Microsoft Bans 'Man-In-The-Middle' Adware Technique Used By Superfish


The dangerous adware that was pre-loaded on Lenovo computers earlier this year, called Superfish, is going to have a much tougher time getting onto Windows computers.

Microsoft has announced that it is banning injection software that uses "man-in-the-middle" techniques, which could involve network layer manipulation, changing DNS settings or injection by proxy.

Once the new policy is implemented, adware will only be able to install itself through the Internet browser's official methods. Basically, if, for some reason, you decide you want adware in Chrome, you will have to head to the Google Chrome store for yourself to install it. You can then uninstall the adware as easily as you installed it.

The move is a good one for consumers, who have been exposed to malicious adware a little too much of late. This type of adware doesn't just infringe on the user's privacy without them knowing, it also poses a pretty significant security risk given the fact that it replaces certificates that are used by websites to keep data safe. Superfish generated its own root certificate, meaning that it was able to intercept the traffic that was supposed to be from secure sites, and then put its own ads on the Web page. That's bad enough, but if hackers were able to gain access to that generated certificate, they would be able to pose as secure websites and wreak all kinds of havoc.

While Superfish was shut down a few months ago by Microsoft and anti-malware vendors, and Lenovo promised to stop shipping computers with third-party bloatware, the policy will help ensure that scandals of this nature won't happen again. In fact, the only real complaint about the new policy is that it took so long to be enforced by Microsoft.

The changes will go into effect on March 31.

Via: PCWorld

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics