New Microsoft adware rules could stop another Superfish security scare
Microsoft introduces new policy to detect and remove insecure adware from Windows PCs Getty Images

Microsoft is all set to step up its security for Windows users. A new policy will enable the system to identify and remove insecure adware software from PCs from 2016.

Microsoft announced its policy concerning insecure adware and its target to ensure that such software programs will henceforth be immediately detected and removed. In its announcement, Microsoft said: "Ad injection software has evolved, and is now using a variety of 'man-in-the-middle' (MiTM) techniques. Some of these techniques include injection by proxy, changing DNS settings, network layer manipulation and other methods.

"All of these techniques intercept communications between the internet and the PC to inject advertisements and promotions into webpages from outside, without the control of the browser. Our intent is to keep the user in control of their browsing experience and these methods reduce that control."

The policy would target adware software like Lenovo's Superfish, which encroached upon the PCs' security system to remit encrypted webpages, and consequently insert adverts in Google search pages. Superfish was pre-installed on Lenovo laptops for a spell between 2014 and 2015. Unlike Microsoft's new policy, users who chose to remove Superfish from their systems left their entire software open to security holes. Consumers were dissatisfied with such security vulnerability, until Lenovo apologised to its user base and created a tool that enabled them to remove the adware safely.

Microsoft claims that the process used by most adware programs like Superfish, can pose serious security risks for users, especially when viewing sensitive information (like bank account details) on public Wifi connections. In an effort to crack down on such insecure software, Microsoft has declared that starting early next year, "programs that create advertisements in browsers must only use the browsers' supported extensibility model for installation, execution, disabling, and removal". This means that adware programs will only be allowed to be installed as plug-ins in Windows PCs. This will ensure that users can remove them easily, without any fear of further security vulnerabilities.

Microsoft's policy regarding adware will be effective after 31 March 2016.