Microsoft Targets Man-in-the-Middle Adware in Policy Update
To help improve the security of its Windows software ecosystem, Microsoft is cracking down on adware that relies on man-in-the-middle techniques.Microsoft wants to put Windows users back in control of their computing experience and improve security by making it more difficult for adware makers to hijack certain Web browser functionality. In a follow-up to the company's adware classification policies from April, Microsoft announced on Dec. 21 that it is taking a tougher stance on ad-supported software to combat man-in-the-middle (MiTM) techniques that often result in a poor user experience and lead to security breaches. "Some of these techniques include injection by proxy, changing DNS settings, network layer manipulation and other methods," wrote Microsoft Malware Protection Center researchers Michael Johnson and Barak Shein, in a company blog post. Microsoft argues that software employing a man-in-the-middle approach to online ad delivery robs PC users of one of the hallmarks of the Windows ecosystem: choice. "All of these techniques intercept communications between the Internet and the PC to inject advertisements and promotions into webpages from outside, without the control of the browser," stated Johnson and Shein. "Our intent is to keep the user in control of their browsing experience and these methods reduce that control."
Man-in-the-middle techniques often bypass many of the notification systems used by modern browsers that alert users when a change is being made to their Web-browsing experience, they noted. They can also dig into a browser's advanced settings, making changes that the average user may be unaware of.