A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted. It is used as a subjective tagging criterion by security and parental control products.
Such software may use an implementation that can compromise privacy or weaken the computer’s security. Companies often bundle a wanted program download with a wrapper application and may offer to install an unwanted application, and in some cases without providing a clear opt-out method.
Antivirus companies define the software bundled as potentially unwanted programs which can include software that displays intrusive advertising (adware), or tracks the user’s Internet usage to sell information to advertisers (spyware), injects its own advertising into web pages that a user looks at, or uses premium SMS services to rack up charges for the user. The practice is widely considered unethical because it violates the security interests of users without their informed consent.
Some unwanted software bundles install a root certificate on a user’s device, which allows hackers to intercept private data such as banking details, without a browser giving security warnings. The United States Department of Homeland Security has advised removing an insecure root certificate, because they make computers vulnerable to serious cyberattacks.
A growing number of open-source software projects have expressed dismay at third-party websites wrapping their downloads with unwanted bundles, without the project’s knowledge or consent. Nearly every third-party free download site bundles their downloads with potentially unwanted software.
Software developers and security experts recommend that people always download the latest version from the official project website, or a trusted package manager or app store.