Puppies are Cute, but This is a PUP that You May Not Want

The world of Malware (an all-inclusive term) is always changing as the Black Hats continue to fight it out with the White Hats. Things move so quickly that if the Antivirus on your computer is not updating on a daily basis, it now only takes a FEW DAYS before the machine is at serious risk.

Today however I want to focus in on the PUPs. A PUP is a Potentially Unwanted Program. That is how it is described in the press. To be clear they should instead be called DUPs, or Definitely Unwanted Program.

1. Where do they come from?

In some cases folks download them directly because they have useful sounding names such as “Coupon Printer for Windows”. Many of the weather reporting apps end up in this category because of what they end up doing on your machine is more than just weather reporting. If you have children who play games on PCs (or if you do) there are some cheat programs that do more than help one cheat on a game.

In the rest and likely the majority of cases, these are installed at the same time as other legitimate software is installed to your machine. Not a worry if you are installing software from a CD/DVD you have purchased, and more a worry if you have just downloaded software from the Internet, especially if it was free. The most well known example is the terrible Ask Toolbar that gets put on millions of computers because it is bundled with Java (which needs to be constantly updated for security reasons), and the box the install it is always CHECKED by default! Sometimes the java install pushes other things as well, and you will not want any of them.

Please understand that nothing is really free. If a program on the Internet claims to be free, the chances are very high that it will attempt to install all kinds of these PUPs on your system. They will always be checked by default for install and they may appear on several screens.

2. What do they do?

Nothing good. Some of them try to hijack your original settings like the aforementioned Ask will replace whatever your previous default search engine setting was with itself without your permission. Others will try to target ads to you and many of them open connections from your computer to questionable servers on the Internet which connections are doing Who Knows What. I have seen personal computers with 50 connections or more to various servers on the Internet, where the largest number of legitimate connections I have seen on a home computer is well under 10. Do a “netstat -na” command sometime without the quotes in a Command Prompt window and see how many connections your machine has. You can ignore addresses that start with 127 or 192 or 10.

3. Why does my Antivirus program not stop them?

Best question of all. You will love the answer . . . because they are technically NOT a virus. They will typically uninstall all the way if you purposely uninstall them, and they do not attempt to replicate themselves to other machines or networks, and they do not try to harm your computer. As a result they escape being classified as malware by most scanners. Even when malwarebytes (a very good scanner) finds them, it will tell you that it has discovered “non-malware” on the system.

4. What are the noticeable effects?

One or two of these will typically not have much noticeable effect. It is when more of them start to pile up that the effect does become noticeable as they start to slow down the machine. They often put themselves in the startup settings so they load a boot time even though you never specifically load them. Their constant network communications to servers on the Internet add traffic to your router and modem and when there gets to be too much, can slow down your legitimate traffic. General response time on the machine suffers in direct proportion to the number of these things that are installed.

In recent virus cleanup jobs we have had, we are not cleaning that many viruses, but we are cleaning hundreds and even in some cases more than a thousand PUP traces. They can be difficult for the average user to get rid of because one should not just delete programs without understanding what they are deleting so we DO NOT recommend that users try to just get rid of these things by just uninstalling everything they do not recognize under program and features or Add/Remove Programs or Uninstall a Program. This could result in a necessary legitimate program (like an important driver) getting deleted.

So the best way to stop these is before they start, by paying very close attention to the install when anything new is installed to the machine. If kids use the computer we recommend that they do so from Limited/Standard accounts so that they are not able to install anything without the parent password . . . and we recommend the parents be involved in every install that happens on the machine. Giving kids unfettered Internet Access from an administrator class account will lead to eventual trouble.

Leave a Reply