Microsoft announced this week that starting from 31 March 2016, any ad injection software using man-in-the-middle (MiTM) techniques will be automatically considered as malicious adware and removed from users’ machines; Examples of such techniques are changing DNS settings and injection by proxy.
According to Microsoft’s official statement in a blog post, it updated its Adware objective criteria and require that: “Programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal.” Microsoft also added that these programs are expected to comply with the new criteria, or face the risk of being detected and removed as malware.
Microsoft stated that it is intended to “keep the user in control of their browsing experience”. MiTM techniques can intercept communications between the Internet and PC to inject advertisements into web pages from outside, without the control of the browser or users. For example:
“Most modern browsers have controls in them to notify the user when their browsing experience is going to change and confirm that this is what the user intends. However, many of these methods do not produce these warnings and reduce the choice and control of the user.”
Adware has been an issue for quite a long time, and not only it is because of those annoying ads that pop out across the computer, but some of these software can also make computers vulnerable to cyber-attacks.
The most prominent situation that involves adware was probably the Lenovo Superfish incident. In early 2014, Superfish was pre-installed on some Lenovo computers, and it falsely presents itself as an official website certificate. Superfish also made those computers susceptible to hackers thanks to its large security holes.