Microsoft To Delete Software that Bullies Users To Pay for Upgrades
Starting next month, Microsoft will be on the lookout for software that uses alarming or misleading notifications to scare users into paying for added security protection. Microsoft will then delete that software via Windows Defender Antivirus and other Microsoft security programs.
Microsoft has noticed an increase in the number of free cleaner or optimizer programs using coercive language to drive people to pay for "premium" versions of their software, Terry Myerson, executive vice president for the Windows and Devices Group, said in a blog post Tuesday. Under Microsoft's new security criteria, such products will now be classified as malware or unwanted software.
In other news, Microsoft yesterday reported Q2 financial results that showed the company with $28.9 billion in quarterly revenues as of Dec. 31, 2017, a 12-percent increase over the same period in 2016. Income for the quarter took a hit from a one-time, $13.8 billion charge due to the Trump- and GOP-led tax bill approved by Congress in December. However, without that bill, which slashed rates for U.S. firms' overseas cash holdings from 35 percent to 15.5 percent, Microsoft would have had to pay over $28 billion more to repatriate those funds.
Coercive Messages = 'Unwanted Software'
In unveiling Microsoft's new security criteria for software, Myerson called the use of scary warnings to persuade users to buy software upgrades "problematic." Those new criteria will go into effect March 1.
"In the future, programs that display coercive messaging will be classified as unwanted software, detected, and removed," Myerson said on the Microsoft Secure blog. "This update comes in addition to our other long-standing customer protection requirements designed to keep our customers from being deceived by programs that display misleading, exaggerated, or threatening messages about a system’s health."
Two years ago, Microsoft criticized cleaner and optimizer programs for not providing users with more detailed information about the system errors and security problems they claimed to address. At that time, Microsoft updated its security criteria to require providers of such software to improve transparency so users could decide how valid such errors were and how helpful the software might be.
'Increasingly Complex Threat Environment'
Microsoft's latest changes flag software not only for using exaggerated or alarming notifications, but for suggesting to users that there is no other method to correct the reported errors or problems. They also target programs that tell users they must act within a limited period of time if they want problems to be corrected.
Cleaner and optimizer programs have been connected to other security issues as well. In September, for example, Cisco threat intelligence researchers discovered that malware designed to collect information about users' PCs had somehow been inserted into a free optimization tool called CCleaner.
The tool's maker, Piriform, shut down the server receiving users' information and notified customers and law enforcement authorities. The security software company Avast linked the malware, believed to have affected some 2.27 million PCs, to a larger, sophisticated attack on technology and telecommunication companies in the U.S., as well as in Germany, Japan, Taiwan, and the U.K.
During yesterday's earnings call, Microsoft CEO Satya Nadella described an "increasingly complex threat environment" that includes recently discovered chip-level vulnerabilities, such as Spectre and Meltdown.
"Our investments to make Windows 10 the most secure, always up-to-date operating system enabled us to move quickly to protect customers in the face of these threats," Nadella said.
Image credit: Microsoft; iStock/Artist's concept. Pictured (left to right): Samsung Galaxy Book 10, ASUS VivoBook Flip, Dell XPS 13, HP Pavilion 15, Lenovo Ideapad Flex 5.