Ref Windows 10 Edge: How Microsoft is clamping down on browser ad injectors | ZDNet
Microsoft has decided to act over annoying and potentially harmful add-ons that risk ruining the Windows 10 browsing experience on its Edge browser.
Potentially noxious browser extensions, which often secretly install ad injectors, have been a niggling problem for all operating systems and browsers.
During Google's crackdown on dodgy extensions last year, it participated in a study that found five percent of visitors to Google sites have at least one ad injector installed. It purged the Chrome Web Store of 192 bad extensions and later prevented Chrome users from installing extensions outside the store.
Microsoft has just revealed one new method it's using to tackle unwanted extensions or add-ons, such as toolbars. Edge on Windows 10 will block all so-called dynamic link libraries (DLLs) from running on Edge unless Microsoft has signed them.
Users who've discovered unwanted toolbars or third-party content injected onto pages can likely trace the behaviour back to injected DLLs.
"The attacker is trying to colonize the browser, and loading DLLs provides the attacker with a handy cargo pallet full of supplies. Blocking unauthorized DLL injection makes browser exploits more difficult and more expensive for attackers to carry out," Crispin Cowan, a senior program manager on Microsoft Edge, said.
The new DLL-blocking feature rolled out with EdgeHTML 13, the latest version of Microsoft's rendering engine in Edge that arrived in Windows 10 updates last week.
Good stuff, just wish they'd hurry up with the Unwanted and Potentially unwanted Ad rejection. aka Ad blockers.Potentially noxious browser extensions, which often secretly install ad injectors, have been a niggling problem for all operating systems and browsers.
During Google's crackdown on dodgy extensions last year, it participated in a study that found five percent of visitors to Google sites have at least one ad injector installed. It purged the Chrome Web Store of 192 bad extensions and later prevented Chrome users from installing extensions outside the store.
Microsoft has just revealed one new method it's using to tackle unwanted extensions or add-ons, such as toolbars. Edge on Windows 10 will block all so-called dynamic link libraries (DLLs) from running on Edge unless Microsoft has signed them.
Users who've discovered unwanted toolbars or third-party content injected onto pages can likely trace the behaviour back to injected DLLs.
"The attacker is trying to colonize the browser, and loading DLLs provides the attacker with a handy cargo pallet full of supplies. Blocking unauthorized DLL injection makes browser exploits more difficult and more expensive for attackers to carry out," Crispin Cowan, a senior program manager on Microsoft Edge, said.
The new DLL-blocking feature rolled out with EdgeHTML 13, the latest version of Microsoft's rendering engine in Edge that arrived in Windows 10 updates last week.
