deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #1618 from MicrosoftDocs/pua

Browse Source 
Pua
This commit is contained in:
Gary Moore 2019-12-02 15:33:12 -08:00 committed by GitHub
commit 133fa4f86a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
windows/security/threat-protection/intelligence/criteria.md
View File

@ -2,7 +2,7 @@
title: How Microsoft identifies malware and potentially unwanted applications title: How Microsoft identifies malware and potentially unwanted applications
ms.reviewer: ms.reviewer:
description: Learn how Microsoft reviews software for unwanted behavior, advertising, privacy violations, and negative consumer opinion to determine if it is malware (malicious software) or potentially unwanted applications. description: Learn how Microsoft reviews software for unwanted behavior, advertising, privacy violations, and negative consumer opinion to determine if it is malware (malicious software) or potentially unwanted applications.
keywords: security, malware, virus research threats, research malware, pc protection, computer infection, virus infection, descriptions, remediation, latest threats, MMPC, Microsoft Malware Protection Center, PUA, potentially unwanted applications keywords: security, malware, virus research threats, research malware, device protection, computer infection, virus infection, descriptions, remediation, latest threats, MMdevice, Microsoft Malware Protection Center, PUA, potentially unwanted applications
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: secure ms.mktglfcycl: secure
ms.sitesec: library ms.sitesec: library
@ -18,33 +18,31 @@ search.appverid: met150
# How Microsoft identifies malware and potentially unwanted applications # How Microsoft identifies malware and potentially unwanted applications
Microsoft aims to provide customers with the most delightful and productive Windows experience possible. To help achieve that, we try our best to ensure our customers are safe and in control of their devices. Microsoft aims to provide a delightful and productive Windows experience by working to ensure you are safe and in control of your devices. When you download, install, and run software, you have access to information and tools to do so safely. Microsoft helps protect you from potential threats by identifying and analyzing software and online content. That information is then compared against criteria described in this article.
Microsoft gives you the information and tools you need when downloading, installing, and running software, as well as tools that protect you when we know that something unsafe is happening. Microsoft does this by identifying and analyzing software and online content against criteria described in this article. You can participate in this process by [submitting software for analysis](submission-guide.md) to ensure undesirable software is covered by our security solutions.
You can participate in this process by submitting software for analysis. Our analysts and intelligent systems can then help identify undesirable software and ensure they are covered by our security solutions.
Because new forms of malware and potentially unwanted applications are being developed and distributed rapidly, Microsoft reserves the right to adjust, expand, and update these criteria without prior notice or announcements. Because new forms of malware and potentially unwanted applications are being developed and distributed rapidly, Microsoft reserves the right to adjust, expand, and update these criteria without prior notice or announcements.
## Malware ## Malware
Malware is the overarching name for applications and other code, i.e. software, that Microsoft classifies more granularly as *malicious software* or *unwanted software*. Malware is the overarching name for applications and other code, like software, that Microsoft classifies more granularly as *malicious software* or *unwanted software*.
### Malicious software ### Malicious software
Malicious software is an application or code that compromises user security. Malicious software might steal your personal information, lock your PC until you pay a ransom, use your PC to send spam, or download other malicious software. In general, malicious software tricks, cheats, or defrauds users, places users in vulnerable states, or performs other malicious activities. Malicious software is an application or code that compromises user security. Malicious software may steal your personal information, lock your device until you pay a ransom, use your device to send spam, or download other malicious software. In general, malicious software wants to trick, cheat, or defrauds users, placing them in vulnerable states.
Microsoft classifies most malicious software into one of the following categories: Microsoft classifies most malicious software into one of the following categories:
* **Backdoor:** A type of malware that gives malicious hackers remote access to and control of your PC. * **Backdoor:** A type of malware that gives malicious hackers remote access to and control of your device.
* **Downloader:** A type of malware that downloads other malware onto your PC. It needs to connect to the internet to download files. * **Downloader:** A type of malware that downloads other malware onto your device. It must connect to the internet to download files.
* **Dropper:** A type of malware that installs other malware files onto your PC.Unlike a downloader, a dropper doesnt need to connect to the internet to drop malicious files. The dropped files are typically embedded in the dropper itself. * **Dropper:** A type of malware that installs other malware files onto your device.Unlike a downloader, a dropper doesnt have to connect to the internet to drop malicious files. The dropped files are typically embedded in the dropper itself.
* **Exploit:** A piece of code that uses software vulnerabilities to gain access to your PC and perform other tasks, such as installing malware. [See more information about exploits](exploits-malware.md). * **Exploit:** A piece of code that uses software vulnerabilities to gain access to your device and perform other tasks, such as installing malware. [See more information about exploits](exploits-malware.md).
* **Hacktool:** A type of tool that can be used to gain unauthorized access to your PC. * **Hacktool:** A type of tool that can be used to gain unauthorized access to your device.
* **Macro virus:** A type of malware that spreads through infected documents, such as Microsoft Word or Excel documents. The virus is run when you open an infected document. * **Macro virus:** A type of malware that spreads through infected documents, such as Microsoft Word or Excel documents. The virus is run when you open an infected document.
@ -52,23 +50,23 @@ Microsoft classifies most malicious software into one of the following categorie
* **Password stealer:** A type of malware that gathers your personal information, such as user names and passwords. It often works along with a keylogger, which collects and sends information about the keys you press and websites you visit. * **Password stealer:** A type of malware that gathers your personal information, such as user names and passwords. It often works along with a keylogger, which collects and sends information about the keys you press and websites you visit.
* **Ransomware:** A type of malware that encrypts your files or makes other modifications that can prevent you from using your PC. It then displays a ransom note stating you must pay money, complete surveys, or perform other actions before you can use your PC again. [See more information about ransomware](ransomware-malware.md). * **Ransomware:** A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note which states you must pay money, complete surveys, or perform other actions before you can use your device again. [See more information about ransomware](ransomware-malware.md).
* **Rogue security software:** Malware that pretends to be security software but doesn't provide any protection. This type of malware usually displays alerts about nonexistent threats on your PC. It also tries to convince you to pay for its services. * **Rogue security software:** Malware that pretends to be security software but doesn't provide any protection. This type of malware usually displays alerts about nonexistent threats on your device. It also tries to convince you to pay for its services.
* **Trojan:** A type of malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead it tries to look legitimate, tricking users into downloading and installing it. Once installed, trojans perform a variety of malicious activities, such as stealing personal information, downloading other malware, or giving attackers access to your PC. * **Trojan:** A type of malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead, it tries to look legitimate and tricks users into downloading and installing it. Once installed, trojans perform various malicious activities such as stealing personal information, downloading other malware, or giving attackers access to your device.
* **Trojan clicker:** A type of trojan that automatically clicks buttons or similar controls on websites or applications. Attackers can use this trojan to click on online advertisements. These clicks can skew online polls or other tracking systems and can even install applications on your PC. * **Trojan clicker:** A type of trojan that automatically clicks buttons or similar controls on websites or applications. Attackers can use this trojan to click on online advertisements. These clicks can skew online polls or other tracking systems and can even install applications on your device.
* **Worm:** A type of malware that spreads to other PCs. Worms can spread through email, instant messaging, file sharing platforms, social networks, network shares, and removable drives. Sophisticated worms take advantage of software vulnerabilities to propagate. * **Worm:** A type of malware that spreads to other devices. Worms can spread through email, instant messaging, file sharing platforms, social networks, network shares, and removable drives. Sophisticated worms take advantage of software vulnerabilities to propagate.
### Unwanted software ### Unwanted software
Microsoft believes that you should have control over your Windows experience. Software running on Windows should keep you in control of your PC through informed choices and accessible controls. Microsoft identifies software behaviors that ensure you stay in control. We classify software that does not fully demonstrate these behaviors as "unwanted software". Microsoft believes that you should have control over your Windows experience. Software running on Windows should keep you in control of your device through informed choices and accessible controls. Microsoft identifies software behaviors that ensure you stay in control. We classify software that does not fully demonstrate these behaviors as "unwanted software".
#### Lack of choice #### Lack of choice
You must be notified about what is happening on your PC, including what software does and whether it is active. You must be notified about what is happening on your device, including what software does and whether it is active.
Software that exhibits lack of choice might: Software that exhibits lack of choice might:
@ -84,13 +82,13 @@ Software that exhibits lack of choice might:
* Falsely claim to be software from Microsoft. * Falsely claim to be software from Microsoft.
Software must not mislead or coerce you into making decisions about your PC. This is considered behavior that limits your choices. In addition to the previous list, software that exhibits lack of choice might: Software must not mislead or coerce you into making decisions about your device. This is considered behavior that limits your choices. In addition to the previous list, software that exhibits lack of choice might:
* Display exaggerated claims about your PCs health. * Display exaggerated claims about your devices health.
* Make misleading or inaccurate claims about files, registry entries, or other items on your PC. * Make misleading or inaccurate claims about files, registry entries, or other items on your device.
* Display claims in an alarming manner about your PC's health and require payment or certain actions in exchange for fixing the purported issues. * Display claims in an alarming manner about your device's health and require payment or certain actions in exchange for fixing the purported issues.
Software that stores or transmits your activities or data must: Software that stores or transmits your activities or data must:
@ -98,7 +96,7 @@ Software that stores or transmits your activities or data must:
#### Lack of control #### Lack of control
You must be able to control software on your computer. You must be able to start, stop, or otherwise revoke authorization to software. You must be able to control software on your device. You must be able to start, stop, or otherwise revoke authorization to software.
Software that exhibits lack of control might: Software that exhibits lack of control might:
@ -110,7 +108,7 @@ Software that exhibits lack of control might:
* Modify or manipulate webpage content without your consent. * Modify or manipulate webpage content without your consent.
Software that changes your browsing experience must only use the browser's supported extensibility model for installation, execution, disabling, or removal. Browsers that do not provide supported extensibility models will be considered non-extensible and should not be modified. Software that changes your browsing experience must only use the browser's supported extensibility model for installation, execution, disabling, or removal. Browsers that do not provide supported extensibility models are considered non-extensible and should not be modified.
#### Installation and removal #### Installation and removal
@ -120,7 +118,7 @@ Software that delivers *poor installation experience* might bundle or download o
Software that delivers *poor removal experience* might: Software that delivers *poor removal experience* might:
* Present confusing or misleading prompts or pop-ups while being uninstalled. * Present confusing or misleading prompts or pop-ups when you try to uninstall it.
* Fail to use standard install/uninstall features, such as Add/Remove Programs. * Fail to use standard install/uninstall features, such as Add/Remove Programs.
@ -150,25 +148,27 @@ Advertisements shown to you must:
#### Consumer opinion #### Consumer opinion
Microsoft maintains a worldwide network of analysts and intelligence systems where you can [submit software for analysis](https://www.microsoft.com/wdsi/filesubmission). Your participation helps us identify new malware quickly. After analysis, Microsoft creates Security intelligence for software that meets the described criteria. This Security intelligence identifies the software as malware and are available to all users through Windows Defender Antivirus and other Microsoft antimalware solutions. Microsoft maintains a worldwide network of analysts and intelligence systems where you can [submit software for analysis](https://www.microsoft.com/wdsi/filesubmission). Your participation helps Microsoft identify new malware quickly. After analysis, Microsoft creates Security intelligence for software that meets the described criteria. This Security intelligence identifies the software as malware and are available to all users through Windows Defender Antivirus and other Microsoft antimalware solutions.
## Potentially unwanted application (PUA) ## Potentially unwanted application (PUA)
Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This optional protection, available to enterprises, helps deliver more productive, performant, and delightful Windows experiences. Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This optional protection, available to enterprises, helps deliver more productive, performant, and delightful Windows experiences.
As an individual, you can also block downloads from PUA in the new Chromium-based Edge browser by going to **Settings** > **Privacy and services** and turning on **Block potentially unwanted apps**.
*PUAs are not considered malware.* *PUAs are not considered malware.*
Microsoft uses specific categories and the category definitions to classify software as a PUA. Microsoft uses specific categories and the category definitions to classify software as a PUA.
* **Advertising software:** Software that displays advertisements or promotions, or prompts the user to complete surveys for other products or services in software other than itself. This includes software that inserts advertisements to webpages. * **Advertising software:** Software that displays advertisements or promotions, or prompts you to complete surveys for other products or services in software other than itself. This includes software that inserts advertisements to webpages.
* **Torrent software:** Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies. * **Torrent software:** Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies.
* **Cryptomining software:** Software that uses your computer resources to mine cryptocurrencies. * **Cryptomining software:** Software that uses your device resources to mine cryptocurrencies.
* **Bundling software:** Software that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualify as PUA based on the criteria outlined in this document. * **Bundling software:** Software that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualifies as PUA based on the criteria outlined in this document.
* **Marketing software:** Software that monitors and transmits the activities of the user to applications or services other than itself for marketing research. * **Marketing software:** Software that monitors and transmits the activities of users to applications or services other than itself for marketing research.
* **Evasion software:** Software that actively tries to evade detection by security products, including software that behaves differently in the presence of security products. * **Evasion software:** Software that actively tries to evade detection by security products, including software that behaves differently in the presence of security products.