Potentially Unwanted Programs

by Andy on January 19th, 2009 in Researcher Comments.

With the new version of Ad-Aware, comes a new classification: Potentially Unwanted Program, or "PUP". Why classify something as a "potentially unwanted application"?

This new category has been deployed to provide more information than previous versions of Ad-Aware about what has been detected on your machine and allows you make a more informed decision when dealing with them.

The PUP category classifies applications which do not display malicious behavior yet, for example, install without seeking affirmative consent for installation - the user may not realize, due to the nature of the installation procedure deployed by the vendor (e.g. ActiveX download, bundling etc), that an application has actually been installed.

The category is also used to classify other applications which, in a certain context, can be wanted or unwanted.

For example, there are many legitimate applications, such as remote administration tools, packet sniffers, keyloggers, port scanners, FTP servers etc. which are used responsibly by a system administrator in a corporate environment. When detected, it is likely the system administrator will choose to add them to the ignore list since these applications, in this context, are wanted.

These same tools can be misused and installed surreptitiously on, for example, a home user's machine in order to gain unauthorized access, exploit, monitor or carry out some type of malicious activity. To detect the same applications as unwanted, in this context, is correct. If the user was unaware of the presence of these same apps, they can opt to remove them.