A potentially unwanted program (PUP) or potentially unwanted application (PUA) is
software
Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work.
...
that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
and
parental control
''Parental Control'' is a reality television show about people looking for love produced by MTV. The two directors, Brendon Carter and Bruce Klassen, have also created other MTV shows.
In Asia, this show was aired on Channel V from 2007–2009. ...
products. Such software may use an implementation that can compromise privacy or weaken the computer's security. Companies often bundle a wanted program download with a wrapper application and may offer to install an unwanted application, and in some cases without providing a clear opt-out method.
Antivirus companies define the software bundled as potentially unwanted programs
which can include software that displays
intrusive advertising (adware), or tracks the user's Internet usage to sell information to advertisers (
spyware
Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their priva ...
), injects its own advertising into web pages that a user looks at, or uses premium SMS services to rack up charges for the user.
A growing number of open-source software projects have expressed dismay at third-party websites wrapping their downloads with unwanted bundles, without the project's knowledge or consent. Nearly every third-party free download site bundles their downloads with potentially unwanted software.
The practice is widely considered unethical because it violates the
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
interests of users without their informed consent. Some unwanted software bundles install a
root certificate
In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA). Root certificates are self-signed (and it is possible for a certificate to have multiple trust paths, say if ...
on a user's device, which allows hackers to intercept private data such as banking details, without a browser giving security warnings. The
United States Department of Homeland Security
The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...
has advised removing an insecure root certificate, because they make computers vulnerable to serious
cyberattack
A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricte ...
s.
Software developers and security experts recommend that people always download the latest version from the official project website, or a trusted
package manager
A package manager or package-management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer in a consistent manner.
A package manager deals wi ...
or
app store
An App Store (or app marketplace) is a type of digital distribution platform for computer software called applications, often in a mobile context. Apps provide a specific set of functions which, by definition, do not include the running of the c ...
.
Origins
Historically, the first big companies working with potentially unwanted programs for creating revenue came up in the US in the mid-2000s, such as
Zango. These activities declined after the companies were investigated, and in some cases indicted, by authorities for invasive and harmful installs.
Download Valley
A major industry, dedicated to creating revenue by foisting potentially unwanted programs, has grown among the Israeli software industry and is frequently referred to as
Download Valley. These companies are responsible for a large part of the download and install tools, which place unwanted, additional software on users' systems.
Unwanted programs
Unwanted programs have increased in recent years, and one study in 2014 classified unwanted programs as comprising 24.77% of total
malware infections. This malware includes adware according to
Google
Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
.
Many programs include unwanted browser add-ons that track which websites a user goes to in order to sell this information to advertisers, or add advertising into web pages.
Five percent of computer browser visits to Google-owned websites are altered by computer programs that inject their own ads into pages. Researchers have identified 50,870 Google Chrome extensions and 34,407 programs that inject ads. Thirty-eight percent of extensions and 17 percent of programs were catalogued as
malicious software
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, ...
, the rest being potentially unwanted
adware
Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the ...
-type applications. Some Google Chrome extension developers have sold extensions they made to third-party companies who silently push unwanted updates that incorporate previously non-existent adware into the extensions.
Local proxies
Spyware
Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their priva ...
programs install a
proxy server
In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.
Instead of connecting directly to a server that can fulfill a reques ...
on a person's computer that monitors all web traffic passing through it, tracking user interests to build up a profile and sell that profile to advertisers.
Superfish
Superfish
Superfish was an advertising company that developed various advertising-supported software products based on a visual search engine. The company was based in Palo Alto, California. It was founded in Israel in 2006 and has been regarded as part ...
is an advertising injector that creates its own
root certificate
In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA). Root certificates are self-signed (and it is possible for a certificate to have multiple trust paths, say if ...
in a computer operating system, allowing the tool to inject advertising into encrypted Google search pages and track the history of a user's search queries.
In February 2015, the
United States Department of Homeland Security
The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...
advised uninstalling Superfish and its associated
root certificate
In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA). Root certificates are self-signed (and it is possible for a certificate to have multiple trust paths, say if ...
from
Lenovo computers, because they make computers vulnerable to serious cyberattacks, including interception of passwords and sensitive data being transmitted through browsers.
''Heise Security'' revealed that the Superfish certificate is included in bundled downloads with a number of applications from companies including
SAY Media
Say Media (formerly VideoEgg) is a technology and advertising firm. The company provides a publishing platform (Tempest) to professional publishers and sells advertising across that platform and extended network of sites. Say Media has offices ...
and
Lavasoft
Adaware, formerly known as Lavasoft, is a software development company that produces spyware and malware detection software, including Adaware. It operates as a subsidiary of Avanquest a division of Claranova.
The company offers Adaware in th ...
's
Ad-Aware Web Companion.
Browser hijacking
Many companies use
browser hijacking
Browser hijacking is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or se ...
to modify a user's home page and search page, to force Internet hits to a particular website and make money from advertisers. Some companies steal the cookies in a user's browser,
hijacking their connections to websites they are logged into, and performing actions using their account, without the user's knowledge or consent (like installing Android apps).
Fraudulent dialer
Users with
dial-up Internet access use modems in their computer to connect to the Internet, and these have been targeted by fraudulent applications that used
security holes in the
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
to dial premium numbers.
Many
Android devices are targeted by malware that use
premium SMS services to rack up charges for users.
Unwanted not by the user
A few classes of software are usually installed knowingly by the user and do not show any automated abusive behavior. However, the Enterprise controlling the computer or the antivirus vendor may consider the program unwanted due to the activities they allow.
Peer-to-peer file sharing
Peer-to-peer file sharing is the distribution and sharing of digital media using peer-to-peer (P2P) networking technology. P2P file sharing allows users to access media files such as books, music, movies, and games using a P2P software program th ...
programs are sometimes labelled as PUA and deleted due to their alleged links to piracy. In March 2021, Windows Defender started removing
uTorrent and
qBittorrent
qBittorrent is a cross-platform free and open-source BitTorrent client written in native C++. It relies on Boost, Qt 6 toolkit and the libtorrent-rasterbar library (for the torrent back-end), with an optional search engine written in Python. ...
, causing widespread user confusion. Microsoft has since updated the PUA database to flag torrent clients on enterprise installations only.
Keygens not tainted by actual malware are also commonly tagged as PUA due to piracy.
[Microsoft Security Intelligence Report Volume 13, p14]
/ref>
Third party websites
In 2015, research by Emsisoft suggested that all free download providers bundled their downloads with potentially unwanted software, and that Download.com was the worst offender. Lowell Heddings expressed dismay that "Sadly, even on Google all the top results for most open source and freeware are just ads for really terrible sites that are bundling crapware, adware
Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the ...
, and malware on top of the installer."[
]
Download.com
In December 2011 Gordon Lyon published his strong dislike of the way Download.com
CNET Download (originally Download.com) is an Internet download directory website launched in 1996 as a part of CNET. Initially it resided on the domain ''download.com'', and then ''download.com.com'' for a while, and is now ''download.cnet.com'' ...
had started bundling grayware Greyware may refer to:
* Grey ware, a type of pottery made of a grey paste
* Grayware, unwanted applications or files that are not classified as malware, but can worsen the performance of computers and cause security risks
* Greyware Automation ...
with their installation managers and concerns over the bundled software, causing many people to spread the post on social networks, and a few dozen media reports. The main problem is the confusion between Download.com-offered content and software offered by original authors; the accusations included deception as well as copyright and trademark violation.
In 2014, The Register
''The Register'' is a British technology news website co-founded in 1994 by Mike Magee, John Lettice and Ross Alderson. The online newspaper's masthead sublogo is "''Biting the hand that feeds IT''." Their primary focus is information te ...
and US-CERT
The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of ...
warned that via Download.com's " foistware", an "attacker may be able to download and execute arbitrary code".
Sourceforge
Many open-source software
Open-source software (OSS) is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose. Op ...
developers have expressed frustration and dismay that their work is being packaged by companies that profit from their work by using search advertising In Internet marketing, search advertising is a method of placing online advertisements on web pages that show results from search engine queries. Through the same search-engine advertising services, ads can also be placed on Web pages with other pu ...
to occupy the first result on a search page. Increasingly, these pages are offering bundled installers that include unwanted software, and confuse users by presenting the bundled software as an official download page endorsed by the open source project.
As of early 2016 this is no longer the case. Ownership of SourceForge transferred to SourceForge Media, LLC, a subsidiary of BIZX, LLC (BIZX). After the sale they removed the DevShare program, which means bundled installers are no longer available.
GIMP
In November 2013, GIMP, a free image manipulation program, removed its download from SourceForge
SourceForge is a web service that offers software consumers a centralized online location to control and manage open-source software projects and research business software. It provides source code repository hosting, bug tracking, mirroring ...
, citing misleading download buttons that can potentially confuse customers, as well as SourceForge's own Windows installer, which bundles third-party offers. In a statement, GIMP called SourceForge a once "useful and trustworthy place to develop and host FLOSS applications" that now faces "a problem with the ads they allow on their sites ..." In May 2015, the GIMP for Windows SourceForge project was transferred to the ownership of the "SourceForge Editorial Staff" account and adware downloads were re-enabled. The same happened to the developers of nmap
Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.
Nmap provide ...
.
In May 2015 SourceForge took control of projects which had migrated to other hosting sites and replaced the project downloads with adware-laden downloads.
Nmap
Gordon Lyon has lost control of the Nmap
Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.
Nmap provide ...
SourceForge
SourceForge is a web service that offers software consumers a centralized online location to control and manage open-source software projects and research business software. It provides source code repository hosting, bug tracking, mirroring ...
page, with SourceForge taking over the project's page. Lyon stated "So far they seem to be providing just the official Nmap files (as long as
you don't click on the fake download buttons) and we haven't caught them
trojaning Nmap the way they did with GIMP. But we certainly don't trust
them one bit! Sourceforge is pulling the same scheme that CNet
Download.com tried back when they started circling the drain".
VLC media player
VideoLAN
VideoLAN is a non-profit organization which develops software for playing video and other media formats. It originally developed two programs for media streaming, VideoLAN Client (VLC) and VideoLAN Server (VLS), but most of the features of VLS ...
has expressed dismay that users searching for their product see search advertising from websites that offer "bundled" downloads that include unwanted programs, while VideoLAN lacks resources to sue the many companies abusing their trademarks.
See also
* Conduit toolbar
* Pre-installed software
Pre-installed software (also known as bundled software) is software already installed and licensed on a computer or smartphone bought from an original equipment manufacturer (OEM).[Shovelware
Shovelware is a term for individual video games or software bundles known more for the quantity of what is included than for the quality or usefulness.
The metaphor implies that the creators showed little care for the quality of the original soft ...]
References
{{Malware
Software distribution
Types of malware