....so the popup advertisers write code that tricks the computer into thinking the user has clicked a link to create the popup.
I find that concept particularly scary. Isn't it just a step or two away from tricking the computer into thinking it's clicked on an "Okay to install"?
That's the whole point behind a "drive by download," making the compute believe you have clicked a link to download a file. Many computer malware distributing Web sites do exactly that.
On Windows, it's also possible to trick the computer into believing you have clicked the "install" button once the download has happened, which is how silent installs work. On the Mac, it's harder to do this, for technical reasons (Windows has a common event stream that all apps are informed of events from, so a malicious application A can make another application B think that the user has clicked buttons, whereas on the Mac, each application has its own event stream; the browser can not trick the Installer program into thinking the user has clicked the Install button).
