Scan PUP????????????

Just about to run a scan when I noticed for the very first time, ‘Scan PUP’. What is it and should I turn it on?

You turn it on if You want PUP to be detected. http://searchsecurity.techtarget.com/definition/PUP

Since it is not virus, it is off by default

The forum is full of cases… If You search for PUP

See igors reply here
http://forum.avast.com/index.php?topic=54216.msg554460#msg554460

I think PUP should be enabled by default. It would be good for majority of users i.e average users.

Some PUP are very difficult to remove/uninstall & create probs for average users.

But users differ in their opinion about PUP.

I think in Avast PUP should be enabled by default for average users sake.

For advanced users sake Avast can set the PUP settings in RealTime as ask & OnDemand as select/choose in result window. Good for both average & advanced users, wot say?

Sorry I couldn’t disagree more, most people haven’t a clue what a PUP is much less what is actually installed on their systems.

For the very reason you mention, users differ in their opinion about PUP, to have an opinion the user has to understand what a PUP is and most haven’t got a clue.

Those who do understand what a PUP is can obviously make an informed decision on A) if they enable scanning for it and B) what action to take when one is found. Without that informed decision users are more likely to make the wrong decision.

Not included in most definitions of PUPs are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.

Not all antivirus programs scan for PUPs and avast has it turned of by default (an exception being the boot-time scan). So if you get this you have been tweaking the avast settings without knowing what the impact might be.

As one of the ‘most people’ ie the majority, I can only agree with you. And that being so, the PUP scan will remain as it has been since I purchased this computer more than 2 years ago, switched off. That said, I am very grateful for the replies and the links and will now re-visit both in an attempt to get at least a basic understanding of the PUP.

My daughter tells me that sometimes when she is downloading something from iTunes, she fails to spot a box that requires a tick to be removed if she doesn’t also want to download ‘Safari’ or something similar. Fire all the bullets you want, but in the very simplest of examples would the failure to spot the option and the subsequent downloading of Safari be an example of PUP. If not, could someone quote me an equally simple example of what is PUP?

No, Safari would not be a PUP. Thats just called an “opt-out” method of bundling things with installers.

PUPs are programs that can be used be someone for good purposes on their own PC, but could also be used by someone in conjunction with a malware infection to harm you.

For examples, Nirsoft makes free utility programs that often get flagged as PUP. One is a password recovery tool…great if you actually lost your password, but installed along with malware that can send out info from your PC, it could also steal your passwords maliciously.

Safari is NOT PUP. The method used by that program to “bundle” the potential installation of some other “software” (in this case, Safari) is also NOT PUP.

Simple example of Potential Unwanted Program: keyloggers. If you have a program that records which keys are pressed, you can use it for your own security, or also to know what the kids are doing (“positive” use in your eyes). But if someone else is using a keylogger to spy on you (meaning, you don’t have a clue it is recording you, and you don’t know it was installed in your system), the that is a “negative” use of the same program (in your eyes). Hence, the same program can be used for positive goals, or negative ones. Hence, Potential Unwanted Program, PUP.

My approach here was to do a full scan with PUP off and then repeat it with PUP on…Nothing showed up in either scan so I now I believe if a pup is found it has a high probability of being unwanted (but will be cautious about deleting it)…Hope that logic is correct…

@blowtorch73 this should be detected as PUP

http://www.technicalinfo.net/blog/security/20071230_CommercialKeylogger.html

And someone with a PUP detection yesterday

http://forum.avast.com/index.php?topic=92541.0

Thanks guys. I now know that I knew less than I thought I knew about PUPS when I posted my last reply. However, having read the replies to that post, I now also know that I now know more than I knew then thanks to you guys who, knowing more than I will ever know about computers were willing to pass on a little of that knowledge to me. Thank you.

Thanks for that Pondus, I now have a much clearer picture of the PUP thanks to those two links. :wink:

Some AV vendors call PUP for PUA. (possible unwanted application)

Malwarebytes also have PUM (possible unwanted modification) detection for settings tatt may have been done by malware, like turning off windows update / firewall / security senter warnings etc…