Home > Parasites & Security > Here

New page December 11, 2004
Hold mouse here for list of most recent changes.

Let’s talk a bit about pop-ups. As some of you might expect, my views on this subject don’t necessarily run with the herd.

You know what pop-ups are, right? Those extra boxes and windows that jump up in your face while you’re browsing the web. Sometimes they serve a valid purpose consistent with what you sought from the site. But, way too often, numerous pop-ups are a serious invasion and a serious bother.

In response to this we have seen a flood of pop-up blocking software. It’s a new small industry. Some of these programs are free, some charge a fee, some are tossed into other products to increase their value. Unfortunately, some of them are examples of the new class of betrayware — software that claims to make your system more secure while simply opening it up to more exploitation, such as Panicware’s free Popup Stopper which deploys spyware. (As if we didn’t have enough exploitation to deal with already!)

Personally, I don’t use any such programs except, occasionally, to turn on the pop-up stopping feature on Maxthon (formerly MyIE2), the IE overlay that is my regular browser of choice. I use and love the Google Bar, but pointedly disable its pop-up blocking.

Today I’m writing to suggest that the popular view of pop-ups, and of pop-up stoppers, needs to be reexamined. Blocking pop-ups may be putting your computer at risk for the simple reason that it deprives YOU of important real-time information about parasitic invaders. Pop-ups are like pain — by existing at all, they provide information about your computer’s health and well-being. Effectively blocking them is like living on narcotics — it may feel serene, but it has drawbacks.

Believe It or Not... Pain is Your Friend

Sometimes we really need the information that pain gives us. If I hadn’t already known this, I would have learned lesson a few years ago when I fractured my right heel. I had been helping a friend reposition an air conditioner, having first crawled out her window. When finished, rather than disturb the landlady to unlock the security gate, I climbed the 12-foot fence and, having training and experience in landing, decided to drop to the concrete driveway on the other side. Well, training and experience didn’t win the day that time! (And I was a decade or so older than the last time I had tried.) The right foot didn’t land right. I knew it the moment I landed as pain shot through me. I thought I had simply badly twisted, or possibly sprained, the ankle. What I didn’t know yet was that I had broken the very porous heel in two places, clear through to the ankle joint.

I could have blocked the pain on the spot. I’d long practiced yoga techniques of rerouting pain through the nervous system and dissolving it (even having a root canal drilled once with no anesthetic to confirm that I could do it — one has to be very relaxed to succeed at that!). But as I started, on this occasion, to absorb and neutralize the pain sensations, every cell of my body screamed a loud inner “No!” No, not this time! If I’d gotten up and walked the length of the driveway with my foot in that condition, I could have permanently deranged the broken, porous bone, causing myself much more serious injury. So, instead, I began crawling to the front of the building where my friend helped me to her car and the local emergency room.

What has this to do with pop-ups, you may ask? Well, surprisingly, almost everything. Sure, we can now block them out, keep them from appearing, and filter them from our awareness. But this doesn’t address why they popped up in the first place. Ignoring the information their presence provides can seriously derange the functioning of our computer and the overall health of our Windows installation.

Blocking pop-ups does not stop the malicious software that may be behind them. It only stops the pop-up.

Feeling Vulnerable

Since the eleventh day of September in 2001, an emotional need for increased security has flooded through our culture and persists in touching many areas of our lives. In our computer use, we have become increasingly concerned about viruses and other malicious software, including privacy-invading adware, spyware, and other parasites. We are flooded with spam, and pretty sick and tired of it. So, when one more kind of invader — pop-ups — pushes itself in our face, I think we tend to lump this right in with spam and want to “moider da bum” along with all of the others.

My argument, though, is that there is a right way and a wrong way — and pop-up blockers are usually the wrong way, because they don’t get at the underlying cause, and therefore leave us less secure, not knowing of the invasion and violation still going on under the surface.

Four Kinds of Pop-ups

I group pop-ups into four categories. Only three of these are affected by pop-up stoppers, and there is only one of these three types — usually the least invasive — that you really want to block. Here they are:

  1. Pop-ups launched by the Messenger Service in Windows. If you have pop-ups even when you don’t have a Web browser open, these are being launched by the vermiform appendix of Windows, a generally useless vestige called the Messenger Service. This has nothing to do with Instant Messenger programs, and almost nobody on the planet uses it anymore, but it still comes enabled by default on Windows NT-based installations and can be easily exploited. Just turn it off. Click Start, click Run (or just press Win+R) and type SERVICES.MSC. Find “Messenger,” right-click and take Properties, and set “Startup type” to “Disabled.” IMPORTANT NOTE: These Messenger Service pop-ups only exist if the NetBIOS port (Port 138) is open. This is a potentially serious security issue. The pop-ups are an alert that you need to Block 138 with your firewall.
  2. Browser pop-ups that you want. Some web sites use pop-up boxes to give you additional information. For example, some multimedia sites open a small streaming media window in a pop-up — if you interfere with that, you can’t see the video you just asked to see. In the business world, the Web Access version of Microsoft Outlook uses pop-up windows to open and display emails or to open Reply windows just as in the desktop version of Outlook. You want to permit this behavior. By definition, you don’t want to block the pop-up boxes that you really want!
  3. Browser pop-ups appropriate to the site you are visiting. Here we get to the one category you might want to block, though usually it is the least bothersome. Every morning when I go to cnn.com to read the day’s news, every few articles will be accompanied by a pop-up CNN advertisement. Personally, I choose to live with these — they are closed with a click and serve the same purpose as TV commercials, helping justify a commercial site’s decision to provide me free services. Of course, some categories of Web sites are notorious for launching a larger number of pop-ups, and I see personal convenience of activating pop-up blocking when wandering into those sites. Mostly, though, sites that are this aggressive are sites that you shouldn’t feel terribly secure visiting in the first place. They bring to mind a mother’s advice to “wear your rubbers” when visiting, and wash your hands when leaving. Issues of your computer’s health and your personal enjoyment on such sites is far more complex than the current article is willing to address. My main point is, site-appropriate pop-ups, as a group, are not usually the ones that concern people very much. Block them or not as you will. The really bothersome ones are the fourth type discussed below — and we need to be sure not to block them!
  4. Floods of browser pop-ups not appropriate to the site you are visiting. These are the worst. You open your browser and, soon, no matter where you browse, you start getting swarms of pop-ups. They aren’t like the nytimes.com ads asking you to subscribe for home delivery, or even ads that reasonably help support the page offering you free information and services. No, these are just flooding in no matter where you point your browser. They are browser spam! These pop-up swarms indicate that you have a real problem! This kind of swarm has only one cause: adware and other parasites invading your computer, some of which may be spyware gathering information you haven’t volunteered to disclose. Blocking these pop-ups does not stop the malicious software from doing its dirty deeds. It only stops the pop-up.

Here is the core of my argument: These pop-up swarms, which are the extreme that drive most people to install pop-up blocking in the first place, shouldn’t be blocked. Why? Because blocking the pop-up doesn’t disable the parasite. The invasive and possibly malicious code is still on your computer and still operating. You’re just disabling blocking the alarm. Unfortunately, disabling the oil light on your dashboard doesn’t keep the oil pressure up! Turning off the burglar alarm doesn’t keep the house more secure. Blocking the pain doesn’t mend the broken bone. The pop-up is the pain. You need to find what’s causing the pain and treat it.

Solving the Problem

How to treat it? I have a whole protocol on my page The Parasite Fight! stated even more cut-to-the-chase concisely on my Quick-Fix Protocol page.

Don’t block these pop-ups. Let them help you. If you have them so bad that they’re driving you crazy, then your computer is infected with a disease. Fortunately, we know how to efficiently cure the disease, and how to inoculate you against recurrence. That’s where your attention should rest.

Visit Microsoft.com

  Top of Page   Home   Site Map   Search   Forums   Feedback   Donate