potentially unwanted program (PUP)

What is a potentially unwanted program (PUP)?

A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware and dialers, and are often downloaded in conjunction with a program that the user wants. PUPs can negatively affect a computer's performance while being an annoyance at best, and at worst, they can introduce security risks.

PUPs are often bundled with free software. When installing a legitimate piece of software, a download prompt may appear, asking the user to read the terms and conditions and to check a box to continue with the download. Another box may ask the user to download the additional and unwanted software. The box may already be checked and options to opt out may be intentionally unclear. If the user skips through this process without paying attention, they could agree to download the unwanted and potentially dangerous software. These programs then download and install themselves during the installation process of the original, wanted software.

What do PUPs do?

Some software bundles are PUPs because they commit multiple small transgressions against the user, while others commit one large transgression against the user. For example, PUPs can clutter a user's browser, track their web browsing activity and show additional unwanted programs. Once installed, A PUP can also do the following:  

  • Over-advertise to the user. The PUP displays many advertisements in pop-up windows. It can also be a browser hijacker, redirecting web search results, adding browser toolbars and placing ads on pages.
  • Collect user information. The PUP can be spyware, collecting user data without consent. For example, keystrokes from a keyboard can be monitored to steal user data and gain additional knowledge on the user.
  • Reduce system resources. By launching itself and performing whatever function it is programmed to carry out, the PUP eats up system resources, potentially slowing down a user's computer.
  • Obscure the process of uninstallation. PUPs may be designed to be hard to remove manually from a user's computer. They may not have an easy uninstall method or may not uninstall completely.

Types of PUPs

PUPs include different types of software that are meant to cause various amounts of damage to the user. Many of these processes use existing methods to do so. For example, types of PUPs include:

  • Adware. Adware is any software application that has an advertising banner or other advertising material that displays while a program is running. Ads are delivered through pop-up windows or bars that appear on the program's user interface.
  • Browser hijackers. Browser hijackers are malicious software, or malware, programs that modify web browser settings without the user's permission in order to redirect users to websites they did not intend to visit. Part of the goal of a browser hijacker is to help the cybercriminal generate unwanted advertising revenue.
  • Spyware. Spyware is malware that invades a device to steal sensitive data and track internet usage. Data is either collected and sold to advertisers, or more sensitive information such as passwords or credit card information is stolen.
Types of PUPs.
This image shows the types of PUPs.

Are PUPs malware?

The term PUP was created by internet security company McAfee because marketing firms objected to having their products called spyware, despite the fact that all the information necessary for informed consent is included in the download agreement. It is widely recognized, however, that many users fail to read download agreements in sufficient detail to understand exactly what they are downloading.

Blocking PUPs and labeling them as malware could open organizations that call them such to lawsuits. McAfee differentiates PUPs from other types of malware, such as viruses, Trojans and worms, which can be safely assumed as unwanted by the user.

How to avoid PUPs

To avoid accidently downloading a PUP, individuals should:

  • Read the end-user license agreement. The EULA may include a clause about PUPs.
  • Download software from trusted websites. Be careful when downloading freeware or programs from unknown companies.
  • Choose the custom installation. Instead of using the standard or default installation settings when installing software, choose the custom or advanced settings, which are usually safe from PUPs.
  • Implement antimalware. These security tools can help detect and automatically remove unwanted software.

How do you remove PUPs?

Although PUPs can be difficult to remove, users can attempt to automatically remove them using antimalware programs or manually remove them.  

Antimalware security tools can automatically detect and remove PUPs by scanning a device and deleting the application. Antimalware programs that can detect and remove PUPs include applications like Malwarebytes or Zemana AntiMalware.

If a victim attempts to manually remove a PUP, however, they will have to pay attention more closely. The program may have been created to not delete entirely, for example, or the user may be asked to agree to more terms and conditions that end up downloading another PUP while uninstalling the original program.

To avoid downloading PUPs in the future, users should pay attention to the terms and conditions when downloading software, as well as the boxes that are selected or unselected. Users can also implement ad blockers that stop ads from appearing or use an antivirus software that protects against PUPs in real time.

Learn how to prevent spyware attacks using different technologies, including content filtering or a layered defense.

This was last updated in November 2021

Continue Reading About potentially unwanted program (PUP)

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
Cloud Computing