We previously reported regarding Microsoft’s new policies addressing the criteria by which its security product would detect “adware” and browser modifiers. According to these policies, programs should not:
- Prevent or limit users from viewing or modifying browser features or settings; or
- Circumvent user consent dialogs from the browser or operating system.
Recently, Microsoft released a further update setting out an enforcement timetable and further clarifying its detection criteria ("the clarifications"), according to which:
- The rule concerning programs that prevent user control will come into force with immediate effect. The clarifications include examples of common violations of this criteria:
- programs that disable the controls in the Manage Add-ons dialog; and
- programs that remove the proxy control.
- The rule concerning programs that limit user control will come into force on 1 January 2015. Examples for such programs are also provided by the clarifications and include:
- programs that limit the user’s ability to choose their default search provider; and
- programs that limit the user's ability to change their default home page, e.g. by adding additional questioning for the user.
- The rule concerning programs that circumvent user consent dialogue from the browser or an operating system, will come into force on 1 January 2015. Examples of such programs are:
- programs that bypass a browser’s built-in consent-to-enable feature;
- programs that install themselves in a way that circumvents the browser’s consent dialog box from being shown;
- programs that bypass or try to suppress any other of the browser's built in protection dialogs; and
- programs that bypass Internet Explorer's default search permission dialog;
Additional information and details on Microsoft’s changes, as to how the company’s security products detect browser modifiers and adware, is available here