Q&A Kaspersky and PUP detection

Status
Not open for further replies.

Ahmed Uchiha

Level 1
Thread author
Feb 5, 2021
32
Hello there,
I noticed that many users complaint about Kaspersky's low detection of PUP but after contacting Kaspersky support and report some of the known PUP apps that are detected on Virustotal here is their response.
Although many of them detected by reputable AV engines, Kaspersky says that these apps have end-user license agreements that allow showing ads and promote their products so, they can't classify them as PUP and remove them.
 

Attachments

  • Kaspersky PUP.png
    Kaspersky PUP.png
    84 KB · Views: 338
  • PUP detection.png
    PUP detection.png
    141 KB · Views: 333
  • PUP dtection.png
    PUP dtection.png
    105.9 KB · Views: 311
  • PUP.png
    PUP.png
    151.5 KB · Views: 345

Freud2004

Level 10
Verified
Well-known
Jun 26, 2020
469
Hello there,
I noticed that many users complaint about Kaspersky's low detection of PUP but after contacting Kaspersky support and report some of the known PUP apps that are detected on Virustotal here is their response.
Although many of them detected by reputable AV engines, Kaspersky says that these apps have end-user license agreements that allow showing ads and promote their products so, they can't classify them as PUP and remove them.

"low detection of PUP", this is one of the reasons I like Kaspersky, it just detects real treats. I hate applications that alert you because you are using a crack or other application that don't represent a danger to the user. I hate moralist applications, that alert the user because that applications is not complete legal.
Tanks Kaspersky to be the real deal...

A good example:

Captura de ecrã 2021-05-25 190155.png

Captura de ecrã 2021-05-25 190811.png
 

Minimalist

Level 8
Verified
Well-known
Oct 2, 2020
374
I expected more detections on VT. When only 3 or 4 vendors detect something (except it's a less known and possibly zero day sample) I usually don't trust that detections. In most cases it's FP from some vendors (although it's sometimes hard to distinguish one from another when it comes to PUA).
 

Ahmed Uchiha

Level 1
Thread author
Feb 5, 2021
32
I expected more detections on VT. When only 3 or 4 vendors detect something (except it's a less known and possibly zero day sample) I usually don't trust that detections. In most cases it's FP from some vendors (although it's sometimes hard to distinguish one from another when it comes to PUA).
I really don't know but, they are reputable AV engines like ESET, Gdata, and Malwarebytes
 

cliffspab

Level 4
Verified
Well-known
Oct 4, 2019
172
Kaspersky is already like a puppy with its first bone with far too many of my 'legitimate' programs. Don't encourage them! That's why I'm on WiseVector now, even though KTS only costs $20 for a year.
 
  • Like
Reactions: Stopspying and Nevi

cliffspab

Level 4
Verified
Well-known
Oct 4, 2019
172
But, I think that Kaspersky and ESET the lowest false positive among all AV.
Norton was far, far worse. I hated Lifelock with a passion. It's more that Kaspersky's UI makes undoing things such a ball ache. WiseVector picks out a lot of stuff too, but it's very quick and easy for me to get it to put them back, or have it obey instructions not to poke it's nose in certain folders. And it's light as air.

I love tinkering, but i just can't justify another AV at the moment.
 
  • Like
Reactions: Stopspying and Nevi

Ahmed Uchiha

Level 1
Thread author
Feb 5, 2021
32
Yes I agree with them, let me judge what is a PUP for me, and the AV judge what is treat for the PC.
I thought them PUP as they are detected on Virus total also some of them bundle other apps like driver updater and defrag software or even tune-up software.
 
  • Like
Reactions: Nevi

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
772
To what extent are these apps PUPs? There's a lot of largely useless sorta free "clean your computer" sort of apps that mainly just try to get you to pay them money for even more useless apps, but I think it's hard for AV vendors to start marking apps like that as PUPs. In the examples, very few vendors and basically no mainstream vendors (except for an ESET hit in one case) is willing to mark those apps as PUPs.


FWIW MalwareBytes and a few other vendors (including Microsoft) are starting to take a very aggressive view on PUPs. But this is still not an industry trend. Overall I'd rather AVs focus on detecting software that causes harm rather than borderline "uselessware".



EDIT: Hilariously, I have a copy of AusLogic's disk defrag tool on my Windows Server. It works. It was annoying in that the installer and everything else was really insistent on asking you to buy the Pro version with a few more features, but it actually did work as a defrag tool. A lot of the "legit" defrag tools refuse to run on Windows Server and instead ask you to buy a really expensive enterprise version of the tool, so maybe we need a moment of self reflection on which is the PUP :D
 
Last edited:

struppigel

Moderator
Verified
Staff member
Well-known
Apr 9, 2020
514
Yes I agree with them, let me judge what is a PUP for me, and the AV judge what is treat for the PC.
AV products usually allow to disable PUP detections. That's why they are PUP and not malware, because you can indeed decide about that.

"low detection of PUP", this is one of the reasons I like Kaspersky, it just detects real treats. I hate applications that alert you because you are using a crack or other application that don't represent a danger to the user.
Illegal software is a different topic than PUP (it's actually grayware, not PUP). Policy for most AV vendors is to either ignore them, which means these will be shown as clean even if they contain malware, or to flag them as a risk regardless whether they contain malware. Both ways are not helpful for you determine whether they are safe.

Why these policies? Mainly for two reasons:

1) Flagging illegal software and files correctly may result in legal trouble and poses an ethical issue as well because AVs are helping to navigate and use these files. Where does it stop anyways? E.g. what about stalkerware? What about files that contain child abuse? These are not malware either. And yes, people send these to us. Should we distinguish between illegal files that are okay and those that are not? Because by law, none of them are okay. So actually, we already have the law as a guideline here.

2) It makes unproportionally more work if we attempt to analyse illegal files properly. Since they inherently pose a higher risk, people send those in on-masse. We would have to double our work-force to be able to analyse them all, whereas there is little benefit from it.

To what extent are these apps PUPs? There's a lot of largely useless sorta free "clean your computer" sort of apps that mainly just try to get you to pay them money for even more useless apps, but I think it's hard for AV vendors to start marking apps like that as PUPs.

I am not speaking about those specific samples because I did not analyse them, but generally, many system cleaners and optimizers are considered PUP because:
  • They exaggerate scan results and show hundrets of problems/issues/warnings, even on a freshly installed system --> this is regarded as scare tactic, they use fear to make the user buy the product. Most of the time the demo product cannot fix those issues, only the paid version.
  • Sometimes it is hard to uninstall them.
  • A lot of them have strong VM detection mechanisms, and will not show any exaggerated warnings or tone them down if executed in a VM, they will also be less annoying and may refrain from nagging pop-ups and warning pop-ups after trying to close the application if executed in a VM. --> this is to prevent proper analysis in the hopes that vendors will not flag them as PUP. But it's even more a reason to flag them if the analyst detects this behaviour.
  • A lot of them do not improve anything at all. Windows is fully capable to take care of its own registry and also defragging by now.
 

SeriousHoax

Level 41
Verified
Top poster
Well-known
Mar 16, 2019
3,098
this is regarded as scare tactic, they use fear to make the user buy the product. Most of the time the demo product cannot fix those issues, only the paid version.
This reminded me of Avast which is a great product, brilliant protection, but they actually do this in their free AV. But I guess no one is bold enough to flag them as a PUP because the legal consequences will be huge.
 

Ahmed Uchiha

Level 1
Thread author
Feb 5, 2021
32
To what extent are these apps PUPs? There's a lot of largely useless sorta free "clean your computer" sort of apps that mainly just try to get you to pay them money for even more useless apps, but I think it's hard for AV vendors to start marking apps like that as PUPs. In the examples, very few vendors and basically no mainstream vendors (except for an ESET hit in one case) is willing to mark those apps as PUPs.


FWIW MalwareBytes and a few other vendors (including Microsoft) are starting to take a very aggressive view on PUPs. But this is still not an industry trend. Overall I'd rather AVs focus on detecting software that causes harm rather than borderline "uselessware".



EDIT: Hilariously, I have a copy of AusLogic's disk defrag tool on my Windows Server. It works. It was annoying in that the installer and everything else was really insistent on asking you to buy the Pro version with a few more features, but it actually did work as a defrag tool. A lot of the "legit" defrag tools refuse to run on Windows Server and instead ask you to buy a really expensive enterprise version of the tool, so maybe we need a moment of self reflection on which is the PUP :D
but, in my opinion, a useless app that just wants your money and doesn't do anything that kind of scam and potentially damage PC stability or may corrupt registry keys is in my opinion is PUP cause of course no one would like to see this kind of apps on his computer or Adware apps that show Ads on your desktop.
 
  • Like
Reactions: Nevi and struppigel
Status
Not open for further replies.