Windows to block adware that uses man-in-the-middle technology

Microsoft has announced that it will remove adware programs that use man-in-the-middle methods from Windows systems starting March 31, 2016. The move follows a few incidents involving man-in-the-middle techniques.

According to Microsoft, adware programs have changed in such a way that the previous control method from 2014 is no longer sufficient. Through so-called man-in-the-middle methods, adware can still, in Microsoft’s words, “take away choice and control from users.” Examples of these methods include injecting ads through a proxy, changing DNS settings, and manipulating network layers. These techniques bypass browser control. To prevent these practices, Microsoft will check from March 31, 2016 that adware programs that display advertisements in browsers really only use the options that the browser offers. If the adware does not, Windows security will remove the program.

Microsoft is expanding its model introduced in April 2014 with the promotion. That model already requires adware that displays ads outside of its own software to meet certain conditions. For example, the displayed ad must have a clear method of closing and the name of the program creating the ad must be visible. In addition, the adware should have an uninstall option by default.

With the move, Microsoft appears to be further addressing the man-in-the-middle issues that both Dell and Lenovo brought to Windows with certificates. In the case of Lenovo, it was software that was standard on systems and that injected advertisements into the browser using the certificate and could view the user’s surfing behavior. As a result, the adware weakened the security of computers’ browser connections. With the new conditions set by Microsoft, adware should again be restricted.