Microsoft is Banning the Adware Method

The type of dangerous adware that Lenovo pre-loaded on PCs earlier this year will soon be banned entirely from Windows devices.

In a post on its TechNet blog (via Engadget), Microsoft said it will no longer allow ad injection software that uses “man-in-the-middle” techniques, such as injection by proxy, changing DNS settings, and network layer manipulation. Microsoft will begin enforcing the rules on March 31, 2016.

Once the policy goes into effect, adware will only be allowed through browsers’ official extensibility methods. In other words, if you want to see adware in Chrome for some reason, you’ll have to go to the Chrome Web Store and install it yourself. You’d then be able to uninstall the adware just as easily through Chrome’s extensions menu.

As seen with Lenovo’s Superfish scandal, “man-in-the-middle” adware isn’t just intrusive, it can also pose a security risk by replacing the certificates websites use to keep your data safe. In the case of Superfish, the software generated its own root certificate so it could intercept traffic from secure sites and overlay its own ads on the page. If hackers were to gain access to this certificate, they’d be able to spoof secure websites and steal sensitive data.

Although Microsoft and other anti-malware vendors shut down Superfish months ago (and Lenovo vowed to stop shipping PCs with third-party bloatware entirely), the new policy tackles the underlying issue by reclassifying the criteria for adware. “The choice and control belong to the users, and we are determined to protect that,” Microsoft said.

Related posts

The Imperative of Robust Business Continuity Amidst Technology Disruptions

Closing the Cybersecurity Skill Gap: The Crucial Role of GenAI in Training and Supporting Cybersecurity Professionals

Enhancing Supplier Security Monitoring with AI and ML

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More