Microsoft to Start Blocking Adware

Changes to Microsoft's criteria for classifying adware will come into effect on July 1, 2014
Changes to Microsoft's criteria for classifying adware will come into effect on July 1, 2014

“Programs that promote a product or service outside of their own program can interfere with your computing experience,” said Michael Johnson, from the Microsoft Malware Protection Center (MMPC), in a blog. “We understand advertising is part of the modern computing experience…[however], you should have clear choice and control when installing programs that open advertisements.”

Going forward, advertisements that are opened by programs must include an obvious way to close the ad, and must include the name of the program that created the ad. Programs that are serving advertising, meanwhile, will have to provide a standard uninstall method for the program using the same name as shown in the ads it produces.

Programs that don’t follow the rules will be detected as adware and immediately removed from the user’s machine.

Microsoft is also changing the criteria it uses to classify a program as adware. “We only consider classifying a program as adware if it runs on the user’s machine and produces notifications promoting goods or services in programs other than itself,” explained Johnson. “If the program shows advertisements within its own borders it will not be assessed any further.”

Also, many applications use advertising as a form of payment for the program, and that is also an acceptable practice in Microsoft’s eyes. “We are more concerned with the advertising that interferes with our customer’s Windows experience without giving them choice and control over it,” he said.

Once something is classified as adware by a Microsoft security product, it will immediately stop the program and the user will be notified. The user then has the ability to restore the program, if they wish. That’s a change from the existing remediation policy, which is less proactive: for now, when a security product detects a program as adware, it will alert the user and offer them a recommended action. If they don’t respond, the security product will let the program run until the user makes a decision.

Changes to the criteria for classifying adware will come into effect on July 1, 2014. This gives developers three months to comply with the new rules. Meanwhile, Microsoft has already started reassessing its current adware detections against the new criteria.

“We are very excited by all of these changes. We believe that it will make it easy for software developers to utilise advertising while at the same time empowering users to control their experience,” Johnson said.

What’s Hot on Infosecurity Magazine?