Windows 10 Edge: How Microsoft is clamping down on browser ad injectors

Microsoft says 'no' to shady developers who attempt to inject unwanted adware into its Windows 10 Edge browser.
Written by Liam Tung, Contributing Writer
Edge on Windows 10 will block all dynamic link libraries unless Microsoft has signed them.
Image: ZDNet
Microsoft has decided to act over annoying and potentially harmful add-ons that risk ruining the Windows 10 browsing experience on its Edge browser.

Potentially noxious browser extensions, which often secretly install ad injectors, have been a niggling problem for all operating systems and browsers.

During Google's crackdown on dodgy extensions last year, it participated in a study that found five percent of visitors to Google sites have at least one ad injector installed. It purged the Chrome Web Store of 192 bad extensions and later prevented Chrome users from installing extensions outside the store.

Microsoft has just revealed one new method it's using to tackle unwanted extensions or add-ons, such as toolbars. Edge on Windows 10 will block all so-called dynamic link libraries (DLLs) from running on Edge unless Microsoft has signed them.

Users who've discovered unwanted toolbars or third-party content injected onto pages can likely trace the behaviour back to injected DLLs.

"The attacker is trying to colonize the browser, and loading DLLs provides the attacker with a handy cargo pallet full of supplies. Blocking unauthorized DLL injection makes browser exploits more difficult and more expensive for attackers to carry out," Crispin Cowan, a senior program manager on Microsoft Edge, said.

Allowing uninvited DLLs to be injected into Edge would have undermined its prior work in hardening its new browser against other common threats on the web.

The new DLL-blocking feature rolled out with EdgeHTML 13, the latest version of Microsoft's rendering engine in Edge that arrived in Windows 10 updates last week.

The feature prevents DLLs from being injected into browser processes unless they're Windows components or signed device drivers for hardware like the webcam that need to run in the browser to function.

"DLLs that are either Microsoft-signed, or WHQL (Windows Hardware Quality Lab)-signed, will be allowed to load, and all others will be blocked. 'Microsoft-signed' allows for Edge components, Windows components and other Microsoft-supplied features to be loaded," said Cowan.

Windows 1.0 to 10: The changing face of Microsoft's landmark OS

Microsoft boasted that with these changes Edge becomes "the first and only PC browser with library content integrity protection", though Cowan admitted it isn't a "silver bullet" for all future threats.

The company has run tests on the efficacy of the signed-only system with fans in Microsoft's Windows Insiders Program in a build released in September.

"From a sample of about 65,000 Windows Insider users of 10547, module code integrity protected 2704 users from attempts to load adware and malware," Cowan said.

Read more about Windows 10 Edge browser

Editorial standards