In Windows 11, the line between the legitimate and adware becomes increasingly blurred
For the last two or so months, Microsoft has been running campaigns in its Windows 11 operating system to get customers to switch the default web browser in Google Chrome to Microsoft Bing.
The popups, one of the first was published on Reddit more than two months ago, use the title "Switch your default search engine to Microsoft Bing in Chrome". Customers are informed about the benefits of switching to Bing -- earning Microsoft Rewards points, using the new AI-powered Bing, and installing Bing Service to improve the search experience -- and get options to say "yes", which switches the default search engine in Chrome, or "don't switch".
The design of the popup has changed in the meantime, with one of the last iterations shown at The Verge earlier this week.
What makes this particular campaign worrisome for some is how it is implemented. Many Windows 11 users may already know the notifications that Microsoft displays to get them to use certain products or features of the operating system.
This particular campaign, however, does not use the regular notification system of the operating system. Microsoft is using the digitally signed program BGAUpsell.EXE for the campaign, which it places in the directory C:\Windows\Temp\MUBSTemp\.
In Tom Warren's case, Microsoft displayed the popup while a fullscreen game was being played. While that may be a bug, everything else concerning the popup is intentional.
Microsoft placed the file deliberately on user systems and the name of the file gives a good indication of its main purpose. It is designed to get users to use Microsoft products and services. In this campaign, Microsoft appears to target Chrome users who use a search engine as the default that is not Bing.
It is likely Google Search, as it is the default search engine of Google's browser, but it can also be any other search engine. Microsoft is using its control of the Windows platform to push its other services, even in third-party applications.
The consensus on Virustotal, a Google-owned service, seems to be that BGAUpsell.EXE fills all criteria for potentially unwanted programs: it was not installed by the user, was not run by the user manually, and suggests to make changes to a core feature of a program it is not related to.
Some community members call the program malware and spyware, and it certainly matches some of the criteria as well.
Microsoft informed The Verge that it has paused the campaign to address "unintended behavior". Pausing indicates that Microsoft has every intention to continue the campaign at a later stage. It is unclear what Microsoft exactly means with "this unintended behavior", but it may refer to the popup being displayed while fullscreen apps or games are running.
Günter Born discovered that the campaign rolled out via server-side updates, something that users and administrators have little control over.
Microsoft's methods of getting customers to switch to Bing, Microsoft Edge and other company products have increased in intensity and aggressiveness in the past couple of years. Ads have appeared in various sections of its Windows operating system, such as the Get Help support app, Settings, or the Start Menu. Microsoft pulled some, like the ones that made the Weather app barely usable, but new ones appear regularly throughout the operating system and on Microsoft properties.
While Microsoft is not the only big Internet player that uses its dominance to push its products, Google is also doing this to some extend, the fact that others do it should not be taken as an excuse. People pay for Windows, either directly or indirectly, when they buy OEM systems. These customers should not be bombarded by ads and other, mostly unwanted, notifications and behaviors, unless Microsoft makes it very clear that this is the new standard on Windows.
Now You: what is your take on this?