Why do we need to block ads?
Advertisements on the web are at best a nuisance and distraction, costing your business lost time and productivity. Advertisements at their worst will expose your business machines to malware, which can leak or destroy company data. The presence of malevolent advertisements is not limited to fringe websites; there have been recent instances of malware being distributed with the help of Google Ad services. [Sources: bleepingcomputer, howtogeek] As a result, IT departments need to treat web ads like any other threat vector and take appropriate mitigation steps.
Blocking advertisements is nothing new; tech-savvy users have used ad-blocking techniques and browser extensions for decades in-order to enjoy an ad-free web browsing experience. Despite this, most users do not block ads, with only 27% of users utilizing ad-blocking technology in 2021. [Source: Statista] This unfortunately leaves a majority of users exposed to a threat vector that a simple mis-click on a webpage can exploit.
How do ad-blockers work?
Most websites do not host their own ads. Ads are instead provided through third-party platforms. “Block Lists” such as EasyList include a long list of ad-serving domains, which ad-blockers then use to block content. This effectively allows you to easily block a site’s ads while otherwise maintaining the ability to view desired content on the site.
Adblocking technology can be implemented at many different levels:
Application Level
These are the type of ad-blockers that most people are familiar with and include web browser extensions such as uBlock Origin. This also includes web browsers with built-in ad-blocking functionality such as Brave. These ad-blockers prevent content from block lists from being fetched, accepted, or displayed within your browser.
Pros:
- Typically very easy to install and do not require administrative/root access on a machine
- Users are provided with granular control on a per-website basis; extensions can be disabled as-needed.
- The best examples like uBlock Origin are Free and Open Source Software (FOSS); their codebase can be freely audited to ensure there is no undesirable behavior and there is no cost to use the software
- Functionality is often greater than simple ad-blocking which can include fixing formatting/appearance of ad-blocked sites, as well as blocking tracking or cross-site scripts, pop-ups, or attempts made by websites to circumvent ad-blocking
Cons:
- Only blocks ads within the web browser where it is installed; other applications will continue to be subjected to ads.
- Ability of users to easily disable functionality may be undesirable in an organizational setting
Device Level
This includes installing programs or modifying system-level properties on your device in-order to block ads. Methods include modifying the local “Hosts” file or using ad-blocking DNS servers to leverage block lists. Examples of software include AdAway for Android which leverages both methods and helps automate this process. AdGuard provides an example of an ad-blocking DNS server, of which there are many others.
Pros:
- Efficacy is not limited to one application; all applications on a device benefit from these ad-blocking methods
- Does not require the installation of any software; modifying the hosts file or network settings are native functions of any operating system
Cons:
- Generally more difficult to install/maintain than application-based ad-blockers
- Requires greater device privilege than application-based ad-blockers; modifying the Hosts file or network settings on a device usually requires administrative/root access.
- Ad-blocking public DNS servers may not perform as well as DNS servers provided by your ISP or other large companies and result in slower webpage loading times
- Website formatting may appear strange if application-based ad-blockers are not also being used
Network Level
This includes any steps taken within your network/LAN to block ads. One of the most popular examples includes Pi-hole which once configured will process all DNS queries within a network and block/filter any queries related to ad delivery. Other examples include firewall extensions such as pfblocker-NG which dynamically updates firewall rules in-order to block ads. Enterprise-grade proprietary hardware may provide their own extensions or instructional guides to achieve a similar result.
Pros:
- Not limited to a single machine; provides ad-blocking for all devices on a network
- Protection cannot be easily bypassed/disabled by users/employees
Cons:
- Can be difficult to implement for an average end-user; typically requires some rudimentary knowledge of networking to implement
- May break desired functionality of some websites, requiring intervention or manual allow-listing to circumvent
- Website formatting may appear strange if application-based ad-blockers are not also being used
Which method(s) should I use?
For personal use or very small businesses, browser extensions like uBlock Origin are the gold standard. They are incredibly effective and very easy to install and use. [Firefox, Chrome] For more tech-savvy users, setting-up a Pi-hole for your home network can help protect everyone in your household from ads while providing additional benefits such as blocking ads on IoT devices such as Smart TVs.
Organizations seeking unilateral ad-blocking across all business devices have many tools at their disposal; if you use an on-premise Active Directory Domain Services infrastructure, or cloud-based Azure Active Directory, you can leverage Group Policy or Intune to enforce hands-off scripts or policies forcing the installation of ad-blocking extensions for all installed web browsers to protect employees from ads. Depending on your organizational network topography, you may be able to leverage DNS or firewall-based ad-blocking to provide additional protection for both managed and unmanaged devices. In-lieu of a centralized management framework or a dedicated IT department, if you employ a Managed Service Provider for your IT needs, they will typically use RMM software which can be used to the same effect.
A note on Chrome, Edge, and other Chrome-based web browsers
In 2021, Google announced some upcoming changes to Chrome, specifically with regard to extensions, including ad-blockers. The change would spell the end of “Manifest V2” extensions, requiring that all browser extensions adopt the “Manifest V3” standard. Microsoft has made a similar announcement, impacting Microsoft Edge.
There are countless articles addressing these announcements; a simplified consensus is that ad-blocking extensions such as uBlock Origin may be less effective on Chrome-based web browsers once Google ends all support for Manifest V2. Users concerned by this should consider switching to Firefox; the Mozilla foundation plans to retain support for API calls used by content/ad blocking extensions.