Potentially unwanted program

A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by security and parental control products. Such software may use an implementation that can compromise privacy or weaken the computer's security. Companies often bundle a wanted program download with a wrapper application and may offer to install an unwanted application, and in some cases without providing a clear opt-out method. Antivirus companies define the software bundled as potentially unwanted programs[1][2] which can include software that displays intrusive advertising (adware), or tracks the user's Internet usage to sell information to advertisers (spyware), injects its own advertising into web pages that a user looks at, or uses premium SMS services to rack up charges for the user.[3][1] A growing number of open-source software projects have expressed dismay at third-party websites wrapping their downloads with unwanted bundles, without the project's knowledge or consent. Nearly every third-party free download site bundles their downloads with potentially unwanted software.[4] The practice is widely considered unethical because it violates the security interests of users without their informed consent. Some unwanted software bundles install a root certificate on a user's device, which allows hackers to intercept private data such as banking details, without a browser giving security warnings. The United States Department of Homeland Security has advised removing an insecure root certificate, because they make computers vulnerable to serious cyberattacks.[5] Software developers and security experts recommend that people always download the latest version from the official project website, or a trusted package manager or app store.

  1. ^ a b "PUP Criteria". Malwarebytes. Retrieved 13 February 2015.
  2. ^ "Rating the best anti-malware solutions". Arstechnica. 15 December 2009. Retrieved 28 January 2014.
  3. ^ "Threat Encyclopedia – Generic Grayware". Trend Micro. Retrieved 27 November 2012.
  4. ^ Cite error: The named reference emisoft1 was invoked but never defined (see the help page).
  5. ^ Cite error: The named reference reutersdhs was invoked but never defined (see the help page).

Developed by StudentB