Keeping browsing experience in users’ hands


​In April last year we announced some changes to our criteria around Adware designed to ensure that users maintain control of their experience. These changes are described in our blog, Adware: a New Approach. Since then, we’ve taken policy and enforcement measures to address unwanted behaviors exhibited by advertising programs that take choice and control away from users.

Ad injection software has evolved, and is now using a variety of ‘man-in-the-middle’ (MiTM) techniques. Some of these techniques include injection by proxy, changing DNS settings, network layer manipulation and other methods. All of these techniques intercept communications between the Internet and the PC to inject advertisements and promotions into webpages from outside, without the control of the browser. Our intent is to keep the user in control of their browsing experience and these methods reduce that control.

There are many additional concerns with these techniques, some of these include:

  • MiTM techniques add security risk to customers by introducing another vector of attack to the system.
  • Most modern browsers have controls in them to notify the user when their browsing experience is going to change and confirm that this is what the user intends. However, many of these methods do not produce these warnings and reduce the choice and control of the user.
  • Also, many of these methods also alter advanced settings and controls that the majority of users will not be able to discover, change, or control.

To address these and to keep the intent of our policy, we’re updating our Adware objective criteria to require that
programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal.

The choice and control belong to the users, and we are determined to protect that.

We encourage developers in the ecosystem to comply with the new criteria. We are providing an ample notification period for them to work with us as they fix their programs to become compliant.  Programs that will fail to comply will be detected and removed.

Enforcement starts on March 31, 2016.

Barak Shein and Michael Johnson

MMPC


Comments (23)

  1. Kumar Satyam says:

    What is the solution for this thing now because I don’t use edge, explorer and Mozilla due to the ads covering more than half of the screen. But at the same time, Chrome never got infected. It works awesome.

  2. WinUser says:

    Awesome! So we can expect that Microsoft stops trying to install their Windows 10 GetApp adware on Windows 7/8.1 machines via Windows Update — even if those updates have been rejected (hidden) by the user previously?

    It’s highly questionable that Microsoft silently removes hidden updates and offers them as new updates over and over again… Well, that’s something diehard spammers and other criminals would do…

  3. David van Hoose says:

    That doesn’t fix the root problem. The root problem is described in MSRC Case 31961 TRK:0001002438.

  4. Datorservice says:

    Well, its all about time. I have toons of customers who are infected with MITM. If Microsoft want to be seriously taken by new buyers and hold on for old customers, they would do something about it. I know that Microsoft Edge is a brilliant browser, but for how long?

  5. Adware is simply spyware, up there with adblockers etc

  6. archimedes says:

    what about MSFT annoying pop-ups trying to promote Windows 10 even though i declined it a 100 times?!! where is my user experience? im a paying customer who bought MSFT’s Windows operating system and not “only” a user of the browser so what about my choice no to be annoyed and agitated every freaking time i turn on my comp?

    I guess this policy doesnt apply on you guys ha?

  7. G Engels says:

    we can’t open this anymore seems problem with latest update from windows 10

  8. adwbust says:

    to empower users, edge should have a feature to report addons via smartscreen. before reporting, user should check reason like installed without permission, cant be removed, etc. the same way how sites are being reported. on start up of edge, it should check all addons via smartscreen reputation ~ inform user that addon is confirmed malicious (via guid) and edge will restart to remove it (when mse isn’t installed to detect it) and disable addons that are voted bad via reputation or deemed suspicious by smartscreen via origin/source and prompt user to remove or just keep disabled.

  9. adwbust says:

    btw I hate edge’s icon. it’s ugly. tell the edge devs to change it. make it a small case letter e but the backside of the e appears shiny as if to make it look like a sharp blade. that’ll work good. 🙂

    or maybe make it a blue square icon with a horizontal line in the middle.

  10. adwbust says:

    btw mmpc analysts, mse doesnt detect ‘softwarebundler: installmonstr’. i got it from a misleading (or strategically) place banner that says download on tusfiles. funny that the filename also mimics what youre supposed to download from the online storage site. md5 is ’41d8e7da26a174afed509e7d957cba31′. i lost interest in submitting. my submissions never get results anyway.

    1. adwbust says:

      that was quick! thanks for adding a signature for it. 😀

      it seems there are quite some people subscribed to or lurking your blogs; which is good and interesting. 😀

      1. adwbust says:

        mse doesn’t detect another variant of installmonster! md5 is “536c33be632a2bab2b3b8b27b3019bf3”

  11. adwbust says:

    another md5 “5a2fc5d526e78ba0c393db4c36731073”
    same file size but different md5

    1. adwbust says:

      oddly, my preceding comment with the first md5 wasnt posted.
      here’s that md5 of installmonster “536c33be632a2bab2b3b8b27b3019bf3”

      1. adwbust says:

        another md5 “3AB9A5DBD0AF294C31F4578B6A86974D”

        1. adwbust says:

          new md5!
          666ba79fda1d0429ecb3bf95c9bbca91
          03E5E1A29C184AA2E421E123AEA991F5
          13EB04CEFA06D7047D1F8CE95A1F0ACD

          i want to submit but your submission form times out during upload! my upload speed is less than 1 mbps! fix it.

  12. adwbust says:

    mse has 1.217.504.0 definitions which is 2 days old. it doesnt detect Win32/InstallMonster “fd43b1f0314734a6773086caaa8360ce” but is detected on VT by updated mse.

    shouldnt dynamic signature service (dss) kick in and retrieve the signature for this “fd43b1f0314734a6773086caaa8360ce” and detect it? or dss is for certain threats only? i have maps set to advanced.

  13. adwbust says:

    theres a bug in mse 4.8.204.0 on vista x86. i scanned “fd43b1f0314734a6773086caaa8360ce” with 1.217.504.0 and mse said clean. mse auto updated to 1.217.613.0 but mse’s guard didnt detect it even after i refreshed (f5) desktop several times. the guard didnt purge its scan cache after updating definitions? i had to manually right-click and scan the file so itll be detected!

    theres also an issue cleaning firefox 45 download. first attempt failed according to log. i see 2 mse alert windows for 1 download. after 2nd alert, file is finally removed by guard from desktop. mse is too slow at cleaning.

  14. adwbust says:

    calendar spark = myway variant

    “http://free.calendarspark.com/index.jhtml?partner=^CEQ^xdm256&s1=589403&s2=180526198423”

  15. adwbust says:

    mse heuristic and generic sigs fail/inferior. they should at least improve their response times. i dont see eset missing any of these

    installmonster
    ece1ed1930462704161a9956b0b340f0
    d8cdfa1423a81b4842ee0fd5708bdd32

    prepscram
    bd515684f403e85178486b56994e74b6

    1. adwbust says:

      still not detected by mse

      installmonstr: 2ea25bec59004088ebbd2f7feca76401
      prepscram/istart: 26545715deab2567c5b3a3baa3149f9d

      1. adwbust says:

        istart
        82553681d21d16ac7e0370a23fc9f511
        a6dd2482b4907a0cf0b28562ee5f69ec

        installmonstr
        07ce3585a1278b11b209b6c22c271d7d
        adc24848a1a8daccf8b8880f30905524

Skip to main content