Browser

Pop-up windows: Know the difference between the good, the bad, and the annoying

Pop-up windows can often be a pain, but they sometimes indicate a more serious problem. Find out how to differentiate between a pop-up that's just wasting your time and one that might be trying to tell you something.

There's been a lot of publicity about pop-up windows, and most of it hasn't exactly been rave reviews. But it hasn't always been this way.

In fact, pop-up windows were a positive component in the beginning. Created long before tabbed browsers, their purpose was to present information without interfering with the current browser window.

These days, due to security risks as well as the annoyance factor, a standard feature among browsers is to block or control pop-up behavior. But before you start telling your browser or other privacy programs to block all those pop-ups, you need to understand why they happen and what you should really be doing about them.

Most pop-ups are part of the content from the Web site the user is visiting, containing either requested information or info the site thinks one might like. But other pop-ups are just spam that's both invasive and malicious in nature.

These types of pop-ups are actually an alarm telling you that something's wrong with your computer and you need to fix it. Let's divide pop-ups into two general categories -- normal and alarms.

Normal pop-ups

Some pop-ups are information you've requested -- music or video content from a link you just clicked or a download you requested (hopefully from a trusted site). Web-access e-mail programs use pop-ups to create or reply to e-mail, which mimics a traditional e-mail client.

In addition, some pop-ups are targeted advertising marketed specifically to consumers visiting a Web site. If you find yourself getting too many of these advertisements, it's probably due to the sites you're visiting.

In general, all of these types of pop-ups are the kind you want. And if not, you can easily dismiss them with a click on the X. These are the pop-ups you should be controlling with your browser or privacy program. But the other types of pop-ups are the ones you want to see -- because they're alerting you that something's wrong with your system.

Alarm pop-ups

You don't want to block the pop-ups that indicate a problem with your system -- these are the ones you want to see and take action on to resolve. For example, if pop-ups are launching through the Windows Messenger Service, you've got a potentially serious problem.

To get rid of these pop-ups, you need to turn off the Messenger Service. Follow these steps:

  1. Go to Start | Run, type services.msc, and click OK to launch the Services applet.
  2. Scroll down to find Messenger.
  3. Right-click Messenger, and select Properties.
  4. On the General tab, select Disabled from the Startup Type drop-down list, and click OK.

This is a serious security issue. While the Messenger Service pop-up starts with data on UDP 135, this pop-up indicates that the Windows networking ports (i.e., TCP/UDP 135, 137 through 139, and 445) are open to the public. This pop-up is an alarm that you need to block these ports with your firewall.

Another type of alarm pop-up is the browser flood. As soon as your browser opens, you start receiving a swarm of pop-ups. This browser "spam" is telling you that spyware/adware is running on your system. While this is usually why people enable pop-up blockers, that's comparable to rolling down your window and sticking your head outside so you can see to drive.

What's the real solution? Clean your Windows! Blocking the alarm doesn't solve the problem. If your system has experienced this type of behavior, start shopping for a spyware/adware removal tool (maybe several), and clean your system.

Final thoughts

While pop-ups can be a pain, they sometimes indicate a more serious problem. Don't ignore all pop-ups -- investigate the problem and make your system safer.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

45 comments
theguy1971
theguy1971

Info Midwest Technology www.infomidwest.com can help businesses to configure information security.

Jaqui
Jaqui

no such creature. there is NO good reason to open a new window when a link is clicked, EVER. a message box, from a running application is not a popup window in that sense, since it often carries a warning that something is not right.

howiem
howiem

A bit confusing on alarm popups. First you say that we don't want to block them, then you tell us to turn them off: "You don?t want to block the pop-ups that indicate a problem with your system ? these are the ones you want to see and take action on to resolve. For example, if pop-ups are launching through the Windows Messenger Service, you?ve got a potentially serious problem. To get rid of these pop-ups, you need to turn off the Messenger Service. Follow these steps:"

howiem
howiem

Re alarm popups: A bit confusing. First you say we should not want to block them, and then you immediately tell us how to block them by turning off messenger: "You don???t want to block the pop-ups that indicate a problem with your system ??? these are the ones you want to see and take action on to resolve. For example, if pop-ups are launching through the Windows Messenger Service, you???ve got a potentially serious problem. To get rid of these pop-ups, you need to turn off the Messenger Service. Follow these steps:"

Tony Hopkinson
Tony Hopkinson

You mean they were employed in a postive fashion surely. I examine any popups I get from my browser, I want to know how they got past the killer.

LocoLobo
LocoLobo

you're looking for info on something follow a promising link and immediately the page starts sprouting pop-ups containing adware. This has happened to me searching for solutions to network, exchange, and excel problems using Google or Yahoo for a search engine.

BALTHOR
BALTHOR

Who is popping up in my computer?I have the pop up blocker set to "DESTROY" and I still get pop ups.The pop up isn't related to the site that I'm on at all.How are they popping up?

Rndmacts
Rndmacts

Yes there are two type of popups one which is part of Windows messenging and for the majority of users not required so shutting down this service will give no harm. Popups when I am surfing the web are annoying and most likely malicious, and so I restrict them as tight as I can. If you know a site is going want to popup a music player just add them to your allowed list. This article was all over the place and a load of garbage to boot.

Jaqui
Jaqui

NONE I do not allow any popups at all. [ not to forget my text mode browser doesn't support them anyway ] if it's important, it will be in text and use the same window for all data.

kent5150
kent5150

Are spybot and spywareblaster. I've used these for quite a while and I have never had a problem with spyware or other malicious programs. The best part is that they are completly free.

linuxiac
linuxiac

There are now multiple prosecutions of innocent persons, across the nation, for Porn Blitz of popups for sexually explicit websites, because schools failed to properly manage filters, failed to pay for licensing, in violation of Federal laws. Check out this prosecution of a 40 year old substitute of a 7th grade classroom, that got a porn blitz, Julie Amero faces 40 years in prison! Schoo IT were notified, as was Principal, with no response. The judge allegedy slept in trial, three jury members allegedly talked in a restaurant, Defense Expert testimony was tossed out: http://www.norwichbulletin.com/apps/pbcs.dll/article?AID=/20070106/NEWS01/701060312/1002/NEWS17 I hope this is overthrown upon appeal and a review of the computer evidence by experts. But, even 20/20 had a segment about porn malware. Everyone seem to be too stupid for windows, so really, should run http://pclinuxos.com as a LiveCDrom only!

da philster
da philster

You might get pop-ups claiming that your "system is at risk", etc. I recommend NOT clicking ANY buttons including the "close" button on the pop-up. Any such action may be linked to commence a malicious download. "Alt + F4" should be used to close the questionable pop-up. FWIW.........Cheers

la mere
la mere

Check the grammar - I had a student's laptop in to fix with a trojan that popped up a warning message that was clearly written by someone who did not have English as their native language. I appeared as a yellow yield sign with an exclamation point sitting in the system tray. It was surely a symptom to me that something was not right!

lcristof
lcristof

The article is confusing and it contradicts it's self. Can you please clarify? Thanks.

seanferd
seanferd

to stop the pop-ups at their source (a vulnerability), rather than ignore by closing or blocking the pop-ups.

PaladinS
PaladinS

Wasted my time even reading the damned thing

deepsand
deepsand

While that may be your own personal experience, do not assume that such is the case for all. In my experience, of the sites that I use most frequently, [i]most[/i] pop-ups are both legitimate & useful. Don't throw the baby out with the bath water.

ray.menzel
ray.menzel

Some popups have malicious code enbedded even on the "red X" to close them. To combat this sorry practice I have instructed all my contacts to merely right click the affending pop up on the taskbar and select close. There always has to be someone trying screw up a good thing (the Internet).

deepsand
deepsand

And, why must all "important (stuff)... be in text and use the same window for all data?"

Chief Bottle Washer
Chief Bottle Washer

The primary problem is malecious programmers. It doesn't matter whether you run a Mac or Wintel Machine. These groups will do anything to mess with our ability to utilize the Internet and get work done. I say catch these people and sit them in a room with "It's a Small World" on constant repeat play, at level 11, until they're bleeding from their ears!

Tony Hopkinson
Tony Hopkinson

For us strange techy types. A pop up, is thing of great interest, for an appliance user, it's stupid interuption in the workflow by some thickie programmer. They don't read it, they click on it. A pity seeing as it said I'm going to steal your ID and or dump this payload. The mechanism for displaying alerts from any program, should be completely unambiguous in it's source (therefore totally in accessible from outside) and most importantly used as infrequently as possible, even if that means disabling it without a third operation on n repeats of the same critical error in a time frame. That way they don't get used to just clicking OK. An alarm that's always going off isn't alarming.

seanferd
seanferd

stop the pop-ups from the system by fixing the problem that is causing them to alert you, rather than just closing the pop-up.

Chief Bottle Washer
Chief Bottle Washer

It all boils down to the integrity of the coder. Is it an underhanded practise to force upon the viewer information that was not requested. So ask yourself - "Do you or don't you take money from shady characters?" . Trying to keep ones business up and running and attract more customers is tough enough. So, do you say to your customer - "No we don't do business in that mannner" or do you take the brass ring and let the chips fall as they will? Personally, I beleive that it is wrong to take away a persons freedom of choice. Take for instance Spam email. Do you like wasting time cleaning out your email box just to get to the info you want? Me?, Being Hawaiian/Japanese.... I prefer my Spam fried toasty brown on a bed of hot rice with green onions, a bit of Shoyu (Soy sauce). Add a fried egg and maybe some fresh cut Tuna - I'm a happy camper! A hui Ho!

Tony Hopkinson
Tony Hopkinson

default behaviour should be no though. Personally I'd recommend designing this out of a site, a lot of people and their blocker tools are going to kill it by default. I certainly do.

mstry9
mstry9

I just press Alt+F4. Most of you probably know it closes any top window. (The active window, AKA the window that has the focus). It's also a quick way to close Explorer windows. This is just my preference. Do what ever you are most comfortable with.

Tony Hopkinson
Tony Hopkinson

Best way is not to let the script execute in the first place. Anyone who writes something legitimate that uses popups on the web has not been paying attention.

Jaqui
Jaqui

you mean the suck data transfer and cost site visitors extra cash windows? [ which is EXACTLY what keep alive does ] because any well designed site will use minimal resources [ in all forms ] to enable the most possible viewers. if it can't be displayed in the same browser window, it mustn't be important information, it must be bloat that isn't needed. If it's Important information, it's presented in the lowest common denominator so that the most people can view it. [ hense text, not flash, audio, or video for important content ]

seanferd
seanferd

I can see how it might be unclear if you couldn't infer the the meaning from prior knowledge. The point was taken from the original post. I hadn't intended to not acknowledge the source of confusion.

howiem
howiem

But that isn't what the artuicle says. Anyway now that you have clarified it for the author, thanks.

Chief Bottle Washer
Chief Bottle Washer

Well met. Well met indeed. Boil them in oil first then rake them over the coals I say.

Tony Hopkinson
Tony Hopkinson

Sounds pleasant. In the UK, one of the things they do is deep fry it in batter. Bloody horrible, just sucks in all the oil, make your dietician's hair stand on end. Of course if you want to put a spammer in a container of boiling oil after giving them a battering, it's a perfectly acceptable practice. :D

deepsand
deepsand

Features that were designed for good & useful purposes were subverted; but, no surprise there. History is replete with examples of such.

Tony Hopkinson
Tony Hopkinson

I do let some pop ups happen and scripts execute, but only under controlled conditions. And only then if I want what's being offered. I make the decision and then enable it/them. It sort of reduces the browsing experience though. Which is why I wouldn't choose it as the default mechanism for what is essentially open a new window, if I was doing the design. All requests to execute scripts, pop ups, download activeX's are treated with extreme suspicion. If it wears a black hat there's a good chance it's a bad guy.

deepsand
deepsand

For example, as I was typing another post, I received a pop-up telling me that I had incoming mail on one of my accounts. I do [b]not[/b] want said notice to be displayed as part of the content of this page; [b]nor[/b] do I want my e-mail program to assert itself by moving itself into the foreground, thus interrupting this task. I want to be both advised of said incoming message and not have the present task disturbed.

deepsand
deepsand

[b]Any[/b] keystroke combination that can operate on a window can be trapped by that window's application.

deepsand
deepsand

Yup; but, I found that suffered the same.

Tony Hopkinson
Tony Hopkinson

will do it as it will interupt any close / leave events. Graceful end from task manager may still fire onexit event handlers. Back in the days of IE without popup killer, I just used to hammer away at Alt-F4 worked most of the time.

deepsand
deepsand

While many malicious pop-ups trap all keyboard input, so as to re-direct efforts to close them to their desired action, I've yet to see one that could not be killed via Task Manager.

deepsand
deepsand

For example, I spend a great deal of time away from my machine of choice, so that I must use that which is available, as opposed to that desired. I am far from being alone in this respect. Furthermore, using the e-mail example, I have a strong personal preference for this particular web-based service, and much prefer to [b]not[/b] use a local e-mail client for anything other than the downloading & archiving of e-mails to be retained, for a number of practical reasons. And, is it practical & reasonable that the developer of an application, such as my e-mail, design that app. in a manner that is [i]not[/i] platform agnostic?

Jaqui
Jaqui

a "suite" browser, with email in it [ Seamonkey, Netscape ]. a small icon in the browser / sound effect when email comes in instead of whole new window. why should anyone have to have them separate apps when they can have their system running faster with less effort by using a suite browser? [ Mozilla's Seamonkey, same rendering engine as Firefox, with Thunderbird Email app, IRC chat client, address book, the foundation of NVU ( yes, Mozilla composer is the base that NVU is built on ), Dom inspector, java+javascript debugger, website reporter and roaming profile support all in one app. It uses less cpu and ram and hard drive space than Firefox alone does. for extentions [ sic ] all Netscape plugins work. and PDF viewing is built into it. no "extention" required. edited for typos. ( need coffee to early in the day. )

deepsand
deepsand

Using the situtation I related re. the notification of newly received e-mail during my typing a post to you, how would you handle that so that I both 1) received the e-mail notification, and 2) did not have my TR session disturbed?

Jaqui
Jaqui

can like popups all you want. I do not allow them, nor use any software that requires them. they are a 100% waste of resources. I don't even enable gui effects like notification bubbles that a lot of email monitoring apps have [ and im apps ]. tell me, why should your site double the system resources used just to display a new page of information? it should not. a popup is the same as a "Target _Blank" on a link in a site. and a popup window won't work on all browsers the same, so it's utter stupidity to use them. and keep alive is sucking data transfer capacity for no good reason. doesn't matter what was intended by it, be it maintain session or not, it's a waste of data transfer that costs the CUSTOMER more money.

deepsand
deepsand

A "keep alive" is an applet, generally used for security purposes, that is automatically launched when a site connection has been completed, that monitors, for example, keyboard activity, and automatically ends the session after a given period of inactivity has occured. As for your contention that pop-up content must be within the context of the appropriate window, I strongly disagree. For example, as I type this post, I have received a pop-up telling me that I have incoming mail on one of my accounts. I do [b]not[/b] want said notice to be displayed as part of the content of this page; [b]nor[/b] do I want my e-mail program to assert itself by moving itself into the foreground, thus interrupting this task. Iwant to be both advised of said incoming message and not have the present task disturbed.

Editor's Picks