de0u I believe that on a monthly basis I run into zero of either.

How could one possibly know this?

Let me give you an example:

  • search something like "how to run a vm on apple sillicon"
  • it might give you helpful-looking links to sites like howtogeek or makeuseof
  • you open makeuseof
  • it shows up in my uBO running scripts from 18 different domains. If I allowed all, they each might call additional domains, and we could be running scripts from 30 domains.
  • some of them might be malicious. As "cancerous" as makeuseof might seem, you might want to give it the benefit of the doubt. But any of those 30 domains could be compromised by an external actor, and be running rogue scripts.

The attack surface in a simple web search is just huge.
So, do you run a malware analysis on every single site/script you run while browsing? Or have any concrete evidence to show everything you access is clean?

      Hb1hf [...] makeuseof [...]™shows up in my uBO running scripts from 18 different domains. If I allowed all, they each might call additional domains, and we could be running scripts from 30 domains. some of them might be malicious.

      The claim that some of them might be malicious is irrefutable. My next-door neighbor might be an axe murderer (we know axe murderers exist).

      What's the likelihood?

      As "cancerous" as makeuseof might seem, you might want to give it the benefit of the doubt. But any of those 30 domains could be compromised by an external actor, and be running rogue scripts.

      Irrefutable.

      Hb1hf So, do you run a malware analysis on every single site/script you run while browsing?

      If there is a population of people who are blocking ads served by makeuseof because malware analysis reveals that on average they serve one piece of malware per {minute, hour, day, week}, that makes sense.

      If there is a population of people asserting everybody should block ads served by makeuseof without presenting any data on how often they contain malware, that is interesting.

      Hb1hf Or have any concrete evidence to show everything you access is clean?

      Fundamentally, concrete evidence of malware is possible, but concrete evidence of absence is not. So evidence of how often makeuseof serves malware in ads would be welcome.

      Then it would be possible to evaluate what fraction of that malware would be successful against Vanadium.

              • [deleted]

              • Post #24

              Hb1hf Then use an Anti-virus, Ad-blockers are for ads. Ad-blockers also can't block phishing because phishing doesn't require ads or even trackers.

                • [deleted]

                • Post #25

                csis01 It would have to obtain root privileges through some exploit (hack) in order to be able to scan anything beyond its own data.

                That's not true. Anti-virus can scan apks of any apps, including system apps; but It cannot delete them itself and it also cannot read internal data of them (both /Android/data/<package_name> and /data/app/<package_name>).

                    de0u
                    For you specifically, there's an easy way to find out. Create a free account in Adguard-dns/etc and set all your browsers to it. But configure it to only use malware lists, uncheck all ads, trackers and annoyances lists. Then log in after a month to see how many requests were blocked.

                    On a population level, you can check malware lists against Alexa Rank. I figure the lists are big, so you'd need a script for that.

                      • [deleted]

                      • Post #28

                      csis01 Try exporting APKs of apps via an App like App Manager, It will be able to basically get the apk of any app