Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft Bans Adware Using MiTM Techniques

Microsoft on Monday announced plans to ban adware programs that use man-in-the-middle (MiTM) techniques to inject ads, starting March 31, 2016.

Microsoft on Monday announced plans to ban adware programs that use man-in-the-middle (MiTM) techniques to inject ads, starting March 31, 2016.

This is the second big step the company has taken toward providing users with additional control over their browsing experience, after enforcing new behavior policies on adware in July of last year. In a blog post, Barak Shein and Michael Johnson of Microsoft Malware Protection Center (MMPC) explain that the updated Adware objective criteria will enter in effect in three months to address more unwanted behaviors exhibited by advertising programs.

They also note that ad injection software has evolved and often employs a variety of MiTM techniques, including injection by proxy, changing DNS settings, network layer manipulation and other methods. The issue is that these techniques intercept communication between the computer and the Internet to inject advertisements into webpages from outside.

The use of these methods also means that the browser does not have control over the injected promotions, which in result reduces the control that users have over these ads. However, the MiTM techniques used by adware are not only disturbing, but also pose security risks, mainly because they introduce a new vector of attack to the system.

Moreover, although most modern browsers include a series of controls to notify users when the browsing experience is about to change and requires them to confirm the intent, the MiTM methods do not produce these warnings, further reducing the choice and control of the user. Many of these techniques were also found to alter advanced settings and controls, making it very difficult or impossible for the majority of users to discover, change, or control, Microsoft says.

“To address these and to keep the intent of our policy, we’re updating our Adware objective criteria to require that programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal,” Shein and Johnson explain.

The tech giant has set the date for the enforcement of this new policy to March 31, 2016 to provide developers with enough time to comply. The company is encouraging developers to update their software to become compliant, and says that any programs that will not meet the new criteria will be detected and automatically removed.

Last year, the company announced that detected adware programs would be automatically stopped with users being notified and given the option to restore them. Microsoft also requested a close button on all ads, asked that information on which program is showing the ads to be clearly displayed in the advertisements, and urged developers to include an uninstall entry in the Windows control panel for the programs producing ads or promotion notifications.

Adware is often the method of choice for cybercriminals looking to spread malware, as was the case with a piece of malicious adware dubbed Vonteera, which can install potentially unwanted programs (PUPs), can create tasks in the Windows Task Scheduler to display ads at regular intervals by opening new tabs in the web browser, can modify app shortcuts for browsers to redirect users to random pages, and can add certificates to “Untrusted Certificates” to block anti-virus programs.

At the end of November, Microsoft announced an optional potentially unwanted application (PUA) protection for System Center Endpoint Protection (SCEP) or Forefront Endpoint Protection (FEP) customers, in an effort to keep environments safe from programs or application bundlers that may contain components such as adware, toolbars or other applications with questionable intentions.

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.