What Is a Potentially Unwanted Program (PUP)?

The abbreviation PUP stands for the potentially unwanted program. From a technical point of view, it is not malware. A PUP is not intended to cause damage to the computer or steal identities and data but usually pursues marketing purposes by displaying advertisements or changing browser settings, such as the start page or the default search. Potentially unwanted programs are often referred to as adware or spyware.

Unlike a malicious program, the software does not get onto a computer through security vulnerabilities or hacker attacks. Usually, the installation is done with the user’s consent. PUPs can take a toll on a computer or severely interfere with its work due to changes in settings and the display of windows.

While some PUPs include features that users actually use, a majority of potentially unwanted programs do not generate any added value for the user. The programs try to generate revenue for the software’s manufacturer by showing advertisements or exploiting user data such as search behavior. Most PUPs are legal and their installation is not prevented by antivirus programs. However, some unwanted programs operate in a legal gray area.

What is EMM (Enterprise Mobility Management)?

How Do PUPs Differ from Malware and Legitimate Software?

Potentially Unwanted Programs (PUPs) are a category of software that falls between legitimate software and malware. They often raise questions about their intentions and impact on users’ systems. Here’s how PUPs differ from both malware and legitimate software:

Legitimate Software

Legitimate software refers to programs that are intentionally developed and distributed for specific purposes, generally with the user’s consent. These programs serve useful functions and are typically designed to enhance productivity, entertainment, or communication.

Examples include web browsers, word processors, media players, and antivirus software. Legitimate software is usually well-documented, comes from reputable sources, and is transparent about its functionality.

Potentially Unwanted Programs (PUPs)

While not necessarily malicious, PUPs are software applications that exhibit behaviors that users might find undesirable. These programs are often bundled with legitimate software or presented as optional installations during software downloads.

PUPs might include adware (displays unwanted ads), browser toolbars (changes browser settings), or system optimizers (claim to improve performance but might not deliver significant benefits). Users might inadvertently install PUPs without fully understanding their implications. PUPs can potentially lead to diminished system performance, privacy concerns, and unwanted changes to browser settings.

Malware

Malware (malicious software) is specifically designed to harm, exploit, or compromise computer systems and data. Unlike PUPs, malware is intentionally created with malicious intent. Types of malware include viruses, worms, Trojans, ransomware, spyware, and rootkits.

Malware can steal sensitive information, corrupt files, disrupt system operations, or take control of a system for criminal purposes. Malware usually spreads covertly and without the user’s consent, often through phishing emails, malicious downloads, or compromised websites.

Key Differences

Intent: Legitimate software serves a clear purpose and is generally developed to benefit users. PUPs might offer some functionality but often come with hidden behaviors that users may not desire.
Transparency: Legitimate software is transparent about its features and functions. PUPs often lack transparency about their full impact on users’ systems.
Consent: Legitimate software requires user consent for installation. Due to bundled installations or deceptive tactics, PUPs might be installed without the user’s full awareness.
Malicious Intent: While PUPs might exhibit unwanted behavior, they are not designed to be outright malicious like malware, which actively seeks to cause harm.
Removal Difficulty: PUPs can sometimes be challenging to remove due to intentional tactics to make uninstallation difficult. Legitimate software generally has proper uninstallation procedures. Malware can also be difficult to remove, often requiring specialized tools.

What is Bring Your Own Identity (BYOI)?

How Potentially Unwanted Programs Get onto A Computer

Most commonly, potentially unwanted applications enter a computer while installing other free programs. Popular freeware serves as a kind of bait. Through carelessness, the user accepts options that allow the installation of other programs during the installation. Thus, the user usually actively agrees to install the unwanted program.

Also, when updating certain software on a computer, some vendors try to foist PUPs on users through additional options. Once a PUP is installed on a computer, it may act as a kind of pyramid scheme and prompt the installation of additional unwanted programs.

How PUPs Operate

PUPs use deceptive methods to infiltrate systems and exhibit unwanted behaviors once installed. Here is the detail operation:

Infiltration Methods

Potentially Unwanted Programs (PUPs) employ various methods to infiltrate a user’s system, often taking advantage of users’ actions or lack of awareness. Some common infiltration methods include:

Bundling: PUPs are frequently bundled with legitimate software downloads. Users may inadvertently agree to install additional programs without realizing it when they install the desired software.
Deceptive Downloads: Users might unknowingly download PUPs from untrustworthy sources or through deceptive ads. For instance, a download button on a website might lead to a PUP instead of the intended content.
Misleading Ads: PUPs can be promoted through misleading advertisements that promise free software, updates, or system enhancements. Clicking on these ads can trigger unintended installations.
Fake Updates: PUPs can pose as software updates or security patches. Users might be prompted to install these updates, which turn out to be PUPs in disguise.

User Actions and Inadvertent Installation

User actions play a significant role in the inadvertent installation of PUPs. Common scenarios include:

Unchecked Installation Options: Users might rush through software installations by clicking “Next” without carefully reviewing installation options. PUPs often hide behind pre-selected checkboxes, leading to their installation alongside desired software.
Skipping EULA (End User License Agreement): Users frequently skip reading the EULA, which can contain information about bundled PUPs. By agreeing without understanding, users unwittingly allow PUP installation.
Download Sources: Downloading software from unverified or unofficial sources increases the risk of downloading bundled PUPs, as these sources might not prioritize user security.

Behavior Patterns

Once installed, PUPs exhibit a range of behaviors that can negatively impact a user’s system:

Browser Changes: PUPs often alter browser settings, such as the default search engine, homepage, and new tab page. Users might find themselves redirected to unfamiliar websites.
Unwanted Advertisements: Many PUPs display intrusive ads, pop-ups, and banners within the user’s browser or other applications. This can lead to a disruptive browsing experience.
System Slowdowns: PUPs can consume system resources, leading to reduced performance. Excessive ads, background processes, and network activity contribute to system slowdowns.
Data Collection: Some PUPs collect user data, such as browsing habits, search history, and personal information, without explicit consent. This poses privacy risks and can lead to targeted advertisements or data breaches.

What is a One Time Pad (OTP)?

Impact of PUPs on User Experience

The impact of PUPs on user experience is substantial. They lead to performance degradation, browser hijacking, and privacy concerns.

Performance Issues

Potentially Unwanted Programs (PUPs) can significantly impact system performance and responsiveness, leading to frustration and decreased productivity. Some ways PUPs affect performance include:

Resource Consumption: PUPs often run background processes, consuming CPU, memory, and network resources. This can cause overall system slowdowns, making tasks take longer to complete.
Startup Delays: PUPs might add themselves to startup processes, prolonging the time it takes for the system to boot up.
Application Crashes: Incompatible or poorly designed PUPs can cause conflicts with other software, resulting in crashes and instability.
Browser Lag: PUPs that manipulate browser settings can cause delays when opening new tabs, loading web pages, or interacting with online content.

Browser Hijacking

PUPs frequently engage in browser hijacking, which involves altering browser settings and injecting unwanted content. This can have several negative effects:

Altered Settings: PUPs can change the default search engine, homepage, and new tab settings without user consent, leading to a loss of control over the browsing experience.
Ads and Pop-ups: PUPs inject intrusive advertisements and pop-ups into websites, disrupting the user’s online experience and cluttering the interface.
Redirects: Users might be redirected to unfamiliar and potentially malicious websites, increasing the risk of encountering phishing scams or malware downloads.
Search Results Manipulation: PUPs can modify search engine results, leading users to irrelevant or sponsored content.

Privacy Concerns

PUPs often engage in unauthorized data collection, compromising user privacy and potentially exposing sensitive information:

Data Gathering: PUPs can track users’ online activities, including browsing habits, search queries, and even personal information.
Unauthorized Sharing: Collected data might be shared with third parties without user consent, leading to targeted advertisements or even data breaches.
Identity Theft Risk: If personal information is compromised, users might become targets of identity theft and online scams.
Loss of Control: Users lose control over their own data, with PUPs collecting and transmitting information without their explicit knowledge or approval.

What is A Sandbox?

How to Recognize and Prevent PUPs

How to Identify PUPs

To avoid inadvertently installing Potentially Unwanted Programs (PUPs), users can follow these tips:

Careful Installation: Always review installation prompts and options. Uncheck any pre-selected checkboxes that offer additional software to prevent unintended installations.
Read User Agreements: Take the time to read the End User License Agreement (EULA) before installing software. Look for mentions of bundled software or PUPs.
Avoid Rushing: Don’t rush through installation processes. Take a moment to understand what you’re installing and any potential consequences.
Deceptive Download Sources: Be cautious of downloading software from unfamiliar or untrustworthy websites. Stick to well-known sources to minimize the risk of PUPs.
Fake Software Updates: Be wary of unsolicited update prompts. Always verify the authenticity of updates through official sources rather than clicking on pop-ups.

Safe Download Practices

Adopt these practices to ensure safe software downloads:

Reputable Sources: Download software only from reputable sources, official websites, and verified app stores. Avoid third-party download sites that might host modified or bundled versions.
Official Websites: Always prefer downloading software from the software provider’s official website. This reduces the likelihood of downloading PUPs.
Verified App Stores: When downloading apps for mobile devices, use trusted app stores like the Apple App Store or Google Play Store.

Browser Extensions and Plugins

To prevent PUPs from infiltrating your browser:

Caution with Add-ons: Be cautious when installing browser extensions and plugins. Only install those from well-known developers or those with positive user reviews.
User Reviews: Check user reviews and ratings for extensions before installing them. Negative reviews mentioning unwanted behaviors can be a red flag.
Permissions: Pay attention to the permissions an extension requests. If an extension requires more permissions than it logically should, it might be a sign of a PUP.

Security Software

Utilize security software to safeguard against PUPs:

Antivirus and Anti-Malware: Install a reputable antivirus and anti-malware program that includes PUP detection and removal capabilities.
Regular Scans: Schedule regular scans of your system to identify and remove PUPs that might have been inadvertently installed.
Real-Time Protection: Enable real-time protection features in your security software to block PUPs before they can infiltrate your system.

Regular Software Updates

Frequent software updates are crucial:

Software Updates: Keep your operating system, web browsers, and all software up to date. Updates often include security patches that protect against vulnerabilities exploited by PUPs.
Browser Security Settings: Adjust your browser’s security settings to block potentially harmful downloads and warn you about suspicious websites.

What is WPA (Wi-Fi Protected Access)?

How to Deal with PUPs

These steps will help you deal with Potentially Unwanted Programs, remove them from your devices, restore system settings, and safeguard your personal information from online threats.

Removal Methods

To effectively deal with Potentially Unwanted Programs (PUPs), follow these steps for different devices:

For Windows

Uninstall PUPs: Go to Control Panel > Programs and Features (or Apps & Features in newer versions of Windows). Locate the PUP, select it, and choose “Uninstall.”
Clean Temporary Files: Use the built-in Disk Cleanup tool to remove temporary files that might be associated with the PUP.
Use PUP Removal Tools: Utilize reputable PUP removal tools such as AdwCleaner or Malwarebytes to scan and remove PUPs.

For macOS

Applications Folder: Open the Applications folder, locate the PUP, and drag it to the Trash.
Extensions: Remove any unwanted browser extensions from your web browsers.
Use Cleanup Tools: Consider using software like Malwarebytes for Mac to scan and remove PUPs.

For Mobile Devices (Android/iOS)

Uninstall Apps: Go to Settings > Apps and uninstall suspicious apps on Android. On iOS, press and hold the app icon, then tap the “X” to delete.
Remove Browser Extensions: Remove any suspicious extensions or add-ons in mobile browsers.
Download Trusted Apps: Install reputable antivirus and anti-malware apps from trusted sources to scan for and remove PUPs.

System Restoration

After removing PUPs, follow these steps to restore system settings:

Browser Settings:

In your browser’s settings, use the option to reset to default settings to remove any unwanted changes made by PUPs.

Operating System:

System Restore (Windows): Use System Restore to roll back your system to a point before the PUP was installed.
Time Machine (macOS): If you have Time Machine backups, you can restore your system to a previous state before the PUP installation.

Data Protection

To safeguard your personal information from PUPs and online threats:

Backup Important Data: Regularly back up your important files and data to an external drive or cloud storage. This helps mitigate data loss due to malware or system issues.
Online Security: Use strong, unique passwords for different online accounts to prevent unauthorized access.
Two-Factor Authentication (2FA): Enable 2FA whenever possible to add an extra layer of security to your accounts.
Limit Data Sharing: Review and adjust privacy settings on social media platforms and online services to minimize data sharing.
Install Reliable Software: Use reputable antivirus and anti-malware software to provide real-time protection against PUPs and other threats.

What Is a Keylogger? Understanding the Silent Spy

Frequently Asked Questions about Potentially Unwanted Programs

What exactly is a Potentially Unwanted Program (PUP)?

A Potentially Unwanted Program (PUP) is software that might exhibit undesirable behavior or functions on a user’s device. While not necessarily malicious, PUPs can negatively impact system performance, user experience, and privacy.

Are PUPs malware?

PUPs are not always classified as malware but often blur the line between legitimate software and malicious programs. While not intentionally designed to cause harm, some PUPs can still compromise user privacy and system performance.

What are some common ways that PUPs can infiltrate my system?

PUPs can infiltrate systems through methods such as bundled installations, deceptive downloads, misleading ads, and fake software updates. Users might unknowingly agree to their installation or download PUPs from untrustworthy sources.

Can PUPs cause damage to my computer beyond annoyance?

While not typically designed to cause severe damage like malware, some PUPs can impact system performance, compromise privacy, and lead to potentially harmful activities such as data collection or unauthorized changes to settings.

What should I do if I suspect a PUP on my system?

If you suspect a PUP on your system, consider using reputable antivirus or anti-malware software to scan for and remove it. You can also follow manual removal steps or use dedicated PUP removal tools.

Are free software downloads more likely to come with PUPs?

While not all free software downloads include PUPs, some free applications might bundle PUPs to generate revenue. It’s important to exercise caution and choose reputable sources for downloading software.

Can PUPs impact mobile devices, or are they limited to computers?

PUPs can indeed impact mobile devices, including both Android and iOS platforms. They can infiltrate devices through app downloads and compromise the user experience and privacy.

Are browser extensions always potentially unwanted?

Not all browser extensions are PUPs, but users should exercise caution when installing them. Some extensions might exhibit undesirable behaviors like injecting ads or tracking user data without permission.

How can I protect my data from PUPs?

To protect your personal data from PUPs, practice safe download habits, avoid suspicious websites, install reputable security software, keep your operating system and software up to date, and be cautious when granting permissions to apps and extensions.

Is removing a PUP a complicated process?

The complexity of removing a PUP can vary. Some PUPs can be removed manually by uninstalling them through the control panel or applications folder, while others might require specialized tools or software for complete removal. Reputable antivirus or anti-malware programs can simplify the process.

In the ever-evolving digital landscape, Potentially Unwanted Programs serve as a reminder that not all software is benign. By understanding the risks posed by PUPs and adopting cautious digital habits, users can navigate the online world more safely and protect their systems and personal data.

Information Security Asia

Information Security Asia is the go-to website for the latest cybersecurity and tech news in various sectors. Our expert writers provide insights and analysis that you can trust, so you can stay ahead of the curve and protect your business. Whether you are a small business, an enterprise or even a government agency, we have the latest updates and advice for all aspects of cybersecurity.