Nearly every single third-party free download site bundles their downloads with potentially unwanted programs

A Panda Security study in 2014 classified potentially unwanted programs as comprising 24.77% of total malware infections.

Potentially Unwanted Programs - Learn how to avoid


Potentially Unwanted Program (PUP) is a software program that users probably didn’t want installed on their computers. The accepted abbreviation is PUP. Types of PUPs include spyware, adware, and dialers. PUPs are sometimes called bundleware, junkware, or PUAs (Potentially Unwanted Applications).

Potentially Unwanted Programs often comes bundled with software that users did, in fact, want. By swiftly clicking through an installation, it’s easy to miss the fine print and „agree“ to the extra applications.

Unwanted software bundling is where computer users are fooled into installing unwanted programs that can compromise their privacy or weaken their computer’s security. Companies often bundle a wanted program download with a wrapper application, that forces the user to install an unwanted application, while making it hard for the user to find how to opt-out. The practice is widely considered unethical because it violates the security interests of users without their informed consent.

There is also PUMs, which stands for Potentially Unwanted Modifications. These are unwanted changes made to a computer’s default settings. PUMs can be made by legitimate applications and malware, though changes made by malware are more likely to cause problems.

What to expect from potentially unwanted programs?

A potentially unwanted programs can include software that displays intrusive advertising, or tracks the user’s Internet usage to sell information to advertisers, or injects its own advertising into web pages that a user looks at. Potentially unwanted programs often include no sign that they are installed, and no uninstall or opt-out instructions. They can slow down your computer because of various background processes, or add toolbars that at least steal space on the browser.

Spyware programs install a proxy server on a person’s computer that monitors all web traffic passing though it, tracking user interests to build up a profile and sell that profile to advertisers.

Many companies use browser hijacking to modify a user’s home page and search page, to force Internet hits to a particular website and make money from advertisers. Some companies steal the cookies in a user’s browser, hijacking their connections to websites they are logged into, and performing actions using their account, without the user’s knowledge or consent.

PUP Criteria

In order to determine whether a program is a PUP, security engineers examine a list of bad behaviors. Some applications are classified as PUPs for having multiple infractions, others because they had one serious violation.

Advertising infractions

• Obtrusive or out-of-context advertising
• Pop-ups or pop-unders
• Ad insertion, overlay, or replacement
• Ads with no clearly identified attribution
• Ads that are not clearly defined as ads
• Redirection to a competitor’s site

Download infractions

• Excessive shortcuts on desktop
• Bundling
• Pre-populated check boxes
• Liberal use of „recommended“ next to an option
• No or difficult uninstall procedure
• Non-standard install locations
• Browser add-ons that don’t show up in add-on manager

Web infractions

• Altered search results
• Toolbars with no value
• Hijacked search engines or home pages
• Bookmark insertions

Blacklisted programs

• Registry cleaners, optimizers, or defragmenters
• Driver optimizers or updaters

Tips to avoid potentially unwanted programs

Recognize dark patterns – user interfaces deliberately designed to trick the user such as:
• pre-populated check boxes
• added unofficial „seals“ as a credibility indicators
• emphasis of a desired path (gray out the „skip“ button, bright color for „next“ button)
• misdirection (like hiding of free or cheaper options)

Read through EULAs carefully
• Don’t accept terms of use thar are for bundled programs
• Read the top title above the fine print to be sure the end user license agreement (EULA) you are accepting is only for the program you originally downloaded
• If it isn’t, you can decline and still move forward in the install process

Read through Install Wizard instructions carefully
• Read the information in the top navigation bar of the Install Wizard to catch names of unwanted programs
• Do not accept standard, express, default, or other installation settings that are recommended
• Always choose custom settings

Of course if you ad an extra layer of security helps a lot
• Install ad blocker or pop-up blocker
• Install anti-spyware and anti-malware products


A growing number of open source software projects have expressed dismay at third party websites wrapping their downloads with unwanted bundles, without the project’s knowledge or consent. Nearly every single third-party free download site bundles their downloads with potentially unwanted software.

Software developers and security experts recommend that people always download the latest version from the official project website, or a trusted package manager or app store.

References: Malwarebytes official security blog, Wikipedia