Technology

New Microsoft adware rules could stop another Superfish security scare

ByAdam

Dec 22, 2015 #New.Microsoft.adware.rules.could.stop.another.Superfish.security.scare
A computer screen shows features of the Windows 10 operating system at the Microsoft store at Roosevelt Field in Garden City, New York July 29, 2015.
A computer screen shows features of the Windows 10 operating system at the Microsoft store at Roosevelt Field in Garden City, New York July 29, 2015. Photograph: Shannon Stapleton/REUTERS

Microsoft will “detect and remove” insecure adware from Windows PCs in 2016,the company has announced.

The move could prevent a repeat of Lenovo’s embarrassing self-inflicted security hole from March this year, by requiring that any advertising-based software only use a web browser’s official methods for installation, execution, disabling and removal.

The target of Microsoft’s new policy, announced on Monday, is software like Superfish, the adware which Lenovo shipped pre-installed on its consumer laptops for a period in 2014 and 2015. That software hijacks a user’s connection, using a “man in the middle” technique, in order to display adverts, even on webpages which do not normally have them.

Microsoft said: “All of these techniques intercept communications between the internet and the PC to inject advertisements and promotions into webpages from outside, without the control of the browser. Our intent is to keep the user in control of their browsing experience and these methods reduce that control.”

As well as the loss of control (and the suboptimal user experience of using a computer encrusted with unwanted adverts), Microsoft said that such adware poses a security risk for users. In the case of Superfish, for example, the software broke the security system used to deliver encrypted webpages in order to put adverts on Google search pages. But that also posed a serious risk for any user viewing sensitive data, such as a bank account or ecommerce site, over a public Wi-Fi connection.

In order to crack down on such software, Microsoft has announced that, from 31 March 2016, “programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal”. In other words, they must be installed as plugins to the browsers, and easily removable in the same way.

By contrast, if a user managed to uninstall Superfish from a Lenovo laptop, the security hole it opened up remained active, until Lenovo apologised and made a removal tool available.

[Source:- the gurdian]

By Adam

Related Post

Technology

Top Reasons You Need IT Support

May 26, 2022 admin
Technology

Amara Raja Batteries partners Gridtential Energy for silicon Joule bipolar technology

Jun 1, 2020 Loknath
Technology

9 must-read technology books for 2020

Jan 28, 2020 Loknath

You missed

News

Elevating Events: The Impact of Motivational Football Speakers on Team Dynamics and Performance

February 28, 2024 admin
Internet News

Enhanced Cybersecurity: How a Secure Web Gateway Shields Against Online Threats

January 20, 2024 admin
News

The Importance of Having Well Maintained Powder Coating Machines

October 25, 2023 admin
News

The Future of Renewable Energy and Oil and Gas: An Attorney’s Analysis

August 22, 2023 admin