New Microsoft adware rules could catch a haul of Superfish

23 Dec 2015

PC makers were putting adware on machines that changed their security settings, potentially opening consumers up to cyberattacks

Microsoft has revealed that it will detect and remove insecure adware from Windows PCs in 2016.

Following the embarrassing Superfish debacles at Lenovo and Dell, Microsoft has moved to introduce new rules whereby adware on Windows will have to be easy to remove and not affect or hijack users’ settings or connections.

Lenovo, for example, was forced to apologise after it shipped PCs with Superfish bugs that, while pushing ads to consumers, also left their PCs vulnerable to cyber attacks.

Here fishy-fishy

Microsoft said that it will no longer allow adware that uses “man-in-the-middle” hacker techniques such as changing DNS settings.

From 31 March 2016, Microsoft will update its adware objective criteria, requiring that programs that create ads in browsers must only use the browsers’ extensibility model for installation, execution, disabling and removal.

“Ad injection software has evolved, and is now using a variety of ‘man-in-the-middle’ (MiTM) techniques,” explained Barak Shein, senior program manager, Microsoft.

“Some of these techniques include injection by proxy, changing DNS settings, network layer manipulation and other methods. All of these techniques intercept communications between the internet and the PC to inject advertisements and promotions into web pages from outside, without the control of the browser.

“Our intent is to keep the user in control of their browsing experience, and these methods reduce that control,” Shein said.

Fishing trawler image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com