Microsoft's taking on malicious adware at the system level in Windows 10

[Batu69]

Microsoft is expanding its efforts to improve security in Windows 10, with its latest move set to adjust its Adware objective criteria to address the rising concerns over man-in-the-middle techniques being used to serve ads. From Microsoft:

 

Quote

Ad injection software has evolved, and is now using a variety of 'man-in-the-middle' (MiTM) techniques. Some of these techniques include injection by proxy, changing DNS settings, network layer manipulation and other methods. All of these techniques intercept communications between the Internet and the PC to inject advertisements and promotions into webpages from outside, without the control of the browser. Our intent is to keep the user in control of their browsing experience and these methods reduce that control.

 

There are many additional concerns with these techniques, some of these include:

 

• MiTM techniques add security risk to customers by introducing another vector of attack to the system.
• Most modern browsers have controls in them to notify the user when their browsing experience is going to change and confirm that this is what the user intends. However, many of these methods do not produce these warnings and reduce the choice and control of the user.
• Also, many of these methods also alter advanced settings and controls that the majority of users will not be able to discover, change, or control.

 

To address these and to keep the intent of our policy, we're updating our Adware objective criteria to require that programs that create advertisements in browsers must only use the browsers' supported extensibility model for installation, execution, disabling, and removal.

 

Essentially, Microsoft's renewed focus is meant to address precisely the problems inherent in Lenovo's "SuperFish" debacle from earlier this year by restricting the serving of ads to the browser only, cutting off OS-level methods. This should have the ultimate benefit, alongside other improvements in Windows 10 and Microsoft's overall ecosystem approach, of making Windows much more secure overall.

 

Enforcement of the new criteria is set to start on March 31, 2016. For much more, be sure to check out Microsoft's full blog post at the source: Microsoft

 

Article source

[vibranium]

Can Microsoft enforce such a protocol? Sounds like wishful thinking, the tail (Edge browser) wagging the dog (internet).

[Sylence]

Go on M$, show Linux community how secure Windows can be 

[Karlston]

Now if they would only find a way to stop that untrustworthy company, sorry can't think of its name, that keeps using nagging, and sneakiness to try and get me to upgrade Windows 7 to that Win10 thing.

[steven36]

Installing windows  10 is like getting a dose of superfish ,  Not everyone owns a Lenovo  and there not the 1st pc vendor to put adware  in cheap computers  compaq done it before years ago so there idea was not even original . You get what you pay for  .  Windows 10  is packed  full  of adware/spyware and it has the potential  to effect billions  of people. i see it as a far worse problem than superfish.  The irony a product full of adware protecting you from adware .

 

Microsoft  always claims  there  going kill all adware  and its been around every since i  bought my 1st pc  15 years  ago and  they never done anything  to stop it really and  they never will  . They may try to monopolize it like they do everything else were only they profit  from it on windows  but will be far from stopping it .

 

Even people  who have windows 7 or 8.1  if they install any update to do with windows 10 it  infects  them with adware too.

Remove pop-up ads and adware from Windows 10 (Guide) https://malwaretips.com/blogs/remove-popup-ads-windows-10/

 

 

[steven36]

17 hours ago, saeed_dc said:

Go on M$, show Linux community how secure Windows can be 

What  they going show us that there a bunch of hypocrites that claim they remove adware when the o/s itself  is full of it ?

 

Its no doubt  in my mind  windows  could be better  and it should of been along time ago,  but  in a world were the most thriving industry on the internet is the ad industry .Even antivirus don't want to cure it.. they only want to give you a short time patch or they would be out of jobs . And  many adblockers don't want to block ads because they get paid to allow them . Without adware the whole internet would go broke and it would become  were you would have  to pay a fee for most everything.  The most used browser  itself  is made by and ad marketing company Google . Also Microsoft  is into  ad marketing too and they both pay adblockers  not to block there ads there a bunch of hypocrites.

 

Wake up people  you except  the very people who make ads to protect  you from them ?

[Sylence]

5 hours ago, steven36 said:

What  they going show us that there a bunch of hypocrites that claim they remove adware when the o/s itself  is full of it ?

 

Its no doubt  in my mind  windows  could be better  and it should of been along time ago,  but  in a world were the most thriving industry on the internet is the ad industry .Even antivirus don't want to cure it.. they only want to give you a short time patch or they would be out of jobs . And  many adblockers don't want to block ads because they get paid to allow them . Without adware the whole internet would go broke and it would become  were you would have  to pay a fee for most everything.  The most used browser  itself  is made by and ad marketing company Google . Also Microsoft  is into  ad marketing too and they both pay adblockers  not to block there ads there a bunch of hypocrites.

 

Wake up people  you except  the very people who make ads to protect  you from them ?

 

Right, I guess that's the same "good terrorist/bad terrorist" scenario. 

[steven36]

19 minutes ago, saeed_dc said:

 

Right, I guess that's the same "good terrorist/bad terrorist" scenario. 

There kind of like the music and movie industry they would love to see things go back to the way thing was before the internet were to get copies you had to use a tape.   But they would love  to take you back to the beginning of the internet when there was no anti spyware or ad blockers . In fact Microsoft didn't have any tell they bought Giant Anti spyware .Before SP2  of xp most people got infected in about 20 mins . People even caught virus from going to the page to get updates for XP before . It was other companies like spybot , lavasoft ,  and 3rd party firewalls that forced Microsoft to look into it. Because they sold and gave free products  based on windows  vulnerabilities .

[VileTouch]

that might be true at the system level, but some ISP, particularly mobile providers use mandatory proxies with the alleged intent of "optimizing" traffic. what they do not tell you is that it is used as a man in the middle to both track you and serve ads. but that's not all, it also breaks SSL, making everything you do with such a connection completely open to prying eyes --their prying eyes.

 

"but that's only for cellphones and tablets" --you say. NO. there are household routers that connect through 3gpp/4g lte and are surprisingly common thanks to free installation and cheap fees.

 

but wait, there's more!: in some areas that's the ONLY isp available. so you are forced to either bend over or move out.

 

for...educational purposes, this is how it looks like:

http://security.stackexchange.com/questions/70970/my-isp-is-injecting-strange-codes-to-every-website-i-visit

and

https://gist.github.com/ryankearney/4146814

edit: oops. forgot one

http://www.wilderssecurity.com/threads/dns-hijacking-by-isps.370893/

 

[steven36]

The best way to had stop ad injecting  would have been simple  if they would made and example out of compaq years ago by putting them out off business make them bankrupt than Lenovo or any other corporation  would had been scared to make products with adware . Its the fact the government allows corporations to do this to begin with that annoy me .

[vibranium]

Oh yes, ISPs can be very very sneaky with their proxies and DNS. Some worse than others.