Microsoft to block malicious adware such as Superfish from Windows PCs
An ad injection software that employs man-in-the-middle (MiTM) techniques will be blocked entirely in Windows, announced Microsoft recently. In order to avoid a similar situation to Lenovo’s Superfish scandal, the company wants to add a new security layer to its operating system to help improve the security of its Windows software ecosystem.
Starting March 31, 2006, programs that use things like injection by proxy or network layer manipulation, or change DNS settings will be categorized as malware by Microsoft and blocked. Microsoft will force all programs that employ the MiTM technique to use each browser’s extension model that can be easily removed by the user.
“Programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal,” Microsoft said in a blog post. “The choice and control belong to the users, and we are determined to protect that.”
Adware has long been an issue. Software running on Windows computers around the world create ads that are displayed across the operating system, including the browser. While there are several tools designed to remove adware, Microsoft says adware techniques have become more sophisticated.
“All of these techniques intercept communications between the Internet and the PC to inject advertisements and promotions into webpages from outside, without the control of the browser,” Microsoft said. “Our intent is to keep the user in control of their browsing experience and these methods reduce that control.”
In a blog post published today, Microsoft explains that the MiTM concept creates additional risks on a Windows computer because it could change settings that is impossible for the users to discover without any warning or notification that would enable the system administrator to block or remove them.
Earlier this year, it was discovered by the PC maker that the laptops were shipped with the Superfish adware pre-installed. The software injected sponsored links into users’ search results and installed man-in-the-middle certificates that would allow third parties to see users’ sensitive data.
In the case of Superfish, for example, removing the threat was indeed possible after Microsoft updated its security software (and so did the rest of antivirus providers out there), but a security hole continued to exist on Lenovo computers that could be further exploited by other ad injection programs.
Microsoft says that notifications will be provided so that every developer can find out and adjust software to meet the new criteria before the deadline. On March 31, apps that do not comply will be completely blocked and removed.