How Dangerous Are Potentially Unwanted Applications or PUA’s?

Finjan TeamBlog, Cybersecurity

Finjan How Dangerous Are Potentially Unwanted Applications or PUA’s?

Corporate employees or private users whose systems or devices come with pre-installed software usually aren’t concerned with knowing exactly what programs they have, as long as they can do their jobs or use their hardware without any complications. But if your system contains or installs pre-packaged or bundled software, it may be at risk from Potentially Unwanted Applications.

What Are Potentially Unwanted Applications?

Potentially Unwanted Applications or PUA’s are also often referred to as PUPs or Potentially Unwanted Programs. The reason why these programs are potentially unwanted lies in the design and operation of the software, which in many cases runs counter to what would normally be expected for a secure business environment, or the system of a private user. In particular, there may be concerns about how these applications store and handle user data, or exercise privileges that allow them to monitor and modify system settings.

There are several varieties of software which, on a given system, could be classified as potentially unwanted. Not all of them are necessarily designed to cause physical or digital damage. So PUA’s can’t automatically be taken for malware, as such.

Types of Potentially Unwanted Applications

PUA’s may originate from a number of different sources – many of them legitimate software developers who have created programs that then go on to be used in ways that can impair the system performance or compromise the information of the users that unknowingly install them. Other applications may be specifically designed for surveillance or criminal purposes, often by independent or cartel and state-sponsored development teams. Common categories include:

Adware

Pop-up promotions, in-line advertising, and browser toolbars offering stuff for sale are among the preferred media for adware applications. These may be simply annoying or – if they feature as an unintended element of an online service or business venture – unprofessional-looking and distracting to users and consumers.

More sinister breeds of adware may be deployed as a means of luring unsuspecting users to malicious websites, or to prompt the download of malware. Examples would include bogus warnings that “Your system has a virus. Click HERE to…” or fake reminders that software or operating system components may be out of date.

Dialers

As you’d expect, dialers are software programs which are designed to automatically dial one or more pre-defined telephone numbers. If you have a lot of contacts that you regularly call and don’t wish to remember, this can be a very good thing to have.

But a spyware dialer may be installed without your knowledge, and configured to automatically call a set of phone contacts in different locations – including long-distance or even international numbers. This can quickly ratchet up your phone bills, and if you don’t know where the software is located or have the means to delete it, there’s no way you can stop this from happening.

Hacking and Hijacking tools

In some instances, hacking tools may be used in a quasi-benevolent manner by system administrators or device owners, to (for example) break software limitations and squeeze extra functionality out of existing programs. There’s an entire class of “patching” programs and utilities designed to enable users to modify software, or to create pirated versions of commercial applications.

The problem is that these tools are usually only available from sites which may be dangerous in themselves – and their installation programs may come wrapped with additional “tools” that users may be unaware of.

Hijacking tools typically take the form of Potentially Unwanted Applications that can assume control of certain web browser functions without the user’s knowledge or consent. They may present as toolbars and extensions, custom homepages, or redirected search queries. And their job is usually to funnel browsing information to their developer’s websites or networks.

Non-malicious Spyware

Spyware enables its controllers to observe and occasionally extract information stored on a host system, or passing through a network. It can take various forms, including traceable tokens in file storage areas, in-line monitoring utilities for network traffic streams, key-loggers to record keyboard strokes and mouse pointer movements or call recording tools for telecommunications.

At the legitimate surveillance end of the spectrum, non-malicious spyware can assist business organizations in keeping tabs on the activities of their workers and assessing their performance. It can also be used to monitor the activity and behavior of customers and website visitors. These practices can be of benefit to an enterprise.

But the point where spyware strays into the realm of Potentially Unwanted Applications is when it’s installed without the knowledge or consent of the user, and serves the purpose of an external agency, rather than management.

At this point, spyware may serve as a tool of government or law enforcement, or be a money-making utility for external actors looking to extract trade secrets and intellectual property, or simply to sell information on to third parties (which could, of course, include criminal organizations or terrorists).

Remote Administration Tools

This class of software can be used to make life easier for network managers and system owners, through mechanisms that (for example) can make mass changes to the network privileges of pre-defined sets of users, or schedule a system-wide set of software updates. As you can imagine, having a program like this on your network without your knowledge (and one which may well have been installed on behalf of an external agency) could have disastrous consequences.

There’s actually a thriving market in remote administration tools designed for malicious purposes, and packaged with suggestive names like Pupy.

How Potentially Unwanted Programs Are Spread

Cutting corners and saving money are two of the primary reasons why PUA’s may be installed on both commercial and private computer systems. These applications are often bundled together with legitimate software as part of a multi-functional package that addresses a number of the user’s computing needs. They also ship as passengers on downloads of free software.

This practice has quite a history – one that even mainstream software vendors have had a hand in creating. Adobe Acrobat Reader’s frequent (and often annoying) requests for you to allow automatic updates, the addition of toolbars during Oracle’s Java installation and Microsoft Skype’s changes to your browser and homepage settings are examples.

Download portals are particularly prone to PUP distribution. A 2016 study of the 50 most popular applications on Download.com revealed found that 31 of the tested applications had bundled Potentially Unwanted Applications into their setup files. And the Potentially Unwanted Applications may bundle additional PUPs internally.

Ironically, PUA’s are often referenced by name, in the End User License Agreement (EULA) or Terms and Conditions associated with the main software setup. This is a deliberate ploy on the part of the PUA developers, as they know full well that most people will skip the chore of actually reading these documents, and just click “I accept”, to start the installation.

Having done so, the users have in effect given their approval – in what could be argued as a legally binding way – for the PUPs to do their work.

Some Effects of PUA Distribution

In terms of performance, Potentially Unwanted Applications may cause your system to slow down considerably, deposit a bunch of advertising materials in your storage drives, and change your browser or other system settings – generally, not for the better. They may also eavesdrop on your operations, and funnel information out to their controllers and third parties.

For their developers and the platforms that distribute them, Potentially Unwanted Programs represent an important source of revenue. Download portals may typically earn the freeware developer around $2 for every successful installation of a browser toolbar, for example. And once the PUP is in place, there’s the potential for financial gains from sales of user data to advertising networks, and other external agencies.

The download of freeware or the use of “unofficial” portals to gain access to proprietary software without paying for it can and does put the user in a compromised position, from the outset. Their legal position isn’t a strong one if system slowdowns and data theft occur due to the installation of pirated software, or if they’re using a hacking utility for dubious purposes.

A good example of this is the “Instagram Hacker” tool which promises users the ability to extract the password of any named Instagram account – but instead requires them to click to buy an Activation Code, which then goes on to install a password extraction tool called WebBrowserPassView on their own system. So the would-be hacker gets hacked – but since they were looking to hack someone else’s Instagram profile, anyway…

Ways to Protect Yourself

Common sense, discretion, and due diligence should be exercised when deciding where to get your software from. Using the websites of established software manufacturers or vendors is most advised. This includes using the official app stores for mobile software.

Corporate users can enforce this by whitelisting approved software vendors and download sites for their employees – and including these as part of official enterprise security policy.

Before installing any software, it’s advisable to take the time to go through the EULA and any Terms and Conditions, to establish exactly what’s included in the setup program.

Before going ahead with the software setup, make sure that the installation interface doesn’t include any pre-checked checkboxes that might authorize PUA’s. If it’s necessary to use the software’s “Custom Installation” options to get exactly what you want, then do so.

Be on guard against social engineering and scare tactics designed to push you into unwanted software updates or virus scans.

Install and use an anti-malware/anti-virus solution from a reputable manufacturer – and keep it regularly updated, to guard against the latest forms of malicious software and known Potentially Unwanted Applications. A package that that offers real-time protection is preferable.

Share this Post

Summary
Finjan How Dangerous Are Potentially Unwanted Applications or PUA’s?
Article Name
Potentially Unwanted Applications | How Dangerous are PUA's?
Description
Potentially Unwanted Applications, bundled with other software, can cause system lags, unwanted files, leaks of your personal or business information.
Author
Publisher Name
Finjan
Publisher Logo