Advertisers, publishers and partners must ensure a positive download experience for users. This includes, at a minimum: clearly identifying the software that is being installed and its source; explaining the effects on the user’s browser settings or operating system and its settings, etc.; and allowing easy uninstall and disablement. Use the policies on this page for help.
In addition to compliance with these policies, we also require compliance with the Microsoft Malware Protection Center policies and adherence to prevalent industry guidelines and best practices.
Malicious and unwanted software
Microsoft does not allow the promotion and distribution of either malicious software or unwanted software.
- Malicious software is software which performs malicious actions on the user’s device, such as compromising personal and financial information or security protocols. Malicious software includes, but is not limited to: trojan, worms, ransomware, trojanclicker, trojanspy, backdoor trojan, exploit, macro virus, virtool, dropper, rogue security software, password stealer, obfuscator, hacktool, virus, spyware (including recording actions performed on the user's device such as keystroke logging) and scareware.
Microsoft utilises a series of signals and classifications to determine whether software meets the definition of malicious software.
- Unwanted software includes software that does not expressly fall under the definition of malicious software, but still includes functionality which limit or deny users’ choice and control on the experience on their own devices or may otherwise compromise user computing experience and/or the performance of the user’s device, browser, operating system or even publisher properties.
In determining whether software is “unwanted software,” we apply the criteria listed below. We also consider the Microsoft Malware Protection Center policies, other Microsoft product requirements (such as Windows), industry guidelines and best practices.
User choice and control
Users must be provided with adequate choice and control both before, during and after installation. Software which does not provide adequate choice and/or control is not allowed within the Microsoft Advertising network.
Choice ensures that users are fully informed about how software may affect their experience on their devices, and that none of the functions of a program or settings on the device are altered without the user’s clear and informed consent.
User notice must be clear, informed, unequivocal and not coerced or otherwise obtained through misleading claims, false representations or other fraudulent means. In determining whether disclosures to users are acceptable, we will consider the totality of the experience on both the offer and the landing page and/or offer screen from the point of view of an average consumer. Material terms cannot appear only within the End User License Agreement (“EULA”), but must be prominently displayed up front (that is, what an average user can read and understand) and must not be misleading or hidden (for example only under the “Custom Install” option).
- Disclosures enable users to exercise choice. All relevant and material information must be clearly and prominently disclosed up front to end users on the landing page, offer screen or store listing (as relevant) before install. This includes, but is not limited to:
- Origin and scope of the download, including if the download originates from a different domain.
- Actions and effects that the software will have on the user’s device and settings, including changes to the search providers, autocomplete, homepages, local file systems and other configurations and user's settings.
- Alteration of existing software on the user's device.
- Any variations from the official software.
- Software uninstall information that includes instructions on reverting back settings that the software changes.
- Offer screens must clearly disclose and identify to users all software included in the offer (including appropriate branding/logo usage).
- The name of the software on the offer screen must match the name of the software as stored on the user device and uninstall dialogs. In other words, users must be able to clearly locate the software on their devices based on the original name presented in the offer screen at installation.
- Add/remove details must be accurate (for example, install date must match the date of the program installation).
- Offer screens must be presented to the user as either opt-in or opt-out.
- Users must be able to decline all secondary offers, individually or in bulk (“Skip All”).
- Accept and Decline options must be of equal prominence.
- Repeat declines are disallowed. As users decline any or all secondary offers, the offer screen must not prompt users to decline the same offer(s) more than once.
- Offer screens must clearly disclose to the users any changes to the settings, existing software and applications. For example, modifications to the search provider, homepage and/or new tab must be clearly disclosed to the user.
Control ensures that users are in full control of the overall experience on their device, including all software applications they download. Users must be in control at all times, including if and when they elect to revert back to previous settings or uninstall or disable any previously installed software.
- Software must not include malicious or unwanted software.
- Software must not create any unexpected behaviors. The software must behave consistently with the declared behavior and functionalities at install.
- Software must not perform activities that are hidden to the user or otherwise attempt to hide its presence or operation on the device, unless for legitimate background processes (which would be disclosed to users at install). For clarity, this does not include activities that would normally be expected to be hidden as part of regular product functionality, such as calculations.
- Software must not be designed to evade, circumvent or impair security checks, antimalware, operating system and browser security scans and protection, or spam filters.
- Cloaking behaviors or technology, or any behaviors meant to elude scans or detection, is not allowed. The software must not behave differently in a virtual environment or otherwise attempt to elude browser protection, anti-malware detection or fraud filtering.
- Downloads must not alter, reconfigure or disable existing software or settings installed on the user’s device without clear disclosure and consent from the user before install.
- Software must not inhibit or otherwise limit the user`s ability to control and change settings on the device.
- Software that automatically dials a phone number, or connects remotely to another device or system without legitimate reasons and/or user consent is not allowed.
- Alerts or other technologies must not attempt to mislead users into believing something is wrong with their device that needs fixing when this is not the case (e.g., scareware), or otherwise misrepresent or make exaggerated claims about system health and performance (for example by claiming that the system performance will improve by removing files that do not positively affect system performance).
- PC cleaner/optimisation software should provide error details to further specify their claims, as opposed to merely stating the presence of a certain number of issues.
- Free downloads must not be made conditional to any forms of consideration, including a sign up or the provision of a cellular phone number (except in the event where sign up/account creation needs to be validated by the user, such as an email account creation validated via text message, or a required app store account creation for example).
- Software must not weaken or attempt to compromise the security and/or protection of the user device or attempt to disclose any of the personal or sensitive information of the end user.
- Software may not replace, add to or remove from the webpage by injecting content, or causing site content not to display, from a source with which the site owner does not have an affiliation.
- Software must not limit the user’s control or programmatic control of the user’s browser default search settings, home page and new tab, either through additional questioning/prompts or other means of prevention when a change to the default search, home page or new tab settings is attempted.
- Unsigned software is not allowed. All software must be digitally signed by its author(s) using a valid certificate issued by a reputable certification authority.
- Unauthorised distribution is not allowed. Advertisers and partners may only distribute software which they are authorised to distribute. Please review our Misleading Content Policy to learn more about promotion of third-party products and services.
- Free desktop software in particular is subject to heightened controls, which may require actual proof of authorised distribution from the software publisher.
- Software that changes browsing experience must adhere to the browser’s and/or operating system’s respective supported extensibility models and policies. For example, software may not suppress or otherwise circumvent browser consent dialogs.
- Users must be able to abort software installation prior to completion through a standard “close” button. Aborted installations must be complete, in that no traces of the software remain on the device (including discarding of any selections made prior to abort).
- Installation programs may only present one single dialog prompt confirming user intent to abort in clear, straightforward language.
- If a user declines an offer, or cancels the install before the installation process is completed, software may not place any shortcuts on the user’s device to continue the installation at a later time.
- Changes to user’s device and settings, including changes to the search providers, homepages, local file systems and other configurations and user's settings must be easily reversible without negative impact.
- Undisclosed files that are unnecessary or unrelated to the software being installed must not be installed or delivered.
- Updates must not be triggered without user consent, with the exception of enterprise products background updates (disclosed at install). Users may agree to automatic updates during installation via prominent consent language (e.g., a check box on the offer screen).
- Update dialogs must clearly disclose what is being updated.
- Software updates must not materially alter the original function of the software disclosed at install without the user consent and control.
- A software update must not alter third party software without user consent.
- For clarity, this does not include antimalware software signature updates that enable the detection of third party software for user protection purposes; an updated antimalware product is allowed to detect third party software as result of its updates.
Any software download must include an uninstall function in the Programs and Features or Add/Remove Programs control panel, or the browser’s or operating system’s default removal method.
- The uninstall process must not be difficult, confusing or made conditional to payments, subscriptions, other downloads, etc.
- Upon uninstall, a program may only display one single confirmation prompt. The confirmation prompt cannot be misleading or otherwise attempting to persuade the user not to proceed with the uninstall.
- During uninstall, software may not install, uninstall or reinstall other unrelated software on the device without user consent.
- The uninstall process must be complete and permanent for each software download. No traces of the specific uninstalled software can remain on the user’s device.
- All software that is included in the download bundle must be clearly disclosed to the user.
- The software or bundles must not be altered from what was disclosed to the end user or after review by Microsoft (for example, by injecting code into the bundle).
- End users must be allowed to easily decline each individual software within the bundle, either individually or through a “skip all.”
- Installer and bundles must not crash or freeze programs or the device.
- Chained bundlers (bundle within a bundle) are not allowed.
- Legitimate software cannot be bundled with other software that is not allowed by this policy. For example, an otherwise “complaint” software cannot be bundled with spyware.
Additional requirements for advertisements
- Software should be available on the website as advertised in ad copy.
- The software promoted in ad copy must be present on the landing page.
- If the ad copy promotes “latest version, free” of a download, users must be able to download the latest version of the software from the website at no cost, and without the need to download any additional software (either for payment or free).
- It must be noted in ad copy if access to content or services requires a software download (e.g., toolbars).