Microsoft's taking on malicious adware at the system level in Windows 10

Microsoft is expanding its efforts to improve security in Windows 10, with its latest move set to adjust its Adware objective criteria to address the rising concerns over man-in-the-middle techniques being used to serve ads. From Microsoft:

Ad injection software has evolved, and is now using a variety of 'man-in-the-middle' (MiTM) techniques. Some of these techniques include injection by proxy, changing DNS settings, network layer manipulation and other methods. All of these techniques intercept communications between the Internet and the PC to inject advertisements and promotions into webpages from outside, without the control of the browser. Our intent is to keep the user in control of their browsing experience and these methods reduce that control.

There are many additional concerns with these techniques, some of these include:

  • MiTM techniques add security risk to customers by introducing another vector of attack to the system.
  • Most modern browsers have controls in them to notify the user when their browsing experience is going to change and confirm that this is what the user intends. However, many of these methods do not produce these warnings and reduce the choice and control of the user.
  • Also, many of these methods also alter advanced settings and controls that the majority of users will not be able to discover, change, or control.

To address these and to keep the intent of our policy, we're updating our Adware objective criteria to require that programs that create advertisements in browsers must only use the browsers' supported extensibility model for installation, execution, disabling, and removal.

Essentially, Microsoft's renewed focus is meant to address precisely the problems inherent in Lenovo's "SuperFish" debacle from earlier this year by restricting the serving of ads to the browser only, cutting off OS-level methods. This should have the ultimate benefit, alongside other improvements in Windows 10 and Microsoft's overall ecosystem approach, of making Windows much more secure overall.

Enforcement of the new criteria is set to start on March 31, 2016. For much more, be sure to check out Microsoft's full blog post at the source link below.

Source: Microsoft (opens in new tab)

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

  • What about ads within apps from the windows store? Those are applications, not a browser? Or is each ad like a mini browser?
    Basically I'm rather confused as to what ads through a browser means in this context. Posted via the Windows Central App for Android
  • I think it uses the same edgehtml core
  • Ads are fine. They are talking about man-in-the-middle root level installations that exploit a legit purpose for ads. Ads in apps are fine as they are part of multiple SDKs e.g. AdDuplex and don't cause any harm. This actually has ZERO to do with web browsers; it's about rootkits at the OS LEVEL. Browsers are now very secure against malicious ads, but there are still holes in the OS.
  • Ads in apps are fine. Software installed that hijacks a customers browser and adds or modifies web content is what this is blocking. Or cleaning from a customers system.
  • It would also hopefully remove ads that are not there in the first place. Ads that are injected through MitM to random web page user is viewing are most likely not paying the visited website anyway, only the ads provider.
  • Thank you MS
  • Great policy change. The less junk is permitted the better.
  • Cool stuff. That's the kind of stuff I want Microsoft to do more about. Adware injection really messes up with my mobile web browsing experience from rendering pages unresponsive to taking me through a plethora of pages to some unknown unsafe page. I'm talking about IE11 in WP8.1 of course. Latest insider builds of W10m with changes in Edge browser to avoid that kind of stuff has been a lot beneficial from a user experience perspective. But of course, the more measures Microsoft takes against it, the merrier. In a time, when we increasingly use web for financial transactions and online payments from online shopping to tickets, I don't want putting this kind of essential information on a hacked/adware injected browser.
  • Slowly but surely MS is getting there, happy to see they improve on every front.
  • I hope they do, its a shame all their defender thing does is delete steam games
  • What do you expect when you pirate them.
  • I game on steam alot and have never lost a game.
  • You can't post junk like that without a link to a reputable source.
  • Ok. When is the beta of Windows Central going to hit?
  • Soon!
  • Bientôt, je dirais même plus très bientôt.
  • Thank you MS!
  • It's funny how people think MacOS is more secure than Windows.
  • They all been brainwashed.
  • Interesting, I've noticed Windows Defender detection rate is higher than what I use(KlS2016) so this must be Microsoft's doing.
  • So because company X's product does a better job than company Y's one, company X must be doing something underhanded?   MS WILL give defender more access to the system than it allows 3rd party AV apps, but thats understandable, I just wish ISPs would just completely block these known nasties in the first place rather than let them get to their customer's PCs and completely ruin them.
  • ISP's already know what people look at online if the user is using their DNS servers, especially if the router the ISP gives the customer locks the DNS settings (I'm looking at you, Charter), so blocking malware wouldn't be too much more intrusive if they would be scanning every single file.
  • Just change your DNS settings in windows, problem solved. Or use a personal router that I assume costs less than the rented one.
  • We're going to buy one once we save up enough money specifically to buy a router (we have enough right now but we save our money). In the mean time, I'd really like it if Windows Phone/W10M supported changing DNS on all builds. We would have to figure out how to not allow the Wi-Fi networks to interfere as it's impossible to disable the Wi-Fi on our rented router, although we can just take off the antenna and "cripple" the router's wireless range.
  • Thank you Microsoft for making progress in improving the Microsoft security
  • Then we don't have to spend on other antivirus.
  • Since windows 8, I haven't spent a penny on anti-virus. Windows Defender and Firewall has been enough for me.
  • I wish they'd introduce non-disablable finters for those stupid freaking driver updating / system tuneup tools as well.  EVERY PC I seem to look at has these ******* things installed and killing them.
  • Good job MSFT. Posted via the Windows Central App for Android Nexus 5x
  • Ad block come soon.
  • Sounds like a good idea to me, anything they can do to prevent malicious software on my phone and computer can only be a good thing and shockingly something didn't spark this change which is normally what happens!!!!!
  • Microsoft is doing good to provide high level security for internet browsing
  • Yeah, unlike Macs.
  • Just hope that Windows Defender will be seriously upgraded to be able to detect and remove these deep rooted root kits. At the moment Defender does not detect such issues as I unfortunately found out.
  • A friend of mine showed me his brand new galaxy edge with a just impossible to remove popupper LOL (normal user, no jailbreak, no pirated apps, just stock, unsecure, android)
  • I want my adblock on edge
  • I wish I could get defender to stay turned on. Happened after my upgrade to w10.
  • The more ads blocked the better.
  • Too bad they are waiting so long to implement the tighter security.  This leaves systems exposed for months.  A disgruntled vendor/advertiser could cause serious damage if they so choose to do so before the door closes.  Lock it down immediatly and deal with the fall out.
  • Will this prevent port forwarding from working in apps?