Q&A Kaspersky and PUP detection

Status
Not open for further replies.

Ahmed Uchiha

Level 1
Feb 5, 2021
32
88
Hello there,
I noticed that many users complaint about Kaspersky's low detection of PUP but after contacting Kaspersky support and report some of the known PUP apps that are detected on Virustotal here is their response.
Although many of them detected by reputable AV engines, Kaspersky says that these apps have end-user license agreements that allow showing ads and promote their products so, they can't classify them as PUP and remove them.
 

Attachments

  • Kaspersky PUP.png
    Kaspersky PUP.png
    84 KB · Views: 313
  • PUP detection.png
    PUP detection.png
    141 KB · Views: 305
  • PUP dtection.png
    PUP dtection.png
    105.9 KB · Views: 288
  • PUP.png
    PUP.png
    151.5 KB · Views: 320

Freud2004

Level 10
Jun 26, 2020
459
3,380
Hello there,
I noticed that many users complaint about Kaspersky's low detection of PUP but after contacting Kaspersky support and report some of the known PUP apps that are detected on Virustotal here is their response.
Although many of them detected by reputable AV engines, Kaspersky says that these apps have end-user license agreements that allow showing ads and promote their products so, they can't classify them as PUP and remove them.

"low detection of PUP", this is one of the reasons I like Kaspersky, it just detects real treats. I hate applications that alert you because you are using a crack or other application that don't represent a danger to the user. I hate moralist applications, that alert the user because that applications is not complete legal.
Tanks Kaspersky to be the real deal...

A good example:

Captura de ecrã 2021-05-25 190155.png

Captura de ecrã 2021-05-25 190811.png
 

Minimalist

Level 7
Oct 2, 2020
300
2,997
I expected more detections on VT. When only 3 or 4 vendors detect something (except it's a less known and possibly zero day sample) I usually don't trust that detections. In most cases it's FP from some vendors (although it's sometimes hard to distinguish one from another when it comes to PUA).
 

Ahmed Uchiha

Level 1
Feb 5, 2021
32
88
I expected more detections on VT. When only 3 or 4 vendors detect something (except it's a less known and possibly zero day sample) I usually don't trust that detections. In most cases it's FP from some vendors (although it's sometimes hard to distinguish one from another when it comes to PUA).
I really don't know but, they are reputable AV engines like ESET, Gdata, and Malwarebytes
 

cliffspab

Level 3
Oct 4, 2019
149
617
Kaspersky is already like a puppy with its first bone with far too many of my 'legitimate' programs. Don't encourage them! That's why I'm on WiseVector now, even though KTS only costs $20 for a year.
 

cliffspab

Level 3
Oct 4, 2019
149
617
But, I think that Kaspersky and ESET the lowest false positive among all AV.
Norton was far, far worse. I hated Lifelock with a passion. It's more that Kaspersky's UI makes undoing things such a ball ache. WiseVector picks out a lot of stuff too, but it's very quick and easy for me to get it to put them back, or have it obey instructions not to poke it's nose in certain folders. And it's light as air.

I love tinkering, but i just can't justify another AV at the moment.
 

Ahmed Uchiha

Level 1
Feb 5, 2021
32
88
Yes I agree with them, let me judge what is a PUP for me, and the AV judge what is treat for the PC.
I thought them PUP as they are detected on Virus total also some of them bundle other apps like driver updater and defrag software or even tune-up software.
 

MacDefender

Level 14
Verified
Oct 13, 2019
699
6,589
To what extent are these apps PUPs? There's a lot of largely useless sorta free "clean your computer" sort of apps that mainly just try to get you to pay them money for even more useless apps, but I think it's hard for AV vendors to start marking apps like that as PUPs. In the examples, very few vendors and basically no mainstream vendors (except for an ESET hit in one case) is willing to mark those apps as PUPs.


FWIW MalwareBytes and a few other vendors (including Microsoft) are starting to take a very aggressive view on PUPs. But this is still not an industry trend. Overall I'd rather AVs focus on detecting software that causes harm rather than borderline "uselessware".



EDIT: Hilariously, I have a copy of AusLogic's disk defrag tool on my Windows Server. It works. It was annoying in that the installer and everything else was really insistent on asking you to buy the Pro version with a few more features, but it actually did work as a defrag tool. A lot of the "legit" defrag tools refuse to run on Windows Server and instead ask you to buy a really expensive enterprise version of the tool, so maybe we need a moment of self reflection on which is the PUP :D
 
Last edited:

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
441
3,354
Yes I agree with them, let me judge what is a PUP for me, and the AV judge what is treat for the PC.
AV products usually allow to disable PUP detections. That's why they are PUP and not malware, because you can indeed decide about that.

"low detection of PUP", this is one of the reasons I like Kaspersky, it just detects real treats. I hate applications that alert you because you are using a crack or other application that don't represent a danger to the user.
Illegal software is a different topic than PUP (it's actually grayware, not PUP). Policy for most AV vendors is to either ignore them, which means these will be shown as clean even if they contain malware, or to flag them as a risk regardless whether they contain malware. Both ways are not helpful for you determine whether they are safe.

Why these policies? Mainly for two reasons:

1) Flagging illegal software and files correctly may result in legal trouble and poses an ethical issue as well because AVs are helping to navigate and use these files. Where does it stop anyways? E.g. what about stalkerware? What about files that contain child abuse? These are not malware either. And yes, people send these to us. Should we distinguish between illegal files that are okay and those that are not? Because by law, none of them are okay. So actually, we already have the law as a guideline here.

2) It makes unproportionally more work if we attempt to analyse illegal files properly. Since they inherently pose a higher risk, people send those in on-masse. We would have to double our work-force to be able to analyse them all, whereas there is little benefit from it.

To what extent are these apps PUPs? There's a lot of largely useless sorta free "clean your computer" sort of apps that mainly just try to get you to pay them money for even more useless apps, but I think it's hard for AV vendors to start marking apps like that as PUPs.

I am not speaking about those specific samples because I did not analyse them, but generally, many system cleaners and optimizers are considered PUP because:
  • They exaggerate scan results and show hundrets of problems/issues/warnings, even on a freshly installed system --> this is regarded as scare tactic, they use fear to make the user buy the product. Most of the time the demo product cannot fix those issues, only the paid version.
  • Sometimes it is hard to uninstall them.
  • A lot of them have strong VM detection mechanisms, and will not show any exaggerated warnings or tone them down if executed in a VM, they will also be less annoying and may refrain from nagging pop-ups and warning pop-ups after trying to close the application if executed in a VM. --> this is to prevent proper analysis in the hopes that vendors will not flag them as PUP. But it's even more a reason to flag them if the analyst detects this behaviour.
  • A lot of them do not improve anything at all. Windows is fully capable to take care of its own registry and also defragging by now.
 

SeriousHoax

Level 39
Verified
Mar 16, 2019
2,828
23,311
this is regarded as scare tactic, they use fear to make the user buy the product. Most of the time the demo product cannot fix those issues, only the paid version.
This reminded me of Avast which is a great product, brilliant protection, but they actually do this in their free AV. But I guess no one is bold enough to flag them as a PUP because the legal consequences will be huge.
 

Ahmed Uchiha

Level 1
Feb 5, 2021
32
88
To what extent are these apps PUPs? There's a lot of largely useless sorta free "clean your computer" sort of apps that mainly just try to get you to pay them money for even more useless apps, but I think it's hard for AV vendors to start marking apps like that as PUPs. In the examples, very few vendors and basically no mainstream vendors (except for an ESET hit in one case) is willing to mark those apps as PUPs.


FWIW MalwareBytes and a few other vendors (including Microsoft) are starting to take a very aggressive view on PUPs. But this is still not an industry trend. Overall I'd rather AVs focus on detecting software that causes harm rather than borderline "uselessware".



EDIT: Hilariously, I have a copy of AusLogic's disk defrag tool on my Windows Server. It works. It was annoying in that the installer and everything else was really insistent on asking you to buy the Pro version with a few more features, but it actually did work as a defrag tool. A lot of the "legit" defrag tools refuse to run on Windows Server and instead ask you to buy a really expensive enterprise version of the tool, so maybe we need a moment of self reflection on which is the PUP :D
but, in my opinion, a useless app that just wants your money and doesn't do anything that kind of scam and potentially damage PC stability or may corrupt registry keys is in my opinion is PUP cause of course no one would like to see this kind of apps on his computer or Adware apps that show Ads on your desktop.
 
Status
Not open for further replies.
Top