Microsoft is cracking down on adware next year. In a post on its TechNet blog, the company said that it is banning ad injection software that uses 'man-in-the-middle' techniques, such as network layer manipulation, injection by proxy, and changing DNS settings without express consent.
“All of these techniques intercept communications between the internet and the PC to inject advertisements and promotions into webpages from outside, without the control of the browser. Our intent is to keep the user in control of their browsing experience and these methods reduce that control,” Microsoft said in the post.
Microsoft’s new policy, which comes into effect on March 31, states that any programs that show ads on the browser can only install, disable or execute programs through the browser itself. Meaning any ad software that wants to download or install something without notifying you via your browser will be blocked off and marked as adware.
“Programs that create advertisements in browsers must only use the browsers' supported extensibility model for installation, execution, disabling, and removal," Microsoft said. "The choice and control belong to the users, and we are determined to protect that."
The move comes in the wake of Lenovo’s Superfish controversy that was exposed earlier this year. The company was found to have pre-installed the adware on many of its consumer laptops. Not only did the software hijack a web browser to inject ads into webpages, but it also generated its own root certificate so it could intercept traffic from secure sites and overlay its own ads on the page.
Lenovo eventually agreed to stop pre-loading its computers with Superfish, acknowledged that it was a security risk, and released an automatic removal tool. Hopefully, Microsoft's new policy will prevent a repeat of a similar Superfish scandal; it’s just surprising that the company has taken so long to implement it.