Publisher's Guide: 7 questions to ask before choosing a malware blocking solution

Malware breaking through wall

Authored by Patrick Ciavolella, Digital Security & Operations Director, The Media Trust

Not all anti-malvertising solutions are made equal, so choose wisely.

Blockers ease workflows for ad and revenue operations teams. In spite of that, blocking (at best) is an imperfect band-aid solution to a persistent and deep-rooted issue in our industry. However, it is productized and commoditized to a point where it is easy to overlook the details that can hinder ad revenues, hamper user experience, and ultimately be detrimental to the overall health of the digital ecosystem. To cut through the chaff, these questions should help you evaluate blocking providers. 

1.    What’s the data source for blocking?

Most vendors providing malware blocking tools use compiled, synthetic, and outdated data sources—typically lagging 3-5 days—to block bad ads. As a result, there is delayed, inaccurate, and inadequate blocking of malvertising, not to mention a whole bunch of false positives that eat into your ad revenues. Due to its temporal and quickly morphing nature, web-based malware needs to be continuously hunted—new malware vectors emerge every 30 seconds or less. 

Action: Request details on the malware data sources and how often data is refreshed.

2.    Is the entire ad experience safe?

An ad experience has many moving parts comprising creative, tag, and landing page. Most blocking tools only see and block the “known” malicious visual and tag, while a malicious landing page is ignored. Blockers unfortunately also don’t see down the request chain, often missing site-level malware. Considering that 10% of malware detected by The Media Trust only infects landing pages, user advertising experiences remain at risk.

Action: Inquire about how malware blocking tools address deficiencies.

3.    Does it take into account both domains and hosts?

Blocking malicious URLs is a great start, but here’s the thing with bad URLs, they can change within seconds in order to evade detection. Hence blockers that are capable of both rapid detection of both bad hosts and domains is crucial in order to adequately protect the user experience. 

Action: Ask if blocking tools address both domains and hosts.

4.    What about obfuscated code?

The Media Trust’s malware desk confirms that malware blockers aren’t effective when the malicious code is obfuscated or concealed. Obfuscation is the technique of encoding or double-encoding malware in order to evade detection. A combination of machine learning, human analysis and scanning solutions are required to decode obfuscated malware delivery. With almost 40-50% (90% for mobile redirects) of malvertising using obfuscation, blockers that aren’t backed by human verification allow obfuscated code to pass. 

Action: Demand proof of how tools detect obfuscated code. 

5.    Do you understand blocking context?

The scary aspect of malware blocking is that publishers have in many ways handed over the reins of their ad revenues to third parties. To avoid unnecessary monetization hiccups, it is necessary to get context around why an ad is being blocked. What if false positives in the data end up shutting down a perfectly good ad or worse, a perfectly good upstream partner. Inflating malware numbers by blocking a DSP is not a good revenue strategy.

Action: Review reports to determine accurate reasons for why an ad is blocked.

6.    What is the latency impact?

Blocking solutions typically enable passbacks (replacing a blocked ad by calling back to the server for another ad). This process can cause page latency issues and hurt the very user experience it claims to protect.

Action: Evaluate latency issues associated with the malware blocking tool.

7.    You blocked a bad ad, what about future ones?

Blockers are nifty tools that allow ad and revenue operations teams to block bad ads, but wouldn’t it be better to block the source of malware instead of playing whack-a-mole? Blocking vendors who help protect your user experience and ad revenue should provide enough data and supporting services to help with long-term growth and business continuity. 

Action: Analyze digital ecosystem and suss out bad partners.

 

Malvertising and site-level malware continue to be issues which need a holistic approach that rewards good business practices and long-term thinking, while keeping out bad actors and unworthy partners from the ad supply chain. Keep in mind that bad actors are continuously updating their tactics in order to respond to blocking. Be aware: malware blocking solutions aren’t a long-term cure-all for securing the user experience and ad revenues.