There have been a couple of recent posts in which I have eschewed dropping link credits because of the astonishingly bad nature of the net neighborhood I’d have been sending you to, with a link. Apparently my last aside about this alarmed Dr. Whiplash, when I wrote:

I found it at another one of those Russian sites where the malware-installing popups are particularly aggressive. My ice is good, your ice may not be so good, and they aren’t exactly the original photographers in any case, so my sense that I ought to link-credit them is outweighed by my sense that I ought not to give them the chance to trick you into installing their bot-net software irreversibly into your registry.

Rhetorical excess on my part? Probably. But mostly defensible, I think. Dr. Whiplash asked, fairly enough, in a comment:

Bacchus, I’ve been reading your blog long enough to know that you are WAY more computer-savvy than I am, and in fact, are one of the wisest, most experienced, ‘puter/net sherpas that I know of. Therefore, on behalf of those of us in that small segment of interwebs-challenged folk in your blog family, could you please take a moment to tell us a bit more about the bot-net danger? I’m completely in the dark here…

Also, being as you are not one known generally to mince words… did you really mean irreversibly? My computer is only protected to just a SLIGHTLY above average level, and now you’ve got me afraid of doing some of the normal porn-surfing that I enjoy (branching off on some of your links), that can get pretty far away from the original source sometimes.

Flattery aside, it was a fair set of questions, and by the time I’d answered them, I realized I’d written a blog post that deserved not to be buried in the comments. So, I’m promoting the bulk of my answer to this post.

First of all, I don’t mean to be a fear-monger. And my info may be somewhat out of date. I’m not a tech guy, I’m just a guy who spends way to many hours every day at his computer.

I’m running a current and automatically updated version of a comprehensive security package from Norton on an old but updated version of Windows. I’m pretty secure, but from time to time, stuff slips through.

Generally, if I make no human errors, nothing seriously bad can happen; the security packages are pretty good these days if you let them keep themselves up to date. Typically you have to consent to some sort of very unwise install for the worst of what happens below to occur; but some of the popups can be very misleading/persuasive if you aren’t viewing them with top-level skepticism.

The range of threats range from annoying pop-ups and pop-unders of those robot ads pretending to be girls wanting to chat with you that won’t go away, all the way to a comprehensive spyware root kit that installs itself so thoroughly (with encrypted hooks in your registry and auto-restarting processes that hunter-kill anything that looks like new anti-spyware processes starting up) that they are very very very difficult to uninstall. I won’t say “impossible” — the one time I got one of these, it took me three hellish days, but I succeeded. However, I know other serious computer users who claim they were defeated and had to “nuke it from orbit, it was the only way to be sure” — which is to say, reformat their hard drives and start over. And I know many, many people who are not “power user” types whose mode of death for the last computer they owned was “It got all junked up with popups and stuff so it wouldn’t boot any more, I stuffed it in the closet.”

The bot-net thing is a particular payload that comes with the worst of these root kits; it hasn’t ever happened to me. That’s a set of software instructions that gets on your computer and connects to the net and waits for further instructions; essentially, it makes your computer into a low-level criminal zombie machine. Then when some cracker needs 10,000 or a million computers to carry out a denial of service attack or to break some password at a bank that only allows three guesses from any one IP address, he just rents 10,000 or a million infected zombie machines from the guy who “owns” the infested zombie network that includes your machine.

Google has a concept about “bad neighborhoods” on the net when it comes to this stuff, and so do I. You can tell before the popups ever start popping up, usually, when you’ve entered a bad net neighborhood, just by the types of ads on display and the confusing ways they are mixed in with the links you are looking for. (A good way to see this is to pick a recent-release movie and google it in concert with “free download” or “torrent” — proceed at your own risk! — for skilled professionals only, drivers on closed track, do not attempt at home.)

When you are in a bad net neighborhood and the popups and popunders are accumulating at the fringes of your browsing experience like wolves around a dying moose, the basic rule is like when visiting fairyland: “Don’t eat the food, don’t drink the wine, and don’t agree to nuthin’.” Kill every window you didn’t ask for with the x the OS provides, making very sure you aren’t being fooled by an imposter; and if that’s not possible, kill the browsing session with {ctr-alt-del}. If that’s not possible, power down your box, as gently as possible but as firmly as necessary. The “yes/no” boxes and variants on them are never safe, because they can be jiggered behind the scenes so that whatever you think you are clicking on, you actually clicked on the overlay for the button that gave permission to install the root kit.

From long experience of talking about this sort of thing, I can predict that it may be followed by comments from people using (1) operating systems other than windows; (2) non-standard browsers; (3) specialized browser plugins; or (4) other specialized security software. These people will explain how they never have such problems. Some of them will be trying to be genuinely helpful; more will be displaying smug superiority. All will be missing the point with respect to me personally; if I depart too much from the basic-windows standard-browser mainstream that most of my readers will always be living in, I’ll lose the ability to detect when I’m in one of those bad neighborhoods. And that would be bad.