14 DAY TRIAL // Microsoft has recently announced that, starting March 31, 2016, ad injection software that employs man-in-the-middle (MiTM) techniques will be blocked entirely in Windows, as it wants to add a new security layer to its operating system and prevent threats from reaching users’ PCs.
While some experts believe such a decision is taken too late, there’s no doubt it’s helpful for Windows users, who could thus be protected from threats such as Lenovo’s Superfish, which was discovered earlier this year and used the MiTM approach to display ads on computers.
In a blog post published today, Microsoft explains that the MiTM concept creates additional risks on a Windows computer because it could change settings that users are impossible to discover without any warning or notification that would enable the system administrator to block or remove them.
In the case of Superfish, for example, removing the threat was indeed possible after Microsoft updated its security software (and so did the rest of antivirus providers out there), but a security hole continued to exist on Lenovo computers that could be further exploited by other ad injection programs.
New changes starting March 31
As a result of all of these, Microsoft will make a huge change on March 31, forcing all programs that employ the MiTM technique to use each browser’s extension model and be easily removable by the user.
The company explains in detail this new system:
“To address these and to keep the intent of our policy, we’re updating our Adware objective criteria to require that programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal. The choice and control belong to the users, and we are determined to protect that.”
Redmond says that notifications before this deadline will be provided so that every developer can find out and adjust software to meet the new criteria. On March 31, apps that do not comply will be completely blocked and removed.