It’s important to understand when something is a PUP and what potential threats you may face if you have them on your computer. The good news is that removing them is much easier than full-blown malware.
Defining PUPs
Defining PUPs is somewhat tricky. They aren’t a specific type of software and whether something is a PUP or not is often a matter of perspective. For example, you may install an application on your work computer because you want it and know what it does; however, your system administrator may consider it a PUP because it violates company policy. In general, PUPs are any software that gets installed on your computer without you knowing it, does something you don’t know about even if you did install it knowingly, and generally makes changes or takes an action you wouldn’t want. This makes PUPs different from malicious software such as trojans, viruses, or ransomware. Those applications are written to damage your information or device, or to make money from you in an injurious way. In comparison, most PUPs are at worst a nuisance.
PUPs Vs Bloatware
PUPs are sometimes confused with “bloatware”. While a program can be both a PUP and bloatware simultaneously, it depends on the context. Bloatware is software pre-installed on a device like a computer or a smartphone. While the user may not want these apps, they are there with the consent of the device manufacturer. Usually, the device maker is paid to include specific applications, and that can make the price lower for you. Bloatware apps don’t contain malware, although they can slow a computer down and be annoying. However, it’s usually easy to remove bloatware and you don’t usually need any special tools to do it. Just uninstall those apps as usual.
How PUPs Get On Your Computer
The most common way for a PUP to find its way onto your system is by piggybacking on a program that you actually wanted to install. Usually, the installation process for the other software will use an “opt-out” approach, where the option to install the PUP is already ticked in the installation wizard. This relies on the typical user behavior of simply clicking ”next, next, next” until the installation completes instead of reading the fine print. This means that technically you had the chance to keep the PUP off your system. Details of the PUP might be included in the license agreement (which no one reads) and you may even have consented to unwanted software behavior described in the license agreement. PUP authors don’t expect the vast majority of people to read through a lengthy EULA (End User License Agreement). Still, it gives them plausible deniability since anyone who does take the time to read all the information presented has the opportunity to keep the software off their computer.
Why Do PUPs Exist?
The main reason that PUPs exist is that software developers want to get their software on your computer by any means. One line of thinking is that if the applications are already installed on a user’s computer, they might try them and like them. It overcomes a major hurdle: getting the user to download and install the application. Most PUPs are the sort of app that the average user wouldn’t install on purpose, so they have to sneak in the back door to have any measure of success. Ultimately, the purpose of a PUP is financial gain, but there are various ways that PUP developers use to make money, depending on the type of PUP you’re dealing with.
Types of PUPs
There are broadly four types of PUP, the least problematic being software bundled with another application that is simply a freeware or demo of a legitimate application. It won’t necessarily harm your computer, at least not on purpose, and you can remove it by just uninstalling it the usual way. The other three types of PUP are far more troubling.
Spyware is designed to harvest information about you silently. It can go through your web browser history, what you do on your computer, capture screenshots and send them back to its author, and so on. Spyware is a major privacy issue, but there’s a big market for user data from advertisers, hackers, or other cybercriminals who can use that information for further attacks. Keyboard loggers are a common type of spyware that hackers use to capture information such as passwords as you type them.
Adware makes money by flooding your computer with internet ads, usually in the form of popups. Usually, adware doesn’t cause any direct harm, but some ads they display can link to malicious websites with bone fide malware.
Browser hijackers are bare browser add-ons that change your browser’s settings and behavior. They are often marketed as “toolbars” and can indeed add an extra toolbar to your browser. This software redirects your browser to malicious sites and changes your home page and default search engine to potentially malicious alternatives. Often, these sites look somewhat like Google or other legitimate search engines.
The Risks of PUPs
Bundled, legitimate utilities are generally not a major risk, but other types of PUP come with several serious possible consequences:
Stealing your private data, such as browsing habits or passwords. Eating up computer resources, slowing down, or even crashing your computer. Saturating your internet bandwidth affects other services and devices in your local network. Linking you to malware through browser redirection or malicious advertising.
Despite not being illegal, PUPs can wreak as much havoc as full-blown malware in some cases, and their underhanded tactics are unethical.
Preventing PUPs
Suppose you don’t want PUPs on your computer. In that case, you’re going to have to make a habit of carefully reading the EULA of an application you’ve downloaded to see if there’s any mention of additional software.
You should also carefully read every page of the installation wizard and, if possible, choose a custom installation to ensure that unwanted software isn’t hidden in that section of the installer. Make sure you read what every checkbox does and uncheck those that install PUPs. Before downloading the software, search to see if other users have found PUPs in the application.
You won’t just find this information hidden in the installer itself. Be sure to read the download agreement on the website before downloading anything.
You’ll also want to perform a pre-emptive scan of the installer using an antivirus website such as VirusTotal. These sites include numerous anti-malware engines, which makes it much more likely that you’ll catch a PUP-infested app before installing it on your computer.
Removing PUPs
If a Potentially Unwanted Application is already on your device, then getting things back to normal is a little more complicated. Much depends on the type of PUP, but your first port of call would be to uninstall it the same way you would any other app on your particular operating system. On an Android or Apple iOS device, you’d press and hold the app and then choose to remove it from the context menu that pops up. On Windows, use “Add or remove programs” found in the Control Panel. In macOS, you’d delete the app from the Applications folder. For PUPs that work as browser extensions or add-ons, you’ll have to remove them using the browser extension list for your specific browsers, such as Chrome or Firefox. If you’re lucky, that will be the end of it, but many PUPs are pernicious and require you to jump through many hoops to remove them manually. Your best option, in this case, is to use dedicated software to remove every trace of these programs and even prevent them from being installed in the first place. Malwarebytes is an excellent option on almost every platform, including Mac, although there are a surprising number of Mac Antivirus apps considering how uncommon viruses are on the platform. With some PUPs, especially browser hijackers, you’ll have to use a dedicated removal tool for that specific piece of software. If a general antivirus software package can’t do the job, you’ll have to do this. Often companies like McAfee will offer these one-shot removal tools on their websites, so if your anti-malware software can’t remove a PUP, you can do a web search for more targeted solutions. In the worst-case scenario, you may have to follow a step-by-step manual removal guide, which is also often offered on anti-malware websites.