{"id":9318,"date":"2015-04-03T07:45:07","date_gmt":"2015-04-03T11:45:07","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=9318"},"modified":"2018-05-30T07:05:46","modified_gmt":"2018-05-30T11:05:46","slug":"download-one-program-get-six-pups-from-the-emsisoft-blog","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/download-one-program-get-six-pups-from-the-emsisoft-blog\/","title":{"rendered":"Download One Program Get Six PUPs – from the Emsisoft Blog"},"content":{"rendered":"

Intro Note:<\/h3>\n

We are publishing another blog from Emsisoft because it contains more information on how you get PUPs and malware and reinforces what we have been telling you for years in our newsletters. Also, you’ll notice Reimage is mentioned here; we, at one time recommended and sold Reimage, but when the company changed hands and the product changed we stopped recommending it and selling it – and we notified our newsletter reader when we withdrew our support. However, Reimage is still not malware or a PUP, but it has become very annoying and someof its best features have been changed – hence we no longer recommend it.<\/p>\n

Also remember that you can purchase Emsisoft from us for $10 off or get Emsisoft with installation for just $5 more than the regular retail price. Our Emsisoft with install includes cleaning off all the malware, PUPs on your computer, optimizing your computer, removing your current antivirus, \u00a0a one-year Emsisoft license, installing and correctly configuring Emsisoft.\u00a0\u00a0You can get Emsisoft or Emsisoft with Cloudeight Direct installation from here.<\/a><\/strong><\/span><\/p>\n

Now here is the very interesting blog post by Emsisoft:<\/p>\n

How downloading one program can give you six (!) PUPs<\/h2>\n
In Security Knowledge<\/a> by Slade<\/a> on April 2, 2015 | Deutsch<\/a>, English, Fran\u00e7ais<\/a><\/div>\n

There are multiple players involved in the distribution of Potentially Unwanted Programs (PUPs). As a\u00a0result, you can face something that\u2019s best described as cascading PUPs: you can end up with a sequence of PUP offers after another, depending on your download method.<\/p>\n

The multiple ways you can get a PUP<\/h3>\n

Generally, you can get a PUP\u00a0from one of the following sources:<\/p>\n

1)\u00a0Directly from the software vendor:\u00a0<\/strong>The software vendor itself bundles unwanted offers, which\u00a0means that when you go to the direct source (website) of what you want to download, you\u2019ll still encounter PUPs because the software vendor works directly with the PUP creators. The PUP creator pays the software vendor for each install they can give them.\u00a0We gave a few examples in this article<\/a>, in where we showed that most free antivirus vendors bundle PUPs when you download the software from their website.<\/p>\n

2) Download portal installers: <\/strong>Many download portals use a special installer (also called a\u00a0wrapper)\u00a0in where they can add PUPs. Instead of using the direct installer from the software programs they offer on their site, they \u201cwrap\u201d the program in their installer instead\u00a0(often without the software maker consent) so they can push PUPs and make money.\u00a0These extra downloads are traded on PPI (Pay Per Installation) ad networks and displayed dynamically depending on which vendor bids the highest amount, like an ad box on Google.<\/p>\n

3) PUP bundles extra PUPs:\u00a0<\/strong>The toolbars and other PUPs that install with a program,\u00a0come with and install even more potentially unwanted programs. This\u00a0is a result of these PPI networks, because they don\u2019t verify which software they install and if that also comes with PUPs.<\/p>\n

4) From the PUP itself:<\/strong> PUPs also distribute through ads and pop-ups on certain websites. These are often temporarily created pages\u00a0with warnings as \u201csoftware\u00a0XYZ\u00a0needs an update\u201d. This method is left out in this article, since we\u2019re only focusing on PUPs you can get from downloading a program.<\/p>\n

Example of cascading PUPs<\/h3>\n

Say you want to install KMPlayer, which is an immensely popular free video player that provides top quality playback of different forms of media.\u00a0Showcased below is\u00a0how you can end up with multiple PUPs, coming from different sources, by downloading this program.<\/p>\n

1 ) PUPs installed via the software vendor
\n<\/strong><\/p>\n

Increasingly, many PUPs today are pushed directly by\u00a0the software program you intend to download.\u00a0If you go directly to the vendor\u2019s website and download their program, you can end up with PUPs. We went to KMPlayer\u2019s website<\/a> to download the program, and this is what happened.<\/p>\n

Skype, a useful video chat application is actively being bundled by the vendor. In the installer, it is clear that Skype is \u201cRecommended by KMPlayer\u201d. Even more disturbing is that Skype is part of the \u201cOpen Candy\u201d unwanted offer, which is a known adware<\/a>\u00a0program.<\/p>\n

\"VendorInstallation3_151403\"<\/a><\/p>\n

Next, KMPlayer offers\u00a0SHAREit, which brings\u00a0the PUP count to 2 so far. At the end of the installation process, KMPlayer bundles one last PUP known as Taplika. It modifies your homepage, search engine, tab settings, and installs its Chromium based Taplika web browser.<\/p>\n

\"VendorInstallation4_151403\"<\/a><\/p>\n

KMPlayer\u2019s once decent reputation is at risk by bundling this aggressively. PUPs offers in this download method are unavoidable if the software of your choice bundles unwanted programs\u00a0in exchange for pay-per-install money.<\/p>\n

\n

\"contra-icon\"<\/a>\u00a0PUP-count: 3 PUPs<\/strong> if you were to download through this method<\/p>\n<\/div>\n

2) PUPs are installed via a download portal wrapper
\n<\/strong><\/p>\n

As you can\u00a0see above, when you download KMPlayer directly from their website you\u00a0can end\u00a0up with\u00a0three\u00a0PUPs (Skype, SHAREit and Taplika). Say that instead of downloading from the vendor directly, you decide to download KMPlayer from a download portal.\u00a0In this case we went to Download.com and\u00a0used their \u201csecure\u201d installer to download KMPlayer, and were presented with various unwanted offers before an actual application installation can begin.<\/p>\n

\"CNETDownloader2_151403\"<\/a>
\nUpon launching the CNET \u201csecure installer\u201d, Pro PC Cleaner is a \u201cspecial offer\u201d that is bundled by Download.com when you attempt to download KMPlayer.\u00a0Similar to a rogue, Pro PC Cleaner will scan your computer for supposed issues and then present several annoying pop-ups and fake error results. After the PRO PC Cleaner offer, Download.com\u2019s installer offers Spigot, a PUP\u00a0frequently<\/a>\u00a0bundled\u00a0by download portals. After these two PUPs Download.com finally installs KMPlayer, which already comes with 3 PUPs from the vendor, bringing the total to 5 PUPs.<\/p>\n

\"contra-icon\"<\/a>\u00a0PUP-count: 5\u00a0PUPs<\/strong> if you were to download KMPlayer through this method.<\/p>\n

3) PUP\u00a0itself installs more PUPs
\n<\/strong><\/p>\n

In this instance, an already unwanted program comes with one or more additional unwanted program(s). In this case, one of the five PUPs we encountered so far\u00a0by going through this download process installs\u00a0even more: Taplika, the PUP that came directly when you download KMPlayer from their website, installs another PUP.\u00a0At this point, perhaps your antivirus will kick in and do its job blocking the resulting unwanted program(s) in realtime, but if that\u2019s not the case you\u2019ll never know how this PUP got onto\u00a0your computer.<\/p>\n

\"ReImagePCRepairPUP_151403\"<\/a><\/p>\n

The Taplika PUP\u00a0left Reimage PC Repair Online on the computer. This is an example of a PUP thatinstalls\u00a0silently in the background<\/strong>, which is perhaps a strategy\u00a0more PUPs are going to use if too many people uncheck boxes during installation. Reimage PC Repair\u00a0scans your PC under the premises of several different categories and reports information about your system. Reimage seemingly reports errors concerning \u201cPC Security\u201d and \u201cPC Stability Issues\u201d that it can repair. While this software is not necessarily malicious, it keeps nagging the user without cause, due to that \u2013 it is recommended to remove it.<\/p>\n

\"contra-icon\"<\/a>\u00a0Total PUP-count: 6\u00a0PUPs<\/strong> if you were to download KMPlayer through this method.<\/p>\n

Money is the root of all \u201cPUPs\u201d \u2013\u00a0What does\u00a0everyone involved\u00a0get out of the deal?<\/strong><\/h3>\n

In the example in this article you can end up with six unwanted programs on your computer in the worst case scenario. Why is everyone involved in this game so eager to get PUPs onto your computer? The popular saying \u201cmoney is the root of all evil\u201d is often thrown around, but where does its relation to PUPs come in? Bundling or creating PUPs can be a very lucrative business. In this case, all players involved make money:\u00a0the software vendor, the download portals and the PUPs itself.<\/p>\n

Software vendor:<\/strong> the software vendor gets money from the PUP developers for each install of the PUPs they deliver. In the example we used in this article, KMPlayer gets money for each of the three PUPs a user\u00a0installs.\u00a0We provided more examples in this article<\/a>.
\nDownload portal: <\/strong>the download portal gets money for the PUPs they install through their installer (wrapper). In this case, from the makers of Pro PC Cleaner and Spigot. The software vendor is generally not involved and benefiting in the download portal wrapper installations.
\nPUPs:<\/strong> some PUPs also work together to install each others products, and pay each other in the process.<\/p>\n

As discussed earlier<\/a>, PUPs then have several ways of making money.\u00a0The\u00a0most common form is\u00a0by hijacking your browser: they can then show you ads where they get paid for,\u00a0monetize or sell\u00a0your\u00a0search and\/or browser behavior or redirect your homepage. Each PUP generally comes with its own privacy policy, which is another reason you need to be cautious. Additionally, some PUPs can cause potential security holes. The PUP (adware) Superfish is a good example<\/a>\u00a0of that.<\/p>\n

What are the best ways to avoid falling victim to aggressive PUP bundling?<\/h3>\n

Listed below are tips on how to defend your PC from PUPs and how to remove potential infections that may slip by.<\/p>\n

The 1st Defense<\/strong> \u2013 Use caution and good judgement when downloading software. Users should always stay visually and mentally aware\u00a0and\u00a0on the lookout for anything that may be suspicious. Also be cautious for\u00a0ad-banners that contain download buttons, they are often very irritating and distract from the real downloads on portals.<\/p>\n

The 2nd Defense<\/strong> \u2013 If at all possible, avoid the use of download portals that are known to use\u00a0PUP wrappers and bundle junkware from the software vendor without clear disclosure or warnings.\u00a0Make it a point to also be weary of installing software from specific vendor websites as they distribute PUPs a well.\u00a0Last but not least, avoid suspicious freeware applications as \u201cfree\u201d is not always the best choice. Not\u00a0all freeware is bad<\/a>, but think about how the freeware you use makes money\u00a0off of you before you install it, so you can make a choice whether you\u2019re OK with that or not.<\/p>\n

The 3rd Defense<\/strong> \u2013 Some users like using a program called Unchecky<\/a>,\u00a0an application that unchecks unwanted offer boxes for you during installation. Some PUPs may install silently on the background or use different methods than opt-out to install, so still use caution during installation.<\/p>\n

The 4th Defense –<\/strong> Use an up-to-date antivirus software with sufficient zero day threat protection and choose an antivirus program that has\u00a0PUP detection, such as\u00a0Emsisoft Anti-Malware<\/a>, which\u00a0can detect, block, and remove malware and potentially unwanted programs. If you don\u2019t have antivirus protection or if you use a different antivirus than Emsisoft, you can use second opinion scanning software such as the free Emsisoft Emergency Kit<\/a> to scan for and remove PUPs and other malware.<\/p>\n

\"EmsisoftEmergencyKit_151703\"<\/p>\n

The 5th Defense –<\/strong> Although not always recommended for novice users, using a whitelisting application may be an option for more advanced users. Whitelisting is the exact opposite of blacklisting that is used by antivirus software to detect threats. A whitelist is used to prevent unauthorized software or programs from running. An example of such an application is Microsoft Windows AppLocker<\/a>.<\/p>\n

If you make use of excellent security practices and take all the necessary precautions, you should have little to nothing to worry about. In the event you do manage to encounter potential intruders, it is great to know that you have two awesome sidekick\u2019s to back you up during the removal process.<\/p>\n

Have a great (PUP-free) day!<\/p><\/blockquote>\n

Source: Emsisoft Blog<\/a><\/strong><\/span> (used with permission)<\/p>\n

You can purchase Emsisoft<\/a> from us for $10 off or get Emsisoft<\/a> with installation for just $5 more than the regular retail price. Our Emsisoft with install<\/a> includes cleaning off all the malware, PUPs on your computer, optimizing your computer, removing your current antivirus, \u00a0a one-year Emsisoft license, installing and correctly configuring Emsisoft. All for jut $44.95. You can get Emsisoft or Emsisoft with Cloudeight Direct installation from here.<\/a><\/strong><\/span><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Intro Note: We are publishing another blog from Emsisoft because it contains more information on how you get PUPs and malware and reinforces what we have been telling you for years in our newsletters. Also, you’ll notice Reimage is mentioned here; we, at one time recommended and sold Reimage, but when the company changed hands and the product\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1655,1433,1669,1670,1656,1654,10],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/9318"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=9318"}],"version-history":[{"count":2,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/9318\/revisions"}],"predecessor-version":[{"id":15035,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/9318\/revisions\/15035"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=9318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=9318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=9318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}