Microsoft Bans Man-in-the-Middle Adware

December 30th, 2015 by Rocket IT

Microsoft has announced an update to their adware policies on the heels of the Lenovo Superfish scandal. Lenovo recently came under fire when security researchers uncovered Lenovo was shipping out computers to customers with software that injects ads into websites installed. Needless to say, consumers weren’t entirely happy when they discovered this.

Software like this one pre-loaded on Lenovo machines, Superfish Visual Discovery, inject ads using a middle man method. They install self-generated root certificates in the Windows certificate store to trick Windows into thinking unsafe websites are actually safe. This alone is pretty bad, but it also leaves Lenovo computers vulnerable to other malware and hacking attempts. It not only dumps unwanted ads on you, but it also means that anyone using the faked Superfish security certificates can make sure your computer can’t tell when you’re visiting a forged site.

Lenovo has since said they will stop sending out their computers with third-party bloatware like Superfish, but that’s not enough for Microsoft and other vendors who are now reclassifying the criteria for software to be considered adware to protect their users.

Microsoft announced that it will no longer allow ad injection software that uses this “man-in-the-middle” technique, and they will begin enforcing this on March 31st, 2016. Programs must notify you through your browser when they want to install, disable, or execute programs. Any software that tries to download or install something without letting you know through your browser will be blocked and marked as adware.

What does this mean to you?

Adware will only be allowed via browsers’ official methods – meaning if you want to have adware for whatever reason, you have to install the extension in your browser’s store yourself. We wouldn’t really recommend it.

“The choice and control belong to the users,” said Microsoft on the TechNet blog. “And we are determined to protect that.”

To learn more about Microsoft’s new policy, read their announcement on the TechNet blog here.

 


 

MB About the Author-

 Michael Bearchell lives with his wife and three children in Gwinnett County. He is an Inside Support Technician at Rocket IT and has found out the hard way that it is  tough being a New York sports fan in the south.

 

CTA Infographic 7 Ways PreviewWe’ve all heard stories of wayward IT consultants holding critical company information or other resources for ransom. This is one of the biggest concerns we hear from potential clients. There are several ways you can protect yourself and your business when you outsource your IT. Download our FREE infographic to learn the 7 Ways to Avoid Being Held Hostage by Your IT Consultant here.