Malware Research Threat Database Potentially Unwanted Programs

Potentially Unwanted Programs

What is a Potentially Unwanted Application?

A Potentially Unwanted Application or a Program (PUP) is a type of software that is unwanted even if the user agreed to download it. This category falls into a gray zone of malware classification. Although the cybersecurity community has been dealing with these apps for a few years now, the debates on what is supposed to be considered potentially unwanted software are still ongoing.

This entry deals with the most prevalent concepts of potentially unwanted programs based on various classifications offered by computer security specialists. We also provide guidelines on how to avoid PUPs in the future.

How to Recognize a PUP?

As mentioned, these programs are part of a gray zone in a way that their classification may differ based on the research team that analyzes the software. For example, it is common to consider that malware is any software that enters target computers without the user’s consent. If we were to follow such a notion, potentially unwanted programs would not fall into this category because, as mentioned, they acquire user’s consent to be installed. Nevertheless, some security experts consider potentially unwanted programs to be malware because they can gather sensitive information and act against the user’s will.

To be more precise, we must narrow down particular criteria that would help us determine whether a program we have encountered should be considered potentially unwanted or not. According to Microsoft, there are five criteria that can help identify a potentially unwanted program. These are as follows:

  • advertisements
  • advertising
  • consumer opinion
  • privacy
  • unwanted behavior

Let’s cover each criterion in a concise manner to help you recognize a PUP the next time to encounter one.


Although it may not be their primary intention, potentially unwanted programs often display commercial advertisements. Commercial ads are an important part of many programs, but ads shown by PUPs sometimes cannot be distinguished from the content of a website you are currently on. Next, they may mislead and confuse you that would eventually result in a file download. In the worst-case scenario, some of the ads may also contain malicious code.


This criterion is closely related to the previous one. Programs with adware features may promote products and services that are not related to the actual program. What’s more, a PUP will not make it clear how to close those third-party ads, and it will not be explicit about how to get rid of them.

Consumer Opinion

Probably one of the easier ways to determine whether a program is not something you should welcome on your computer is the opinion and reviews of other users. For example, if an application is available for download from a particular website and the site has a comment section, you should check the comments and recommendations of other users (if any). Quite often, potentially unwanted programs have negative user reviews and other testimonials.


This criterion involves the maintenance and control of your private information. Potentially unwanted programs may collect and share some of your private information with unfamiliar third parties. Quite often, PUPs inform users about this type of activity, but they are not downright explicit about it, and users remain in the dark. Consequently, if information about your online activity is shared with potentially malevolent third parties, this could result in cyber fraud and even malware infection.

Unwanted Behavior

The unwanted behavior criterion has several subcategories: computer performance, lack of choice, lack of control, and installation and removal.

Computer performance refers to a PUP’s potential to diminish the quality of your computer’s performance. Therefore, when a program is undesirable, you can expect it to display fake messages about your computer’s security status and make misleading statements about your files and other parts of the system. When a program exhibits such behavior, it is usually done so for financial purposes. This is rather common among potentially unwanted system optimization tools and various deceptive apps.

Lack of choice speaks for itself. Legitimate programs inform you about the changes that are about to occur on your computer. However, when you deal with potentially unwanted programs, you have to be ready to experience undesirable behavioral patterns. For example, a PUP may try to hide its presence, and it could download and install more software without your consent. To put it simply, it would not give you a chance to choose whether you want to install a particular program or not.

Lack of control is also as evident as the lack of choice. When you install a program on your computer, you should be able to control it, and the program should function only when you allow it to. On the other hand, PUPs may limit your ability to modify particular app features. Do not be surprised to see new browser windows popping up without your permission. A PUP may also redirect you to unfamiliar websites and change webpage content without you even realizing it.

Finally, installation and removal refer to the method of distribution employed by potentially unwanted programs. For example, a PUP may come bundled with an entire list of unwanted applications, thus tricking you into installing unnecessary applications. What’s more, when you try to remove an unwanted program, you may see a list of confusing pop-ups that will try to stop you from getting rid of the software. Some of the programs may not even be present on the list of installed programs, thus preventing you from removing them via Control Panel. And that is not something a reliable application should do.

Finally, even if you manage to uninstall the program via the Control Panel, a PUP is very likely to leave leftover files in the AppData directory or in the Windows Registry. That is not something a legitimate program should do. Hence, it is another method to tell apart a PUP apart from a decent program.

PUP Distribution Methods

Since a PUP borders on the line between a legitimate and a malicious application, it also has a wide range of distribution methods that are employed on a regular basis.

Direct download is not uncommon in the realm of potentially unwanted programs. Quite a few PUPs have official homepages where users can download them. For example, various system optimization tools can be downloaded from their official websites, although it is a lot more common for these apps to come in software bundles. This is also one of the reasons it is sometimes hard to label such programs as malware because technically, they do not enter target computers surreptitiously. Nevertheless, the same program may also employ other distribution tactics that are not as crystal clear as the direct download.

Software bundling is probably the most common distribution method not only for potentially unwanted programs but also for adware, browser hijackers, and other suspicious applications. PUPs come bundled in a software package that is generally available for download at third-party file-sharing websites. These websites may bundle a program developed by an open-source software project with unwanted applications without the consent of the program’s creator. File-sharing websites like Filehippo, Softonic, Softpedia, Filehorse, and others have been known to have bundled PUPs with the applications they distribute.

However, it does not mean that the software distribution websites are directly involved in PUP distribution. It is likely that third parties are unilaterally using these software-sharing pages to spread their programs around.

Also, some PUPs may be distributed via drive-by downloads and other methods employed by adware, browser hijackers, and so on. As long as these programs are bundled in third-party installers, they might come from anywhere.

Why Are PUPs Dangerous?

Although potentially unwanted programs may not intend to infect target computers with malware, they come with particular components that put your computer at risk. For instance, many programs may have additional browser plug-ins that can monitor your online activity and share the collected data with unreliable third parties. As a result, this could redirect you to malware-related websites, and it could lead to malware infection or cyber fraud.

A PUP may also come with a browser hijacker that modifies your browser settings without your permission and, once again, tracks your online activity in order to make money via third-party advertising. What’s more, a browser hijacker that comes with a potentially unwanted application might also be exploited for malware distribution.

To put it simply, PUPs are intrusive, and they could be used as spying and malware distribution tools by corrupted third parties. Therefore, computer security experts believe that users have to take these applications seriously.

How to Avoid PUPs?

One of the best ways to avoid the negative consequences of a PUP installation is to download software from official vendor’s websites. Even if you download a program from a reliable website, make sure you install the application with caution, reading all the installation steps carefully. Sometimes even official installers may have bundled additional software.

Stay clear of unfamiliar sites that have a lot of pop-ups and other suspicious content. In some cases, an automatic freeware download might be initiated automatically, even without your consent.

Finally, be sure to run regular system scans with a computer security tool of your choice. Your anti-malware application should have all the latest definitions, including the PUPs you should avoid. Therefore, it is important to keep your security tool updated.

Most Trending Potentially Unwanted Programs in the Last 2 Weeks

# Threat Name Severity Level Alias(es) Detections
1. Cyclostomatous
2. Fake Google Sheets Extension
3. PDF Converter Hub
4. PUP.Simplify 10 % (Normal)
5. MyRadioAccess Toolbar 10 % (Normal) 47,067
6. AnyMovieSearch
7. Disk Ok 100 % (High) 5
8. Alructisit
9. App_updater will damage your computer Mac Alert
10. Secury Search 50 % (Medium) 649
11. PUP.Maelstrom 10 % (Normal) 36
12. SProtect
13. Lights Cinema Ads 80 % (High)
14. Fm1 - Radio 80 % (High) 1
15. Book Source 10 % (Normal) 111
16. OnlineMusic Search
17. Untrack Search 80 % (High) 2
18. Smart PC Tweaker
19. Memory Game Chrome Extension
20. Stream On The web
21. Maps Driving Directions
22. PUP.Zaxar Games 10 % (Normal) 58,277
23. Package Tracker Guru
24. Mac Speedup Pro
25. FlixSearch
26. PUP.Auslogics BoostSpeed 12 10 % (Normal) 868
27. AdvancedDisplay 20 % (Normal) 4
28. Tail Box Hijacker 50 % (Medium) 23
29. 20 % (Normal) 187
30. Research Alts 50 % (Medium) 1,569

Last updated: 2024-05-29