windowsdefenderscan100017383orig
Security

Microsoft is banning the adware method that caused Lenovo's Superfish scandal

The type of dangerous adware that Lenovo pre-loaded on PCs earlier this year will soon be banned entirely from Windows devices.

In a post on its TechNet blog (via Engadget), Microsoft said it will no longer allow ad injection software that uses “man-in-the-middle” techniques, such as injection by proxy, changing DNS settings, and network layer manipulation. Microsoft will begin enforcing the rules on March 31, 2016.

Once the policy goes into effect, adware will only be allowed through browsers’ official extensibility methods. In other words, if you want to see adware in Chrome for some reason, you’ll have to go to the Chrome Web Store and install it yourself. You’d then be able to uninstall the adware just as easily through Chrome’s extensions menu.

As we saw with Lenovo’s Superfish scandal, “man-in-the-middle” adware isn’t just intrusive, it can also pose a security risk by replacing the certificates websites use to keep your data safe. In the case of Superfish, the software generated its own root certificate so it could intercept traffic from secure sites and overlay its own ads on the page. If hackers were to gain access to this certificate, they’d be able to spoof secure websites and steal sensitive data.

Although Microsoft and other anti-malware vendors shut down Superfish months ago (and Lenovo vowed to stop shipping PCs with third-party bloatware entirely), the new policy tackles the underlying issue by reclassifying the criteria for adware. “The choice and control belong to the users, and we are determined to protect that,” Microsoft said.

The story behind the story: It’s hard to imagine many people being bothered by the new policy, which raises the question of why Microsoft took so long to implement it. Just to speculate, perhaps Microsoft was reluctant to outlaw behavior that could have some legitimate use cases, but has changed its mind as clear instances of abuse have arisen. And with all major browsers moving away from unrestricted plugins and toward signed extensions, it’s getting easier for users to control what’s being installed directly in their browsers.

IDG Insider

PREVIOUS ARTICLE

« Apple warns against the UK's proposed spying law

NEXT ARTICLE

Acacia's $125M IPO filing a rarity among networking firms in 2015 »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Poll

Do you think your smartphone is making you a workaholic?