MPC: How Microsoft identifies Unwanted Programs

[Ink]

Malware Protection Center: How Microsoft antimalware products identify potentially unwanted software

Unwanted software and Malware
Identifying and analyzing unwanted software is a complex challenge. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.

New forms of unwanted software are developed and distributed rapidly. As a result, Microsoft reserves the right to adjust, expand, and update its criteria for analysis without prior notice or announcements.

Evaluation criteria
Microsoft researchers use the following categories to determine whether to add a program to the definition library, and what classification type, risk level, and recommendation to give it.

Unwanted behavior: lack of choice

Spoiler: Unwanted behavior: lack of choice

You must be notified about what is happening on your PC, including what a program does and whether it is active.

Software that exhibits lack of choice may:

• Fail to provide prominent notice about the behavior of the program and its purpose and intent.
• Fail to clearly indicate when the program is active, and may attempt to hide or disguise its presence.
• Install, reinstall, or remove software without your permission, interaction, or consent.
• Install other software without a clear indication of its relationship to the primary program.
• Circumvent user consent dialogs from the browser or operating system.
• Falsely claim to be a program from Microsoft.

Unwanted behaviors: lack of control

Spoiler: Unwanted behaviors: lack of control

You must be able to control programs on your computer. You must be able to start, stop, and otherwise revoke authorization to a program.

Software that exhibits lack of control may:

• Prevent or limit you from viewing or modifying browser features or settings.
• Open browser windows without authorization.
• Redirect web traffic without clear notification and consent.
• Modify or manipulate webpage content without your consent.

Unwanted behaviors: installation and removal

Spoiler: Unwanted behaviors: installation and removal

You must be able to start, stop, and otherwise revoke authorization to a program. Programs should obtain your consent before installing, and the program must provide a clear and straightforward way for you to install, uninstall, or disable it.

Software that exhibits a poor installation experience may:

• Bundle or download other unwanted software classified in the Microsoft antimalware definition library.

Software that exhibits a poor removal experience may:

• Present confusing or misleading prompts or pop-ups when attempting to uninstall software.
• Fail to use standard install/uninstall features, such as Add/Remove Programs.

Unwanted behaviors: computer performance

Spoiler: Unwanted behaviors: computer performance

You must be able to expect that the actions a system maintenance or optimization program takes towards system performance are actually beneficial. You should be able to maintain the overall quality of your computing experience.

Software that impairs computer performance may:

• Display exaggerated claims about the system's health.
• Make misleading or inaccurate claims about files, registry entries, or other items on the system.
• Decrease computer reliability.

Advertising

Spoiler: Advertising

Programs that promote a product or service outside of their own program can interfere with your computing experience. You should have clear choice and control when installing programs that open advertisements.

The advertisements that are opened by these programs must:

• Include an obvious way to close the ad. The intent of closing the ad must not open another ad.
• Include the name of the program that created the ad.

The program that creates these advertisements must:

• Provide a standard uninstall method for the program using the same name as shown in the ads it produces.

Programs that create advertisements in web browsers must:

• Only use the browsers’ supported extensibility model for installation, execution, disabling and removal.

Advertisements shown to you must:

• Be distinguishable from the website content.
• Not mislead or deceive, or confuse with the intent to mislead or deceive.
• Not contain malicious code.
• Not invoke a file download.

Privacy

Spoiler: Privacy

You want to maintain control over your information. You expect to determine how your information is collected, used, and shared with others.

Some types of programs can also have an impact on your privacy. These include, but are not limited to:

• Monitoring programs: software that stores or transmits your activities without notice and consent, or offers a stealth option to hide this behavior.

Note: Monitoring programs are not necessarily malicious. For example, parental controls can feature keystroke monitors, but these programs can pose a risk to your privacy if you don't expect or know about their presence.

Full Post: Microsoft Malware Protection Center

 

[Exterminator]

Microsoft has spent a lot of time improving Windows Defender in the last few years, so it’s now offered as the default pre-installed antivirus on Windows 8.1 and Windows 10, coming with features that bring it close to the leading security products from third-party vendors.

And while Windows Defender can most of the time take care of your computer’s security all by itself, unwanted software could sometimes pass its filters and land on the PC.

In an article posted on the Malware Protection Center, Microsoft explains how unwanted software ends up being detected and blocked by Windows Defender, emphasizing that, in some cases, consumer reports and feedback are critical to better security.

Microsoft says that it already has a definition library of unwanted software based on files and settings, and new entries are added to this list regularly as researchers identify them.

“Microsoft has created a worldwide network where you can submit unwanted software for analysis. Participants in the network play a key role in helping identify new suspicious programs quickly. After analysis, Microsoft creates definitions for programs that meet the criteria, and makes them available to all users through Microsoft antimalware software,” the company states.

Growing definition library
When looking for unwanted software, Microsoft scans the computer for applications that could be based on unwanted behavior, bring ads on your PC, or collect private information. In most of the cases, these are applications that promise to optimize or clean your computer, and after scanning the local drives, they recommend users to purchase a premium package or a subscription in order to apply the necessary fixes.

But all these recommendations are actually false, and Microsoft says that nobody should fall for this scheme if their computer somehow gets “infected” with this kind of apps.

“The software runs unwanted processes or programs on your PC, does not display adequate disclosures about its behavior or obtain adequate consent, prevents you from controlling its actions while it runs on your computer, prevents you from uninstalling or removing the program, prevents you from viewing or modifying browser features or settings, makes misleading or inaccurate claims about the state of your PC, or circumvents user consent dialogs from the browser or operating system,” Redmond adds.

Certainly, seeing Windows Defender getting more improvements is a good thing, especially because security is becoming a main concern these days, and part of the users don’t want to pay for a third-party antivirus product. And Microsoft’s efforts are already paying off, as Windows Defender performed surprisingly well in the latest tests performed by third-party institutes.

 

[hjlbx]

On W10 Windows Defender and Smart Screen interfered with my very-recently-introduced-to-the-wild malware file testings. This shows me both now provide good base-line protection.