We’ve all heard the sobering statistics, how the online advertising ecosystem loses billions every year from ad fraud. But as bleak and overwhelming as the perpetual fight against bad ads might feel at times, we have some very good news – the industry isn’t defenseless against malvertising as long as it embraces the right solutions.

That’s something we uncovered in our recent 2020 State of Ad Quality Report – some companies are winning their wars against auto redirects, malware, and the many other forms of bad ads. Now, the trick is to bottle that success and distribute it to the masses.

So on that note, we’re providing you with an overview of the different techniques that publishers and ad networks can use to help prevent malware and redirects, how they work, and which might be the best fit for your specific needs. If you take an informed approach and implement the right solutions, you can finally turn the tables on bad ads.

SafeFrames: A Legacy Solution with Teeth

SafeFrame made an emphatic name for itself by utilizing an existing DFP framework to enable an attribute called sandboxing. A sandbox solution prevents ads from reading outside of their iframe, basically creating a contained, enclosed environment and, thus, was an early technique for sequestering malicious ads. Simple yet powerful, all an ad ops team has to do is check a box and they’re up and running.

While the technique is just over a decade old, much of the industry already considers sandboxing the octogenarian of the ad quality solution crowd or, to put it another way, it’s showing its age in some respects. For one, sandboxing creates numerous discrepancies since it often prevents more than it should. Also, there is limited browser support for sandboxing and, as of this past year, cybercriminals are bypassing this technique.

That’s not to say, however, that sandboxing is in any way a fossilized approach. In fact, while it might be a bit long in the proverbial tooth at this point, there’s still a healthy bounce to its step. And that’s the best way to look at sandboxing in the fight for ad quality – its most robust days might be in the past, but it still provides some protection for the ecosystem. In other words, there’s still a place for sandboxing, but not as a standalone solution on the frontlines.

Blacklist Analysis: Keeping a List & Checking it Twice

Sometimes referred to as static analysis, this is a case where the name says it all. An ad quality solution with blacklist analysis keeps a running, real-time list of all known threats. Every time an ad loads, it’s checking the ad payload against that list. If it finds a match, then the solution prevents the ad from rendering.

Also, since the blacklist can be cached within the web browser, blacklist analysis is a very quick and efficient way to check for bad ad behavior, an especially important factor during a malvertising attack or for forced redirects. Of course, the effectiveness of this approach depends on the thoroughness of the list itself. If it doesn’t have good inputs, then it’s not going to provide the level of protection needed to identify bad ads.

Therefore, when using a solution with blacklist analysis, it’s important to choose a provider that not only has an adequate list but a minimal cycle as well. If it’s not agile enough to quickly integrate new threats into the list, then you’re susceptible to virtually every new iteration of bad ad.

Dynamic Analysis: A Realtime X-Ray Into Ad Scripts

That brings us to a technique we call dynamic analysis. This approach loads the entire ad payload into aJavaScript sandbox. From there, all of the scripts execute within this isolated environment to reveal what happens in real-time. Afterward, depending on the solution, the technique can proceed in one of two ways:

1. The solution can block the malicious script that it identifies. While this approach can be very accurate, it can also cause signifiant latency issues as well as downstream problems from blocking the JavaScript, affecting other elements on the webpage. Likewise, it can result in greater discrepancies simply from loading the ad multiple times.
2. Alternatively, our solution can go through the dynamic analysis, adding any signatures to the blacklist as it goes. It sidesteps the latencies from the first technique but still analyzes scripts in real-time and within a protected environment. It's faster and more agile while still providing the needed protection against ransomware, phishing scams, trojans, competitive domains, large payloads, and virtually anything else that goes bump in the malvertising night.

What About Ad Replacement?

Remember, blocking the bad ads is only one side of the equation. You also have to think about filling that ad slot. Granted, you can always use a blank ad or even an in-house one, but neither will produce any ad revenue. And while the DFP passback route is a viable option, you’re still monetizing at much lower price points than normal.

Using an ad quality solution with flexible ad replacement capabilities means you’re maximizing revenue without jeopardizing third-party scripts. That’s our approach to ad replacement here at Ad Lightning. Likewise, we don’t use one of the ad quality solutions discussed – we offer them all.

Replacing an ad, rather than just blocking malicious code, also prevents a bad ad from ever reaching a user. Otherwise, even if you strip part of the malicious script from an ad, there are other elements – like the click-through URL, for example – that could still be problematic if the user were lured into clicking on it.

A holistic ad-blocking answer to ad quality issues that integrates sandboxing, blacklists, and dynamic analysis – not to mention real-time ad scanning and data from billions of ad impressions – gives publishers and advertising networks the unflinching protection they need from malvertising campaigns. If it can happen to the New York Times, the London Stock Exchange, and Spotify, it can happen to anyone. But that's why we exist – to stop it from happening to you.