Microsoft has published an updated policy for its Malware Protection Center ("MMPC"), extending the scope of the evaluation criteria according to which, it detects and blocks programs considered by it as unwanted or as "malware". According to the new policy:
"Programs that change the user browsing experience must only use the browsers’ supported extensibility model for installation, execution, disabling and removal. Browsers without supported extensibility models will be considered as non-extensible".
This supplement addresses software that affects or interacts with the browsing experience in different ways (without doing so through a browser extension), and not just those that insert ads into the browsing environment. Accordingly, MMPC has moved the criterion from the Advertising criteria to becoming an expansion of its Browser Modifier criteria.
Microsoft encourages developers who may be affected by this policy, to fix their software in order to become compliant with the new criteria and to follow the respective browser policies. Enforcement of the new policy will commence on 2 May 2016.
This change in policy is similar to Google's "Unwanted Software Policy" which extended at the beginning of 2015, the application of the company's malware protection tools to programs that make "any change to a browser’s functionality… without doing so through a browser extension" (see our related report).