7 questions to ask before choosing a malware blocking solution

1. What’s the data source for blocking?
Most vendors providing malware blocking tools use compiled, synthetic, outdated data sources — typically lagging three to five days after the malicious behavior begins — to block bad ads. As a result, blocking of malvertising is often delayed, inaccurate and generally inadequate, with loads of false positives also eating into your ad revenues. Due to its temporal and quickly morphing nature — new malware vectors emerge every 30 seconds or less — web-based malware must be continuously hunted.

The action to take: Request details on the malware data sources and how often data is refreshed.

2. Is the entire ad experience safe?
An ad experience has many moving parts, including the creative, tag and landing page. Most blocking tools only see and block the “known” malicious visual and tag, while ignoring malicious landing pages. Blockers unfortunately also don’t see down the request chain, often missing site-level malware. Considering that 10 percent of malware detected by The Media Trust only infects landing pages, user advertising experiences remain at risk.

The action to take: Inquire about how malware blocking tools address deficiencies.

3. Does it take domains and hosts equally into account?
Blocking malicious URLs is a great start, but here’s the thing about bad URLs: they can change within seconds in order to evade detection. Having blockers that are capable of both rapid detection of bad hosts and also domains is crucial in order to adequately protect the user experience.

The action to take: Ask if blocking tools address domains as well as hosts.

4. What about obfuscated code?
The Media Trust’s malware desk confirms that malware blockers aren’t effective when the malicious code is obfuscated or concealed. Obfuscation is the technique of encoding or double-encoding malware in order to evade detection. A combination of machine learning, human analysis and scanning solutions are required to decode obfuscated malware delivery. With 40-50 percent of malvertising using obfuscation (90% for mobile redirects), blockers that aren’t backed by human verification allow obfuscated code to pass.

The action to take: Demand proof of how tools detect obfuscated code.

5. Do you understand blocking context?
One frightening aspect of malware blocking is that publishers have in many ways handed the reins of their ad revenues to third parties. To avoid unnecessary monetization hiccups, it is necessary to get context around why an ad is being blocked. False positives can shut down a perfectly good ad — or worse, a perfectly good upstream partner. Inflating malware numbers by blocking a DSP is not a good revenue strategy.

The action to take: Review reports to determine accurate reasons for why an ad is blocked.

6. What is the latency impact?
Blocking solutions typically enable passbacks (replacing a blocked ad by calling back to the server for another ad). However minimal, this process can cause page latency issues and hurt the very user experience it claims to protect.

The action to take: Evaluate latency issues associated with the malware blocking tool.

7. You blocked a bad ad, what about future ones?
Blockers are nifty tools that allow ad and revenue operations teams to block bad ads, but wouldn’t it be better to block the source of malware instead of playing whack-a-mole? While protecting your user experience and ad revenue, malware blocking vendors should provide enough data and supporting services to help with long-term growth and business continuity.

The action to take: Analyze the digital ecosystem and suss out bad partners.

The ongoing issues of malvertising and site-level malware need a holistic approach that rewards good business practices and long-term thinking while keeping bad actors and unworthy partners out of the ad supply chain. However, one should still remember: malware blocking solutions aren’t a long-term cure-all for securing user experience and ad revenues.