denolth2
05-06-02, 10:58 AM
Taken from Informit.com....
to access the url, you'll need to register and log in to their site:
http://www.informit.com/content/index.asp?product_id={8E585451-3E34-47BD-B27A-18B0B28CE83F}&news=true
den2 :O
Pop-under Windows: Annoying Certainly, but Dangerous?
MAY 01, 2002 By Kyle Cassidy. Article is provided courtesy of Sams.
Pop-under windows launch silently and hide beneath your main browser window. Aside from being terribly annoying, they can also theoretically carry a harmful payload. This article dissects them, and gives you ways to avoid them altogether.
There are few things on the Internet that annoy me more than someone else making decisions about what I want to do. It's fiercely annoying to load a Web page, and have it automatically begin tooting a MIDI file of Eye of the Tiger or Tie a Yellow Ribbon. This is an especially egregious crime when I'm already listening to a CD of my own, and at the first earful of subdued peeping I look quizzically around the room and then waste five minutes peering out the window trying to find an ice cream truck before realizing that the annoying little jingle is, in fact, emanating from my own stereo speakers—buried somewhere beneath the noise of my new favorite band. Imagine what it would be like if advertisers could change the channel on your television at will, and you will begin to feel my rage. If I wanted to listen to your stupid MIDI file, my friend, I would have played it myself. I don't like it when someone runs a program on my computer, and I certainly don't like it when someone decides that I want to open a new browser window to look at their advertisement. The most egregious of these are the full-sized windows with controls removed.
But now that most of those HTML coders who put autoloading MIDIs into their Web pages have been mercifully deported to countries without electricity, my new personal pet peeve is advertisers deciding that I want to open a new window containing one of their ads and hide it behind my browser window where they tend to accumulate over the course of the day like rats in a dump. Like Figure 1.
Figure 1 One of the most common pop-under advertisers is X10, which suggests that you can use their wireless security camera to survey alluring women at your front door, home office, garage, nursery, or yard.
What's the Buzz? Tell Me what's Ahappenin'
So why would people stoop to such depths, obviously annoying their users? The answer is most likely buzz. In the beginning, Internet monitoring companies such as Neilson and Jupiter (which measure Web traffic much in the way Neilsen is famous for doing with television) counted popups and pop-unders as unique hits to a Web site. Launching pops was a way to artificially inflate hits, generate buzz, and hopefully (for the company doing this) generate revenue. However, much of that has changed. In December of 2001, CNET reported that Jupiter and Neilson both removed popup ads from their criteria for "hits," deciding that they did not represent a willful intention to visit a Web site. After that decision by Jupiter, X10, the largest single user of pop-under ads (which had been safely sitting in the top five most-viewed Web pages in the world) dropped out of the top 50 altogether. What's the buzz?
Obviously there's been a lot of animosity generated by this practice, and we're not the only ones upset about it. Joe Jenett hates pop-unders so much he's begun a crusade called ASAP! (A Stand Against Pop-under ads!). It has become something of a clearinghouse of information about the nefarious programming device. You can find it at http://jenett.org/asap/.
So, How Do Pop-under Windows Work?
Let's talk about two terrible ideas and how they conspired to annoy millions of Internet users.
onLoad / onUnload
blur / focus
These are JavaScript commands. onLoad and onUnload are what are called event handlers (they tell your browser what to do when something happens; in this case, when a browser window is either opened or closed). Blur and focus are used to bring a window to the foreground or send it to the background. Clever usage of the onLoad and blur commands allow advertisers to open a child browser window when you load the parent, and "blur" it into the background so that when you close the parent window, the ad sits on your screen like a lost puppy come home to the wrong house.
onUnload is the most scurrilous of all these commands, and it baffles me that any browser manufacturer would choose to adopt it. We'll talk more about its possible abuses later.
Dissecting a Pop-under
Right this way to the lab: Let's dissect a pop-under window.
<HTML>
<HEAD>
<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
<TITLE>Pop Under Window</TITLE>
</HEAD>
<BODY onLoad=window.open('annoy.html').blur();window.focus();>
<P>
This window spawns a popunder.
</BODY></HTML>
The code is so simple that it begs little discussion. In the body tag, we tell the browser that upon loading it will open a window using the source file annoy.html, blur that window, and then focus the parent—banishing annoy.html to the background.
You Said this Was Dangerous, Right?
Well, it could be. Any time you let someone else run a program on your computer, there exists the potential for disaster. The worst part about pops is their potential for even greater abuse or misuse. Let's look at another example that is almost identical to the first, but with two slight variations:
<HTML>
<HEAD>
<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
<TITLE>Pop Under Window</TITLE>
</HEAD>
<BODY onUnload=window.open('annoy.html').blur();window.focus();>
<P>
This window spawns a popunder.
</BODY></HTML>
In this instance, we're spawning the child window on unload rather than on load. What does that mean? It means that when the browser window is closed, we have one last chance to execute a command before the window goes away—a parting shot, if you will. So let's say that you have four advertisements you want people to look at: 1.html, 2.html, 3.html, and 4.html, respectively. You could use the onUnload command to automatically open up a different advertisement each time one is closed. If you're unscrupulous enough, you could do this all day long.
But let's go a little further, and pretend that you have only one ad, and you don't care if you annoy people with it—you just want them to see it. Look at this example:
<HTML>
<HEAD>
<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
<TITLE>Pop Under Window</TITLE>
</HEAD>
<BODY onUnload=window.open('this-file.html').blur();window.focus();>
<P>
This window spawns a popunder.
</BODY></HTML>
Instead of calling a new browser window, this one calls itself back every time you close it. It's now become the advertisement that won't die.
But why stop there? Remember Hercules fighting the Hydra? Every time he cut off one of its heads, two new ones grew back in its place. And there's nothing to stop a JavaScript coder from doing the same thing.
Our code becomes only slightly more complicated because now we must create a function and call that function, but we can use it to do terrible things:
<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
function zing() {
window.open("this-page.html")
window.open("this-page.html")
window.open("this-page.html")
window.open("this-page.html")
}
</script>
<title>Evil Code</title>
</head>
<body onUnload="zing()">
This page creates four copies of itself each time it is closed.
</body>
</html>
So in this example, we created a function called "zing" that does nothing but spawn itself four times whenever a copy of it is closed. Even worse would be calling up four copies of itself on load. Any computer accessing this page would then begin spawning copies of itself until it ran out of memory—grinding to a halt in some sort of Star Trek death.
Why Are You Telling Us All This?
Because it's not too late. It's not too late for you to arm yourself against it. There are several things you can do (apart from boycotting advertisers who use pops and informing responsible ones how annoying it is.) Some of these measures are more drastic than others.
Turn off JavaScript
This is the safest option because it protects you from all sorts of other things, too. In today's world, it's not entirely practical, however, and some Web pages need JavaScript to perform e-commerce applications.
Use a Smart Browser
Opera, the "other" browser, has had only one reported security flaw in six years of operation. With this kind of record, it seems natural that they'd be the first to allow you to completely disable popups with the click of a mouse. (See Figure 2.)
Figure 2 Opera gives you the option of turning popups off.
Opera also has the advantage of being significantly faster than either IE or Netscape. Opera has a free version with targeted banner advertising at the top (you can actually choose what kind of ads you'd rather get) for an ad-free version for $39.
Use Filtering Software
There are numerous filtering options, and a search on any search engine or a program repository such as Tucows will turn up more.
One of my favorites is Proximatron, which is an application designed to "tame JavaScript" and written by Scott R. Lemmon. It includes a host of filters for blocking not only pop-unders, but also does other useful things: It changes JavaScript redirects to links, removes window commands from spawned windows (to avoid those fiercely annoying pages with no close window control), blocks Web bugs, stops JavaScript from modifying the Status Control Bar, and on and on. If it's wrong about JavaScript, Proxamatron lets you fix it.
How much is it? Well, Proximatron declares itself to be Shonenware, a concept designed by Lemmon and, as far as I know, the only product distributed in that manner. To use Proximatron, all you have to do is buy any album by Scott Lemmon's favorite band: Shonen Knife, an all-girl, Japanese heavy metal band (Picture the Power Puff Girls playing Black Sabbath tunes.) A bargain at that price. Proximatron can be a little difficult to use, but there are simpler alternatives.
adsubtract pro is $29.95, and blocks popup adds (and automatically playing music!). There is a free version that blocks numerous advertisements, but lets the popups through (and the music).
Others include Pop-Up Stopper from Panicware, which retails in the $20.00 range; Pop Up Killer from xfx, which runs $7.00, and makes entertaining noises every time it kills a popup; and PopNot from High Density Software, which retails for $12.00.
to access the url, you'll need to register and log in to their site:
http://www.informit.com/content/index.asp?product_id={8E585451-3E34-47BD-B27A-18B0B28CE83F}&news=true
den2 :O
Pop-under Windows: Annoying Certainly, but Dangerous?
MAY 01, 2002 By Kyle Cassidy. Article is provided courtesy of Sams.
Pop-under windows launch silently and hide beneath your main browser window. Aside from being terribly annoying, they can also theoretically carry a harmful payload. This article dissects them, and gives you ways to avoid them altogether.
There are few things on the Internet that annoy me more than someone else making decisions about what I want to do. It's fiercely annoying to load a Web page, and have it automatically begin tooting a MIDI file of Eye of the Tiger or Tie a Yellow Ribbon. This is an especially egregious crime when I'm already listening to a CD of my own, and at the first earful of subdued peeping I look quizzically around the room and then waste five minutes peering out the window trying to find an ice cream truck before realizing that the annoying little jingle is, in fact, emanating from my own stereo speakers—buried somewhere beneath the noise of my new favorite band. Imagine what it would be like if advertisers could change the channel on your television at will, and you will begin to feel my rage. If I wanted to listen to your stupid MIDI file, my friend, I would have played it myself. I don't like it when someone runs a program on my computer, and I certainly don't like it when someone decides that I want to open a new browser window to look at their advertisement. The most egregious of these are the full-sized windows with controls removed.
But now that most of those HTML coders who put autoloading MIDIs into their Web pages have been mercifully deported to countries without electricity, my new personal pet peeve is advertisers deciding that I want to open a new window containing one of their ads and hide it behind my browser window where they tend to accumulate over the course of the day like rats in a dump. Like Figure 1.
Figure 1 One of the most common pop-under advertisers is X10, which suggests that you can use their wireless security camera to survey alluring women at your front door, home office, garage, nursery, or yard.
What's the Buzz? Tell Me what's Ahappenin'
So why would people stoop to such depths, obviously annoying their users? The answer is most likely buzz. In the beginning, Internet monitoring companies such as Neilson and Jupiter (which measure Web traffic much in the way Neilsen is famous for doing with television) counted popups and pop-unders as unique hits to a Web site. Launching pops was a way to artificially inflate hits, generate buzz, and hopefully (for the company doing this) generate revenue. However, much of that has changed. In December of 2001, CNET reported that Jupiter and Neilson both removed popup ads from their criteria for "hits," deciding that they did not represent a willful intention to visit a Web site. After that decision by Jupiter, X10, the largest single user of pop-under ads (which had been safely sitting in the top five most-viewed Web pages in the world) dropped out of the top 50 altogether. What's the buzz?
Obviously there's been a lot of animosity generated by this practice, and we're not the only ones upset about it. Joe Jenett hates pop-unders so much he's begun a crusade called ASAP! (A Stand Against Pop-under ads!). It has become something of a clearinghouse of information about the nefarious programming device. You can find it at http://jenett.org/asap/.
So, How Do Pop-under Windows Work?
Let's talk about two terrible ideas and how they conspired to annoy millions of Internet users.
onLoad / onUnload
blur / focus
These are JavaScript commands. onLoad and onUnload are what are called event handlers (they tell your browser what to do when something happens; in this case, when a browser window is either opened or closed). Blur and focus are used to bring a window to the foreground or send it to the background. Clever usage of the onLoad and blur commands allow advertisers to open a child browser window when you load the parent, and "blur" it into the background so that when you close the parent window, the ad sits on your screen like a lost puppy come home to the wrong house.
onUnload is the most scurrilous of all these commands, and it baffles me that any browser manufacturer would choose to adopt it. We'll talk more about its possible abuses later.
Dissecting a Pop-under
Right this way to the lab: Let's dissect a pop-under window.
<HTML>
<HEAD>
<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
<TITLE>Pop Under Window</TITLE>
</HEAD>
<BODY onLoad=window.open('annoy.html').blur();window.focus();>
<P>
This window spawns a popunder.
</BODY></HTML>
The code is so simple that it begs little discussion. In the body tag, we tell the browser that upon loading it will open a window using the source file annoy.html, blur that window, and then focus the parent—banishing annoy.html to the background.
You Said this Was Dangerous, Right?
Well, it could be. Any time you let someone else run a program on your computer, there exists the potential for disaster. The worst part about pops is their potential for even greater abuse or misuse. Let's look at another example that is almost identical to the first, but with two slight variations:
<HTML>
<HEAD>
<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
<TITLE>Pop Under Window</TITLE>
</HEAD>
<BODY onUnload=window.open('annoy.html').blur();window.focus();>
<P>
This window spawns a popunder.
</BODY></HTML>
In this instance, we're spawning the child window on unload rather than on load. What does that mean? It means that when the browser window is closed, we have one last chance to execute a command before the window goes away—a parting shot, if you will. So let's say that you have four advertisements you want people to look at: 1.html, 2.html, 3.html, and 4.html, respectively. You could use the onUnload command to automatically open up a different advertisement each time one is closed. If you're unscrupulous enough, you could do this all day long.
But let's go a little further, and pretend that you have only one ad, and you don't care if you annoy people with it—you just want them to see it. Look at this example:
<HTML>
<HEAD>
<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
<TITLE>Pop Under Window</TITLE>
</HEAD>
<BODY onUnload=window.open('this-file.html').blur();window.focus();>
<P>
This window spawns a popunder.
</BODY></HTML>
Instead of calling a new browser window, this one calls itself back every time you close it. It's now become the advertisement that won't die.
But why stop there? Remember Hercules fighting the Hydra? Every time he cut off one of its heads, two new ones grew back in its place. And there's nothing to stop a JavaScript coder from doing the same thing.
Our code becomes only slightly more complicated because now we must create a function and call that function, but we can use it to do terrible things:
<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
function zing() {
window.open("this-page.html")
window.open("this-page.html")
window.open("this-page.html")
window.open("this-page.html")
}
</script>
<title>Evil Code</title>
</head>
<body onUnload="zing()">
This page creates four copies of itself each time it is closed.
</body>
</html>
So in this example, we created a function called "zing" that does nothing but spawn itself four times whenever a copy of it is closed. Even worse would be calling up four copies of itself on load. Any computer accessing this page would then begin spawning copies of itself until it ran out of memory—grinding to a halt in some sort of Star Trek death.
Why Are You Telling Us All This?
Because it's not too late. It's not too late for you to arm yourself against it. There are several things you can do (apart from boycotting advertisers who use pops and informing responsible ones how annoying it is.) Some of these measures are more drastic than others.
Turn off JavaScript
This is the safest option because it protects you from all sorts of other things, too. In today's world, it's not entirely practical, however, and some Web pages need JavaScript to perform e-commerce applications.
Use a Smart Browser
Opera, the "other" browser, has had only one reported security flaw in six years of operation. With this kind of record, it seems natural that they'd be the first to allow you to completely disable popups with the click of a mouse. (See Figure 2.)
Figure 2 Opera gives you the option of turning popups off.
Opera also has the advantage of being significantly faster than either IE or Netscape. Opera has a free version with targeted banner advertising at the top (you can actually choose what kind of ads you'd rather get) for an ad-free version for $39.
Use Filtering Software
There are numerous filtering options, and a search on any search engine or a program repository such as Tucows will turn up more.
One of my favorites is Proximatron, which is an application designed to "tame JavaScript" and written by Scott R. Lemmon. It includes a host of filters for blocking not only pop-unders, but also does other useful things: It changes JavaScript redirects to links, removes window commands from spawned windows (to avoid those fiercely annoying pages with no close window control), blocks Web bugs, stops JavaScript from modifying the Status Control Bar, and on and on. If it's wrong about JavaScript, Proxamatron lets you fix it.
How much is it? Well, Proximatron declares itself to be Shonenware, a concept designed by Lemmon and, as far as I know, the only product distributed in that manner. To use Proximatron, all you have to do is buy any album by Scott Lemmon's favorite band: Shonen Knife, an all-girl, Japanese heavy metal band (Picture the Power Puff Girls playing Black Sabbath tunes.) A bargain at that price. Proximatron can be a little difficult to use, but there are simpler alternatives.
adsubtract pro is $29.95, and blocks popup adds (and automatically playing music!). There is a free version that blocks numerous advertisements, but lets the popups through (and the music).
Others include Pop-Up Stopper from Panicware, which retails in the $20.00 range; Pop Up Killer from xfx, which runs $7.00, and makes entertaining noises every time it kills a popup; and PopNot from High Density Software, which retails for $12.00.