Potentially Unwanted Applications (PUAs) Are Becoming a Big Issue for Mac

Posted by Darragh Kelly on 2015-10-14 13:30:00

Recently I talked about the ever growing Mac market share –registering 16% global growth YoY – in an overall decreasing PC market –contracting global at 12% YoY. In the same post we saw how, malware growth was up 286% in the same time period. In this post, second in this Mac-focused series, I would like to highlight a lesser known evil which we do not even classify as malware, yet is having just as a dramatic impact on user experience and business productivity: Potentially Unwanted Applications (PUAs) a.k.a. Potentially Unwanted Programs (PUPs) / adware.


PUAs generally come from third-party download sites. The software you download from such sites can include both the software that you want and adware you may not necessarily want, but you inadvertently accept during the installation process, as it is commonly accepted as non-malware. 


“PUAs generally include software that displays intrusive advertising, or tracks the user's Internet usage to sell information to advertisers, injects its own advertising into web pages that a user looks at…Unwanted programs often include no sign that they are installed, and no uninstall or opt-out instructions”

- Wikipedia 



To get understanding, follow the money

As always, the best way to understand the importance of malware, or in this case “consented” software with malicious intent, is to follow the dollars. In the case of PUAs, one of the main revenue generators comes from the online advertising economy, where revenue is generated by driving traffic to specific sites. PUAs can drive traffic by putting more and more ads in front of users that will drive them to the desired site. This can be done via pop-up ads that open over or under your browser window or in another tab, also via ad injectors. Ad injectors insert new ads, or replace existing ones, into the pages you visit while browsing the web.

“The ad injection ecosystem profits from more than 3,000 victimized advertisers—including major retailers like Sears, Walmart, Target, Ebay—who unwittingly pay for traffic to their sites. Because advertisers are generally only able to measure the final click that drives traffic to their sites”
- Google online security blog May 2015

Why should you care?

You may ask yourself: ‘why should a company or end-user care? It’s only adware, it’s not exactly forcing me to pay something, ransomware does’. 

The problem here is that when we think about adware, we think about what we know from the Windows PC world. And when we think about PUAs in Windows, we think of minor nuisances and little else; always better not to have them, but we won’t lose any sleep about them.

PUAs / adware are much more aggressive in MAC when compared to their Windows cousins. It totally changes the user behavior. Even though you are not aware of it, your attention is being drawn away from where it should be, and your online experience becomes inefficient as the PUA is getting what it wants done, which totally derails your plans. As Bitdefender’s Product Manager for Mac / iOS Bülent Duagi (Billy) recently noted: 

“the kicker here is that even for the technical savvy PUAs are a real head ache to remove manually, even though Apple do a great job of going through the endless steps that need to be taken in their FAQs, and in some cases, it can take up to 5-6 restarts. For most companies and home users alike, if you value your time and time is money, PUAs can cost you a fortune.” 

The right people are starting to take notice

Independent third-party AV testers, AV Test, have recently shown great interest in PUAs in MAC and although it is not an integral piece of their testing, they will soon include it.

“The test involving the detection of undesirable, yet not potentially dangerous software ("Potentially unwanted application", or PUA for short) is not yet an integral part of the test procedure for Mac OS X software. This test category will only be established in subsequent tests. Nonetheless, the testers did gain an initial impression by running the programs through detection..The products from Bitdefender… already exhibited excellent performance for this initial preliminary test”,
- AV Test 2015

Google is taking this quite seriously also, which is encouraging as their stance on other security issues has been questioned by the majority of security vendors. So the fact that they are acknowledging this, we believe, is a big positive.

“Considering the tangle of different businesses involved—knowingly, or unknowingly—in the ad injector ecosystem, progress will only be made if we raise our standards, together.” - Google


So what can be done?


Bitdefender, true to form, identified this as an upcoming issue long before it started to make ripples on the scene and has strived to develop technology that best detects and mitigates the effects of PUAs, both for consumers and enterprises alike. AV-Test has already recognized the superior detection and remediation capacity of our technology, and we will lead the charge in their upcoming comparatives, no doubt!

PUA detection and remediation is only part of the overall Mac protection technology which is available to our OEM partners through various licensing models such as SDKs, Branding and White labeling.

If you are interested in seeing what technology Bitdefender OEM licenses and that you could integrate into your existing or future solutions using software development kits or simply rebranding award winning products, check out the possibilities on our website: http://www.bitdefender.com/oem/ 

 Contact Bitdefender OEM



Find me on:

Darragh Kelly

Darragh Kelly, Global OEM Product Marketing Manager at Bitdefender, has been working within the IT Security industry for over 17 years. Having had a diverse number of roles, such as QA, Tech Support, Training and Product Marketing in his career he has a unique understanding of the challenges faced by a wide range of stakeholders in the business.

Topics: Threats, Endpoint Security