ATTACK OF THE PUPS
Keep bundleware off your PC with our guide to unwanted programs
AS REPORTED ON the previous page, the biggest individual threat to consumers comes from adware. In the past, adware meant ad-supported software, but later it evolved to include so-called PUPs (potentially unwanted programs), which are offered alongside the original program during installation. Sometimes these unsolicited extras are easy to avoid, but some use deliberately misleading language and confusing options to trick you into installing them.
PUPs, better known as bundleware, are usually more annoying than outright malicious. Most are ignored by your security software, so you’ll need additional help: Unchecky ( www.unchecky.com) offers limited free protection, but Malwarebytes Premium ( www.malwarebytes.com) is by far the best at blocking these.
Most PUPs should be removable via “Settings > Apps > Apps & Features,” but third-party apps make them easier to spot. IObit Uninstaller ( www.iobit. com/advanceduninstaller.php) has a dedicated bundleware section, though it ironically offers bundleware in its own setup process (IObit’s free Advanced SystemCare Free tool).
SOCIAL ENGINEERING SCAMS
Adware as a threat has shifted away from being merely annoying and is now considered dangerous once again. That’s because it’s often used to identify software used by scammers to try and hack people’s computers through social engineering.
Scammers directly contact users through legitimate channels—including by phone, text message, social media, and email—to try and trick them into handing over sensitive personal details, such as bank account information. This may be attempted directly through tricking the victim into volunteering the information themselves, or it may be an indirect attempt. Examples of the latter include the well-known tech-support scam. This can originate in a phone call or via fake error messages on a website that pop up as you’re innocently browsing away, asking you to call a number. In both cases, you may be asked to provide payment before fixes can be applied, or directed to download and install software that will allow the scammer to take control of your computer, ostensibly to fix the problem, but more likely to lower your defences and install more malware onto your system.
In all cases, social engineering scams are designed to unsettle you and then—while you’re off-balance— trap and ultimately defraud you. We recommend you take the time to visit www.usa.gov/online-safety and work your way through the useful tips to get sound guidance on how to avoid being caught out.
STRENGTHEN PROTECTION
Many scams originate on the web. These type of social engineering scams are part of the wider malvertising —or malicious advertising—family of malware. These are advertisements that can appear on any webpage, and may contain malicious code or, more commonly, rely on trickery to trigger the scam. Those who fall for it are then redirected to the scammer’s landing page.
While many fake websites are quickly reported by sites like Phishtank ( www.phishtank.com), which in turn leads to them being blocked by your web browser’s own security tools, you should go further to proactively block these from getting a foothold in the first place. Review the security options in your browser (such as “Privacy and Security” in Chrome), and install uBlock from your browser’s add-ins page (Chrome Web Store, for example).
Also check to see if your security software offers additional protections against web-based threats – free products may offer limited protection, but paid-for products will usually extend this further, and that includes the paid-for Premium version of Malwarebytes Anti-Malware.
The free version of Malwarebytes works as a scan-and-removal tool—there’s no active protection against keeping threats off your PC in the first place. The Premium version offers four real-time components—malware, exploit, web, and ransomware—and is more aggressive than other tools when it comes to adware and so-called riskware. This means that on occasion you may have cause to disagree with its findings.
Start by researching the threat—click the link in “Quarantine” to get a detailed report from Malwarebytes’s own website, then look further afield ( https://forums. malwarebytes.com/ is a good place to start) for other people’s opinions. If you decide the tool is safe, open Malwarebytes and click “Detection History” to access “Quarantine.” First, restore the file by selecting it from the list and clicking “Restore,” then switch to the “Allow List” tab and click “Add” to select the program file to exclude it from future scans.