SlideShare a Scribd company logo

How to Identify Potentially Unwanted Applications

OPSWAT
OPSWAT

With an ever-changing threat landscape, certain software applications have become difficult to detect and define potential threats by anti-malware technologies. This type of applications is commonly known as a potentially unwanted application (PUA). These applications can open users to vulnerabilities and risk; learn how to recognize these types of applications to protect against the potential risks.

Internet
1 of 22
Download to read offline
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 1 HOWTO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS By Jianpeng Mo Software Engineering Manager OPSWAT
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 1 As thecomputer security industry has grown, many technologies have emerged that can identify software applications that are truly malicious without too much difficulty. However, there are many other applications that are not as easy to define and whose maliciousness cannot always be confirmed. This type of application is now commonly referred to as a potentially unwanted program (PUP) or a potentially unwanted application (PUA). Applications may be potentially unwanted if they include security vulnerabilities, are unlicensed, or are not sanctioned by the network administrator, among other reasons. According to the Microsoft Security Intelligence Report 2013, more than 30% of known vulnerabilities come from small vendor applications that are not comprehensively tested or do not have solid maintenance procedures. Because potentially unwanted applications can be introduced to a corporate network in many ways, network administrators need to be concerned about mobile users connecting to infected networks and end users unwittingly infesting their office desktops with vulnerable applications. In some cases, end users may knowingly download non-sanctioned applications such as peer-to-peer file-sharing, instant messaging, and mp3 applications. This type of behavior, combined with the recent BYOD (Bring Your Own Device) concept, greatly facilitates the possibility of PUPs and PUAs getting into a corporate network. There are many other applications...whose maliciousness cannot always be confirmed
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 2 Interestingly, there seems to be some inconsistency in the classification of the types of products that fall under PUPs or PUAs. Almost every security vendor, including Symantec, McAfee, ESET, Sophos and Kaspersky, has its own definition of these terms. Symantec: Programs which computer users wish to be made aware of. These programs include applications that have an impact on security, privacy and resource consumption, or are associated with other security risks. These programs can show a pattern of installation without user permission, or notice, on a system or be deemed to be separate and different from the application installed. McAfee: PUPs are any piece of software which a reasonably security or privacy-minded computer user may want to be informed of, and, in some cases, remove. ESET: A potentially unwanted application is a program that contains adware, installs toolbars or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks. Sophos: Applications that, while not malicious, are generally considered unsuitable for business networks. The major PUA classifications are: adware, dialer, non-malicious spyware, remote administration tools and hacking tools. Kaspersky: Programs which are developed and distributed by legitimate companies but have functions which make it possible for them to be used maliciously. AdWare, RiskWare and PornWare are the three classes of program which are categorized as potentially unwanted.
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 3 If we take a step back and review the underlying meanings of these PUP and PUA definitions, it is clear that they all boil down to one key classification standard – applications that contain potential functionalities that, when active, users wish to be made aware of. Many users may not be concerned about PUPs and PUAs on their systems. Some may even intentionally introduce them due to a specific feature these applications offer. But in general, once these applications are running on the system, they are granted access to the registry, file system and services. Once this occurs, users need to be notified as potential vulnerabilities can be introduced. Taking the varying nature of the definitions above into consideration, it is difficult for end users to classify applications as unwanted without additional guidelines. Therefore, we would like to propose a set of detailed guidelines that help to define PUPs or PUAs in the current marketplace. In order to notify users of applications which may be risky, we need to determine what traits these applications have, and what they are trying to achieve by entering the user’s system, so that they can be flagged as PUPs or PUAs. applications that contain potential functionalities that, when active, users wish to be made aware of.
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 4 Common characteristics of PUPs or PUAs on user systems Unlike malware applications, PUPs or PUAs do not infect or destroy the end user’s system directly. But this does not mean they are harmless; in fact, they can actually be more dangerous than certain viruses and spyware. Potentially unwanted software can be a catalyst for the introduction of malware to a system and subsequently increase the possibility of infection or of user data to be stolen. Here are some common behaviors of potentially unwanted software: INSTALLING ADWARE APPLICATIONS Users commonly download applications which possess features they don’t understand. Moreover, they may not read through all the information in the pre-installation window. PUPs or PUAs target these user habits. Offering users adware applications during installation is a very common method of pushing suspicious programs through to the end user system. For example, in the screenshots below, we have downloaded a backup application download manager called “EaseUS Todo Backup Free”. The extent to which programs such as this attempt to place additional applications onto your system can be seen here as this particular download manager offers 3 additional applications to users: “Search Protect”, “RRSavings” and “PC Drivers”. 1
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 5 SHOWING ADVERTISEMENTS PUPs or PUAs are also widely used for advertising purposes. Images and pop-ups for advertisements unrelated to the program or application that was installed are very common. This type of behavior often comes from toolbars or video player applications. COLLECTING PRIVATE INFORMATION OR DATA MINING By installing an application, users are allowing this software to gain access to their system. A lot of the user’s private information is stored here for performance purposes. In Windows, for example, “%appdata%”, “%localappdata%” and “%programdata%” can contain a large amount of the user’s sensitive information, like browser cookies, an application’s login username, temporarily stored files, and more. With this information, it is relatively easy for hackers to analyze and mine data. PUPs or PUAs, if installed, will be granted this access also. OFFERING FAKE SECURITY FEATURES Internet security is a big concern for end users, and many are willing to pay to protect their systems. Some potentially unwanted software targets these people by appearing under the guise of security applications. They may report security alarms from time to time in order to seem like they are protecting the system, but they may actually be welcoming in viruses, worms, Trojan horses and other malicious programs. They may also falsely report serious infections and ask the user to input credit card information to purchase “malware removal software”. MONITORING AND HIJACKING PERSONAL MESSAGES Rather than being publicly available, point-to-point communications are intended to be private, and messages need to be protected during transmission. There are a number of applications that offer users online chatting services. However, they do not reveal that all messages sent through the application travel through the public network 3 4 2 5
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 6 without any encryption. Message redirection is a risk when using potentially unwanted software. Since all the message packages are open to the network, all the information is exposed to the public. There are plenty of 3rd party tools available online which can be used to capture and redirect these messages to a different destination. IRRITATING USERS Some PUPs or PUAs are developed merely as pranks. They do not try to attack the system, impact security or steal private information. In fact, they may not actually contain any functionality at all and exist only to impair the user’s experience through irritating messages and false reports of viruses or other network issues. BEING DIFFICULTTO REMOVE Potentially unwanted software usually makes its main process as difficult to uninstall as possible. They do not report to the operating system, so users may not be able to execute the uninstallation through the system’s central software management console, such as the Control Panel on Windows. In extreme cases, they may even lock their running process or services with low-level drivers. This would result in the system returning the uninstallation request as “Access Denied” regardless of the user’s permissions, making the removal of these programs extremely difficult. 6 7
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 7 There are a lot of other potentially suspect behaviors which PUPs or PUAs can exhibit on a user’s system. Above is simply a high-level summary of the seven most common. Different behaviors possess different levels of risk or threat and need to be considered individually. The following chart helps users to understand the variety of potentially unwanted software behaviors and their potential risks: SYSTEM INFECTION LOSS OF PRIVACY NEGATIVE USER EXPERIENCE DECREASED SYSTEM PERFORMANCE ADWARE INSTALLATION ADVERTISING DATA MINING FAKE SECURITY MESSAGE HIJACKING IRRITATE USERS DIFFICULT TO REMOVE + + + + + + ++++ + + +
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 8 Product categories likely to be considered PUPs or PUAs Thousands of new applications appear online every day, and it is not always clear whether they are safe or not. Determining whether an application falls into the PUA pool can be extremely challenging. This requires an understanding of not only the application’s behavior but also its intent. However, there are certain types of applications which are more likely to be deemed a PUP or PUA than others. TOOLBAR ADD-ONS The toolbar add-on is a type of browser extension that typically provides users with various additional functionalities by including a bar with several buttons within a browser. Generally, they do not provide as much value as the cost and risk they introduce. Screen space, performance, privacy, viruses and spywares are all potential trade-offs to having a toolbar running on your system. PUBLIC FILE SHARING Public file sharing applications, like µTorrent, eDonkey and FlashGet for example, are designed to bypass system firewalls. This can prevent the corporate network security from protecting a single point of entry to the network. Instead, the network becomes reliant on individual users assigning the correct access controls to files and directories, which are coming through these applications, on their own workstations.
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 9 INSTANT MESSAGING Instant messaging applications are commonly installed and used on home computers as well as corporate workstations. However, while these are helpful for internal communication, they also present a high risk. All messages sent using these applications may travel unencrypted across the public network and can easily be hijacked. CLOUD STORAGE Cloud storage applications, such as Dropbox, Box Sync and CrashPlan, offer end users the ability to backup and store all their important documents. As dependence on the Internet has grown over time, in correlation with increased Wi-Fi coverage and speed, these cloud storage programs are also being used by some people as their primary base for storing information. However, allowing your private data to be kept online increases the risk of leaving it open to mining from third parties. ROGUE SECURITY Rogue security applications have been another central component in the PUA scene. Generally, they consume a system’s CPU and memory and cause the system to behave strangely and erratically. In the best-case scenario, the protection offered by the application will be ineffective. For some instances, however, they might go as far as to prevent users from installing or launching a real security program. Furthermore, they may even inform users of non-existent threats in order to convince the user that they are performing efficiently when that is not the case.
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 10 Eight clues to help users determine whether there is any PUP or PUA running on the system CHECK WHETHER THE RUNNING PROCESS IS DIGITALLY SIGNED AND CERTIFIED. A digital signature is a “fingerprint” which is unique to both the file and the signer and binds them together. It requires the signer to have a certificate-based digital ID to ensure their authenticity. Therefore, if a running process has a valid digital signature, it can be considered more secure. On the other hand, a running process which does not have any digital signature could come from any source, so there is no way to verify its reliability; it could potentially be considered as an unwanted application. 1
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 11 CHECK WHETHER THE PARENT OF THE RUNNING PROCESS EXISTS. In some cases, unlike most other processes, a running process will try hiding its source. It may block the connection between the running process and its on-demand trigger. This kind of application would create a child process on the user’s system, and then terminate or close down. After that it would execute the malicious code from its child process. Microsoft offers a very useful tool called “Process Explorer” which can help users retrieve most of the process information. Once Process Explorer is launched, if you select the suspect process, right-click on it and then go to ‘Properties’, the process’s parent information will appear on the pop-up window under the ‘Image’ tab. 2
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 12 CHECK WHETHER THE RUNNING PROCESS COMES FROM ON-DEMAND OR PERSISTENT APPLICATIONS. On-demand version processes may not leave any logs or footprints in the system, regardless of their functionalities. A lot of PUP or PUA vendors distribute on-demand versions of their applications. These applications minimize user interaction. They do not require any installation, they are not persistent on the system and they are executed based on a user trigger which is activated regardless of whether the user’s action is intentional or not. Although antivirus vendors released updated PUP or PUA definition databases to monitor these on-demand processes and ensure consistent protection, it is virtually impossible to fully monitor this area. Users can verify whether an application is a persistent version under ‘Control PanelProgramsPrograms and Features’. All the persistent installed applications would show up as an entry within this control panel page. 3
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 13 CHECK WHETHER THE RUNNING PROCESS HAS A PURE BROWSER PLUG-IN COMPONENT. In most cases, processes which contain pure browser plug-in classes, such as “Chrome_WidgetWin”, “Internet Explorer_Server” and “MozillaWindowClass”, are used for advertisement purposes. These processes are usually launched by another process when a certain condition is triggered. They can be very disruptive for end users and considered as potentially unwanted applications. However, detecting whether a given process contains any pure browser plug-in is not always easy for end users. Fortunately, there is a developer tool from Microsoft called “Spy++” which can help users identify this information by giving them a graphical view of their system’s processes. 4
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 14 5. CHECK WHETHER THE RUNNING PROCESS HAS MODIFIED THE BROWSER SETTINGS. There are some processes that may attempt to update the browser settings every time they are launched. They overwrite the pre-configurations and redirect the user to a specific website. In extreme cases, they may even install browser plug-ins or adware applications without notifying the user. If users find that their browser homepage has been modified or see any unwanted browser plug-ins installed after running an application, it is likely that this application is what we consider a PUP or PUA. 5
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 15 6. CHECK WHETHER THE RUNNING PROCESS CONSUMES HUGE AMOUNTS OF SYSTEM RESOURCES. Applications are designed to leverage an operating system’s resources in order to employ certain features and actions. However, if an application occupies a lot of CPU or memory without any valuable returns, it is counter- productive. For example, some poorly-developed applications may crash easily and generate a lot of system errors. There is a built-in Windows utility called “Event Viewer” which can be used to validate a given application’s stability. After launching the “Event Viewer”, users should go to the ‘Application’ section under ‘Windows Logs’, and then create a filter to review event logs for any given application. If there are a considerable amount of errors generated by a specific application, then it should be regarded as a PUP or PUA. 6
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 16 7. CHECK WHETHER THE RUNNING PROCESSES CONSISTENTLY CREATE NEW CHILD PROCESSES OR LAUNCH WINDOW PROMPTS. A typical characteristic of PUA is to push advertisements or adult content to the end users. Traditional antivirus vendors may not easily be able to define such content as threats because some users may actually wish to receive these. However, most end users would have no interest in them. Therefore, PUP and PUA would be a reasonable classification for this type of application. 7
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 17 8. CHECK WHETHER THE RUNNING PROCESS LISTENS TO ANY SPECIFIC PORT AND PROVIDES REMOTE SYSTEM ACCESS. Remote desktop access is a valuable feature, but also a potentially dangerous one. Users should be absolutely confident and trusting of an application that provides this feature before using it. Opening remote access from an external network through a little-known application is almost as dangerous as leaving your laptop in Time Square without setting any password. If there is an application running on the system which offers remote access, and it is not from a reputable vendor, then it should most certainly be considered a PUP or PUA. This information could easily be retrieved by running command “netstat -o” from the Windows built-in “Command Prompt” utility. 8
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 18 Conclusion In conclusion, there is no straight-forward answer to whether an application is unwanted or not. A lot of PUPs or PUAs get onto the user’s system through user action, either intentionally or unintentionally. The word “potentially” represents an important factor here. It is very necessary for users to understand the benefits and risks of any application before installing or using it. Unfortunately, this is not easy for most end users to determine. Nonetheless, this does not mean that users are not able to take steps to protect their systems. Educating end users is an important security practice as they play a key role in helping to identify suspicious applications as PUPs or PUAs. If a set of categories were established for these types of applications, based on their behavior, this could help users to identify whether an application is suspect or not. Applications that support file-sharing, instant messaging, cloud storage, additional unknown software, remote desktop access and adult content advertisements, or that are vulnerable, unlicensed, and unsanctioned, along with toolbars and rogue security programs, all have a much higher chance of being labeled as PUPs or PUAs than other programs. Potentially unwanted applications do not bring in viruses or steal the user’s sensitive data directly, but they do introduce security risks to the system, decreases the system’s efficiency and performance, and disrupt the user experience. It is always a good idea to remove any potentially unwanted software to keep the system safe and clean.
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 19 About OPSWAT OPSWAT is a San Francisco based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and that help organizations protect against zero day attacks by using multiple anti-malware engine scanning, data sanitization, and file filtering. OPSWAT’s intuitive applications and comprehensive development kits are deployed by SMB, enterprise, and OEM customers to more than 100 million endpoints worldwide. OPSWAT’s software management solutions offer streamlined technology partnerships between leading technology solutions and software vendors. By enabling seamless compatibility and easy management capabilities, we allow network security and manageability solutions to provide visibility and management of multiple application types installed on an endpoint, as well as the ability to remove unwanted or non-compliant applications. Our innovative multi-scanning solutions deliver anti-malware protection with increased detection rates and minimized performance overhead. In addition to maximizing detection rates, we provide the ability for customers to easily adapt our solutions to their existing infrastructure to add control over the flow of data into and out of secure networks. ABOUTTHE AUTHOR Jianpeng Mo holds the position of Software Engineering Manager in OPSWAT, where he leads an engineering team for developing software management toolkits OESIS and AppRemover. He specializes in developing modern concept products, leading the engineering groups in solving unique and difficult technical problems. He and his
HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 20 team are responsible for a variety of activities, including delivering a software detection, classification and manageability framework and researching application vulnerabilities and potential unwanted application removal. Jianpeng received his M.S. from New York University with a major in Electrical Engineering.
Disclaimer. © 2014. OPSWAT, Inc. (“OPSWAT”). All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. OPSWAT is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. Though reasonable effort has been made to ensure the accuracy of the data provided, OPSWAT makes no claim, promise or guarantee about the completeness, accuracy and adequacy of information and is not responsible for misprints, out-of-date information, or errors. OPSWAT makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical. http://www.opswat.com/

Recommended

Spyware
SpywareSpyware
Spyware
Peeyush Sharma
 
Computer virus
Computer virus Computer virus
Computer virus
AshishVasan
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault Analysis
IRJET Journal
 
Spyware-A online threat to privacy
Spyware-A online threat to privacySpyware-A online threat to privacy
Spyware-A online threat to privacy
Vikas Patel
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppEric Zhuo
 
Fundamental elements of the computer software
Fundamental elements of the computer softwareFundamental elements of the computer software
Fundamental elements of the computer softwareJesus Obenita Jr.
 
CaseStudyFoodForTheHungry
CaseStudyFoodForTheHungryCaseStudyFoodForTheHungry
CaseStudyFoodForTheHungryYoung Choo
 
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
ChristopherAntonius
 

Recommended

Spyware
SpywareSpyware
Spyware
Peeyush Sharma
 
Computer virus
Computer virus Computer virus
Computer virus
AshishVasan
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault Analysis
IRJET Journal
 
Spyware-A online threat to privacy
Spyware-A online threat to privacySpyware-A online threat to privacy
Spyware-A online threat to privacy
Vikas Patel
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppEric Zhuo
 
Fundamental elements of the computer software
Fundamental elements of the computer softwareFundamental elements of the computer software
Fundamental elements of the computer softwareJesus Obenita Jr.
 
CaseStudyFoodForTheHungry
CaseStudyFoodForTheHungryCaseStudyFoodForTheHungry
CaseStudyFoodForTheHungryYoung Choo
 
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
ChristopherAntonius
 
Generating Risk Summary Risk Scores For Mobile Applications
Generating Risk Summary Risk Scores For Mobile ApplicationsGenerating Risk Summary Risk Scores For Mobile Applications
Generating Risk Summary Risk Scores For Mobile Applications
Papitha Velumani
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
AlienVault
 
Vulnerability scanning project
Vulnerability scanning projectVulnerability scanning project
Vulnerability scanning project
Chirag Dhamecha
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Phil Legg
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
Diane M. Metcalf
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
Idexcel Technologies
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsJPINFOTECH JAYAPRAKASH
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for android
JPINFOTECH JAYAPRAKASH
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
gjohansen
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
SCGOV Report
SCGOV ReportSCGOV Report
SCGOV ReportColin Harvey
 
Effective risk communication for android apps
Effective risk communication for android appsEffective risk communication for android apps
Effective risk communication for android appsJPINFOTECH JAYAPRAKASH
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPScougarcps
 
Effective Vulnerabilities Management in Simple Ten Steps
Effective Vulnerabilities Management in Simple Ten StepsEffective Vulnerabilities Management in Simple Ten Steps
Effective Vulnerabilities Management in Simple Ten Steps
Promisec
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
GFI Software
 
Security Software
Security SoftwareSecurity Software
Security Softwarebennybigbang
 
Open port vulnerability
Open port vulnerabilityOpen port vulnerability
Open port vulnerabilitySamaresh Debbarma
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Editor IJARCET
 
The Freaky Future of Digital Marketing - By Craig Boyte
The Freaky Future of Digital Marketing - By Craig BoyteThe Freaky Future of Digital Marketing - By Craig Boyte
The Freaky Future of Digital Marketing - By Craig Boyte
Bluewater
 
ยินดีต้อนรับ
ยินดีต้อนรับยินดีต้อนรับ
ยินดีต้อนรับguest2a81d8
 

More Related Content

What's hot

Generating Risk Summary Risk Scores For Mobile Applications
Generating Risk Summary Risk Scores For Mobile ApplicationsGenerating Risk Summary Risk Scores For Mobile Applications
Generating Risk Summary Risk Scores For Mobile Applications
Papitha Velumani
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
AlienVault
 
Vulnerability scanning project
Vulnerability scanning projectVulnerability scanning project
Vulnerability scanning project
Chirag Dhamecha
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Phil Legg
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
Diane M. Metcalf
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
Idexcel Technologies
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsJPINFOTECH JAYAPRAKASH
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for android
JPINFOTECH JAYAPRAKASH
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
gjohansen
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Effective risk communication for android apps
Effective risk communication for android appsEffective risk communication for android apps
Effective risk communication for android appsJPINFOTECH JAYAPRAKASH
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPScougarcps
 
Effective Vulnerabilities Management in Simple Ten Steps
Effective Vulnerabilities Management in Simple Ten StepsEffective Vulnerabilities Management in Simple Ten Steps
Effective Vulnerabilities Management in Simple Ten Steps
Promisec
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
GFI Software
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Editor IJARCET
 

What's hot (20)

Generating Risk Summary Risk Scores For Mobile Applications
Generating Risk Summary Risk Scores For Mobile ApplicationsGenerating Risk Summary Risk Scores For Mobile Applications
Generating Risk Summary Risk Scores For Mobile Applications
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Vulnerability scanning project
Vulnerability scanning projectVulnerability scanning project
Vulnerability scanning project
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applications
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for android
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
SCGOV Report
SCGOV ReportSCGOV Report
SCGOV Report
 
Effective risk communication for android apps
Effective risk communication for android appsEffective risk communication for android apps
Effective risk communication for android apps
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
 
Effective Vulnerabilities Management in Simple Ten Steps
Effective Vulnerabilities Management in Simple Ten StepsEffective Vulnerabilities Management in Simple Ten Steps
Effective Vulnerabilities Management in Simple Ten Steps
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 
Security Software
Security SoftwareSecurity Software
Security Software
 
Open port vulnerability
Open port vulnerabilityOpen port vulnerability
Open port vulnerability
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039
 

Viewers also liked

The Freaky Future of Digital Marketing - By Craig Boyte
The Freaky Future of Digital Marketing - By Craig BoyteThe Freaky Future of Digital Marketing - By Craig Boyte
The Freaky Future of Digital Marketing - By Craig Boyte
Bluewater
 
ยินดีต้อนรับ
ยินดีต้อนรับยินดีต้อนรับ
ยินดีต้อนรับguest2a81d8
 
Mamta Bhatia - Copy
Mamta Bhatia - CopyMamta Bhatia - Copy
Mamta Bhatia - CopyMamta Bhatia
 
Enzymatic creatinine 2_-_advia_chemistry_-_rev_f_dxdcm_09008b8380624c1b-13691...
Enzymatic creatinine 2_-_advia_chemistry_-_rev_f_dxdcm_09008b8380624c1b-13691...Enzymatic creatinine 2_-_advia_chemistry_-_rev_f_dxdcm_09008b8380624c1b-13691...
Enzymatic creatinine 2_-_advia_chemistry_-_rev_f_dxdcm_09008b8380624c1b-13691...
Rodrigo Vargas
 
BCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 ThreatsBCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 Threats
Gareth Niblett
 
Game design umcs
Game design umcsGame design umcs
Game design umcs
Grzegorz Olifirowicz
 
Bringing together award winning employees
Bringing together award winning employeesBringing together award winning employees
Bringing together award winning employees
CIPR Inside
 
Animación
AnimaciónAnimación
AnimaciónMaica_g
 
Индустриально логистический хаб СЭЗ «Хоргос Восточные Ворота»
Индустриально логистический хаб СЭЗ «Хоргос Восточные Ворота»Индустриально логистический хаб СЭЗ «Хоргос Восточные Ворота»
Индустриально логистический хаб СЭЗ «Хоргос Восточные Ворота»aizhan_zo
 
Defense Innovation Summit
Defense Innovation SummitDefense Innovation Summit
Defense Innovation Summit
OPSWAT
 
บทที่ 8
บทที่ 8บทที่ 8
บทที่ 8
NuzzNussara
 
CINE DE ANIMACIÓN
CINE DE ANIMACIÓNCINE DE ANIMACIÓN
CINE DE ANIMACIÓN
David Nuñez
 
Questioning Skills for the Classroom
Questioning Skills for the ClassroomQuestioning Skills for the Classroom
Questioning Skills for the Classroom
m nagaRAJU
 

Viewers also liked (15)

The Freaky Future of Digital Marketing - By Craig Boyte
The Freaky Future of Digital Marketing - By Craig BoyteThe Freaky Future of Digital Marketing - By Craig Boyte
The Freaky Future of Digital Marketing - By Craig Boyte
 
ยินดีต้อนรับ
ยินดีต้อนรับยินดีต้อนรับ
ยินดีต้อนรับ
 
Mamta Bhatia - Copy
Mamta Bhatia - CopyMamta Bhatia - Copy
Mamta Bhatia - Copy
 
Enzymatic creatinine 2_-_advia_chemistry_-_rev_f_dxdcm_09008b8380624c1b-13691...
Enzymatic creatinine 2_-_advia_chemistry_-_rev_f_dxdcm_09008b8380624c1b-13691...Enzymatic creatinine 2_-_advia_chemistry_-_rev_f_dxdcm_09008b8380624c1b-13691...
Enzymatic creatinine 2_-_advia_chemistry_-_rev_f_dxdcm_09008b8380624c1b-13691...
 
BCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 ThreatsBCS ITNow 201312 - 2014 Threats
BCS ITNow 201312 - 2014 Threats
 
Certficates.PDF
Certficates.PDFCertficates.PDF
Certficates.PDF
 
Game design umcs
Game design umcsGame design umcs
Game design umcs
 
4.이경재
4.이경재4.이경재
4.이경재
 
Bringing together award winning employees
Bringing together award winning employeesBringing together award winning employees
Bringing together award winning employees
 
Animación
AnimaciónAnimación
Animación
 
Индустриально логистический хаб СЭЗ «Хоргос Восточные Ворота»
Индустриально логистический хаб СЭЗ «Хоргос Восточные Ворота»Индустриально логистический хаб СЭЗ «Хоргос Восточные Ворота»
Индустриально логистический хаб СЭЗ «Хоргос Восточные Ворота»
 
Defense Innovation Summit
Defense Innovation SummitDefense Innovation Summit
Defense Innovation Summit
 
บทที่ 8
บทที่ 8บทที่ 8
บทที่ 8
 
CINE DE ANIMACIÓN
CINE DE ANIMACIÓNCINE DE ANIMACIÓN
CINE DE ANIMACIÓN
 
Questioning Skills for the Classroom
Questioning Skills for the ClassroomQuestioning Skills for the Classroom
Questioning Skills for the Classroom
 

Similar to How to Identify Potentially Unwanted Applications

Tips to remove malwares
Tips to remove malwaresTips to remove malwares
Tips to remove malwares
anthnyq
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability Management
Muhammad FAHAD
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
galaxy201
 
Whitelist Tutorial 1
Whitelist Tutorial 1Whitelist Tutorial 1
Whitelist Tutorial 1tafinley
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
ESET Middle East
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET Journal
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
Chandrashekhar B
 
10 Components of Business Cyber Security
10 Components of Business Cyber Security10 Components of Business Cyber Security
10 Components of Business Cyber Security
Comodo SSL Store
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
 
185
185185
185
vivatechijri
 
Irjet v7 i3811
Irjet v7 i3811Irjet v7 i3811
Irjet v7 i3811
aissmsblogs
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
anandanand521251
 
Events vs Notifications
Events vs NotificationsEvents vs Notifications
Events vs Notifications
jeetendra mandal
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
Yury Chemerkin
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptx
salutiontechnology
 
Uses misuses and risk of software
Uses misuses and risk of softwareUses misuses and risk of software
Uses misuses and risk of software
Burhan Ahmed
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 

Similar to How to Identify Potentially Unwanted Applications (20)

Tips to remove malwares
Tips to remove malwaresTips to remove malwares
Tips to remove malwares
 
spyware
spywarespyware
spyware
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability Management
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
Whitelist Tutorial 1
Whitelist Tutorial 1Whitelist Tutorial 1
Whitelist Tutorial 1
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
 
10 Components of Business Cyber Security
10 Components of Business Cyber Security10 Components of Business Cyber Security
10 Components of Business Cyber Security
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
 
185
185185
185
 
Spyware
SpywareSpyware
Spyware
 
Irjet v7 i3811
Irjet v7 i3811Irjet v7 i3811
Irjet v7 i3811
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 
Events vs Notifications
Events vs NotificationsEvents vs Notifications
Events vs Notifications
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptx
 
Uses misuses and risk of software
Uses misuses and risk of softwareUses misuses and risk of software
Uses misuses and risk of software
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 

More from OPSWAT

Preventing Known and Unknown Threats
Preventing Known and Unknown ThreatsPreventing Known and Unknown Threats
Preventing Known and Unknown Threats
OPSWAT
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear Facilities
OPSWAT
 
3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations
OPSWAT
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
OPSWAT
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record Theft
OPSWAT
 
Top 10 Facts About Data Breaches
Top 10 Facts About Data BreachesTop 10 Facts About Data Breaches
Top 10 Facts About Data Breaches
OPSWAT
 
Metascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxMetascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for Linux
OPSWAT
 
Secure Data Workflow
Secure Data WorkflowSecure Data Workflow
Secure Data Workflow
OPSWAT
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
OPSWAT
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
OPSWAT
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
OPSWAT
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
OPSWAT
 
Introduction to OESIS Framework
Introduction to OESIS FrameworkIntroduction to OESIS Framework
Introduction to OESIS Framework
OPSWAT
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan Client
OPSWAT
 
Metascan Multi-scanning Technology
Metascan Multi-scanning TechnologyMetascan Multi-scanning Technology
Metascan Multi-scanning Technology
OPSWAT
 
The Value of Multi-scanning
The Value of Multi-scanningThe Value of Multi-scanning
The Value of Multi-scanning
OPSWAT
 

More from OPSWAT (16)

Preventing Known and Unknown Threats
Preventing Known and Unknown ThreatsPreventing Known and Unknown Threats
Preventing Known and Unknown Threats
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear Facilities
 
3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record Theft
 
Top 10 Facts About Data Breaches
Top 10 Facts About Data BreachesTop 10 Facts About Data Breaches
Top 10 Facts About Data Breaches
 
Metascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxMetascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for Linux
 
Secure Data Workflow
Secure Data WorkflowSecure Data Workflow
Secure Data Workflow
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
 
Introduction to OESIS Framework
Introduction to OESIS FrameworkIntroduction to OESIS Framework
Introduction to OESIS Framework
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan Client
 
Metascan Multi-scanning Technology
Metascan Multi-scanning TechnologyMetascan Multi-scanning Technology
Metascan Multi-scanning Technology
 
The Value of Multi-scanning
The Value of Multi-scanningThe Value of Multi-scanning
The Value of Multi-scanning
 

Recently uploaded

History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
ShahulHameed54211
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
Himani415946
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
TristanJasperRamos
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 

Recently uploaded (16)

History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 

How to Identify Potentially Unwanted Applications

  • 1. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 1 HOWTO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS By Jianpeng Mo Software Engineering Manager OPSWAT
  • 2. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 1 As thecomputer security industry has grown, many technologies have emerged that can identify software applications that are truly malicious without too much difficulty. However, there are many other applications that are not as easy to define and whose maliciousness cannot always be confirmed. This type of application is now commonly referred to as a potentially unwanted program (PUP) or a potentially unwanted application (PUA). Applications may be potentially unwanted if they include security vulnerabilities, are unlicensed, or are not sanctioned by the network administrator, among other reasons. According to the Microsoft Security Intelligence Report 2013, more than 30% of known vulnerabilities come from small vendor applications that are not comprehensively tested or do not have solid maintenance procedures. Because potentially unwanted applications can be introduced to a corporate network in many ways, network administrators need to be concerned about mobile users connecting to infected networks and end users unwittingly infesting their office desktops with vulnerable applications. In some cases, end users may knowingly download non-sanctioned applications such as peer-to-peer file-sharing, instant messaging, and mp3 applications. This type of behavior, combined with the recent BYOD (Bring Your Own Device) concept, greatly facilitates the possibility of PUPs and PUAs getting into a corporate network. There are many other applications...whose maliciousness cannot always be confirmed
  • 3. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 2 Interestingly, there seems to be some inconsistency in the classification of the types of products that fall under PUPs or PUAs. Almost every security vendor, including Symantec, McAfee, ESET, Sophos and Kaspersky, has its own definition of these terms. Symantec: Programs which computer users wish to be made aware of. These programs include applications that have an impact on security, privacy and resource consumption, or are associated with other security risks. These programs can show a pattern of installation without user permission, or notice, on a system or be deemed to be separate and different from the application installed. McAfee: PUPs are any piece of software which a reasonably security or privacy-minded computer user may want to be informed of, and, in some cases, remove. ESET: A potentially unwanted application is a program that contains adware, installs toolbars or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks. Sophos: Applications that, while not malicious, are generally considered unsuitable for business networks. The major PUA classifications are: adware, dialer, non-malicious spyware, remote administration tools and hacking tools. Kaspersky: Programs which are developed and distributed by legitimate companies but have functions which make it possible for them to be used maliciously. AdWare, RiskWare and PornWare are the three classes of program which are categorized as potentially unwanted.
  • 4. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 3 If we take a step back and review the underlying meanings of these PUP and PUA definitions, it is clear that they all boil down to one key classification standard – applications that contain potential functionalities that, when active, users wish to be made aware of. Many users may not be concerned about PUPs and PUAs on their systems. Some may even intentionally introduce them due to a specific feature these applications offer. But in general, once these applications are running on the system, they are granted access to the registry, file system and services. Once this occurs, users need to be notified as potential vulnerabilities can be introduced. Taking the varying nature of the definitions above into consideration, it is difficult for end users to classify applications as unwanted without additional guidelines. Therefore, we would like to propose a set of detailed guidelines that help to define PUPs or PUAs in the current marketplace. In order to notify users of applications which may be risky, we need to determine what traits these applications have, and what they are trying to achieve by entering the user’s system, so that they can be flagged as PUPs or PUAs. applications that contain potential functionalities that, when active, users wish to be made aware of.
  • 5. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 4 Common characteristics of PUPs or PUAs on user systems Unlike malware applications, PUPs or PUAs do not infect or destroy the end user’s system directly. But this does not mean they are harmless; in fact, they can actually be more dangerous than certain viruses and spyware. Potentially unwanted software can be a catalyst for the introduction of malware to a system and subsequently increase the possibility of infection or of user data to be stolen. Here are some common behaviors of potentially unwanted software: INSTALLING ADWARE APPLICATIONS Users commonly download applications which possess features they don’t understand. Moreover, they may not read through all the information in the pre-installation window. PUPs or PUAs target these user habits. Offering users adware applications during installation is a very common method of pushing suspicious programs through to the end user system. For example, in the screenshots below, we have downloaded a backup application download manager called “EaseUS Todo Backup Free”. The extent to which programs such as this attempt to place additional applications onto your system can be seen here as this particular download manager offers 3 additional applications to users: “Search Protect”, “RRSavings” and “PC Drivers”. 1
  • 6. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 5 SHOWING ADVERTISEMENTS PUPs or PUAs are also widely used for advertising purposes. Images and pop-ups for advertisements unrelated to the program or application that was installed are very common. This type of behavior often comes from toolbars or video player applications. COLLECTING PRIVATE INFORMATION OR DATA MINING By installing an application, users are allowing this software to gain access to their system. A lot of the user’s private information is stored here for performance purposes. In Windows, for example, “%appdata%”, “%localappdata%” and “%programdata%” can contain a large amount of the user’s sensitive information, like browser cookies, an application’s login username, temporarily stored files, and more. With this information, it is relatively easy for hackers to analyze and mine data. PUPs or PUAs, if installed, will be granted this access also. OFFERING FAKE SECURITY FEATURES Internet security is a big concern for end users, and many are willing to pay to protect their systems. Some potentially unwanted software targets these people by appearing under the guise of security applications. They may report security alarms from time to time in order to seem like they are protecting the system, but they may actually be welcoming in viruses, worms, Trojan horses and other malicious programs. They may also falsely report serious infections and ask the user to input credit card information to purchase “malware removal software”. MONITORING AND HIJACKING PERSONAL MESSAGES Rather than being publicly available, point-to-point communications are intended to be private, and messages need to be protected during transmission. There are a number of applications that offer users online chatting services. However, they do not reveal that all messages sent through the application travel through the public network 3 4 2 5
  • 7. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 6 without any encryption. Message redirection is a risk when using potentially unwanted software. Since all the message packages are open to the network, all the information is exposed to the public. There are plenty of 3rd party tools available online which can be used to capture and redirect these messages to a different destination. IRRITATING USERS Some PUPs or PUAs are developed merely as pranks. They do not try to attack the system, impact security or steal private information. In fact, they may not actually contain any functionality at all and exist only to impair the user’s experience through irritating messages and false reports of viruses or other network issues. BEING DIFFICULTTO REMOVE Potentially unwanted software usually makes its main process as difficult to uninstall as possible. They do not report to the operating system, so users may not be able to execute the uninstallation through the system’s central software management console, such as the Control Panel on Windows. In extreme cases, they may even lock their running process or services with low-level drivers. This would result in the system returning the uninstallation request as “Access Denied” regardless of the user’s permissions, making the removal of these programs extremely difficult. 6 7
  • 8. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 7 There are a lot of other potentially suspect behaviors which PUPs or PUAs can exhibit on a user’s system. Above is simply a high-level summary of the seven most common. Different behaviors possess different levels of risk or threat and need to be considered individually. The following chart helps users to understand the variety of potentially unwanted software behaviors and their potential risks: SYSTEM INFECTION LOSS OF PRIVACY NEGATIVE USER EXPERIENCE DECREASED SYSTEM PERFORMANCE ADWARE INSTALLATION ADVERTISING DATA MINING FAKE SECURITY MESSAGE HIJACKING IRRITATE USERS DIFFICULT TO REMOVE + + + + + + ++++ + + +
  • 9. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 8 Product categories likely to be considered PUPs or PUAs Thousands of new applications appear online every day, and it is not always clear whether they are safe or not. Determining whether an application falls into the PUA pool can be extremely challenging. This requires an understanding of not only the application’s behavior but also its intent. However, there are certain types of applications which are more likely to be deemed a PUP or PUA than others. TOOLBAR ADD-ONS The toolbar add-on is a type of browser extension that typically provides users with various additional functionalities by including a bar with several buttons within a browser. Generally, they do not provide as much value as the cost and risk they introduce. Screen space, performance, privacy, viruses and spywares are all potential trade-offs to having a toolbar running on your system. PUBLIC FILE SHARING Public file sharing applications, like µTorrent, eDonkey and FlashGet for example, are designed to bypass system firewalls. This can prevent the corporate network security from protecting a single point of entry to the network. Instead, the network becomes reliant on individual users assigning the correct access controls to files and directories, which are coming through these applications, on their own workstations.
  • 10. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 9 INSTANT MESSAGING Instant messaging applications are commonly installed and used on home computers as well as corporate workstations. However, while these are helpful for internal communication, they also present a high risk. All messages sent using these applications may travel unencrypted across the public network and can easily be hijacked. CLOUD STORAGE Cloud storage applications, such as Dropbox, Box Sync and CrashPlan, offer end users the ability to backup and store all their important documents. As dependence on the Internet has grown over time, in correlation with increased Wi-Fi coverage and speed, these cloud storage programs are also being used by some people as their primary base for storing information. However, allowing your private data to be kept online increases the risk of leaving it open to mining from third parties. ROGUE SECURITY Rogue security applications have been another central component in the PUA scene. Generally, they consume a system’s CPU and memory and cause the system to behave strangely and erratically. In the best-case scenario, the protection offered by the application will be ineffective. For some instances, however, they might go as far as to prevent users from installing or launching a real security program. Furthermore, they may even inform users of non-existent threats in order to convince the user that they are performing efficiently when that is not the case.
  • 11. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 10 Eight clues to help users determine whether there is any PUP or PUA running on the system CHECK WHETHER THE RUNNING PROCESS IS DIGITALLY SIGNED AND CERTIFIED. A digital signature is a “fingerprint” which is unique to both the file and the signer and binds them together. It requires the signer to have a certificate-based digital ID to ensure their authenticity. Therefore, if a running process has a valid digital signature, it can be considered more secure. On the other hand, a running process which does not have any digital signature could come from any source, so there is no way to verify its reliability; it could potentially be considered as an unwanted application. 1
  • 12. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 11 CHECK WHETHER THE PARENT OF THE RUNNING PROCESS EXISTS. In some cases, unlike most other processes, a running process will try hiding its source. It may block the connection between the running process and its on-demand trigger. This kind of application would create a child process on the user’s system, and then terminate or close down. After that it would execute the malicious code from its child process. Microsoft offers a very useful tool called “Process Explorer” which can help users retrieve most of the process information. Once Process Explorer is launched, if you select the suspect process, right-click on it and then go to ‘Properties’, the process’s parent information will appear on the pop-up window under the ‘Image’ tab. 2
  • 13. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 12 CHECK WHETHER THE RUNNING PROCESS COMES FROM ON-DEMAND OR PERSISTENT APPLICATIONS. On-demand version processes may not leave any logs or footprints in the system, regardless of their functionalities. A lot of PUP or PUA vendors distribute on-demand versions of their applications. These applications minimize user interaction. They do not require any installation, they are not persistent on the system and they are executed based on a user trigger which is activated regardless of whether the user’s action is intentional or not. Although antivirus vendors released updated PUP or PUA definition databases to monitor these on-demand processes and ensure consistent protection, it is virtually impossible to fully monitor this area. Users can verify whether an application is a persistent version under ‘Control PanelProgramsPrograms and Features’. All the persistent installed applications would show up as an entry within this control panel page. 3
  • 14. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 13 CHECK WHETHER THE RUNNING PROCESS HAS A PURE BROWSER PLUG-IN COMPONENT. In most cases, processes which contain pure browser plug-in classes, such as “Chrome_WidgetWin”, “Internet Explorer_Server” and “MozillaWindowClass”, are used for advertisement purposes. These processes are usually launched by another process when a certain condition is triggered. They can be very disruptive for end users and considered as potentially unwanted applications. However, detecting whether a given process contains any pure browser plug-in is not always easy for end users. Fortunately, there is a developer tool from Microsoft called “Spy++” which can help users identify this information by giving them a graphical view of their system’s processes. 4
  • 15. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 14 5. CHECK WHETHER THE RUNNING PROCESS HAS MODIFIED THE BROWSER SETTINGS. There are some processes that may attempt to update the browser settings every time they are launched. They overwrite the pre-configurations and redirect the user to a specific website. In extreme cases, they may even install browser plug-ins or adware applications without notifying the user. If users find that their browser homepage has been modified or see any unwanted browser plug-ins installed after running an application, it is likely that this application is what we consider a PUP or PUA. 5
  • 16. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 15 6. CHECK WHETHER THE RUNNING PROCESS CONSUMES HUGE AMOUNTS OF SYSTEM RESOURCES. Applications are designed to leverage an operating system’s resources in order to employ certain features and actions. However, if an application occupies a lot of CPU or memory without any valuable returns, it is counter- productive. For example, some poorly-developed applications may crash easily and generate a lot of system errors. There is a built-in Windows utility called “Event Viewer” which can be used to validate a given application’s stability. After launching the “Event Viewer”, users should go to the ‘Application’ section under ‘Windows Logs’, and then create a filter to review event logs for any given application. If there are a considerable amount of errors generated by a specific application, then it should be regarded as a PUP or PUA. 6
  • 17. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 16 7. CHECK WHETHER THE RUNNING PROCESSES CONSISTENTLY CREATE NEW CHILD PROCESSES OR LAUNCH WINDOW PROMPTS. A typical characteristic of PUA is to push advertisements or adult content to the end users. Traditional antivirus vendors may not easily be able to define such content as threats because some users may actually wish to receive these. However, most end users would have no interest in them. Therefore, PUP and PUA would be a reasonable classification for this type of application. 7
  • 18. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 17 8. CHECK WHETHER THE RUNNING PROCESS LISTENS TO ANY SPECIFIC PORT AND PROVIDES REMOTE SYSTEM ACCESS. Remote desktop access is a valuable feature, but also a potentially dangerous one. Users should be absolutely confident and trusting of an application that provides this feature before using it. Opening remote access from an external network through a little-known application is almost as dangerous as leaving your laptop in Time Square without setting any password. If there is an application running on the system which offers remote access, and it is not from a reputable vendor, then it should most certainly be considered a PUP or PUA. This information could easily be retrieved by running command “netstat -o” from the Windows built-in “Command Prompt” utility. 8
  • 19. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 18 Conclusion In conclusion, there is no straight-forward answer to whether an application is unwanted or not. A lot of PUPs or PUAs get onto the user’s system through user action, either intentionally or unintentionally. The word “potentially” represents an important factor here. It is very necessary for users to understand the benefits and risks of any application before installing or using it. Unfortunately, this is not easy for most end users to determine. Nonetheless, this does not mean that users are not able to take steps to protect their systems. Educating end users is an important security practice as they play a key role in helping to identify suspicious applications as PUPs or PUAs. If a set of categories were established for these types of applications, based on their behavior, this could help users to identify whether an application is suspect or not. Applications that support file-sharing, instant messaging, cloud storage, additional unknown software, remote desktop access and adult content advertisements, or that are vulnerable, unlicensed, and unsanctioned, along with toolbars and rogue security programs, all have a much higher chance of being labeled as PUPs or PUAs than other programs. Potentially unwanted applications do not bring in viruses or steal the user’s sensitive data directly, but they do introduce security risks to the system, decreases the system’s efficiency and performance, and disrupt the user experience. It is always a good idea to remove any potentially unwanted software to keep the system safe and clean.
  • 20. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 19 About OPSWAT OPSWAT is a San Francisco based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and that help organizations protect against zero day attacks by using multiple anti-malware engine scanning, data sanitization, and file filtering. OPSWAT’s intuitive applications and comprehensive development kits are deployed by SMB, enterprise, and OEM customers to more than 100 million endpoints worldwide. OPSWAT’s software management solutions offer streamlined technology partnerships between leading technology solutions and software vendors. By enabling seamless compatibility and easy management capabilities, we allow network security and manageability solutions to provide visibility and management of multiple application types installed on an endpoint, as well as the ability to remove unwanted or non-compliant applications. Our innovative multi-scanning solutions deliver anti-malware protection with increased detection rates and minimized performance overhead. In addition to maximizing detection rates, we provide the ability for customers to easily adapt our solutions to their existing infrastructure to add control over the flow of data into and out of secure networks. ABOUTTHE AUTHOR Jianpeng Mo holds the position of Software Engineering Manager in OPSWAT, where he leads an engineering team for developing software management toolkits OESIS and AppRemover. He specializes in developing modern concept products, leading the engineering groups in solving unique and difficult technical problems. He and his
  • 21. HOW TO IDENTIFY POTENTIALLY UNWANTED APPLICATIONS | PAGE 20 team are responsible for a variety of activities, including delivering a software detection, classification and manageability framework and researching application vulnerabilities and potential unwanted application removal. Jianpeng received his M.S. from New York University with a major in Electrical Engineering.
  • 22. Disclaimer. © 2014. OPSWAT, Inc. (“OPSWAT”). All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. OPSWAT is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. Though reasonable effort has been made to ensure the accuracy of the data provided, OPSWAT makes no claim, promise or guarantee about the completeness, accuracy and adequacy of information and is not responsible for misprints, out-of-date information, or errors. OPSWAT makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical. http://www.opswat.com/