Jump to content

Recommended Posts

hello :)

 

i've had 3 over the past several months and the only PUnsafeA that i've been able to research and am satisfied with is "win32/OpenCandy".

 

the other 2 are PUnwantedAs: ["a variant of win32/SoftonicDownloader.E" and "win32/DownloadAdmin.A.Gen"] and i've not been able to locate a reliable source.

 

so now for my query:

 

is there a list of known PUAs [PUPs might be a stretch] that eset has compiled for ease of reference?  a list that perhaps describes the reason why eset has it classifed as such?  a list comprising say just the top 10!

 

i wondered whether you had any knowledge base articles but i couldn't locate even a link to where eset stores them...

 

thanks :)

 

ps: i didn't know what those terms meant, so for the uninitiated, PUAs are Potentially Unsafe [or Unwanted] Application/s; and PUPs are Potentially Unsafe [or Unwanted] Programs

Link to comment
Share on other sites

  • Administrators

There's no public list of PUA/PUPs. If you think that using a particular PUA/PUP outweighs the risk and don't want to turn off the detection completely, you can exclude such an application from scanning.

Link to comment
Share on other sites

hi marcos and thanks for your reply.  i'm looking to exclude OpenCandy but i might prefer to "know" as it happens.

 

as for the rest, i haven't been able to determine whether "using a particular" PUA outweighs any risk because they are consequential to downloading the product i want to use on my computer!  and therein lies the rub; i've not been able to locate any reliable online source to help me determine whether these 'consequential' PUAs are in fact a risk or for what reason they are part of my download package.

 

i never download a PUP without first doing my research in the first place, but i'm certainly at odds when alerted to PUAs that will download as a consequence.

 

there must be some way of knowing!

Link to comment
Share on other sites

Hey there BellaBoo, just a small input from me.

I have  found an article from " We Live Security" hope you will find it interesting, as I did. Gave me a better understanding for this area. Link to article: PUAs: ESET’s Most Unwanted List.

 

See ya, =)

 
Edited by Janus
Link to comment
Share on other sites

just so we are all on the same page: i want to download a program i've researched and determined that it will do what it claims, but during the download, i get an eset alert that there is a 'potentially unwanted or unsafe application' that is CONSEQUENTIAL TO THAT DOWNLOAD and it is THIS that i want to know more about BUT UNFORTUNATELY, i am in the middle of the download and feel i must CANCEL THE DOWNLOAD ENTIRELY because i do not know the IMPACT the PUA will have on my system [whether it's simply a tool to assist the download or if it's adware or some other malicious invasion].

 

Hey there BellaBoo, just a small input from me.

I have  found an article from " We Live Security" hope you will find it interesting, as I did. Gave me a better understanding for this area. Link to article: PUAs: ESET’s Most Unwanted List.

 

See ya, =)

 

 

 

Hello,

Perhaps the following post from ESET's security blog will be of use to you: Potentially Unwanted Applications White Paper Updated.

Regards,

Aryeh Goretsky

janus and aryeh, i anticipate being somewhat indisposed while i take in the content...

 

thank you both for taking an interest --- i'll be back to explore this topic further, i'm sure :)

Link to comment
Share on other sites

there is excellent information provided in the white paper but it's not clear enough for me to make a non-technical home user decision so i feel i am still in a dark place when it comes to consequentials during downloading a chosen program...

 

i just hope that for me and for those that follow, someone will categorically determine a top ten list of 'safe places' from which to download software; cnet, download.com and softonic are the usual places i look but still, there is NOT a categorically safe list and it's mystifying that eset does not compile a list of what it considers safe for at least their paid users and that it does not provide information on how it has determined via its interactive alert why a consequential download is in fact a PUA!

 

the biggest PITA is to receive an alert MIDWAY thru a download that there is a consequential PUA that you had absolutely no clue about and because eset said so, you abandon that download.

Link to comment
Share on other sites

Hey there BellaBoo

 

If it is your purpose to download a certain program, and you have received a warning, that your download contains a unwanted program, then just stop the download, and download from the software vendors original website. It is of course, not a guarantee that your download is not wrapped with a potentially unwanted application. However, the probability is less. Even if we created a list of good trustworthy download sites, then there is no guarantee that the site will not change policy, to earn money,and include e.g. ask.toolbar in their download, someday. It has been seen many times before. So in the end we're left with our common sense. No security software out there is able to take, or advise us in every situation. See the warning about a potentiel unwanted program as a second chance to rethink, if it is the right download site that you have found.

 

Regards, Janus

Edited by Janus
Link to comment
Share on other sites

i just hope that for me and for those that follow, someone will categorically determine a top ten list of 'safe places' from which to download software; cnet, download.com and softonic are the usual places i look but still, there is NOT a categorically safe list and it's mystifying that eset does not compile a list of what it considers safe for at least their paid users and that it does not provide information on how it has determined via its interactive alert why a consequential download is in fact a PUA!

 

the biggest PITA is to receive an alert MIDWAY thru a download that there is a consequential PUA that you had absolutely no clue about and because eset said so, you abandon that download.

 

IMO if you want to avoid the risk of getting a PUA or PUP in the installer, then you shouldn't use Softonic, and CNet/download.com. The best is to go straight to the vendor/author's website,  the sites I use in order are Majorgeeks, Softpedia, etc....

 

That's a PITA you will have to live with as ESET is just doing what you expect it to do when you got the PUA and/or PUP detection enabled, stopping them at the front door. ;)

Link to comment
Share on other sites

janus, aryeh and sweX

 

thank you for taking time out of your day to offer assistance and advice :)

Hey there BellaBoo

 

If it is your purpose to download a certain program, and you have received a warning, that your download contains a unwanted program, then just stop the download, and download from the software vendors original website. It is of course, not a guarantee that your download is not wrapped with a potentially unwanted application. However, the probability is less. Even if we created a list of good trustworthy download sites, then there is no guarantee that the site will not change policy, to earn money,and include e.g. ask.toolbar in their download, someday. It has been seen many times before. So in the end we're left with our common sense. No security software out there is able to take, or advise us in every situation. See the warning about a potentiel unwanted program as a second chance to rethink, if it is the right download site that you have found.

 

Regards, Janus

THIS, is my condition in the proverbial nutshell :) thank you janus for your understanding and insight.  lately, i've become consummately aware of 'wrapping' and never allow additional downloads [eg, toolbars etc] and over the past week, it's become patently obvious to me that the majority of download sites 'wrap' programs with PUAs --- and therein lies my frustration, because i've not been able to determine, as a result of a consequenttial download, any level of detriment to my computer or whether one does in fact exist as a result!  de nombreux mystères, non?

 

updating java tonight, there was an option to instal the 'ask toolbar', which i rejected, but eset didn't alert me to any consequential PUA or PUP despite that!

 

Hello,

What program are you trying to download, and what was detected when you attemtped to download it?

Regards,

Aryeh Goretsky

aryeh, at the time i was downloading realplayer and while i've now researched and been satisfied that win32/opencandy is NOT a threat [due to their transparency], it was eset's alert to that PUA that i, several times, midway cancelled the download because of eset's alert.  in ascending order:

 

31/05/2013 9:09:53 PM Real-time file system protection file D:\Users\RoX\AppData\Local\Temp\rninst~0\ui_data\inst_config\OCSetupHlp.dll Win32/OpenCandy potentially unsafe application cleaned by deleting - quarantined CLONBURN-PARK\RoX Event occurred on a new file created by the application: D:\Users\RoX\AppData\Local\Temp\rnsetup0.exe.

31/05/2013 9:09:47 PM HTTP filter file hxxp://cache-download.real.com/free/windows/installer/stubinst/pkg/rp16/stubinst_pkg_en-ap.cab?distcode=R81APD∏=RealPlayer&ver=16.0&li=en&oem=rp16_en_ap&loc=au Win32/OpenCandy potentially unsafe application  CLONBURN-PARK\RoX Threat was detected upon access to web by the application: D:\Users\RoX\AppData\Local\Temp\rnsetup0.exe.

31/05/2013 8:31:27 PM Real-time file system protection file D:\Users\RoX\AppData\Local\Temp\rninst~0\ui_data\inst_config\OCSetupHlp.dll Win32/OpenCandy potentially unsafe application cleaned by deleting - quarantined CLONBURN-PARK\RoX Event occurred on a new file created by the application: D:\Users\RoX\AppData\Local\Temp\rnsetup0.exe.

31/05/2013 8:31:10 PM HTTP filter file hxxp://cache-download.real.com/free/windows/installer/stubinst/pkg/rp16/stubinst_pkg_en-ap.cab?distcode=R81APR∏=RealPlayer&ver=16.0&li=en&oem=rp16_en_ap&loc=au&prevcode=R81APYM Win32/OpenCandy potentially unsafe application  CLONBURN-PARK\RoX Threat was detected upon access to web by the application: D:\Users\RoX\AppData\Local\Temp\rnsetup0.exe.

 

as i said, i since researched the PUA and found it to be innocuous and successfully downloaded realplayer...

 

 

i just hope that for me and for those that follow, someone will categorically determine a top ten list of 'safe places' from which to download software; cnet, download.com and softonic are the usual places i look but still, there is NOT a categorically safe list and it's mystifying that eset does not compile a list of what it considers safe for at least their paid users and that it does not provide information on how it has determined via its interactive alert why a consequential download is in fact a PUA!

 

the biggest PITA is to receive an alert MIDWAY thru a download that there is a consequential PUA that you had absolutely no clue about and because eset said so, you abandon that download.

 

IMO if you want to avoid the risk of getting a PUA or PUP in the installer, then you shouldn't use Softonic, and CNet/download.com. The best is to go straight to the vendor/author's website,  the sites I use in order are Majorgeeks, Softpedia, etc....

 

That's a PITA you will have to live with as ESET is just doing what you expect it to do when you got the PUA and/or PUP detection enabled, stopping them at the front door. ;)

 

thanks sweX, i appreciate your advice.  i always look for the download via the vendor/author, but curiously, that hasn't always been an available option [that now speaks loudly].

 

i've looked at the two sites you've provided and i'm most grateful to learn of such sites adding that it'd be greatly beneficial to a novice such as myself if even a llist comprising like sites could be published or even somewhere listed innocuously for those such as myself to which they could refer!  i'm sure in my online travels i've landed on either one or both while researching a product because neither site seems alien to me but for some inexplicable reason... !??!

 

i'm a home user, not particularly gifted with cyber-smarts [that too is a PITA], so thank you for taking the time in educating me :)

Link to comment
Share on other sites

 

i just hope that for me and for those that follow, someone will categorically determine a top ten list of 'safe places' from which to download software; cnet, download.com and softonic are the usual places i look but still, there is NOT a categorically safe list and it's mystifying that eset does not compile a list of what it considers safe for at least their paid users and that it does not provide information on how it has determined via its interactive alert why a consequential download is in fact a PUA!

 

the biggest PITA is to receive an alert MIDWAY thru a download that there is a consequential PUA that you had absolutely no clue about and because eset said so, you abandon that download.

 

IMO if you want to avoid the risk of getting a PUA or PUP in the installer, then you shouldn't use Softonic, and CNet/download.com. The best is to go straight to the vendor/author's website,  the sites I use in order are Majorgeeks, Softpedia, etc....

 

That's a PITA you will have to live with as ESET is just doing what you expect it to do when you got the PUA and/or PUP detection enabled, stopping them at the front door. ;)

 

I also want to say thank you to you all. I too am not a cyber-genius, just a curious home user. It is just these kind of exchanges of information that keep me coming back here for more! (Softpedia is my go to place, I'll have to take a look at Majorgeeks...).

 

Sincerely,

Edited by TomFace
Link to comment
Share on other sites

Hello BellaBoo

Thanks for your constructive feedback, a kudo to you. Have a nice weekend,

Regards, Janus.

you are most welcome my friend :)et merci pour les kudos...

 

et à vous ;)

Edited by BellaBoo
Link to comment
Share on other sites

 

 

i just hope that for me and for those that follow, someone will categorically determine a top ten list of 'safe places' from which to download software; cnet, download.com and softonic are the usual places i look but still, there is NOT a categorically safe list and it's mystifying that eset does not compile a list of what it considers safe for at least their paid users and that it does not provide information on how it has determined via its interactive alert why a consequential download is in fact a PUA!

 

the biggest PITA is to receive an alert MIDWAY thru a download that there is a consequential PUA that you had absolutely no clue about and because eset said so, you abandon that download.

 

IMO if you want to avoid the risk of getting a PUA or PUP in the installer, then you shouldn't use Softonic, and CNet/download.com. The best is to go straight to the vendor/author's website,  the sites I use in order are Majorgeeks, Softpedia, etc....

 

That's a PITA you will have to live with as ESET is just doing what you expect it to do when you got the PUA and/or PUP detection enabled, stopping them at the front door. ;)

 

I also want to say thank you to you all. I too am not a cyber-genius, just a curious home user. It is just these kind of exchanges of information that keep me coming back here for more! (Softpedia is my go to place, I'll have to take a look at Majorgeeks...).

 

Sincerely,

 

hello tom :)

 

is there another site you visit that provides safe downloading?

 

kudos to sweX

Link to comment
Share on other sites

Hello Bellaboo...no, unless I can get it clean right from the originating source, I have been using Softpedia. I hear too many stories and I'm getting to old to deal with excessive trouble.

 

Sincerely,

Edited by TomFace
Link to comment
Share on other sites

Hello Bellaboo...no, unless I can get it clean right from the originating source, I have been using Softpedia. I hear too many stories and I'm getting to old to deal with excessive trouble.

 

Sincerely,

thanks tom, your input has also assisted me in this regard.  i've always gone to the source also but there have been occasions when that wasn't possible and so, i landed in hot water...

 

if somewhere comprised a list of reputable, trustworthy download sites, i would have known about them, and used them!

Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

Based on your report, it looks like RealPlayer software's installer is bundled with the OpenCandy software.  It is, of course, Real Network's decision to determine what third party toolbars, etc., their software is bundled with, and, since ESET's customers want to know about such things, you have the option of turning on detection for potentially unwanted applications (PUA) in your copy of ESET's software.  If there is something which is bundled with a PUA that you want to install, you still have the option of downloading and installing it on your computer.

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites

Hello,

 

Based on your report, it looks like RealPlayer software's installer is bundled with the OpenCandy software.  It is, of course, Real Network's decision to determine what third party toolbars, etc., their software is bundled with, and, since ESET's customers want to know about such things, you have the option of turning on detection for potentially unwanted applications (PUA) in your copy of ESET's software.  If there is something which is bundled with a PUA that you want to install, you still have the option of downloading and installing it on your computer.

 

Regards,

 

Aryeh Goretsky

aryeh, thank you, i think i can read between the lines; that is to say that [mostly] PUAs are installed ONLY when allowed via a tick [say to accept a toolbar] and that eset's alert to the PUA is to simply alert the user.

 

it's a difficult road to travel considering the alert APPEARS BEFORE the reason for it and in my experience, no amount of research has dissolved my concern regarding the PUA [or PUP for that matter] and so i am none the wiser.  majorgeeks and softpedia are now my go-to places and i can only hope that the app i seek is available via either or both.  perhaps if not, that too is telling!

 

this topic is most convoluted with many facets...

 

i honestly do trust eset and i appreciate receiving alerts to what eset considers to be adverse to user safety but with technology moving and renewing at such speed, one can't help but feel somewhat left behind and thoroughly confused when apps absolutely available to all in the past now come 'wrapped' with code that bothers the most ardent!

 

bravo à toi mon ami :)

Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

It is a very convoluted topic, since there are all sorts of ways in which software can be distributed and what gets categorized as unsafe or unwanted or suspicious has to be handled on a case-by-case basis.  If the options for detection are enabled in ESET's software, detection will occur the moment they are seen, which can be as the files are downloaded. 

 

Both Major Geeks and Softpedia are, as far as I know, trustworthy sources of downloadable software, but if you ever have a question or concern about something, you should try downloading the program directly from the author.  If you still have a question about something, you can always contact ESET and ask about why a download was classified in such a way.

 

You might also find the following paper from VB2009 by ESET's Chief Researcher Officer of interest:  Is there a laywer in the lab?.

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites

Hello,

 

It is a very convoluted topic, since there are all sorts of ways in which software can be distributed and what gets categorized as unsafe or unwanted or suspicious has to be handled on a case-by-case basis.  If the options for detection are enabled in ESET's software, detection will occur the moment they are seen, which can be as the files are downloaded. 

 

Both Major Geeks and Softpedia are, as far as I know, trustworthy sources of downloadable software, but if you ever have a question or concern about something, you should try downloading the program directly from the author.  If you still have a question about something, you can always contact ESET and ask about why a download was classified in such a way.

 

You might also find the following paper from VB2009 by ESET's Chief Researcher Officer of interest:  Is there a laywer in the lab?.

 

Regards,

 

Aryeh Goretsky

aryeh, thank you for being around; you along with several others, has made this newly travelled road for me much more understood, so kudos to you friend.

 

with the amount of research i've done, i believe 'the wrapping' as such has become a bone of contention with many users and so AV software [such as eset] now provides an opportunity for the consumer to opt out of a download because 'something' or 'other' [in the form of a PUP or PUA] lurks within.

 

the worst effect however is that the 'alert' appears prior to the dialog that proposes [or at least reveals] the PUP/PUA and that is likely for a very good reason.  BUT, it is at this intervening point that further research is required, and rather than consumers having to 'opt out' of the download that they considered a fully researched product, they now must research 'the wrapping' and from my POV, that in and of itself is just as arduous, time-consuming and much less successful than the research conducted on the desired program.

 

FWIW, i'm just making a point that AV software, with all the bells and whistles, needs a fall-back position on this topic.  that is to say that if eset sends up an alert for a PUP/PUA, then it should, with integrity, provide a means for its consumers to determine a reason why it [eset], considered it as a PUP/PUA.

 

please note, i am yet to read [understand and fully comprehend] the paper delivered by ESET's Chief Researcher Officer.  prima facie, the paper is involved and indepth so please allow me time...

Link to comment
Share on other sites

  • 2 weeks later...
  • ESET Moderators

Hello,

You have pretty much "hit the nail on the head," so to speak, and come to the core of the matter.

The reasons for which software can be classified as a PUA are innumerable, and as a result there's not a lot of common ground in the anti-malware industry about how such things are handled. ESET's researchers take into consideration guidelines from both the Anti-Spyware Coalition and Google's StopBadware initiative, but those are more starting points, as a program could perform some behavior hich is completely unmentioned by either and be classified as potentially unwanted. It is something that the more senior threat researchers at ESET have to handle on a case-by-base basis because of those complexities.

ESET's software is designed to intercept things at the earliest point at which they can be detected, in order to give ESET's customers the greatest flexibility in determining what course of action they wish to take (allow it, block it, etc.). While that's great for outright malicious objects, I can understand how some customers might find such protections confusing when triggered on the grayer categories of software out there, especially if they have never seen the difference between the red-colored dialoges used for malicious threats and the orange-colored dialog used with PUAs.

I don't really have an answer here for you, but it is something I will think about and discuss with our legal and research staff about how we might improve our messaging around this.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

aryeh, thank you very much for your attention to this issue and i appreciate that you are taking it to another level.

 

i am making as much headway as i can reading [and trying to understand] the content of the links provided in this thread to educate myself but please know that i don't have that level of education so it will take me some time to get my head around it all.

 

kudos, my friend and thank you again :)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...