Skip to main content
Microsoft Security
Protecting the modern workplace from a wide range of undesirable software

Our evaluation criteria describe the characteristics and behavior of malware and potentially unwanted applications and guide the proper identification of threats. Learn how we classify malicious software, unwanted software, and potentially unwanted applications. Read the blog post.

Microsoft is committed to protecting our customers and their Windows experience. We use our evaluation criteria to determine if a program should be detected by our security products. As the software ecosystem evolves, so does our evaluation criteria.

We are currently updating our evaluation criteria to address new technology changes, industry trends, customer feedback, and our desire to help better protect our customers. We are working with the industry and our partners to understand and implement these changes.

One of these changes will enable our systems to better detect misleading advertising. There has been a recent increase in the number of online advertisements that are intentionally misleading in nature. We’ve found that these types of advertisements often try to convince a user to do something, the consequences of which they may not fully understand, such as visiting an infected website or downloading a program that can negatively impact their browsing experience.

We will enforce our updated evaluation criteria from June 1, 2015.

Changes to our unwanted software evaluation criteria

We are including the following updates to our objective criteria:

Advertisements: The advertisement should not mislead you into visiting another site or downloading files.

Advertisements shown to a user:

  • Must not mislead or deceive, or confuse with the intent to mislead or deceive
  • Must be distinguishable from website content
  • Must not contain malicious code
  • Must not invoke a file download

Misleading advertisements

Misleading content

The following examples show some of the advertising types that are considered misleading according to our updated evaluation criteria:

Misleading downloads

Another example of misleading advertisements are those that prompt a download when the advertisement is clicked. This reduces user control over their browsing experience. The expected behavior is that the program will be downloaded from a product landing page, and not directly from an advertisement.

Indistinguishable content

Advertisements that make it difficult to tell whether a user is looking at website or advertisement content will also be detected as misleading. In many cases these ads are created so that a user doesn’t realize that they are looking at an advertisement.

Malicious code

Advertisements that include malicious or exploit code are already detected. However, our updated evaluation criteria is now more explicit. Such behavior is not tolerated.

Enforcing our criteria

When SmartScreen Filter is turned on, Internet Explorer will notify you about sites that contain an advertisement that is detected under our evaluation criteria.

For more information about how this technology works, see the SmartScreen Filter page.

Michael Johnson and Barak Shein

Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity.