By that logic it's more like an argument for disabling JS entirely - there is nothing about this that's specific to ads, and the reporter has speculated that it was placed by an attacker and only disguised as an ad.
Not executing any JS is safer, sure, but that's beside the point. If you strive for absolute security, power off your computer and never touch it again. This is about what you can do to improve the situation without impairing usability.
An adblocker doesn't impact usability (in most cases, it improves it significantly, through lower page load times and less space occupied by non-content), but prevents the vast majority of malvertising. Blocking all Javascript blocks all of them, but makes the modern web nearly unusable.
Unfortunately, an adblocker impacts income of site owners.
Otherwise, I would have used these programs since a long time, but now my conscience does not allow it.
Well, they can ask my conscience to not run an adblocker because otherwise it impacts their income. If it was just that.
But they cannot ask my conscience to open myself up to security issues because otherwise it impacts their income.
(note that I have read the rest of the thread and am aware that simply running an adblocker wouldn't have prevented this exploit)
(second note/disclaimer is that I do run µBlock, for the personal reason that I feel they also cannot ask my conscience to open my attention to energy-draining distractions because otherwise it impacts their income)
I don't want to get into a discussion about ad-based business models and the moral discussion. For me, the trade off definitely favours security. I also just can't concentrate when the page is littered with flashing ads. Thus for me, alternative to adblockers is not seeing ads, it's not visiting the sites because I'm not willing to put up with that for content that very like isn't worth the ad bombardment.
I do block JS by default. If it's a site that won't render something readable without JS, I usually just move on. If it's one that I really need to interact with I'll enable it for that site, which does open some risk, but this approach generally makes drive-by exploits less likely.
