The Microsoft Malware Protection Center has announced that, on March 31st, 2016, certain types of advertisement-injection will be reclassified as malware. This does not include all forms of ad-injection, just ones which use confusing, difficult to remove, or insecure methods of displaying them. Specifically, adware must use the browser's default extension model, including their disable and remove functions. Recent adware has been known to modify DNS and proxy settings to force web traffic through a third party that injects ads, including secure websites using root certificates.

In other words, Superfish.

An interesting side-story is that, while Microsoft requires that adware uses default browser extensions, Microsoft Edge does not yet have any. Enforcement doesn't start until March 31st, but we don't have a date for when extensions arrive in Microsoft. I seriously doubt that the company intends to give Edge a lead-time, but that might end up happening by chance. The lead time is probably to give OEMs and adware vendors a chance to update their software before it is targeted.

The post doesn't explicitly state the penalties of shipping adware that violates this blog post, but the criteria is used for antimalware tools. As such, violators will probably be removed by Windows Defender, but that might not be the only consequence.