Lenovo issued an apology for shipping laptops that were preloaded with an ad-injecting program called Superfish. The software not only inserted ads into online search results but left users' systems vulnerable to man-in-the-middle attacks by hackers. Oracle's Java for Mac was also recently revealed to come with unwanted adware.
"It's not a pretty picture," Jagpal said. For instance, of the Chrome extensions found to be injecting ads, 34 percent were considered outright malware.
Read more on: Google
, Safe Browsing
, Internet Explorer
, Ad Tech
, Tech News