New Microsoft adware rule could prevent another ‘Superfish’ security scare

New Microsoft adware rules could prevent the type of security scares that plagued PC maker Lenovo. PHILIPPE LOPEZ/AFP/Getty Images

Microsoft is stepping up security for Windows users with new adware rules that will detect and remove insecure adware software from Windows PCs as of 2016.

The new security protocol, announced Monday, will require that any advertising-based software only use a web browser’s official methods for installation, execution and removal in an effort to protect users from potential security risks.

The move could prevent the security concerns that plagued PC maker Lenovo earlier this year.

READ MORE: Lenovo under fire for pre-installing ‘malicious’ adware on laptops

In February, Lenovo was forced to release a tool to help customers remove potentially malicious pre-installed software called “Superfish” from its laptops after experts revealed the software left users vulnerable to hacking and security threats.

The Superfish software was designed to provide users with a “visual search” experience by showing users third-party ads in Google search results. This type of software is often called adware thanks to its ability to automatically display ads. However, according to security experts, Superfish intercepted encrypted connections leaving them open – theoretically allowing hackers to hijack the connection in a man-in-the-middle style attack.

Story continues below advertisement

READ MORE: Lenovo acknowledges Superfish security concerns; offers tool to remove software

Lenovo was slapped with a proposed class action lawsuit and faced months of customer outrage over the incident.

“Ad injection software has evolved, and is now using a variety of ‘man-in-the-middle’ (MiTM) techniques,” read Microsoft’s announcement.

“We’re updating our Adware objective criteria to require that programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal. The choice and control belong to the users, and we are determined to protect that.”

Microsoft will begin enforcing the new protocol on March 31, 2016.

Sponsored content