Total Pageviews

Search My Blog

Thursday, March 12, 2015

RollAround Ads and You

The RollAround Ads (aka "PUP.Optional.RollAround.A" or any variant)

This is very disturbing!  As always check with a local computer technician expert on matters regarding your PC and safety.

So as some of you may or may not be aware, not only have I worked extensively on computer technology and electronics for a fair amount of my life including childhood, I'm also going to college where I'm learning even more about said technology and the concepts therein to become a fully capable, competent, and respected computer technician.  This is what I've done in the past, this is what I do for both a hobby and for education, and I am always happy to share my data with anyone who wants to inspect my work.

As part of being an aware computer-savvy technician, I'm always looking to new improvements to computer tech, as well as the network security news, and all matters related to consumer PC safety including online habits.  Before reading up on any new information, my first priority is to make sure that my own PC's, both my desktops and my laptops, run at their peak efficiency, and that they are all virus free, malware-free, and spyware-free (or at least, as much as humanly possible with scans runs on a somewhat frequent basis about once or twice a week, more if I find hidden viruses or malware previously undetected).

I've spent the last 72 hours determining the extent of the problem that exists with certain malware that has been showing up recently in my weekly security sweeps on my laptops.  The following information is for anyone that doesn't know about RollAround popups adware/malware.  Your anti-virus or anti-malware software may not even detect it for weeks, even months.  Mine certainly did not, and again I run security scans at least twice a week on my own computers, and at least bi weekly on the rest of the devices and computers on my home network.

At first, I had not heard about "RollAround" AdWare / Malware, so to me it's relatively new.  After extensive research, I have found that it's been around for years.  I don't know how far back it goes, but it was simply too disturbing to ignore.

From what I've read, "PUP.Optional.RollAround.A" or some variant disguises itself as a persistent cookie installed onto your computer via one of your favorite browsers, say Firefox for example.  You might be asking the same question I did when I researched this relatively new tracking tool, and you'd be right to say to yourself "I didn't opt to participate in this tracking cookie.  How do I get it off my system?  How did I get it in the first place?"  Well, that last part I'm working on for myself.  Apparently, just by visiting any site that uses these special persistent cookies, you've automatically agreed to it.  At least, that's how their legal terms and conditions states it.  You can always opt-out, and even block cookies specifically, but unless you REALLY know what you're doing, it can be a tedious task, and one that can change the way you access your frequently visited websites.  I was especially surprised that the community college I go to has this cookie on their website, and I have used both Google Chrome and Mozilla Firefox interchangeably, and have frequently deleted cookies to make sure my site visits aren't tracked, even marked the checkbox in Chrome and in Firefox "Do Not Track" or their respective equivalents.  Though, it's obvious that even my weekly scans haven't given me any indication up until recently that there was anything mischievous going on with my PC systems.  I had no clue whatsoever, and I had been constantly trying to figure out why my systems would run so sluggish.

RollAround malware/adware tracks everything from your online viewing preferences, to shopping habits, purchases, what sites you do or don't visit, even if the visit is accidental (So, even if you inadvertently click on an ad that sends you to that awful porn site, it'll track that and think that's your preference).  It can run even when you're not physically on your PC, but your computer is still running and connected to the internet.  This is another reason I like to turn off my PC nightly, but I haven't been because I want security and other updates to occur while I sleep.  There's always the option, if you have it available, of turning off all network traffic via your firewall, or disconnecting from the router or cable modem directly and physically.  However, that still doesn't solve the problem of what to do with this malware.

I truly thought I had a handle on it just yesterday after running three full and complete scans with both MalwareBytes' "Anti-Malware" scanner, and Norton Antivirus provided by my ISP Comcast / Xfinity (don't judge, I just prefer to NOT go with Dial-Up or DSL if I can help it).  For whatever reason, it keeps popping up on my system.  From what I've researched, these cookies can come from any number of [now questionably] reputable companies like Microsoft, Yahoo, and other companies with investments in online shopping, and online ordering, who want YOUR data, your shopping habits, your internet browsing patterns, what products and services you find interesting, what products and services you don't buy, etc.  While this is NOT a new tactic for businesses, what is new is the legal loophole that they've all found to install software onto your computer without your knowledge, and then leave an opt-out open for anyone who doesn't want their data tracked, but even using that tool doesn't guarantee that your information, your browsing habits data, won't be tracked by other companies who use the same technology.

So here are your options from the way I see it after trying to either deal with or remove this garbage from your PC (and mine when I encounter it in my scans):

  1. Accept it.  It's pretty safe to say that this new legal technicality where just by visiting a website, your data on a site you've visited or are visiting, even by accident, could be tracked, even if everything you do tells that site you don't want to be tracked.  By now, it's fair to say it's a standard practice for nearly every company that does business online to use this tracking software.  Even non-internet businesses, reputable business use this strategy when concocting advertising and sales.  There is the supposed idea that your data is kept confidential, but I question that when I get dozens of ads unrelated to what I'm viewing.  For better understanding of this practice, I suggest watching the episode "Attack of the Killer App" from the TV series "Futurama" (available on Netflix as long as Netflix doesn't replace it with something crappy).  Although the episode features technology slightly different from a PC, the message in it is clear.  You want convenience?  You pay a price.  This is that price!
  2. Go "Off the Grid".  Put your tin foil hats on, because conspiracy theorists are gonna go ape-shit over this.  Like I said earlier, this practice is not new, but the way it's being done is relatively new from the perspective of a computer / internet consumer.  Many people, fed up with the way their data is being collected, dissected, analyzed, and processed into relevant ads for their personal preference, will often take to "cutting the digital cord" by not using any and all electronic devices, including computers, tablets, smartphones, etc.  Even using their old TV could be "beaming commercial ads into your brain" while you sleep.  I have personally never believed that last part, but if you feel you can handle being off all electronic devices, more power to you.  Though as I said before, this practice is still in use offline as much as it is done online.
  3. Customize your online experience.  There are ways to limit what data is collected, tools that have been (only recently) built into consumer grade internet browsers.  Tools like "private browsing" where no cookies are stored, no data is shared, and your browsing habits are only minimally tracked, if at all.  I've not yet had a chance to test this option specifically to verify that is what happens, but since it's my job to know what internet-related news including network security threats are out there, I might for one week try this method of "private browsing" and see if it works.  Though, you can, without going to "private mode", "incognito" or "InPrivate Browsing" depending on your preferred browser, customize your browsing software to accept cookies only from certain sites, especially from those specific sites you frequent the most so that the accidental click of a pornographic ad won't lead to your browser sending personal data about your "accidental" porn viewing habits.  While I disagree on some of those clicks being "accidental", it does happen even to the most careful user where they'll click on an ad that leads to a pornographic website.  There are other ways, other software that is designed to block ads so that this doesn't happen to you, but now it's just getting convoluted and complicated to keep your browsing data from being collected, even "accidental" data being transmitted.
  4. Run Anti-Malware, Anti-spyware, and antivirus scans regularly.  This should go without saying.  Be self-conscious about internet safety.  Like myself, you may have been as careful as you could possibly be, but that ONE accidental click could end up putting you in a compromising position of having to explain why suddenly your PC now redirects to pornographic websites to your significant other, your loved ones, etc.  While that may or may not be difficult depending on how well your loved ones know you, it doesn't hurt to do the prudent thing and run scans at least once every two weeks, or more frequent depending on your online viewing habits, just to be safe rather than sorry.
On a final note, this practice is how companies as well as would-be identity thieves and scammers are able to send targeted spam email (and regular snail mail) to your inbox, attempting to sway you into either buying their ridiculous product, or getting suckered into a scam that costs you all of your finances.  Just because you practice safe internet browsing doesn't mean everyone else who uses your PC will do the same.  As I found out, even (supposedly) reputable companies are not honoring their commitment to keeping your data confidential and safe.  They'll sell it to whomever they can, even to lowest bidders, just to get that extra $1.25 per click.  

So, do us computer technicians a favor.  When we attempt to help you with cleaning your PC system, be honest.  Even with those "accidental" clicks on porn ads, that information could be extremely helpful in finding out why your system is being infected so aggressively and frequently.  We're not here to judge you, make fun of you, or embarrass you in front of others like your family or friends, we're here to help.  If there's been a mistake in online internet browsing, own up to it.  Even if you don't think ANYONE in your household has done so, admit the possibility that mistakes do happen.  I've long thought, and am still a believer in the fact that computers do not make mistakes.  Humans often do, even if they're not totally aware of it.  

I'll do my best to keep you all updated on this and other internet/computer/network security related tips.  Please feel free to comment.  If you'd like me to answer a question, or research a related topic, please feel free to email me at "".  Thank you!