| || |
Re: ISIS Wallet
AKA "pups"---MalwareBytes usually does this for software that seems to do some snarky things (often associated with advertising), but are not clearly deemed to be malicious. In other words, MB isn't sure and doesn't actually know the program, but deems it suspicious. Lately, many AV makers, including them, have become stricter in flagging PUPS, feeling they are more annoying than appropriate and may be problematic as well. That, however, creates some issues--namely, false positives.
Originally Posted by Shawn Kerr
Some of their criteria for "PUP" are fairly simple and not all that scary; there may be good reasons for them. Here are some of the criteria listed on MB's website for PUP id. Some, like "the liberal use of recommended," may flag you as a PUP, probably along with other things, but that is hardly a scary program. "No uninstall procedure"--well, that defines all system apps. Hopefully they use more than one criterion in flagging it as a PUP. Here are some of the criteria:
=Are all the options in your application pre-populated, effectively requiring the user to manually opt-out of options?
=The liberal use of "Recommended" next to an option radio button or checkbox
=Programs that do not have a standard uninstall procedure
=Programs that have no uninstall procedure
=Programs that use non-standard install locations
=Browser add-ons that do not show up in the add-on manager
=Browser add-ons that install across multiple browsers"
Some of this is subject to debate and expanding things to every possible PUP can create alarm that is unnecessary. As one game creator said on their website blog:
"The problem with PUP detections is that it creates false positives. My several attempt to fix the issues with the PUPs 'detected' by my jigsaw puzzles ... have been met with only generic push-button responses from MalwareBytes. ...Other software creators have this issue too, from what I've read online. In my case each jigsaw puzzle is treated as a separate program, and because a million people aren't using it, MalwareBytes hasn't taken the time to verify that it indeed doesn't do anything harmful. The puzzles don't download themselves; my visitors have to click on a link then confirm they want to download and run the puzzle. I've had TotalVirus.com scan both my website and individual puzzles, and MalwareBytes is the only one that squawks about them, and it never gives a logical reason for flagging the puzzles."
The other problem of course is that it is hard for average users when encountering PUPS to actually know if it is a potential issue or just a very broad "positive" that means nothing. I clean them all if in the .tmp folder of my desktop. Eliminating .tmp files can't hurt anything and may help. Beyond that, I am sometimes puzzled as to what to do and the nature of a PUP id by an AV or malware program is that it doesn't really provide much useful advice.