Keeping browsing experience in users’ hands

​In April last year we announced some changes to our criteria around Adware designed to ensure that users maintain control of their experience. These changes are described in our blog, Adware: a New Approach. Since then, we’ve taken policy and enforcement measures to address unwanted behaviors exhibited by advertising programs that take choice and control away from users.

Ad injection software has evolved, and is now using a variety of ‘man-in-the-middle’ (MiTM) techniques. Some of these techniques include injection by proxy, changing DNS settings, network layer manipulation and other methods. All of these techniques intercept communications between the Internet and the PC to inject advertisements and promotions into webpages from outside, without the control of the browser. Our intent is to keep the user in control of their browsing experience and these methods reduce that control.

There are many additional concerns with these techniques, some of these include:

  • MiTM techniques add security risk to customers by introducing another vector of attack to the system.
  • Most modern browsers have controls in them to notify the user when their browsing experience is going to change and confirm that this is what the user intends. However, many of these methods do not produce these warnings and reduce the choice and control of the user.
  • Also, many of these methods also alter advanced settings and controls that the majority of users will not be able to discover, change, or control.

To address these and to keep the intent of our policy, we’re updating our Adware objective criteria to require that
programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal.

The choice and control belong to the users, and we are determined to protect that.

We encourage developers in the ecosystem to comply with the new criteria. We are providing an ample notification period for them to work with us as they fix their programs to become compliant.  Programs that will fail to comply will be detected and removed.

Enforcement starts on March 31, 2016.

Barak Shein and Michael Johnson


Comments (23)

  1. Kumar Satyam says:

    What is the solution for this thing now because I don’t use edge, explorer and Mozilla due to the ads covering more than half of the screen. But at the same time, Chrome never got infected. It works awesome.

  2. WinUser says:

    Awesome! So we can expect that Microsoft stops trying to install their Windows 10 GetApp adware on Windows 7/8.1 machines via Windows Update — even if those updates have been rejected (hidden) by the user previously?

    It’s highly questionable that Microsoft silently removes hidden updates and offers them as new updates over and over again… Well, that’s something diehard spammers and other criminals would do…

  3. David van Hoose says:

    That doesn’t fix the root problem. The root problem is described in MSRC Case 31961 TRK:0001002438.

  4. Datorservice says:

    Well, its all about time. I have toons of customers who are infected with MITM. If Microsoft want to be seriously taken by new buyers and hold on for old customers, they would do something about it. I know that Microsoft Edge is a brilliant browser, but for how long?

  5. Adware is simply spyware, up there with adblockers etc

  6. archimedes says:

    what about MSFT annoying pop-ups trying to promote Windows 10 even though i declined it a 100 times?!! where is my user experience? im a paying customer who bought MSFT’s Windows operating system and not “only” a user of the browser so what about my choice no to be annoyed and agitated every freaking time i turn on my comp?

    I guess this policy doesnt apply on you guys ha?

  7. G Engels says:

    we can’t open this anymore seems problem with latest update from windows 10

  8. adwbust says:

    to empower users, edge should have a feature to report addons via smartscreen. before reporting, user should check reason like installed without permission, cant be removed, etc. the same way how sites are being reported. on start up of edge, it should check all addons via smartscreen reputation ~ inform user that addon is confirmed malicious (via guid) and edge will restart to remove it (when mse isn’t installed to detect it) and disable addons that are voted bad via reputation or deemed suspicious by smartscreen via origin/source and prompt user to remove or just keep disabled.

  9. adwbust says:

    btw I hate edge’s icon. it’s ugly. tell the edge devs to change it. make it a small case letter e but the backside of the e appears shiny as if to make it look like a sharp blade. that’ll work good. 🙂

    or maybe make it a blue square icon with a horizontal line in the middle.

  10. adwbust says:

    btw mmpc analysts, mse doesnt detect ‘softwarebundler: installmonstr’. i got it from a misleading (or strategically) place banner that says download on tusfiles. funny that the filename also mimics what youre supposed to download from the online storage site. md5 is ’41d8e7da26a174afed509e7d957cba31′. i lost interest in submitting. my submissions never get results anyway.

    1. adwbust says:

      that was quick! thanks for adding a signature for it. 😀

      it seems there are quite some people subscribed to or lurking your blogs; which is good and interesting. 😀

      1. adwbust says:

        mse doesn’t detect another variant of installmonster! md5 is “536c33be632a2bab2b3b8b27b3019bf3”

  11. adwbust says:

    another md5 “5a2fc5d526e78ba0c393db4c36731073”
    same file size but different md5

    1. adwbust says:

      oddly, my preceding comment with the first md5 wasnt posted.
      here’s that md5 of installmonster “536c33be632a2bab2b3b8b27b3019bf3”

      1. adwbust says:

        another md5 “3AB9A5DBD0AF294C31F4578B6A86974D”

        1. adwbust says:

          new md5!

          i want to submit but your submission form times out during upload! my upload speed is less than 1 mbps! fix it.

  12. adwbust says:

    mse has 1.217.504.0 definitions which is 2 days old. it doesnt detect Win32/InstallMonster “fd43b1f0314734a6773086caaa8360ce” but is detected on VT by updated mse.

    shouldnt dynamic signature service (dss) kick in and retrieve the signature for this “fd43b1f0314734a6773086caaa8360ce” and detect it? or dss is for certain threats only? i have maps set to advanced.

  13. adwbust says:

    theres a bug in mse on vista x86. i scanned “fd43b1f0314734a6773086caaa8360ce” with 1.217.504.0 and mse said clean. mse auto updated to 1.217.613.0 but mse’s guard didnt detect it even after i refreshed (f5) desktop several times. the guard didnt purge its scan cache after updating definitions? i had to manually right-click and scan the file so itll be detected!

    theres also an issue cleaning firefox 45 download. first attempt failed according to log. i see 2 mse alert windows for 1 download. after 2nd alert, file is finally removed by guard from desktop. mse is too slow at cleaning.

  14. adwbust says:

    calendar spark = myway variant


  15. adwbust says:

    mse heuristic and generic sigs fail/inferior. they should at least improve their response times. i dont see eset missing any of these



    1. adwbust says:

      still not detected by mse

      installmonstr: 2ea25bec59004088ebbd2f7feca76401
      prepscram/istart: 26545715deab2567c5b3a3baa3149f9d

      1. adwbust says:



Skip to main content