I have been busy the past few months because of these PUAs (Potentially Unwanted Apps). Honestly I consider myself lucky because yours truly was an old-school AV veteran that survived the good ol’ spyware wars (circa 2003) so connecting the dots for this technical challenge will be considerably an easy task.
As I have not posted anything for this blog for the last 9 months, I want to post my personal insights on this PUA issue. I am not sure on where to start, so maybe I will post some basic Q&A on PUAs and do series of blog post just like what I did with vulnerability assessment.
Here we go:
What are PUAs?
Potentially unwanted application or applications (PUAs), classified as grayware, refer to applications installed in a mobile device or a computer that may pose high risk or have untoward impact on user security and/or privacy. It may also contribute in consuming computing resources. It may be unwanted by the user even if it is installed with users’ consent. Most often than not, PUAs do not explicitly and completely state their functions and purpose. The impact the application causes may either inadvertently or simply be a part of its design. PUAs are created by legitimate or illegitimate software publishers.
What are the common PUA behaviors?
Here are some notable PUA behaviors:
- Bundling – There are applications that, when installed in a device or a computer, installs other applications (bundled software) that users may not want. The primary application that installed the additional applications often trick users during the installation process with options that allow the installation of the bundled software. Applications like these may also come bundled with other grayware.
- Advertising – displays excessive advertisements, causing interruption or annoyance to users.
- Information collection – applications that collect information without users’ consent.
PUAs can be complex and may contain other unwanted behavior such as:
- Exaggerated or bogus notifications
- Lack of control for users
- Runs unwanted processes or applications that consume computing resources
- Provides unconventional way of uninstalling the application
Source: Trend Micro PUA Security Definition Page
Some questions that I plan to give more insights in the succeeding posts
- Is PUA equal to Malware?
- Is PUA an endpoint problem?
- What changed from the threat landscape of 2003 vs today?