Microsoft Targets Man-in-the-Middle Adware in Policy Update

To help improve the security of its Windows software ecosystem, Microsoft is cracking down on adware that relies on man-in-the-middle techniques.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

man in the middle attacks

Microsoft wants to put Windows users back in control of their computing experience and improve security by making it more difficult for adware makers to hijack certain Web browser functionality.

In a follow-up to the company's adware classification policies from April, Microsoft announced on Dec. 21 that it is taking a tougher stance on ad-supported software to combat man-in-the-middle (MiTM) techniques that often result in a poor user experience and lead to security breaches. "Some of these techniques include injection by proxy, changing DNS settings, network layer manipulation and other methods," wrote Microsoft Malware Protection Center researchers Michael Johnson and Barak Shein, in a company blog post.

Microsoft argues that software employing a man-in-the-middle approach to online ad delivery robs PC users of one of the hallmarks of the Windows ecosystem: choice.

"All of these techniques intercept communications between the Internet and the PC to inject advertisements and promotions into webpages from outside, without the control of the browser," stated Johnson and Shein. "Our intent is to keep the user in control of their browsing experience and these methods reduce that control."

Man-in-the-middle techniques often bypass many of the notification systems used by modern browsers that alert users when a change is being made to their Web-browsing experience, they noted. They can also dig into a browser's advanced settings, making changes that the average user may be unaware of.

Moreover, some adware can pave the way for a more serious breach of data security. "MiTM techniques add security risk to customers by introducing another vector of attack to the system," said Johnson and Shein.

So Microsoft, in its endless quest to improve Windows security, particularly on its new Windows 10 operating system, is instituting new adware detection rules.

In the coming months, the Microsoft Malware Protection Center is updating its "adware objective criteria to require that programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal," said the staffers. "The choice and control belong to the users, and we are determined to protect that."

The new rules take effect on March 31, 2016, giving developers a few months to adapt their offerings.

"We encourage developers in the ecosystem to comply with the new criteria," said Johnson and Shein. "We are providing an ample notification period for them to work with us as they fix their programs to become compliant. Programs that will fail to comply will be detected and removed," they warned.

On the lookout for man-in-the-middle attacks, IT security watchers have been on high alert after the Lenovo-Superfish adware scandal.

Earlier this year, security researchers discovered that the PC maker had installed Superfish adware on some of its consumer notebooks during late 2014, injecting advertisements in Google searches, indicating a Secure Sockets Layer (SSL) MiTM. Lenovo has since stopped including Superfish on its devices and cut the server connections for the software.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...