Microsoft to ban man-in-the-middle adware from March 31

As part of its move to give consumers control, Microsoft has made the decision to remove MiTM adware as it opens up users to security risks.
Written by Asha Barbaschow, Contributor

Ad injection software that uses man-in-the-middle (MiTM) techniques will be classed as malware by Microsoft, and blocked accordingly.

In a blog post on Tuesday, Microsoft said that the move to block such ad injection comes as part of the computer giant's commitment to its users to maintain they have control of their "Microsoft experience".

"Programs that create advertisements in browsers must only use the browsers' supported extensibility model for installation, execution, disabling, and removal," Microsoft said. "The choice and control belong to the users, and we are determined to protect that."

According to Microsoft, some of the MiTM techniques include injection by proxy, changing DNS settings, and network layer manipulation, which it said all intercept communication between the internet and computer to inject advertisements from the outside. Microsoft said this happens without the control of the browser.

"Our intent is to keep the user in control of their browsing experience and these methods reduce that control," Microsoft said.

MiTM opens users up to falling victim to malware by a practice known as 'malvertising', whereby an attacker can trick an automated ad network into delivering malware embedded in ads. Microsoft said MiTM techniques add security risk to customers by introducing another vector of attack to the system.

"Most modern browsers have controls in them to notify the user when their browsing experience is going to change and confirm that this is what the user intends. However, many of these methods do not produce these warnings and reduce the choice and control of the user," the company said.

"Also, many of these methods also alter advanced settings and controls that the majority of users will not be able to discover, change, or control."

Microsoft also said that it encourages developers to comply with the new criteria, warning developers that programs that fail to comply with the new enforcements which come into effect on March 31, 2016 will be detected and removed.

In mid-2015 it was found that more than half of malvertising attacks come from news and entertainment sites that inadvertently display infected online advertisements.

Rahul Kashyap, the chief security architect at malware and adware removalist company Bromium, said that in many cases, websites cannot do much to solve problems with third-party ad networks, except limit third-party code to run on their sites.

"In the real world, attackers buy ads from online advertising companies and insert malware in these ads," he said. "This is done typically by leveraging an exploit kit that delivers the malware payload."

Earlier this month, Microsoft also said it would no longer update older versions of Internet Explorer, leaving users without patches or security updates. The company originally announced over a year ago that Internet Explorer 11 was to be the last version of the browser.

In June, Apple announced the move to allow developers to create extensions that block web content from their devices. The content blocker that was available with the iOS 9 allowed developers to pass a list of rules and links that can be used to block content on pages, such as images and video, text, popups, and tracking cookies.

Editorial standards