Guest Author

Computer security courses cover malicious software (malware), but the material rarely address Potentially Unwanted Programs (PUPs).

What is a PUP?

First, PUPs go by many names, including bundleware, junkware, adware and for mobile devices, Potentially Unwanted Applications (PUAs). I would actually characterize PUPs into two distinct categories; nuisance programs and security threats.

PUPs are a Nuisance

Within the nuisance category of PUPs, you can add in all the spyware, adware, browser related extensions, pop-up programs and so forth. Many of you are probably familiar with the fact that these types of programs can capture your browsing data, redirect you to different websites, they can slow down your computer, slow down your internet browsing experience, and they could force you to use a proxy and other types of unwanted actions.

For most of the PUPs a user downloads the program by choice. The user may be tricked into downloading the program as part of a bundle or a complicated EULA (End User License Agreement). Primarily, a user voluntarily downloads these types of PUPs.

PUPs as a Security Threat

From a computer security perspective, the second category of PUPs is more concerning. This type of PUP creates a new vulnerability on a host or system. PUPs in this category may or may not be voluntarily downloaded by a user. Most computer security and system admins know that one common way to secure hosts on their system is to prevent users from installing programs. Sounds simple, right? Wrong.

Portable Apps may be a PUP

One of my favorite workarounds is to use Portable Apps. Portable Apps are designed to be installed without System Administrator rights and without changing the host configuration settings. They can be downloaded directly from the Internet and installed or you can store them on a media drive (like USB) and then install them onto the host. My favorite is a portable version of Google Chrome. When I have encountered a system that is ‘locked down’ and did not have Google Chrome installed (I do not recommend violating any End User Agreements or Computer Security Rules that may apply on systems you use).

Many such Portable Apps are games, but many allow for things such as file sharing, remote desktop, SSH, Telnet, P2P and TFP services! This is where these Portable Apps start to become a security concern. If a user on a system is installing Portable Apps that circumvent system security configurations and rules, they then create new vulnerabilities in the system.

How to detect PUPs and Portable Apps on your network?

What can be done about users installing PUPs and potentially violating computer security and creating new vulnerabilities? My first recommendation is to see if your existing anti-virus/anti-malware software detects any of these Portable Apps and flags them as PUPs or not. Malwarebytes does a particularly good job on this, but you should always evaluate the effectiveness of options on your own systems.

Another somewhat effective method is to verify the network security settings and configuration. While simplistic, I would ensure that the most common sites for downloading Portable Apps are blocked. I also recommend scanning all downloads for malware. Periodic scanning of the network and hosts for PUPs is necessary.

Depending on the security of your organization, you may need to set-up additional safeguards to deal with PUPs and Portable Apps. This could include only allowing whitelisted applications and in some cases you may even want to block all applications that are not in approved paths. Options such as these will become complex to administer and enforce. I recommend a thorough cyber security risk assessment to understand the level of security needed on your network first.

It is also a good idea to incorporate information about PUPs into your existing cyber training program. User should understand the risks involved in downloading toolbar extensions and why attempting to install an unauthorized program or application is a security risk.

Additional Reading Material:

About the Guest Writer – John Stoner

Mr. Stoner has over 16 years of experience in the national security and defense sector working a variety of roles, including Cyber Threat Analyst, Cyber Counterintelligence Analyst and Cyber Instructor. He holds A+, Net+, CEH, CHFI, CEI, CISD and CISSP certifications. Connect with him on LinkedIn.