A white paper published by McAfee in 2005. All citations and credits for any part or content should be for McAfee. McAfee however holds no liability for any thing in this blog since this blog is created by a third party without their express consent. This blog is created for academic purposes only.

Potentially Unwanted Programs (PUPs)

Potentially unwanted program (PUPs) is the generic term given to programs that find their way onto a machine, and that the user may or may not want to have. Although often deposited by way of Trojan horse, PUPs can be made by a legitimate corporate entity for some beneficial purpose. A PUP is defined as ANY piece of code which a reasonably security- or privacy-minded computer user may want to be informed of, and, in some cases, remove. Even though they may be intended for legitimate corporate use, PUPs can alter the security state of the computer on which they are installed, and therefore most users will want to be aware of them. The main types of PUPs are:
Adware: software whose primary function is to make revenue through advertising targeted at the person using the computer on which it is installed. This revenue can be made by the vendor or partners of the vendor. This does not imply that any personal information is captured or transmitted as part of the software’s functioning, though that is often the case.
Spyware: software whose function includes the transmission of personal information to a third party without the user’s knowledge and explicit consent. This usage is distinct from the common usage of spyware to represent commercial software that has security or privacy implications.
Dialer: a piece of code that redirects Internet connections to a party other than the user’s default ISP for the purpose of incurring connection charges for a content provider, vendor, or other third party.
Remote administration tool: a tool designed to allow remote control of a system by a knowledgeable administrator. However, when controlled by a party other than the legitimate owner or administrator, remote administration tools are a large security threat.
Password cracker: a piece of code designed to allow a legitimate user or administrator to recover lost or forgotten passwords from accounts or data files. When in the hands of an attacker, these same tools allow access to confidential information and represent a security and privacy threat.
Joke: a piece of code that has no malicious payload or use and does not impact security or privacy states, but that may alarm or annoy a user.

No comments:

Post a Comment

Subscribe to: Posts (Atom)