Why do Google ads point to adware?

Try downloading Paint.NET, an excellent free image editor, or Audacity, an open source audio editor, without an adblocker these days, and you’re in for quite a surprise. A disturbing trend in the type of ads served via Google Ad Sense and its affiliates will likely bring you to a page that looks like this:

Now, there are two very distinct download buttons above the fold, and actually neither of them will take you to the real installer you’re looking for. Even an experienced computer user could easily be misled into clicking one of the bright green download buttons. The Google “AdChoices” tag is very small, and the ads are padded with lots of whitespace as if to appear a genuine part of the main site.

By now, you probably see where this is going, and you can guess that following either of the huge green download buttons will riddle your computer with spyware. Even worse, these companies have also purchased ad keywords on major search engines (see the second case study), which also redirect users to their altered installers when people search for the names of popular open source packages.

These advertisers are likely not breaking any explicit rules, but they are using every psychological trick in the book to get you through their hijacked installers. Large green download buttons help their conversion rates, and large groups of confusing settings make it tempting to just hit next repeatedly through their installers, leading to disastrous effects. One installer conveniently minimized itself to the icon tray while it was performing its toolbar downloads and installations, yet the program I wanted to install (Audacity) popped right up, making you think that the installation was a simple success.

Google and other ad providers are certainly earning their revenue from these misleading ad clicks too. But you can’t expect open source software teams to buy out their own keywords at great expense just to prevent these types of installers. Operators of legitimate download sites often place ads to help pay for server and bandwidth costs, and manually filtering out the misleading ads is just playing a cat and mouse game.

If Google wants to help make the web a better place, I think they should take a stronger stance against these misleading advertisements. Reject them outright and the web will become a happier place!

If we click one of the links from the Paint.NET homepage, we are taken to a site like this one:

Seems simple enough, better click Download here too and run the appropriate installer…

Hmm, this doesn’t look like the installer for Paint.NET that I was used to!

Stepping through the default installation settings predictably installs spyware/adware, yet that download link we started with was so obvious, bright, and green on the Paint.NET page!

Within 30 seconds of installing on a patched, clean, Windows 7 install, I’ve been asked to change my homepage twice, and have seen four separate ad popups. Good thing this was in a VM…

Let’s say that instead I am searching for Audacity, a great free tool for audio file manipulation.

Free Audio & Recording Software, that’s exactly what I want, let’s click! Look, Google even made it stand out in orange for us.

Looks like I got the download page I was looking for, even the screenshot looks right, and look, almost a million downloads already…

Now, you don’t actually read through this text do you? Like anyone else, you just keep tapping accept until it shuts and the installation progress bar shows up.

Hmm, free games, dolphin screensavers, free music downloads, this doesn’t look good.

And look, here come the popups!

And they even hijacked the IE new tab screen, how classy!

Debugging Behind the Iron Curtain

Sergei is a veteran of the early days of the computing industry as it was developing in the Soviet Union. I had the pleasure of working and learning from him over the past year, and in that time I picked up more important lessons about both life and embedded programming than any amount of school could ever teach. The most striking lesson is the story of how and why, in late summer of 1986, Sergei decided to move his family out of the Soviet Union.

In the 1980s, my mentor Sergei was writing software for an SM-1800, a Soviet clone of the PDP-11. The microcomputer was just installed at a railroad station near Sverdlovsk, a major shipping center for the U.S.S.R. at the time. The new system was designed to route train cars and cargo to their intended destinations, but there was a nasty bug that was causing random failures and crashes. The crashes would always occur once everyone had gone home for the night, but despite extensive investigation, the computer always performed flawlessly during manual and automatic testing procedures the next day. Usually this indicates a race condition or some other concurrency bug that only manifests itself under certain circumstances. Tired of late night phone calls from the station, Sergei decided to get to the bottom of it, and his first step was to learn exactly which conditions in the rail yard were causing the computer to crash.

He first compiled a history of all occurrences of the unexplained crashes and plotted their dates and times on a calendar. Sure enough, a pattern was clearly visible. By observing the behavior for several more days, Sergei saw he could easily predict the timing of future system failures.

He soon figured out that the rail yard computer malfunctioned only when the cargo being processed was live cattle coming in from northern Ukraine and western Russia heading to a nearby slaughterhouse. In and of itself this was strange, as the local slaughterhouse had in the past been supplied with livestock from farms located much closer, in Kazakhstan.

As you may know, the Chernobyl Nuclear Power Plant disaster occurred in 1986 and spread deadly levels of radiation which to this day make the nearby area uninhabitable. The radioactivity caused broad contamination in the surrounding areas, including northern Ukraine, Belarus, and western Russia. Suspicious of possibly high levels of radiation in the incoming train cars, Sergei devised a method to test his theory. Possession of personal Geiger counters was restricted by the Soviet government, so he went drinking with a few military personnel stationed at the rail yard. After a few shots of vodka, he was able to convince a soldier to measure one of the suspected rail cars, and they discovered the radiation levels were orders of magnitude above normal.

Not only were the cattle shipments highly contaminated with radiation, the levels were high enough to randomly flip bits in the memory of the SM-1800, which was located in a building close to the railroad tracks.

There were often significant food shortages in the Soviet Union, and the government plan was to mix the meat from Chernobyl-area cattle with the uncontaminated meat from the rest of the country. This would lower the average radiation levels of the meat without wasting valuable resources. Upon discovering this, Sergei immediately filed immigration papers with any country that would listen. The computer crashes resolved themselves as radiation levels dropped over time.

Korean Translation provided by Edward Kim