Strongly disagree since I feel there is misinformation and a very strange perception as to where the onus of protection should come from.
The reason that the bad advertisement issue is such a big problem is that very often the anti-virus programs simply don't work on the malware being served. The exploits used either aren't in the definitions database or the AV has a blindspot.
It's also very difficult to be running without an anti-virus on a modern computer. Windows Defender doesn't always rank the strongest, but it's certainly competitive with other AV solutions, and Windows will nag-nag-nag if you don't have what it considers to be an active AV installed. It's not the early 2000's anymore when you had to find a good AV - for the most part, if you buy a modern computer, there are AV protections in place already.
As is such, these aren't users thumbing their nose at safety and running around unprotected, these are people who have a reasonable expectation to not be served malware by reading an article at Forbes.
Simply put, regardless of how you're doing it, you should not be serving malware to people. If your site is the vector, you have a responsibility to deal with it, and ignoring this, as many sites have done, is an ethical breach. Malware can and does do harm, sometimes in the form of lost data and lost money. Ensuring you're not serving up malware isn't just in the lines of "good citizen", it's a duty to not harm - the people affected by the malware have no recourse in virtually every situation. If it's ransomware, they either have to hope that it's poorly made and gets broken, if their machine is otherwise unrecoverable, that data is lost.
Forbes and the other sites that are proposed to be blocked may be getting fingered right now, but the complaint is a larger complaint about advertising; as participants who are not working to clean it up, I think users have every right to be upset and to call it unethical - the response that they're receiving is, well, no response. The websites don't care.
All that being said, I'm actually fine with them putting up an ad-wall, as it kind of forces them to put their money where their mouth is. Part of the change that will need to happen is to show the sites that consumers don't want to put up with dangerous ads and to prompt action, and ad-walls pretty much force a boycott if users want to continue using adblockers. This will give them the metrics to see the effect that bad advertising has, and hopefully prompt change.
But, I still think that you have an obligation to ensure your website is not a hazard, regardless of how it became one. "Everyone else is doing it" isn't a defense, especially when it causes real and immediate damage to potentially thousands of people.
I'm still waiting to see an argument for why a content provider who is making something available to others for free and without obligation has any obligation in return, either legally or ethically, beyond the same basic decency that we all owe to each other. I think a site that is neither actively malicious nor grossly negligent has satisfied that basic decency requirement.
Ultimately, it's just not realistic to expect every little store and niche blogger to either monitor every third party service they depend on full-time just to protect the users who are giving them little if anything in return or to discontinue using any third party services that are technically capable of distributing malware. The former is demonstrably impossible anyway, and if you take the latter to its logical conclusion you undermine substantial parts of what has made the modern web so successful, far beyond using ads as a revenue stream.
Put another way, malware writers themselves may be the scum of the earth, but I don't see why someone writing a blog about how to bake cakes and using a well-known and generally reputable ad network to fund the hosting costs is any more ethically responsible for the consequences of a malware incident than, say, a browser developer whose also freely offered product had a vulnerability that could be exploited in the first place. I don't see anyone calling for any browser with a track record of serious security vulnerabilities (which is all of them, of course) to be banned to protect users from malware, though.
an argument for why a content provider who is making something available to others for free and without obligation has any obligation in return, either legally or ethically, beyond the same basic decency that we all owe to each other.
A grocery store handing out free samples still has an obligation to make sure it's not contaminated, and I really don't buy idea that "don't send people malware" is significantly less a part of a common decency than "don't feed people tainted food" is.
If the malware was created by and distributed by the site hosts, that might be a reasonable argument.
But of course, it isn't. In fact, there is no way the site owner can guarantee to avoid the indirect distribution of malware without ceasing all use of third party resources on their site.
Given the usefulness of third party resources (not just ad networks) and the relative rarity of malware being distributed through those channels, I don't think the argument that the only decent choice is to eschew all the third party functionality of the modern web is reasonable here.
The reason that the bad advertisement issue is such a big problem is that very often the anti-virus programs simply don't work on the malware being served. The exploits used either aren't in the definitions database or the AV has a blindspot.
It's also very difficult to be running without an anti-virus on a modern computer. Windows Defender doesn't always rank the strongest, but it's certainly competitive with other AV solutions, and Windows will nag-nag-nag if you don't have what it considers to be an active AV installed. It's not the early 2000's anymore when you had to find a good AV - for the most part, if you buy a modern computer, there are AV protections in place already.
As is such, these aren't users thumbing their nose at safety and running around unprotected, these are people who have a reasonable expectation to not be served malware by reading an article at Forbes.
Simply put, regardless of how you're doing it, you should not be serving malware to people. If your site is the vector, you have a responsibility to deal with it, and ignoring this, as many sites have done, is an ethical breach. Malware can and does do harm, sometimes in the form of lost data and lost money. Ensuring you're not serving up malware isn't just in the lines of "good citizen", it's a duty to not harm - the people affected by the malware have no recourse in virtually every situation. If it's ransomware, they either have to hope that it's poorly made and gets broken, if their machine is otherwise unrecoverable, that data is lost.
Forbes and the other sites that are proposed to be blocked may be getting fingered right now, but the complaint is a larger complaint about advertising; as participants who are not working to clean it up, I think users have every right to be upset and to call it unethical - the response that they're receiving is, well, no response. The websites don't care.
All that being said, I'm actually fine with them putting up an ad-wall, as it kind of forces them to put their money where their mouth is. Part of the change that will need to happen is to show the sites that consumers don't want to put up with dangerous ads and to prompt action, and ad-walls pretty much force a boycott if users want to continue using adblockers. This will give them the metrics to see the effect that bad advertising has, and hopefully prompt change.
But, I still think that you have an obligation to ensure your website is not a hazard, regardless of how it became one. "Everyone else is doing it" isn't a defense, especially when it causes real and immediate damage to potentially thousands of people.