1 edit |
Cronk
Member
2014-Jan-7 11:50 am
Blocking PUPsI've had two people bring me computers in the last month that were clogged up with useless irritating programs, things like Optimizer Pro, Backup Your PC, etc. They create popups like "your computer is ready to be backed up" or "you need to clean up your computer". One person had 24 programs like this, all were missed by Norton. (All 24 were installed on the same day, per Programs and Features, and the user was not aware of it, except that they did install Skype that day, possibly not the genuine link but an ad). When I posted on the Norton forum, I was told that these were PUPs and as such Norton does not block them.
I've tried to teach some basic web safety to the people since I believe these were downloaded from Google advertising links. But one person has a son who has done this twice.
So are there any programs that would run alongside Norton (or replace Norton) that will block these PUPs? I am thnking about MalwareBytes Pro.
Thanks |
|
|
Waiting for the experts to arrive but throwing out a good security program to have is a host file for them, of course it would need updating. Perhaps leave instructions on the computer? » winhelp2002.mvps.org/hosts.htm |
|
3 recommendations |
to Cronk
Make them get Macs, then all your problems go away. Seriously no programs for stupid people. |
|
|
Cthen Premium Member join:2004-08-01 Detroit, MI
2 recommendations |
to dandelion
said by dandelion:Waiting for the experts to arrive but throwing out a good security program to have is a host file for them, of course it would need updating. Perhaps leave instructions on the computer?
»winhelp2002.mvps.org/hosts.htm The problem I have with end users and this is actually getting them to update that every so often. Even leaving instructions won't help them. More than likely they will just delete that. |
|
HarryH3 Premium Member join:2005-02-21
1 recommendation |
HarryH3
Premium Member
2014-Jan-7 2:10 pm
said by Cthen:The problem I have with end users and this is actually getting them to update that every so often. This! I have been on other people's systems that had the Windows Updates Are Ready popup and when I checked, they hadn't actually run updates in over 2 years. Yet the same sort of people seem to have plenty of toolbars and other crap mysteriously installed on their systems. BTW, Avast has a setting to scan for PUP's. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to Cronk
|
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN
2 recommendations |
to Cronk
said by Cronk: ...I've tried to teach some basic web safety to the people since I believe these were downloaded from Google advertising links. But one person has a son who has done this twice. ... Perhaps the son should be made to pay the costs to restore the computer. Out-of-pocket cost is a great way to educate consequences of choices made. Sorry if that seems harsh, but this young man is going to have to navigate through a lifetime of computer usage, and all the 'Nortons' or any other protective software will never protect him fully from the consequences of his failure to understand what he or his computer is actually doing before he clicks. |
|
beck MVM join:2002-01-29 On The Road |
to Cronk
I use MalwareBytes. Works. |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN |
to Cronk
ESET is very good at preventing+detecting such programs. Sometimes a little over aggressive. |
|
TheJoker MVM join:2001-04-26 Charlottesville, VA
4 recommendations |
to Cronk
One of the best pieces of advice is to never, ever, download anything from an advertising link. If they want a program, they should preferably download it from the author's site, or a download site approved by the author of the program. Download it from someplace that wraps the program with useless programs like cnet/download.com does, and you end up with a modified program that installs PUPs (potentially unwanted programs). The problem is, getting them to find out where the approved site is, and get them to download the program only from that site would be difficult for those that simply don't understand the need for computer security.
Malwarebytes Anti-Malware being one of the better programs to remove much of that, I would recommend the paid version set up for real-time protection for the security unaware. |
|
85160670 (banned)"If U know neither the enemy nor yoursel join:2013-09-17 Edmonton, AB |
85160670 (banned)
Member
2014-Jan-7 8:23 pm
100% agreed ..... Malwarebytes, never let me down & looking forwards for the anti rootkit & exploit Meantime EMET do the job and a good job M$ !!! |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN |
Dustyn
Premium Member
2014-Jan-7 8:49 pm
+1 for EMET |
|
|
Cronk
Member
2014-Jan-7 10:54 pm
Thanks to all for the replies.
Would MBAM Pro prevent the installation of PUPs, or does it detect afterward and delete?
Thanks |
|
2 recommendations |
to Cronk
There is no one program that will stop all PUA's or PUP's people have to understand the thing between there ears is very important with education is the best against these when you download a program watch every step when installing because all this crapware is pre-checked and you have to make sure you uncheck all unwanted add-ons that programs might have which is getting more out of control if you download from download.com an other download sites it's best to get it from the vendors site as much as possible but still be on the lookout. TH |
|
|
to Cronk
Long time non Windows user. No idea what the PUP is |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
Mele20
Premium Member
2014-Jan-8 6:46 am
said by Velnias:Long time non Windows user. No idea what the PUP is Potentially Unwanted Program. During the years I had Avira (2007-2010), it was very aggressive at detecting PUPs and blocking their installation...until Avira decided to foist its own PUP (Ask toolbar) on its users. When did Symantec stop detecting these? I'm pretty sure they did back when I had Norton 2001. |
|
sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX
1 recommendation |
to Cthen
I don't have much problem with not updating my hosts file. I also take a layered approach to ad and malicious site-blocking, using the hosts file, built-in/addon ad blocking in browsers, and OpenDNS. The main thing is, if they don't see the ads for such programs, they're unlikely to download them. |
|
|
to Cronk
I use the following free programs. Avast is set and forget. HostsMan, set and forget, updated automatically (I choose manual). SpywareBlaster is set and forget, manual update; unless annual license is purchased ($14.95). 1) Avast Essential Free Version » www.avast.com/indexv2014.9.14.2011 PUP (Potentially Unwanted Programs) Settings > Active Protection: File System Shield / Mail Shield / Web Shield > Settings on each: Sensitivity > Check PUP and suspicious files. Actions > PUP Tab > Select according to users expertise level. OK. Scan > Quick Scan > Settings: Sensitivity > Check Scan PUP and suspicious files. Actions > Select according to users expertise level. OK. Avast Browser Cleanup (Included with Avast AV) Free standing version » www.softpedia.com/get/Se ··· up.shtmlReview/Info » www.malwareremovalguides ··· oolbars/2) HostsMan (automatic updates): » www.abelhadigital.com/hostsmanReview/Info » dottech.org/123726/windo ··· program/3) SpywareBlaster (manual updates) » www.brightfort.com/spywa ··· ter.html* Auto Update available for $14.95 annually. Look at the The 4 Principals Tab. Info and how it works (Javacool is the designer) » www.wilderssecurity.com/ ··· t=234823Wiki: » en.wikipedia.org/wiki/Sp ··· eBlaster |
|
1 recommendation |
MBAM Pro to Cronk
Anon
2014-Jan-8 1:50 pm
to Cronk
said by Cronk:Thanks to all for the replies.
Would MBAM Pro prevent the installation of PUPs, or does it detect afterward and delete?
Thanks If Malwarebytes has it detection settings set to detect and pre check for to remove PUP then the Real time Protection(PM) will Block PUP Install's. However the the current default setting OOTB is to detect PUP's but do not pre check for removal. The scan will detect PUP's and list in end results (Unchecked) but in this case the Real time protection under that setting will not block PUP Installs. Settings tweak can be seen in the following blogg post » blog.malwarebytes.org/ne ··· ll-pups/ |
|
|
to Cronk
On my kid's internet machine I have win7 installed along with two accounts: Admin -not the administrator acct but has admin level rights and password protected) Kids - user acct no pw.
Family safety from win7 enabled along with the familysafety "Live" tool installed and setup specifc for them. I have a good hosts file installed and avg.
I specifically setup family safety to not allow them to download files, and only those programs I allow can be run.
Machine automatically logs them off when it is bed time.
My wife gets a daily log of what they have been up to and if they manage to bypass it I have a hidden keylogger on there as well.
Since they cannot install anything, or go anywhere without my approval the machine is basically 100% safe and possibly safer than a mac.
They have other computers but this is the only one actually connected to my home network.
Should any websites becomes an issue I can add those to the hosts file to resolve to 127.0.0.1 as well.
Problem solved.
This will probably keep them out of trouble for another 8+ years as well. |
|
Zupe MVM join:2001-11-29 New York, NY
1 recommendation |
to Cronk
Not a complete solution by any means, but I've been trying out Unchecky - » www.majorgeeks.com/files ··· eta.html . It's still in beta, but appears to do a fairly good job of unchecking the appropriate boxes to prevent the installation of PUPs in software installers or warning you if something is about to be installed. It's not a replacement for reading the installer dialogs, downloading from trusted sites, and being careful what you install in the first place, but seems helpful as an added layer. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to Cronk
Wikipedia classifies a "PUP" in the overall category of Malware |
|
|
puphater to Cronk
Anon
2014-Jan-13 11:15 pm
to Cronk
Well, one thing you can do, if all your users want to do is browse and check email is make them use a live CD based distribution of Linux.
Since its on a CD, they basically on read-only CD, they really can't install anything. PUP or not.
Well, because most of those type system use a hybrid ramdisk/cdrom filesystem, I suppose something might make its way onto the RAM files when running. But at a re-boot, they'd be back where they started.
Glad to see Malwarebytes being more agressive about pups. I got discouraged when on their malware reporting forum, they blew off a report of several programs that snuck in pretending to be an adobe flash update. Apparently at the time, being sneaky liars wasn't enough to warrant a trigger. Then one scan a few months ago, Malware Bytes decided to flag the zip files I'd made to send in as samples. So I guess they relented .
Good. |
|
|
to Cronk
Another vote for Malwarebytes Pro. |
|
|
to Cronk
Program Unchecky is new little program that is under development to interact with program installers to "uncheck" unwanted toolbars and add-on programs that are bundled in various program installers. Looks like it is developing into nice tool to keep unwanted junk off one's computer. It's in beta at the present time. » betanews.com/2014/01/03/ ··· -adware/ |
|
DownTheShorePray for Ukraine Premium Member join:2003-12-02 Beautiful NJ |
to MBAM Pro
said by MBAM Pro :said by Cronk:Thanks to all for the replies.
Would MBAM Pro prevent the installation of PUPs, or does it detect afterward and delete?
Thanks If Malwarebytes has it detection settings set to detect and pre check for to remove PUP then the Real time Protection(PM) will Block PUP Install's. However the the current default setting OOTB is to detect PUP's but do not pre check for removal. The scan will detect PUP's and list in end results (Unchecked) but in this case the Real time protection under that setting will not block PUP Installs. Settings tweak can be seen in the following blogg post » blog.malwarebytes.org/ne ··· ll-pups/ Is there any instance in which a user would not want a PUP checked? I was reading that link and was wondering why people were going through lists of PUPs, deciding whether or not to check them. I've never had one turn up, maybe because I pay attention when I install software, so I'm unfamiliar with them. Is there the potential for false positives, or are certain normally used programs commonly listed as PUPs? |
|
1 recommendation |
MBAM Pro
Anon
2014-Jan-14 3:33 pm
said by DownTheShore :Is there any instance in which a user would not want a PUP checked? I was reading that link and was wondering why people were going through lists of PUPs, deciding whether or not to check them. I've never had one turn up, maybe because I pay attention when I install software, so I'm unfamiliar with them. Is there the potential for false positives, or are certain normally used programs commonly listed as PUPs? I believe it is 100% a legal/Liability based decision. PUPs by their very nature are borderline as whether anyone would want them but they are someones software, someones business model etc. If you go unloading someones software you need a very rigid defence for doing so should they seek damages after the fact. By making PUP removal/protection opt in only then you are differentiating between the handling of malcode and PUP detections at source. This is why all commercial AV/AM's have PUP as Opt in option and not enabled out of the box to treat the same as malware. |
|
sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX
1 recommendation |
to DownTheShore
IRC clients (and mIRC in particular) and VNC servers often get labeled as PUPs. I always leave PUP scanning disabled for this reason. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC
1 recommendation |
to DownTheShore
With MBAM you can decide if you want PUPS selected for removal or not - but it's usually a good thing. |
|
DownTheShorePray for Ukraine Premium Member join:2003-12-02 Beautiful NJ
1 recommendation |
to MBAM Pro
Thanks to you all for your responses. |
|