The ban targets adware that uses man-in-the-middle (MITM) techniques or changes DNS settings to place ads in users’ browsers. The move from Microsoft, which will be in effect from March, comes several months after Lenovo’s controversy surrounding the Superfish adware.
These methods are used by software writers to intercept users’ browsers to inject advertisements. Though they’re usually not intended to harm a PC or overtly snoop on its user, they can easily hi-jacked by a malicious actor to snoop on communications or place their own malware.
“Our intent is to keep the user in control of their browsing experience, and these methods reduce that control,” said Microsoft in its announcement on Monday.
From March 31, any programs that place advertisements in a browser must be a plug-in that can be easily removed by the user. “[Programs] that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal,” it said.
For example, the Superfish adware could be removed by someone with a Lenovo laptop, but the potential vulnerability would remain behind. Lenovo released a removal tool to address this more efficiently soon afterwards.
“We encourage developers in the ecosystem to comply with the new criteria,” said Microsoft’s Barak Shein and Michael Johnson. Developers have been given “ample” warning they added in order to get their programs in line with the new rules. If not, Microsoft will detect and remove the programs.
Since the Superfish problems, Dell has experienced its own issues with pre-installed software that potentially put users at risk. In the wake of these controversies, PC makers have found themselves under increasing pressure to ensure the security of their pre-loads. These new rules from Microsoft are hoped to push more developers and manufacturers in that direction.
