Is it acceptable to use ad blockers in the enterprise?

I’m a fan of ad blockers, but realize that might be a tad hypocritical given where some revenue for media is generated.

Ad blockers remain a huge point of contention across the internet. Their use can deprive content creators from much-needed revenue to keep their websites up and running. At the same time, ads have evolved to be so numerous and intrusive (and potential security issues), it can ruin the user experience and drive visitors from websites.

With recent changes affecting ad blockers in Safari and Chrome, traditional ad blockers no longer work the same—however, this only really affects consumers. Enterprise users can enjoy Chrome as it once was.

This led me to ponder whether it’s actually okay to use ad blockers in the enterprise, so here are two reasons I feel organizations should block them and one to maybe not.

Ads affecting device performance

The biggest argument for using ad blockers in the enterprise is around the subject of performance. Ads can consume a lot of resources and multiply that by however many different VMs one has in their environment and that’s a lot of waste.

Helge Klein gave a presentation at E2EVC 2017 on “How Websites Steal Your Machine’s Resources,” where installing uBlock on Chrome reduced CPU and RAM utilization by about 25% and lowered the number of connections per site.

Back in 2018, SwiftOnSecurity tweeted about blocking ads to reduce CPU usage in VDI environments, with sites using 45% of CPU until they started blocking ads.

A third example (trust me, I could keep going here) is probably one of Jack’s favorite articles to mention, one that covered website obesity. One article on NPR (from 2015, mind) was a single megabyte with ad blocker on and ballooned to 12MB when the blocker is turned off. Ads add to the load time of sites too, here’s 10 examples, along with how much memory consumed.


In addition to performance hits, ads haven’t shown themselves to be the most secure either, leaving an attack vector that hackers could take advantage of.

This is a common enough occurrence to get its own silly malware nickname, “malvertising,” which can affect both desktop and mobile devices. It’s a serious enough problem that a report from Q1 2019 found that nearly 1 in every 100 ads were malicious or disruptive. Not great when you consider most webpages have several ads on them. While most malvertising requires a user to click on the infected ad, some can go as far as forcing a browser redirect to a malicious webpage.

One reason to turn off ad blockers

As far as I can tell, there’s only one really good reason not to use an ad blocker: content creators’ bottom lines—It’s a big reason! This is where those who prefer using ad blockers can consider whitelisting and deploying ad blockers that allow so-called “acceptable ads.” Keeping an updated whitelist at enterprise scale might be difficult, though.

My thoughts on the subject

I use ad blocker’s myself; I’ve long seen the constant news regarding ads intruding upon users’ privacy and security. That said, I’ve been willing to whitelist sites I frequent, especially after testing out how their ads affect UX and performance. I’ve had some ads drive CPU usage up to 100% and slow an older laptop to a crawl—for those sites the ad blocker stays on.

Overall, the decision isn’t an easy one to make and there’s the tradeoff of content creator revenue vs user preference. Steven Sinofsky says, “I don’t block ads. I just stop visiting sites with invasive ads,” while SwiftOnSecurity deploys uBlock Origin on corporate desktops. 

Another aspect one can consider is the ethical implications of ad blockers. In an article for the University of Oxford, James Williams notes, “In reality, ad blockers are one of the few tools that we as users have if we want to push back against the perverse design logic that has cannibalized the soul of the Web.” In other words, using ad blockers is can be seen as a way of "voting" with your wallet.

For those working in enterprise IT, do you install ad blockers on every device or leave it up to individual users to make that call?

Dig Deeper on Application management

Virtual Desktop