Regardless of how you feel about Web advertising, the
Internet as we know it wouldn’t exist without it. Advertising is a huge revenue
source on the Web, and only a naive technology purist would think that a major
Internet company could survive without this income.

Personally, I’m no fan of Internet advertisements and wish
they weren’t a necessary evil, but I accept the fact that they must exist for
the Internet to function as it does. Like it or not, advertising is part of the
Internet food chain.

But despite a general lack of interest in Internet
advertising, it will continue to exist as long as advertisers feel they’re
getting a return on their investment. And companies such as Google and Yahoo
will exist as long as they can sell ads. Even anti-advertising has become an
industry as more and more products and services designed to block or remove
advertising become available.

Admittedly, I almost never click an advertising link—and I
don’t think I’m in the minority—but that’s simply how things are. However,
without even taking this general apathy toward advertising into account, many
conflicts between Internet advertising and Internet security already exist.

With so many scams and misinformation on the Internet,
companies and people increasingly mistrust Internet content, and advertisements
are no exception. In fact, I believe there will eventually be a point of
diminishing returns. Internet security isn’t getting better; it’s getting worse—for
both users and advertisers.

Frustrated by glaring security weaknesses in Internet
software, particularly Microsoft’s Internet Explorer, many users are disabling
scripting, add-ons, and other features that companies rely on for delivering
ads. Many are also switching to browsers that disable features used by
advertisers by default.

As consumers become more security-conscious, legitimate
Internet advertisements are becoming collateral damage. And that’s saying
nothing of all the ad-busting software and proxies making a dent in advertising
revenue.

Even more alarming is the preponderance of
“click fraud” currently going on. While many Internet companies
report that their advertising revenue is up, you have to wonder about the
amount of real sales generated for advertisers.

The dirty truth is that no one can really pinpoint the true
amount of fraudulent hits generated by “click-through” and
“autosurf” programs, which artificially inflate advertising numbers.
And while advertisers continue to try to stop fraud and deliver legitimate
advertisements, others are working just as hard to figure out how to block the
advertisements, find ways to defraud the advertisers, or even set up fake
Internet companies to run fraudulent ads and steal money from consumers.

In my opinion, this advertising vs. security “cold war”
is going to get ugly, and everyone stands to lose. Google recently reached a
settlement in a class-action lawsuit over alleged click fraud, and Yahoo settled its
own click-fraud case last month. Meanwhile, fraudsters
continue to eat into these companies’ revenues.

This is a battle on multiple fronts, and there will eventually
be a standoff; I predict it’s coming within the next two to three years. On one
front, we have the Internet advertising companies spending more money than they’re
earning, trying to justify legitimate advertising clicks. On another front, users
continue to secure computers by disabling ActiveX, JavaScript, and add-ons such
as Adobe Flash, a practice that reduces the effectiveness of advertisements in
general.

Other users are simply blocking advertisements using other
methods, often with the assistance of their own Internet service provider. And let’s
not forget about all those malware authors and other fraudsters resorting to
more and more nefarious methods to ensure their illegal activities continue to
earn revenue.

In my opinion, the Internet is due for a massive shakeup,
and I think it will come down to a battle between security and advertising. It
all boils down to trust—or rather, a growing lack of it—from Internet users.

I’m not surprised that some people are opting not to use the
Internet at all—the costs of insecurity can far outweigh the benefits. I’m not
surprised that major ISPs, looking for new revenue streams from Internet
companies, are exploring the hotly debated concept
of Net neutrality. And I’m not surprised that fraud on the Internet is
increasing, further eroding users’ trust—and consequently companies’ profits.
What does surprise me, however, is that so few people even grasp what’s truly
at stake.

Miss an issue?

Check out the Internet Security Focus
Archive, and catch up on the most recent editions of Jonathan Yarden’s
column.

Want more advice for
locking down your network? Stay on top of the latest security issues and
industry trends by automatically
signing up for our free Internet Security Focus newsletter, delivered each
Monday.

Jonathan Yarden is the
senior UNIX system administrator, network security manager, and senior software
architect for a regional ISP.