What is an Unwanted Program?

Potentially unwanted programs (PUP) are a sort of software product that is not recommended for usage, since they can be hazardous for the system.

You may be interested in taking a look at our other antivirus tools:
Trojan Killer, Trojan Scanner.

Potentially Unwanted Program - PUP | Gridinsoft

PUP Definition

Same as guests, programs may be not pretty wanted and pleasant to see. However, you sometimes may invite a person who wants to rob or mischief you, and you will never guess who is the one at the party. Attentiveness and awareness are the things you must be armed with any time you install a no-name app.

Potentially unwanted program, or shortly PUP, is the application that appears to be dangerous for usage. There are several reasons for the program to be considered potentially unwanted. That app can have a declared functionality, as well as be useless at all; it may even be safe to use - but have so many malignant usage facts that it is easier to ban them preventively. The only thing they all have in common is the damage level: it does not let the security vendors define them as malicious, since their danger is not as severe as in full-fledged malware.

Types of Potentially unwanted programs

As it was mentioned above, potentially unwanted programs differ by their origins. Some of them are released without diligent testing, some are questionable, and some are often used by cybercriminals. These properties directly affect the further actions the user must take.

Poorly-made applications

Not all programs that are spread on the Internet are well-designed and tested. Sometimes, the developer is not experienced enough to find and fix the issues. That’s why the final product may just malfunction. In the best case scenario, such an odd job will just crash, without any serious effects to the rest of the system. However, if the app touches the important OS mechanisms, like file system, drivers or exact hardware, the malfunction of the program will likely cause problems with these elements, or probably with the entire system. It is OK when you can bring it back to normal by simply rebooting the computer - but that is not always the case.

The perfect example of such dangerous unprofessional apps are various tools for drivers updating and adjusting the hardware properties. Sure, it is possible to find a well-working app that will supply you with the most recent drivers - but there are much more programs that do that in a very bad manner. The developers do not publish their sources of drivers - and it would be very good if those are official hardware vendors’ sites. More often they take the drivers somewhere else - and that is the main danger. Besides the fact that drivers are the only way your OS can manage the devices properly, the security layer which your CPU uses to handle the drivers is very low. If the malware is injected as a driver, it is capable of taking control over your programs, or even the whole operating system.

Protection rings hierarchy
Protection rings in the CPU

Questionable apps or hacktools

The most often class of a questionable program that is classified as PUP is hacktools. Hacktools, as you can guess from their name, are made to hack something, usually the system components or elements of certain applications. Most often, they aim at licence checking mechanisms of different programs - breaking it makes it possible to use the program without buying a licence. The popularity of such applications makes the ideal carrier for different malware. The other category of such apps hack the encryption-related mechanisms, in order to decrypt the data or get the credentials. Although the users may apply these apps for their own purposes intendedly, these tools are used much more often by hackers.

The best examples of such programs are Mimikatz (credential hacking tool) and KMSAuto. The former exploits the bugs in Windows offline authentication mechanism to get the system login credentials. It can be very useful for the cases when you’ve forgotten the password from one of the machines, or a fired employee set his own password and did not tell it. For obvious reasons, it is very popular among hackers as well. KMSAuto is an infamous Windows hacking tool that makes it possible to use Windows without the licence. But very often this app acts as trojan-downloader, which instals a pack of malware to your PC.

Rogue software

Rogue programs, also known as scareware, are the type of unwanted programs that attempt to look like a legit program, but in fact extort money from the user by scaring them. Most often disguise for the rogue programs are system cleaners, anti-malware software and driver updaters. Usually, they are spread through the affiliated websites and advised on various forums. After the installation, they will likely show that you have dozens of problems on your PC. In fact, those “hazardous” items are OK, and all the program wants is you to pay for the licence.

Some of these programs can easily be removed in a regular way - via programs list or the uninstall.exe file. However you will most likely struggle to do this - just because such apps are made specifically to be hard-to-remove. None of the aforementioned ways will not be workable, and the harsh removal through deleting the root directory will likely fail, too. The only way to remove such a burr is to use specialised software, in particular - anti-malware programs.

Is potentially unwanted program harmful?

This kind of software is not called “unwanted” on occasion. Its usage is related to a big risk for your system and files, and possibly exposes you to a malware injection. However, that does not mean you will obligatorily get some bad consequences. As it was mentioned, some programs can give you the functionality you want, but are either unreliable or exploitable by cybercriminals. Such things as KMSAuto that we mentioned above are outlawed - hacking the Windows licence can lead you to some big fines.

KMS detection
AutoKMS detected by a Windows Defender

Therefore, we can assume that there are three types of risk from using the programs that are considered unwanted. Personal risk supposes the possibility of file loss or system damage because of the poor design of the program. Malware risk, as you can guess from its name, stands for the possibility of this app to be used for malicious purposes - either directly or to install the payload. And the third one - financial - is for extorting money for “solving the problems”. The most positive thing about this type of PUPs is that they almost ceased to exist in recent years.

How can potentially unwanted programs be prevented?

Unwanted programs, contrary to a “regular” malware, do not appear on your PC in a deliberate manner. They pretend to be normal programs, thus usually appear only when you do something wrong - in particular, install the program you are not familiar with and there is no feedback on it on the Internet. Hence, the steps to prevent the PUP appearance are the following:

  • 1.Check-up the programs advised to you by somebody. Even if your friend recommended that photo editing software to you - it is better to read the reviews, especially if you have never ever heard this name.
  • 2.Never apply any questionable things to system components. Will you take unknown medicine after the advice of a shaman in the bungalow? I don’t think so. Same thing is about such important stuff as drivers and system components. It is better to spend a day learning how to do that manually rather than rely on dubious programs - and make your system unusable at all.
  • 3.Use proper anti-malware software. A well-done security solution will filter the unwanted program at the stage of installation file. Hence, you should not spend a lot of time googling the information - antivirus will do all things for you. Of course, it is recommended to remember which apps were blocked - to avoid even downloading this in future.