If webpages are as big as DOOM what are we downloading? #cybersecurity

I recently read that the average webpage in April 2016 is more than 2MB in size i.e. as big as the Zip file to install the classic first person shooter DOOM. In an article The Web is Doom by Ronan Cremin (who represents dotMobi at the World Wide Web Consortium W3C) he points out that
Recall that Doom is a multi-level first person shooter that ships with an advanced 3D rendering engine and multiple levels, each comprised of maps, sprites and sound effects. By comparison, 2016’s web struggles to deliver a page of web content in the same size
average webpage is the size of DOOM
source https://mobiforge.com/research-analysis/the-web-is-doom
The figures were debated in the comments, and the writer recognized that there were differences of opinion whether the average was meaningful, or if it had been skewed by outliers, and if the median size would have more useful than the mean size.
In any case, the fact remains that there are many huge webpages on the Internet. I wanted to find out what makes these webpages so large, so I went to the source, httparchive.org, and found this helpful breakdown of the average page, by content type.

average bytes per page by content type
source http://httparchive.org/interesting.php
Most of the time the culprit is huge images, which isn't surprising. But look at the top right corner and you'll find Scripts averaging 358 kB. These are probably ads, but I started to wonder what else these scripts could contain as well, and whether this was a significant size. 
source https://nakedsecurity.sophos.com/2010/07/27/large-piece-malware/

In June 2010, Robert Poston of SophosLabs calculated that the average size of a malware package was 338 kB. This number should have increased since then, but it should still be within the range of the average size of scripts on an average webpage.
This is my hypothesis:
Because of the trend of bloated webpages containing large graphics and scripts, end users have gotten used to large download sizes, and thus would not notice if they were downloading malware at the same time.
I welcome comments on this, especially from experts who can weigh in.


Popular Posts