Ad Blocking and the Enterprise

 Jeremiah Grossman, CTO of Web security firm White Hat Security recommends companies block web advertisements.  An InformationWeek article quotes him as saying “I don’t think there’s any upside for a corporation to allow ads — they take up employee time, burn bandwidth, and represent risk.”

Malware has been served through banner ads at legitimate websites.   Does that justify blocking all advertisement as a security risk?  

Is it ethical to block advertisements or is there an understanding that these ads help the webmaster pay the bills.   Is an ad-bock company wide different from an individual installing advertisement filtering software?

I laughed when a Turner Broadcasting executive suggested there was a compact between TV viewers and providers to watch the commercials in order to pay for the product.   Yet, I tend to be more on the side of webmasters regarding ads.   It’s not a pure comparison because most DVRs aren’t automatically skipping all commercials the way an ad blocker would.

I suppose my reaction to ad blocking as a security precaution is that there are many other layers of protection.   To block ads would add extra work.   First I’d have to make sure that ads were blocked in such a way as to not disrupt the appearance of the served website.   Additionally, I would have to deal with sites that block those who ad block.   Seems rather tedious, and a better idea would be to improve the web security product used to protect against all malware attacks rather than just those serviced by banner ad companies.


  1. This will become increasingly irrelevant as every link on the Internet is a redirect through Google,, etc., and blocking ad domains will break the Internet.

  2. From a security perspective, I’d rather not treat the symptom (improving the security product) but rather fix what is broken: poor choices in ad providers and poor ad technologies (yay Flash!).

    Then again, the whole point of ads and marketing is to get in your face, and they’ll do anything and evolve technology to that goal. (Who wants HTML in email? Marketing, of course.)

    From a personal perspective, I can probably count the times I’ve been influenced or clicked on an ad in the last 15 years on 2 hands (not including ground-breaking cute ads or those I have to click to close). I prefer to just ad-block them all when on my personal machines, and it rarely renders a site inoperable. More often it is other non-ad scripting that is blocked by the same technology that blocks ads, which breaks sites. At any rate, I’m pretty anti-ads. Thankfully, I’m probably a minority, so webmasters can get their income elsewhere… (Quite honestly, most of the approaches marketing takes border on invasion of privacy or annoyance or erosion of trust…)

    Steve has a point, though. And I’m sure webmasters and ad-clients feel the pressure to force ad views. I won’t look forward to the days when a site requires you allow a certain script/host in order for their site to load and also ads to display.

    Nonetheless, this will get far worse before it ever gets better, I’ll admit. Between delivering ads before videos to pushing ads via SMS or gathering information on habits (or push further ads) based on GPS…it’s a goldmine still, at the expense of those of us who don’t want the unnecessary evils.

  3. “Is an ad-bock company wide different from an individual installing advertisement filtering software?”

    Yes. People who block ads do not click ads anyway, and as long as adblock is opt-in, this will never, ever be a problem.

Comments are closed.