If it's simulating clicks on every ad, what is its mechanism for protecting a user's client from ad-delivered malware that has now been activated without the user's knowledge?