dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1606
share rss forum feed

Cronk

join:2005-07-16

1 edit

Blocking PUPs

I've had two people bring me computers in the last month that were clogged up with useless irritating programs, things like Optimizer Pro, Backup Your PC, etc. They create popups like "your computer is ready to be backed up" or "you need to clean up your computer". One person had 24 programs like this, all were missed by Norton. (All 24 were installed on the same day, per Programs and Features, and the user was not aware of it, except that they did install Skype that day, possibly not the genuine link but an ad). When I posted on the Norton forum, I was told that these were PUPs and as such Norton does not block them.

I've tried to teach some basic web safety to the people since I believe these were downloaded from Google advertising links. But one person has a son who has done this twice.

So are there any programs that would run alongside Norton (or replace Norton) that will block these PUPs? I am thnking about MalwareBytes Pro.

Thanks



dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
kudos:5
Reviews:
·Comcast

Waiting for the experts to arrive but throwing out a good security program to have is a host file for them, of course it would need updating. Perhaps leave instructions on the computer?

»winhelp2002.mvps.org/hosts.htm



DarkSithPro

join:2005-02-12
Tempe, AZ
kudos:2

3 recommendations

reply to Cronk

Make them get Macs, then all your problems go away. Seriously no programs for stupid people.



Cthen

join:2004-08-01
Detroit, MI
Reviews:
·Verizon Wireless..

2 recommendations

reply to dandelion

said by dandelion:

Waiting for the experts to arrive but throwing out a good security program to have is a host file for them, of course it would need updating. Perhaps leave instructions on the computer?

»winhelp2002.mvps.org/hosts.htm

The problem I have with end users and this is actually getting them to update that every so often. Even leaving instructions won't help them. More than likely they will just delete that.

HarryH3

join:2005-02-21
kudos:1
Reviews:
·Suddenlink

1 recommendation

said by Cthen:

The problem I have with end users and this is actually getting them to update that every so often.

This! I have been on other people's systems that had the Windows Updates Are Ready popup and when I checked, they hadn't actually run updates in over 2 years. Yet the same sort of people seem to have plenty of toolbars and other crap mysteriously installed on their systems.

BTW, Avast has a setting to scan for PUP's.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Cronk

See:
»Re: alternatives to adwcleaner that don't install search hijackers

»www.virusradar.com/en/glossary/pua (or) "pup"



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

2 recommendations

reply to Cronk

said by Cronk:

...I've tried to teach some basic web safety to the people since I believe these were downloaded from Google advertising links. But one person has a son who has done this twice. ...

Perhaps the son should be made to pay the costs to restore the computer. Out-of-pocket cost is a great way to educate consequences of choices made. Sorry if that seems harsh, but this young man is going to have to navigate through a lifetime of computer usage, and all the 'Nortons' or any other protective software will never protect him fully from the consequences of his failure to understand what he or his computer is actually doing before he clicks.
--
The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. -- A. de Tocqueville


beck
Premium,MVM
join:2002-01-29
On The Road
kudos:1
reply to Cronk

I use MalwareBytes. Works.



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:10
reply to Cronk

ESET is very good at preventing+detecting such programs.
Sometimes a little over aggressive.



TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

4 recommendations

reply to Cronk

One of the best pieces of advice is to never, ever, download anything from an advertising link. If they want a program, they should preferably download it from the author's site, or a download site approved by the author of the program. Download it from someplace that wraps the program with useless programs like cnet/download.com does, and you end up with a modified program that installs PUPs (potentially unwanted programs). The problem is, getting them to find out where the approved site is, and get them to download the program only from that site would be difficult for those that simply don't understand the need for computer security.

Malwarebytes Anti-Malware being one of the better programs to remove much of that, I would recommend the paid version set up for real-time protection for the security unaware.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010



Parad0X787
"If U know neither the enemy nor yoursel
Premium
join:2013-09-17
Edmonton, AB

100% agreed ..... Malwarebytes, never let me down & looking forwards for the anti rootkit & exploit Meantime EMET do the job and a good job M$ !!!



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:10

+1 for EMET


Cronk

join:2005-07-16
reply to Cronk

Thanks to all for the replies.

Would MBAM Pro prevent the installation of PUPs, or does it detect afterward and delete?

Thanks



Triple Helix
Go Blue Jays Go
Premium
join:2007-07-26
Oshawa, ON
kudos:7
Reviews:
·Rogers Hi-Speed

2 recommendations

reply to Cronk

There is no one program that will stop all PUA's or PUP's people have to understand the thing between there ears is very important with education is the best against these when you download a program watch every step when installing because all this crapware is pre-checked and you have to make sure you uncheck all unwanted add-ons that programs might have which is getting more out of control if you download from download.com an other download sites it's best to get it from the vendors site as much as possible but still be on the lookout.

TH
--
Triple Helix - Microsoft MVP Consumer Security
VIP Member Of ASAP - (Alliance of Security Analysis Professionals)
Official Webroot SecureAnywhere (Prevx) Support Forum Helper
Webroot Community Forums Sr. Expert Advisor & Bronze VIP
(H59 Clan)


Velnias

join:2004-07-06
reply to Cronk

Long time non Windows user. No idea what the PUP is


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:4

said by Velnias:

Long time non Windows user. No idea what the PUP is

Potentially Unwanted Program. During the years I had Avira (2007-2010), it was very aggressive at detecting PUPs and blocking their installation...until Avira decided to foist its own PUP (Ask toolbar) on its users.

When did Symantec stop detecting these? I'm pretty sure they did back when I had Norton 2001.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

1 recommendation

reply to Cthen

I don't have much problem with not updating my hosts file. I also take a layered approach to ad and malicious site-blocking, using the hosts file, built-in/addon ad blocking in browsers, and OpenDNS. The main thing is, if they don't see the ads for such programs, they're unlikely to download them.
--
Oh, Opera, what have you done?


Dusty Roads

join:2013-10-23
Tomball, TX
reply to Cronk

I use the following free programs. Avast is set and forget. HostsMan, set and forget, updated automatically (I choose manual). SpywareBlaster is set and forget, manual update; unless annual license is purchased ($14.95).

1) Avast Essential Free Version »www.avast.com/index

v2014.9.14.2011 PUP (Potentially Unwanted Programs)

Settings > Active Protection:
File System Shield / Mail Shield / Web Shield > Settings on each:
Sensitivity > Check PUP and suspicious files.
Actions > PUP Tab > Select according to users expertise level.
OK.

Scan > Quick Scan > Settings:
Sensitivity > Check Scan PUP and suspicious files.
Actions > Select according to users expertise level.
OK.

Avast Browser Cleanup (Included with Avast AV)

Free standing version
»www.softpedia.com/get/Security/S···up.shtml
Review/Info
»www.malwareremovalguides.info/av···oolbars/

2) HostsMan (automatic updates): »www.abelhadigital.com/hostsman

Review/Info
»dottech.org/123726/windows-revie···program/

3) SpywareBlaster (manual updates) »www.brightfort.com/spywareblaster.html

* Auto Update available for $14.95 annually.

Look at the The 4 Principals Tab.

Info and how it works (Javacool is the designer)
»www.wilderssecurity.com/showthre···t=234823

Wiki: »en.wikipedia.org/wiki/SpywareBlaster


MBAM Pro

@sky.com

1 recommendation

reply to Cronk

said by Cronk:

Thanks to all for the replies.

Would MBAM Pro prevent the installation of PUPs, or does it detect afterward and delete?

Thanks

If Malwarebytes has it detection settings set to detect and pre check for to remove PUP then the Real time Protection(PM) will Block PUP Install's.

However the the current default setting OOTB is to detect PUP's but do not pre check for removal.
The scan will detect PUP's and list in end results (Unchecked) but in this case the Real time protection under that setting will not block PUP Installs.

Settings tweak can be seen in the following blogg post
»blog.malwarebytes.org/news/2013/···ll-pups/

Aranarth

join:2011-11-04
Stanwood, MI
Reviews:
·Frontier Communi..
·WildBlue
reply to Cronk

On my kid's internet machine I have win7 installed along with two accounts:
Admin -not the administrator acct but has admin level rights and password protected)
Kids - user acct no pw.

Family safety from win7 enabled along with the familysafety "Live" tool installed and setup specifc for them.
I have a good hosts file installed and avg.

I specifically setup family safety to not allow them to download files, and only those programs I allow can be run.

Machine automatically logs them off when it is bed time.

My wife gets a daily log of what they have been up to and if they manage to bypass it I have a hidden keylogger on there as well.

Since they cannot install anything, or go anywhere without my approval the machine is basically 100% safe and possibly safer than a mac.

They have other computers but this is the only one actually connected to my home network.

Should any websites becomes an issue I can add those to the hosts file to resolve to 127.0.0.1 as well.

Problem solved.

This will probably keep them out of trouble for another 8+ years as well.



Zupe
Premium,MVM
join:2001-11-29
New York, NY

1 recommendation

reply to Cronk

Not a complete solution by any means, but I've been trying out Unchecky - »www.majorgeeks.com/files/details···eta.html .

It's still in beta, but appears to do a fairly good job of unchecking the appropriate boxes to prevent the installation of PUPs in software installers or warning you if something is about to be installed. It's not a replacement for reading the installer dialogs, downloading from trusted sites, and being careful what you install in the first place, but seems helpful as an added layer.
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"?



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to Cronk

Wikipedia classifies a "PUP" in the overall category of Malware



puphater

@mindspring.com
reply to Cronk

Well, one thing you can do, if all your users want to do is browse and check email is make them use a live CD based distribution of Linux.

Since its on a CD, they basically on read-only CD, they really can't install anything. PUP or not.

Well, because most of those type system use a hybrid ramdisk/cdrom filesystem, I suppose something might make its way onto the RAM files when running. But at a re-boot, they'd be back where they started.

Glad to see Malwarebytes being more agressive about pups. I got discouraged when on their malware reporting forum, they blew off a report of several programs that snuck in pretending to be an adobe flash update. Apparently at the time, being sneaky liars wasn't enough to warrant a trigger. Then one scan a few months ago, Malware Bytes decided to flag the zip files I'd made to send in as samples. So I guess they relented .

Good.


Secyurityet

join:2012-01-07
untied state
reply to Cronk

Another vote for Malwarebytes Pro.


siliconman01
Premium
join:2005-05-08
Saint Albans, WV
reply to Cronk

Program Unchecky is new little program that is under development to interact with program installers to "uncheck" unwanted toolbars and add-on programs that are bundled in various program installers. Looks like it is developing into nice tool to keep unwanted junk off one's computer. It's in beta at the present time.

»betanews.com/2014/01/03/unchecky···-adware/



DownTheShore
Russia Lies, Ukraine Dies
Premium
join:2003-12-02
Beautiful NJ
kudos:13
Reviews:
·Verizon Online DSL
reply to MBAM Pro

said by MBAM Pro :

said by Cronk:

Thanks to all for the replies.

Would MBAM Pro prevent the installation of PUPs, or does it detect afterward and delete?

Thanks

If Malwarebytes has it detection settings set to detect and pre check for to remove PUP then the Real time Protection(PM) will Block PUP Install's.

However the the current default setting OOTB is to detect PUP's but do not pre check for removal.
The scan will detect PUP's and list in end results (Unchecked) but in this case the Real time protection under that setting will not block PUP Installs.

Settings tweak can be seen in the following blogg post
»blog.malwarebytes.org/news/2013/···ll-pups/

Is there any instance in which a user would not want a PUP checked? I was reading that link and was wondering why people were going through lists of PUPs, deciding whether or not to check them. I've never had one turn up, maybe because I pay attention when I install software, so I'm unfamiliar with them. Is there the potential for false positives, or are certain normally used programs commonly listed as PUPs?
--
Patriotism is not waving a flag, it is living the ideals

I want to retire to the Isle of Sodor and ride the trains.

Life is just better when Jeter is in the lineup.



MBAM Pro

@sky.com

1 recommendation

said by DownTheShore :

Is there any instance in which a user would not want a PUP checked? I was reading that link and was wondering why people were going through lists of PUPs, deciding whether or not to check them. I've never had one turn up, maybe because I pay attention when I install software, so I'm unfamiliar with them. Is there the potential for false positives, or are certain normally used programs commonly listed as PUPs?

I believe it is 100% a legal/Liability based decision.

PUPs by their very nature are borderline as whether anyone would want them but they are someones software, someones business model etc.

If you go unloading someones software you need a very rigid defence
for doing so should they seek damages after the fact.

By making PUP removal/protection opt in only then you are differentiating between the handling of malcode and PUP detections at source.

This is why all commercial AV/AM's have PUP as Opt in option and not enabled out of the box to treat the same as malware.


sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

1 recommendation

reply to DownTheShore

IRC clients (and mIRC in particular) and VNC servers often get labeled as PUPs. I always leave PUP scanning disabled for this reason.
--
Oh, Opera, what have you done?



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 recommendation

reply to DownTheShore

With MBAM you can decide if you want PUPS selected for removal or not - but it's usually a good thing.



DownTheShore
Russia Lies, Ukraine Dies
Premium
join:2003-12-02
Beautiful NJ
kudos:13

1 recommendation

reply to MBAM Pro

Thanks to you all for your responses.