Glossary of Terms:
- PUPs: Potentially Unwanted Programs – such as toolbars.
- PUMs: Potentially Unwanted Modifications – changes to home page, search engine, etc.
- MBAM: Malwarebytes Anti-Malware
It’s been almost a year since Malwarebytes’ decision to stop supporting the identification and removal of PUPs created a backlash of protests (see: Malwarebytes Anti-Malware: Can it still be trusted). The developer’s logic at the time was that these potentially unwanted programs did not actually constitute 8220;malware” in the strict sense of the term. Several months later, following a slew of complaints and negative comments, Malwarebytes published an announcement saying that the feature had been re-instated.
Last week we published the news that a major new MBAM version (2.0) had been released, to which regular reader “Jonno” submitted a comment questioning whether or not PUPs were indeed now supported. With one tech blog in particular continuing to insist that MBAM still isn’t identifying these ubiquitous menaces, such as the Ask and Conduit Toolbars, I decided to check it out and see for myself.
The first clear indication that MBAM does in fact include identifying PUPs in its scanning engine comes from the software’s own interface – under Settings>Detection and Protection:
Here you will see options for dealing with identified PUPs – set to “Warn users about detections” by default. As well as a choice of actions for identified PUMs – set to “Treat detections as malware” by default. The user can then utilize the associated drop down menus to choose between three options, according to his or her own preferences:
At this stage it seemed pretty obvious to me that the insistent tech blog is wrong, but I wanted to be doubly sure so I put MBAM through a practical test. I downloaded and installed both the Ask and Conduit Toolbars in a virtual environment:
Just as an interesting aside; during the Ask Toolbar installation my resident anti-virus, Avira Free, did not communicate at all. However, during the Conduit installation, Avria threw up the following warning:
Okay, so now my Firefox browser resembles many of those I have to deal with when working on clients’ machines:
Next step was to change MBAM’s default setting for PUPs to “Treat detections as malware” and then initiate a full scan. One of MBAM’s traits I have always found a tad annoying is that it doesn’t display results in real time, you have to wait right until the end of the scan before knowing if it is flagging anything or not. Anyway, here is MBAM’s report, as displayed at completion of the scan:
As you can see from the screenshot, MBAM has flagged 9 items associated with the PUPs for removal to Quarantine.
So there you have it. It appears, to me anyway, that MBAM Free definitely includes support for dealing with PUPs.