Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

An Easy-to-Miss Source of PUPs

One of my assistants recently alerted me to a new (new to me, anyway) source of PUPs (Potentially Unwanted Programs).

In fact, it was new enough that I didn’t pay close enough attention while investigating it, and almost ended up installing software I didn’t want or need.

Let’s use this as an opportunity to review what you need to look for when downloading software or software updates.

Become a Patron of Ask Leo! and go ad-free!

PUPs as a business model

PUPs represent a way for software vendors to make money when you download and install their programs. In fact, for free software, it can be a significant source of revenue – it’s part of what allows free software to be free.

Vendors often get paid for each download, or each install, of whatever extra software they might get you to install along with theirs.

PUPs work because they’re sneaky. The vendors won’t admit to this – they’ll say the options are there for you to make whatever choices you want. In a sense, they’re right, but there are several issues that make them appear less than completely above-board.

  • The software being offered is typically unrelated to the software you’re downloading and installing.
  • The option to install the unrelated software is explicitly hidden in some way. Perhaps it’s an option that requires scrolling down (most people don’t), or it’s hidden in a set of “Advanced” or “Custom” options that most people never see.
  • The option to install the unrelated software is passively hidden by making the other options that people are looking for – like an “Install” button – bigger and more eye-catching. In their quest to just get things done, people gloss over what’s on the screen and just click the big button to move on.
  • The option to install the unrelated software defaults to “yes”. Unless the user reads carefully and unchecks a box, the software is installed.

As a result, it’s very easy to install software you don’t need and don’t want.

There’s nothing “potentially” unwanted about it.

The latest: choices before you even download

Downloading an update to Adobe Flash from the Adobe website, I was presented with this screen:

Flash Update

In my rush to install the update, I just clicked the “Install now” button. I was surprised when two additional installations were queued in addition to the Flash update.

So, I looked closer.

Flash optional updates

In the center of the screen were two very non-descript checkboxes in a section labeled “Optional offers”. They were checked by default.

I had “accepted” two PUPs before even starting the download. I’d not seen that before.

Traditional PUPs happen on install

More commonly, PUPs are installed after the download, when you run the downloaded installation or setup program.

The setup program typically encourages you to select the “Default” or “Most common” options to make installation easier. Unfortunately, it makes the installation process easier for them. Buried in the options you bypassed are checkboxes for similar “optional offers” that are almost always enabled by default.

The default is to install PUPs whether you want them or not.

Vigilance is required

My experience was particularly frustrating because:

  • It was a mainstream component: Adobe Flash.
  • I was downloading it directly from the vendor’s site, not via some third party download site.
  • It was an update, not a new install.

In the past, those factors could be relied on to be a sign of safety; a sign that perhaps we didn’t need to be quite as vigilant.

Clearly, that’s not the case. Vigilance is always required.

  • Only download directly from the original vendor.
  • Check for options before the download.
  • Check for options during the install.
  • Never choose Default; always choose Custom or Advanced or whatever else it might be called.

To be clear, this is certainly not limited to Adobe or Adobe Flash. Many software downloads suffer from this type of tack-on revenue opportunity.

Vendors do this because it works. Vigilance, and making explicit choices of our own, is how we avoid installing programs we never really wanted in the first place.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio


More for Patrons of Ask Leo!

Silver-level patrons have access to this related video from The Ask Leo! Video Library.

A New Source of Potentially Unwanted Programs   A New Source of Potentially Unwanted Programs

33 comments on “An Easy-to-Miss Source of PUPs”

  1. This has always been an issue with Adobe. It’s just natural for me to uncheck anything there when I update Flash, Reader, or anything else from Adobe.

  2. I’m very surprised that you haven’t noticed this before. Adobe has been using the exact same tactics for a couple of years, as has Oracle/Java. Maybe you should check for PUPs :P

    • I was going to say the exact same thing. 9 times out of 10 there are always offers in plain sight (occassionally I get no offers). I actually don’t mind the way Adobe does it because they put the offers front and centre. It’s easy to see them and uncheck them, rather than the vendors who hide them.

    • I’ve always noted after the download, never before. But then … I don’t download Adobe that often. :-) (And, no, no PUPs here – even though I came close.)

    • Do you or Leo have a reccomended program to check for PUP’s please? I have (Stupid Me) always trusted Adobe. More wary with pretty well every other free software but have not worried about updates either. Thanks, Chris

    • JAVA Updates — You can disable the PUPs Oracle attempts to suck you into via the settings for JAVA. Open the JAVA Control Panel and select the “Advanced” tab. Scroll down to the bottom section, “Miscellaneous” where you can check the box for “Suppress sponsor offers when installing or updating Java.” That will stop the PUPs — but after you’ve installed a new version of Java, you would be prudent to make sure this box is still checked. Sometimes it gets unchecked (gee, I wonder how that happens).

      • Daniel — Good info on the JAVA updates. We have 12 pc’s which require frequent updates to run our business application software and many times I have had to remove unwanted toolbars from someone who went too fast on the updating. I’ve just instructed everyone to make the change on their control panel . Thanks!

  3. This isn’t new for Adobe but usually it was Google Chrome or the toolbar that was bundled. The other thing you should look out for is when they give you a choice and then, let’s call it in a sub-menu, a couple more choices. The first one is usually for the software the second one might to change your Home page, for example. You uncheck the first one and the one or two bottom options remain checked and grayed out now uncheckable. The solution Check the first one again, uncheck the bottom options first, then uncheck the main option or first one. Or start unchecking from the bottom up.

    • Terry, thanks for that – a really useful addition to Leo’s article. I knew about Adobe’s tricks but hadn’t come across the one you mention – definitely one to look out for, many thanks!

    • I totally agree with Jimd. Was recommended it by my local ‘guru’ and it hasn’t failed yet – – – but what’s more it’s even picked up PUPs so well hidden that even ‘custom install’ didn’t show the options.

      IMHO this program ought to be installed as default on all new PCs………..

  4. If you set it to auto update you never see the optional offers. That is why I set mine to never check for updates. I like to see what is going on before and during downloads. I can’t say auto update will install the optional offers, It’s a risk I’m not willing to taking.

  5. Another thing with downloading from Adobe is that that particular portion to uncheck the PUPs is the last to load, so if you don’t wait that second or two then you could end up with these PUPS. As commentator, Terry Hollett noted Adobe has also had Googles Chrome there, just wondering if this accounts the large lead Chrome has as opposed to other Browsers?

  6. I installed It removes most of the check marks on install software. It has been working well for several months.

    • And I totally agree with HARVEY MELTZER. I Was recommended it by my local ‘guru’ and it hasn’t failed yet – – – but what’s more it’s even picked up PUPs so well hidden that even ‘custom install’ didn’t show the options.

      IMHO this program ought to be installed as default on all new PCs………..

  7. That’s different, I usually see one for Chrome and Google Toolbar. Toolbars are generally useless and so is Chrome to me so they get the boot.

    Not only that, the stated download size is bloated considerably by that extra stuff and you already spend 2 or three minutes installing Flash as it is when you could be doing something else. I never let Flash install automatically as well, it always has to alert me to a new version.

    THAT’S one more way to avoid PUPs, never let them automatically update.

  8. Adobe goes one sneaky step further: The send out updates that are not really updates – they are nothing more than a vehicle for installation of McAfee Security Scan. If you let them, they will send you an update every week.

  9. This sort of stuff just disgusts me, that companies like Adobe and Oracle that used to be true leaders and innovators now behave like shysters and hoodlums. I hate the whole “opt out” requirement which applies to everything anymore, instead of “opt in”. If I really want something I will request it, should not be the other way around. What a concept huh?

    Thank goodness Java has become pretty irrelevant and un-needed, I look forward to the day when the same is true for Flash Player.

    I don’t understand users who try to justify this kind of behavior by companies. If enough pressure were brought to bear on companies who participate in this sort of thing they would have to change the way they operate. But instead, it just keeps getting worse.

  10. I’ve been checking, double-checking and trriple-checking any free software installers for PUPs ever since the time I inadvertently installed that pesky McAfee Security Scan with Adobe Flash Player. (Like many other contributors to this thread, I had failed to “scroll down” and check for “checks” against unrequested installers).

    Now, I already had an AV application installed, and the McAfee Security Scan caused all kinds of problems and conflicts with it. Not only that, it was impossible to uninstall it. When I tried to uninstall, I would get endless uninstall failures and error messages, and, in the end, (not having a recent enough image backup [yes, Leo, I know, I know],) I had to do a complete reformat and fresh install of Windows.

    Wherever possible, I now use Revo Uninstaller to perform all installations and uninstallations… Oh… and yes, I now do more frequent image backups, too!

  11. I recently upgraded Flash in Firefox to and once again noticed these two checked items listed in your article. I’ve seen this before and have gotten use to unchecking them. Many recommendations for Thanks Leo for your helpful and instructive article. CNET… aka claims to have cleaned up their site and act by cutting out PUP’s previously bundled with apps that people download. Google store apps are said to be contaminated or so they say. Ditto the same for Microsoft Store. Caveat emptor everyone…..let the buyer beware!

  12. As a matter of interest, has anyone found an effective substitute for Adobe Flash Player?
    I have looked in the past without success.

    • The effective solutions would have to be implemented by the websites which include Flash content. If a site has Flash content, that content would have to be viewed using Flash. An effective alternative is to uninstall Flash and forgo any content which is Flash based. It might turn out you won’t miss it so much. Steve Jobs banned Flash from running on iPhones and iPads, so lots of sites have switched to alternatives.

    • There is no substitute. There’s no equivalent that will read Flash files. The only alternative is to visit only sites that don’t actually use Flash to begin with.

  13. Hi Leo,
    I have a suggestion for a new term: ‘Manure Spreader’. The term ‘Crapware ‘ has been used for several years. (Anyone who is not familiar with the term crapware should do an internet search for the term). For example, Techrepublic dot com states: “ unwanted commercial software that is installed without the user’s full knowledge, consent, and understanding, and that primarily serves the interests of commercial parties associated with the “crapware,” not the end users on whose systems those unwanted applications are installed.”
    My definition of a ‘Manure Spreader is, “software which you do regularly use and which updates often. You always need to do a custom install of the update so you can uncheck the crapware download.” As your discussion has shown, a good example of a manure spreader is Adobe Flash which always will install McAfee if you don’t uncheck the McAfee download box.

    • Actually, crapware is different from foistware or PUPs. Crapware are programs which come preinstalled on your computer where foistware or PUPs come along with other programs you install. Crapware is a kind of Unwanted Program, so the terms are sometimes used interchangeably, but incorrectly. And the end results are similar, programs you don’t want on your computer.

  14. Both your timely article and my own recent experience confirm increasing vigilance is needed to avoid PUPs. Even the Windows 10 install was another example where it paid to decline the “Recommended” installation and, instead, check the “Custom” option. I did, and UNchecked everything because it wasn’t needed. I’ve also removed unwanted apps included in Microsoft “updates” since then.

    BTW, the same cautions apply to smartphones. To help avoid PUPs/bloat, take a look at the relatively uncluttered offerings from Moto. Unlike most manufacturers, they don’t load down their phones with “stuff” that can’t be removed.

  15. Recently I decided to purge my hard drive and re-install the operating system (VISTA) disc that came with my Toshiba laptop. I was amazed by the number of PUP’s that came along with it. Two questions: where can I get a clean install disc? Secondly, I am now being asked to ‘update’ my system. There is a list of security patches that go back to 2009. If I install the most recent and forget the rest, will this take care of things?

  16. A warning about Adobe: Since the install malware checkboxes are on the website and not part of the installation program, Unchecky isn’t able to “see” the boxes and prevent installation. You still have to do it manually. Unchecky is good, but I would still recommend vigilance in case some vendors figured out how to bypass it like Adobe did.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.