Identifying and analyzing unwanted software is a complex challenge. New forms of unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.
Microsoft researchers use the following categories to determine whether to add a program to the definition library, and what classification type, risk level, and recommendation to give it:
Unwanted behavior: The software runs unwanted processes or programs on your PC, does not display adequate disclosures about its behavior or obtain adequate consent, prevents you from controlling its actions while it runs on your computer, prevents you from uninstalling or removing the program, prevents you from viewing or modifying browser features or settings, makes misleading or inaccurate claims about the state of your PC, or circumvents user consent dialogs from the browser or operating system.
Advertising: The software delivers out-of-context advertising that interferes with the quality of your computing experience, regardless of whether you consented to this behavior or not.
Advertisements: The advertisement should not mislead you into visiting another site or downloading files.
Privacy: The software collects, uses, or communicates your information without your explicit consent.
Consumer opinion: Microsoft considers input from individual users as a key factor in helping to identify new unwanted behaviors and programs that might interfere with the quality of your computing experience.
The most important part with PUA is the fact that they scary consumers to buy, by presenting unreal and untrue statistics about their computer:
Display exaggerated claims about the system’s health.
Make misleading or inaccurate claims about files, registry entries, or other items on the system.
Decrease computer reliability.
Reports errors in an exaggerated or alarming manner about the user’s system and requires the user to pay for fixing the errors or issues monetarily or by performing other actions such as taking a survey, downloading a file, signing up for a newsletter, etc.
Suggests that no other actions will correct the reported errors or issues
Requires the user to act within a limited period of time to get the purported issue resolved
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .