Protecting the modern workplace from a wide range of undesirable softwareOur evaluation criteria describe the characteristics and behavior of malware and potentially unwanted applications and guide the proper identification of threats. Learn how we classify malicious software, unwanted software, and potentially unwanted applications. Read the blog post.

There has been an increase in free versions of programs that purport to scan computers for various errors, and then use alarming, coercive messages to scare customers into buying a premium version of the same program. The paid version of these programs, usually called cleaner or optimizer applications, purportedly fixes the problems discovered by the free version. We find this practice problematic because it can pressure customers into making unnecessary purchase decisions.

To help protect customers from receiving such coercive messaging, we are updating our evaluation criteria to specify that programs must not use alarming or coercive messaging that can put pressure on customers into making a purchase or performing other actions. We use the evaluation criteria to determine what programs are identified as malware and unwanted software. In the future, programs that display coercive messaging will be classified as unwanted software, detected, and removed.

This update comes in addition to our other long-standing customer protection requirements designed to keep our customers from being deceived by programs that display misleading, exaggerated, or threatening messages about a system’s health. In February 2016, we required cleaner and optimizer programs that purport to clean up systems and optimize performance to provide customers with detailed information about what purportedly needs to be fixed. This requirement aims to protect customers from programs that present aggregate “error” results with no specific details, without providing customers with the ability to assess and validate the so-called errors.

We have recently updated our evaluation criteria to state:

Unwanted behaviors: coercive messaging Programs must not display alarming or coercive messages or misleading content to pressure you into paying for additional services or performing superfluous actions. Software that coerces users may display the following characteristics, among others: Reports errors in an exaggerated or alarming manner about the user’s system and requires the user to pay for fixing the errors or issues monetarily or by performing other actions such as taking a survey, downloading a file, signing up for a newsletter, etc.

Suggests that no other actions will correct the reported errors or issues

Requires the user to act within a limited period of time to get the purported issue resolved

Starting March 1, 2018, Windows Defender Antivirus and other Microsoft security products will classify programs that display coercive messages as unwanted software, which will be detected and removed. If you’re a software developer and want to validate the detection of your programs, visit the Windows Defender Security Intelligence portal.

Customer protection is our top priority. We adjust, expand, and update our evaluation criteria based on customer feedback and in order to capture the latest developments in unwanted software and other threats. We encourage our customers to submit programs that exhibit unwanted behaviors related to coercive messaging, or other unwanted or malicious behaviors in general.

Barak Shein

Windows Defender Security Research

Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity and Facebook Windows Defender Security Intelligence.