Don't tune out when you plug in

16:00, Nov 22 2013

My mate Dave is a vinyl freak. This doesn't mean he dresses up in PVC or collects retro kitchen furniture from the 1960s, rather he loves the sound of old school vinyl records.

In his old Berhampore house he's got a room set up for enjoying the rich and warm sound of records. It's a classic shoe box shape with an old roll arm sofa at one end and a mountain of Hi-fi gear at the other.

He's got a 20-year-old Linn turntable, Naim pre and power amps and a pair of flat panel Magnepan loudspeakers. And it sounds bloody brilliant.

I dropped in on him a few weeks ago and he was in a dark mood having recently invested in an external phono stage plug-in.

This plugs in between the turntable and the amplifier and is meant to deliver the listener a warmer sound than his on-board jobbie. In his case it had made his pretty flash system sound tinnier than a canning factory, and he reckoned it made his amp overheat as well.

It gave Bruce Springsteen's "Nebraska" a sound much closer to the Wiggles than The Boss ever intended.


Plug-ins aren't just restricted to the audio world. On the web they are a big thing.

Typically they refer to something that bolts onto an existing piece of software with the objective of improving performance.

When it comes to website browsers - like Chrome or Internet Explorer or Firefox - plug-ins are known as extensions and extend functionality in some way. A plug-in might deliver a more visual browsing experience, or speed up the performance of regular tasks.

The majority of browser plug- ins are useful - but not all of them.

At Trade Me we recently experienced some weirdness that had us scratching our heads until we realised it wasn't us, but the result of malicious software (known as malware) taking the form of a dodgy browser extension that a bunch of our members had chosen to download onto their browser.

The impact was alarming. Users would be browsing pages on Trade Me viewing normal listings for household and recreational goods, but the listing would randomly display pornographic images.

So instead of a photograph of a kitchen whiz, a whizzer of quite a different sort would be displayed.

The heavy lifters in our infrastructure team threw themselves at the problem and after eliminating the various possibilities like malvertising or hacking, discovered that the people who experienced the offending images had something in common.

They had all unknowingly downloaded a piece of malware when they last responded to an email inviting them to upgrade their browser.

The motivator - as is normally is for dodgy stuff on the web - was money.

The plug-in had manipulated people's browsers to show certain images and destination URLs, effectively forcing the ads on people without their (or our) permission.

The scam drew revenue for an online pornography business - think of it as mass force-fed advertising.

And while it would disturb and upset many, it would also likely send an avalanche of traffic to the website.

Plug-in scams are increasingly common. In one recent malware attack, Facebook users were tricked into downloading rogue Chrome extensions advertised as legitimate upgrades. Users downloaded a Flash player which gave scammers unconstrained access to the victims' Facebook accounts. Not flash at all.

As well as Facebook, it's recently happened to the Canadian Broadcasting Commission and the PBS Kids website in the USA. Here in New Zealand they have taken the form of fake emails or social media messages encouraging people to download extensions to get Playstation 4 free online or info as to whom has viewed their Facebook profile.

The good news is that these scams are easily avoided.

First, if you start seeing weird or inappropriate ads on websites there's a fair chance you've been targeted. You should go to your "options" menu in Internet Explorer (or "settings" menu in Chrome) and disable recent extensions.

Second, if you get an email inviting you to install a browser extension or a new Flash player, be wary.

You should Google the title text from the request to find out if it is associated with a scam before proceeding.

Third, you should only install browser extensions from known companies like Google and Mozilla - this means going to the vendor's website and installing directly from there (and reading reviews first).

Finally, there is a bunch of good free PC check-up programmes you can run your lappie or desktop computer through - Bellguard Internet Security and Microsoft Security Essentials are a good place to start.

My mate Dave reckons you take a risk anytime you add a plug-in to your hi-fi system.

The same isn't necessarily true of web plug-ins, but if you want to avoid hitting some off key notes during your web surfing you'd be well-advised to do your homework before you plug anything into your browser.

Mike "MOD" O'Donnell is a professional director and chief operating officer at Trade Me. His Twitter handle is
@modsta and he owns a lot more vinyl than his wife is aware of.