Microsoft bans all "man in the middle" DNS hijacking adware (superfish) - Polidicks

[url]http://www.pcworld.com/article/3017958/security/microsoft-is-banning-the-adware-method-that-caused-lenovo-s-superfish-scandal.html[/url] [url]http://www.engadget.com/2015/12/22/microsoft-new-adware-policy/[/url] From microsoft themselves: [url]https://blogs.technet.microsoft.com/mmpc/2015/12/21/keeping-browsing-experience-in-users-hands/[/url] [QUOTE]Microsoft said it will no longer allow ad injection software that uses “man-in-the-middle” techniques, such as injection by proxy, changing DNS settings, and network layer manipulation. Microsoft will begin enforcing the rules on March 31, 2016. Once the policy goes into effect, adware will only be allowed through browsers’ official extensibility methods. In other words, [B]if you want to see adware in Chrome for some reason, you’ll have to go to the Chrome Web Store and install it yourself. You’d then be able to uninstall the adware just as easily through Chrome’s extensions menu.[/B][/QUOTE] so no more DNS hijacking adware finally. Better late than never

Wonder of they'll be blocking it or just loosely flagging software that does it

[QUOTE=Pw0nageXD;49371114]Wonder of they'll be blocking it or just loosely flagging software that does it[/QUOTE] its going through microsoft security essentials, and judging from their past actions like this, they will be blocking it and actively removing anything that tries it

Hm, what about stuff that modifies the hosts files for the user. There are valid uses for software that changes DNS settings. Wonder if they're doing this because people are blocking the phone home capability of w10 intentionally.

[QUOTE=Pw0nageXD;49371114]Wonder of they'll be blocking it or just loosely flagging software that does it[/QUOTE] could they even block it though, the stuff manufacturers are doing are perfectly within microsoft's own product, they built the capability to do this into win 7,8,10 you'd think if this was a serious issue for them they wouldn't have allowed companies to do this for so long

now start banning bloatware too

[QUOTE=Mattk50;49371426]Hm, what about stuff that modifies the hosts files for the user. There are valid uses for software that changes DNS settings. Wonder if they're doing this because people are blocking the phone home capability of w10 intentionally.[/QUOTE] I doubt it'll be heuristics based as the number of false positives for advanced users might be silly high. MS will probably have a signature of known shitware like this and just scan for that. Heuristics scanning is quite intense when you already know the exact bit of software that causes the problem.

[QUOTE=Mattk50;49371426]Hm, what about stuff that modifies the hosts files for the user. There are valid uses for software that changes DNS settings. Wonder if they're doing this because people are blocking the phone home capability of w10 intentionally.[/QUOTE] Sounds like something MS would do, What I don't get is can I manually change my DNS still or will that option get locked?

[QUOTE=lordofdafood;49371641]Sounds like something MS would do, What I don't get is can I manually change my DNS still or will that option get locked?[/QUOTE] Change the DNS on your router if possible, though I sincerely hope MS doesn't go that far with their "it's for your own good" nannying that's been going on since 8. (And no, i don't consider removing OEM loaded bloatware with massive security risks like superfish to be nannying, that's common sense to nuke off the machine)

I am not going to say that microsoft is "handsfree" or that it isnt a bit controlling, but if you honestly believe that they are doing this with an ulterior motive of "surveillance" or being a nanny or something, you are being paranoid. Here is another source [url]http://www.engadget.com/2015/12/22/microsoft-new-adware-policy/[/url] and here is the original statement from microsoft themselves whee they are more specific in what they are doing [url]https://blogs.technet.microsoft.com/mmpc/2015/12/21/keeping-browsing-experience-in-users-hands/[/url] notice how its titled "Keeping browsing experience in users’ hands" [QUOTE]Wonder of they'll be blocking it or just loosely flagging software that does it[/QUOTE] according to this new source, it will be flagged and automatically removed and no, they arent going to lock down DNS settings or anything like that, its that would be insane and stupid and break so many things. Microsoft also gave a several month window to "fix" any programs from doing this before the ban goes into effect. I am confused how any of you see this is bad news. They are fixing one of the biggest loopholes malware uses to inject ads onto webpages.

[QUOTE=da space core;49371848]I am confused how any of you see this is bad news. They are fixing one of the biggest loopholes malware uses to inject ads onto webpages.[/QUOTE] We've lost trust in Microsoft with how they've been handling...IE trying to force down everyone's throats through Windows Update...W10. It's good to close this loophole, but what [i]else[/i] are they doing that we may not want?

Frankly some of the shit that's put out there is borderline criminal, why was any of this even allowed in the first place? Either way, good on Microsoft for using it's weight to stomp this shit out regardless if there's ulterior motives or not.

[QUOTE=JumpinJackFlash;49372590]Frankly some of the shit that's put out there is borderline criminal, why was any of this even allowed in the first place?[/QUOTE] for the same reason you guys were concerned. because by taking actions like this, you run the risk of ruining perfectly legitimate and wanted software. Hence the large several month delay, something I dont really like personally , but is there to give a window of time for devs to update the software before this change shows up.

[QUOTE=da space core;49372926]for the same reason you guys were concerned. because by taking actions like this, you run the risk of ruining perfectly legitimate and wanted software. Hence the large several month delay, something I dont really like personally , but is there to give a window of time for devs to update the software before this change shows up.[/QUOTE]What? No, I'm talking about why something like superfish could have been allowed to be installed by Lenovo and Dell doing the same shit, it's not some minor shit superfish is more or less a rootkit. This isn't some, "oh do you want us to send your anonymous data so we can make your life better?" stuff, it's a prepackaged security vulnerability and I think that distinction should be obvious to just about anybody. Why was that ever an okay thing? [editline]23rd December 2015[/editline] I mean isn't it supposed to just watch browser traffic or something? Something of that nature has no place poking around everywhere else, that's a ridiculous security risk.

[QUOTE=lordofdafood;49371641]Sounds like something MS would do, What I don't get is can I manually change my DNS still or will that option get locked?[/QUOTE] locking that feature would essentially render windows 10 incapable of using a static IP so there's no way they'd ever do that, regardless of how incompetent they are.

[QUOTE=JumpinJackFlash;49373774]What? No, I'm talking about why something like superfish could have been allowed to be installed by Lenovo and Dell doing the same shit, it's not some minor shit superfish is more or less a rootkit. This isn't some, "oh do you want us to send your anonymous data so we can make your life better?" stuff, it's a prepackaged security vulnerability and I think that distinction should be obvious to just about anybody. Why was that ever an okay thing? [editline]23rd December 2015[/editline] I mean isn't it supposed to just watch browser traffic or something? Something of that nature has no place poking around everywhere else, that's a ridiculous security risk.[/QUOTE] What i was specifically reffering to was software that modified DNS settings without user intervention,such as superfish. There is perhaps legit software (perhaps proxy software) that would do this, and thats why Microsoft was reluctant to do this. Except now there is a new way to enable proxies in windows 10, so there really is no excuse anymore for any software to work the old way.

[QUOTE=JumpinJackFlash;49372590]Frankly some of the shit that's put out there is borderline criminal, why was any of this even allowed in the first place? Either way, good on Microsoft for using it's weight to stomp this shit out regardless if there's ulterior motives or not.[/QUOTE] The problem is a computer doesn't (and can't) know if a request to do something is legit. You can either let people actually use their computers or lock everything down in an attempt to prevent exploitation.

[QUOTE=da space core;49375219]What i was specifically reffering to was software that modified DNS settings without user intervention,such as superfish. There is perhaps legit software (perhaps proxy software) that would do this, and thats why Microsoft was reluctant to do this.[/QUOTE][QUOTE=Jsm;49376261]The problem is a computer doesn't (and can't) know if a request to do something is legit. You can either let people actually use their computers or lock everything down in an attempt to prevent exploitation.[/QUOTE] I guess what bothers me is how it does it without saying "hey user, yeah, I am modifying this and this and this, here's why, you cool?" and instead just sort of creeping around in the background. I get what you guys are saying and I'm not blaming Microsoft for not rushing in to protect the end-user but that doesn't get the manufacturers off the hook. I think we can all agree that preinstalled software of that nature with that level of risk without notifying the consumer or anyone else is a real dick thing to do.

There is very little MS can do to truly prevent the DNS hijacking. Probably what this policy means is that they will classify all such software as malware in their Windows Defender anti-virus. But again, it definitely won't be the end because Windows Defender can be turned off.

[QUOTE=Jsm;49376261]The problem is a computer doesn't (and can't) know if a request to do something is legit. You can either let people actually use their computers or lock everything down in an attempt to prevent exploitation.[/QUOTE] I say leave it in the user's hands. Protecting people from themselves is a fool's errand.

[QUOTE=Giraffen93;49371522]now start banning bloatware too[/QUOTE] It's rather hard to determine whether software is bloatware or not. You could potentially argue Photoshop is bloatware because it has so many features and uses gigs of disk space.

[QUOTE=benbb;49381509]It's rather hard to determine whether software is bloatware or not. You could potentially argue Photoshop is bloatware because it has so many features and uses gigs of disk space.[/QUOTE] Everything that comes pre-installed outside of stock windows software

[QUOTE=Giraffen93;49381569]Everything that comes pre-installed outside of stock windows software[/QUOTE] Some people actually might like some of that software, some of it is functional.

[QUOTE=Giraffen93;49381569]Everything that comes pre-installed outside of stock windows software[/QUOTE] Press this button to get your free 1GB of Dell Storage Space

[QUOTE=judgeofdeath;49381663]Some people actually might like some of that software, some of it is functional.[/QUOTE] But it's all trial shareware shit, people don't even know what it is and just leave it starting up at boot

If you buy computers from Microsoft themselves, there is no bloatware installed on the computers

[QUOTE=da space core;49381800]If you buy computers from Microsoft themselves, there is no bloatware installed on the computers[/QUOTE] Candy Crush [sp]it really is just a placeholder though undownloaded[/sp]

Cheers microsoft. Now please enable me to download a copy of windows because my laptop didn't come with a physical copy, or enforce it on the laptop distributors (or w/e). [sp]I know you can do that if you have the license, but it doesn't work on OEM's[/sp]

[QUOTE=Giraffen93;49381569]Everything that comes pre-installed outside of stock windows software[/QUOTE] Wouldn't work, I use OS images with pre-installers on them, I would be absolutely fuming if Windows started blocking anything like that - it would also render a small part of group policy basically useless.

[QUOTE=zeromancer;49394156]Wouldn't work, I use OS images with pre-installers on them, I would be absolutely fuming if Windows started blocking anything like that - it would also render a small part of group policy basically useless.[/QUOTE] that comes from the factory (oem), to the consumer