Potentially Unwanted Programs slow down your system and can be harmful: Here’s what can you do about it

Potentially Unwanted Programs slow down your system and can be harmful: Here’s what can you do about it

blog_main_pup

Malware, Trojans, Bugs – these very words strike fear in the heart of all of us, evoking images of lines of falling code, skulls and crossbones. These malicious programs are the filth of the Internet, the proof that with every useful technology there is an equal and opposite piece of garbage that at times could have adverse effects on your system.

A potentially unwanted program (PUP) is exactly what it sounds like; software that you may or may not want clogging up your system. PUPs are similar to malware in that they cause problems when downloaded and installed, but what makes a PUP different is that when you download one, you are doing it with your consent.

The term PUP was first coined as a means of defining this downloadable adware or crapware as something other than malicious software. PUPs often employ huge amounts of system resources and are a common cause of clunky operating systems, but are not considered malicious or harmful. However, they are often annoying, creating new toolbars in your web browser for shopping sites, changing your search provider from Google to Bing without reason, popping up ads constantly or giving you regular weather updates from Swaziland. Some are even aggressive by intentionally slowing down your computer to later sell you system-tuning or miracle speedup tools.

Adware loads annoying toolbars into your web browser

Adware loads annoying toolbars into your web browser

Why do PUPs exist? To earn revenue for software developers who are providing their software for “free”. For each successfully installed browser toolbar for example, a freeware maker earns about $2. Some PUPs exist just to make cash without ever providing anything useful to you.

So, how do you get one (or ten)?
A PUPs behaviour is usually outlined in a EULA (End User License Agreement): this is that really long document that appears while you are going through all of the the installation windows happily clicking accept to get to the end of it all. But, this seemingly useless directory of legal speak, lists out a program’s intentions. PUPS require your approval via that accept button in order to be installed. They count on you approving the download yourself. This protects software developers from any legal action. They rely on your speed to get through the installation process and expect that you won’t read the EULA before scrolling immediately to the bottom and hitting that ever-so-satisfying ACCEPT.

So, how do they get into your system?

Like the Christmas paper on your shiny new toy, PUPs are wrapped around your downloads and not only from the small freeware vendors. Many big names bundle pups too, such as:

 

Adobe Acrobat reader asks you to approve auto updates

Adobe Acrobat reader asks you to approve auto updates

 

Microsoft- Skype asks you to change your browser and homepage

Microsoft- Skype asks you to change your browser and homepage

 

Oracle adds toolbars through the Java installation

Oracle adds toolbars through the Java installation

Another way that PUPs find their way onto your computer is through download portals; those sites you visit to update your Adobe products or to find a decent media player. Most portals claim to offer “clean and safe downloads.” However, trusting any download portal at all has become risky due to litters of bundled PUPs teamed with software reviews on the site that don’t quite seem legit.

We researched how many PUPs were tangled in with the 50 most popular applications on Download.com where we found that 31 out of 50 tested Download.com applications bundled PUPs. See: Top 50 Download.com applications bundle toolbars and other PUPs.

Shocked by the results, we decided to look into the habits of the ten most popular download portals (other than download.com) to see which, if any, were safe to use. We downloaded their top ten most popular applications and noted exactly how much crapware came with them. We discovered that nearly every download portal contained at least one or more PUP. See: Mind the PUP: Top download portals to avoid

blog_content_breaker_pup

The problem with the bright green button.

You decide it’s time to organise all of the photos on your computer. They’re sitting around in messy folders and it’s impossible to find any specific photo when you need it. So you download a photo program to help you organise them and even edit them if you so choose. Download.com has a list of programs right there on it’s landing page. You choose your program and there glows that bright green icon. The DOWNLOAD NOW button is the only thing standing between you and the answer to all of your photo organisation problems. You click it! Excellent! No more messy desktop. Except, wrapped in that express download button you’ve also downloaded three PUPs.

The secure link is a safer download option

There are multiple players involved in the distribution of Potentially Unwanted Programs (PUPs). As a result, you can face something that’s best described as Cascading PUPs. Rather than one PUP offer during your installation process, you can end up with a sequence, one after another.

One of the many ways this occurs is when a PUP bundles extra PUPs into its download. While downloading your desired program, you accept a PUP toolbar without paying attention. But, that one PUP comes with and installs even more PUPs without your knowledge.

We researched the effects of cascading PUPs in detail by downloading popular KPlayer and following the installation process. We sought to download one program. We completed the process with 6 PUPs! See: How Downloading One Program Can Give You Six Pups.

Watch out for fake software updates. These are often pushed through temporarily created websites that have been developed for Adsense. These sites are wrapped in downloaders that will prompt you to update your Flash Player or Java. There are companies that create hundreds of sites a day purely to mislead you and lead you to their site.

There are many many more ways you can be inundated by PUPS. In fact, there are so many ways, we bundled them all for you. See: Top Ten Ways PUPs Sneak Onto Your Computer

So who benefits from PUPs?

Software vendors: the software vendor (seller) gets money from the PUP developers (creators of adware) for each install. We provide examples in this article.

Download portal: the download portal gets money for the PUPs they install through their installer (wrapper/bright green Download Now button). The software vendor is generally not involved or benefiting.

PUPs: with a bit of camaraderie, some PUPs work together to install each others products, and pay each other in the process.

Here’s where it get’s scary.

A recent development in PUPware is in the use of rootkits; an infection that hides itself, its own data and other files so that they cannot be seen by you or your operating system. Intercepting and receiving messages from your computer it redirects information and reports back to the mothership what ever it wants. The use of rootkits in adware is blurring the lines between merely unwanted junk, and active malware.

This can be seen even more clearly in a new PUP known as ‘Faster Internet’ which, once installed, will create a fingerprint of your computer. This information is then uploaded to the developer’s server with screenshots of the active display on your computer and sends this along with your IP address to it’s server. Bordering on spyware, this piece of adware is a blatant violation of your privacy.

But wait! I saw a pop-up that was trying to help me! Enter the interactive PUP, scaring the daylights out of poor Mr and Mrs Smith by displaying online advertisements that try to scam us into thinking that our computers have a serious problem. This is done to trick you into calling the listed support number so they can scare you further into buying their services.

Fake alerts may ask you to call an anti-virus company

Fake alerts may ask you to call an anti-virus company

Sadly, there are ever more and more ways to be infected and while Adware installers continue to have little or no law regulating them, developers will remain out of control.

PUPs and the antivirus industry
Terrifyingly, after big vendors such as Oracle (Java) and Microsoft (Bing and Skype) started bundling, ethics in the software industry seem to be lost completely, as even antivirus vendors have joined the game, bundling PUPs with their software. We researched practices among the freeware antivirus vendors and the results were troubling. We found that 7 out of 8 tested free antivirus suites were bundled with PUPs. See: Has the antivirus industry gone mad?

Emsisoft is anti-PUP
During the last few years, the threat landscape has shifted significantly. When the Emsisoft team checked the latest infection statistics we found that 3/4 of all findings of Emsisoft Anti-Malware today were PUP related. The number has increased massively during the past years. See: What is Emsisoft really?

But where there is a problem, there is also a solution. We at Emsisoft maintain high ethical standards that define how we approach all threats; always with our users in mind. While many antivirus products fail to detect even the most common PUPs -and in fact install PUPs themselves directly with their own products- Emsisoft is widely recognised for removing them efficiently.

The number of PUP detections is increasing

The number of PUP detections is increasing

 

PUPs make up 79% of infections

While we are part of the solution, it is important that you are able to recognise PUPs before you download them to avoid any problems in the first place.

 So, to summarise:

  • PUPs want to make money off of you. The most common form is by hijacking your browser: they can then show you ads, monetize or sell your search and/or browser behavior or redirect your homepage.
  •  PUPs use aggressive distribution methods to get on your computer:  because in the large majority of the cases, you will not be aware that you are installing a PUP.
  • Most PUPs don’t have any significant value or advantages. PUP producers get around this by paying other software vendors or distributors such as download portals $$$ per new installation that they get them.
  • PUPs are often brought to you by freeware vendors: they frequently get on your computer bundled with a freeware program. While you’re installing program A, you also install one or more PUPs, often without knowing you did. The freeware vendor gets money from the PUP producer to do this.

Phew. So, now that you know what they are and how to get them, how do you avoid PUPs?

  • Be cautious, use common sense and take your time. Read carefully when installing anything. Don’t click accept until you are sure you are willing to install everything mentioned in the EULA (End User Licence Agreement.)
  • Only use reputable download sources such as the official site of the product you are downloading.
  • Avoid download portals and NEVER download or install applications that seem suspicious or malicious.
  • Install, update, and run a reputable antivirus software, such as Emsisoft Anti-Malware that offers real-time protection against PUPs.
  • Clean your computer periodically with the Free Emsisoft Emergency Kit.

Have a happy (PUP-free) day!
Your Emsisoft Team.

  • Finnbogi Ragnar Ragnarsson

    Two points that I want to add.

    Several “free” programs skip the EULA part for the PUPs all together and don’t play by any rules.

    What I know of in particular, are certain distribution of a well known video converter, tv streaming software and multitude of sites offering (usually others) flash games, that ask for installation of a “client”.

    Also, many of them install root kits to hide the processes that manipulate your browsers.
    If seen, the processes have random names, residing in temporary folders. Some of them make duplicates and run in duplicates.
    Uninstall doesn’t work.

    Malwarebytes Anti Rootkit can find the root kits (but many other do not), and no doubt your software.

    It’s easy to get rid of, if you know what you are doing, but it is pure hell for average Joe and Jane.
    If anti root kit doesn’t remove the processes, rename or delete will.