Potentially unwanted software
Identifying and analyzing potentially unwanted software is a complex challenge. New forms of potentially unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.
Microsoft helps by giving you the information and tools you need to decide which software to download, install, and run on your computer.
We maintain a definition library of potentially unwanted software. This library has a database of potentially unwanted software files and settings. When our researchers identify new potentially unwanted software, they create definitions and add them to the library. We release regular definition updates to help protect your computer and personal information.
You can participate in our worldwide network by submitting potentially unwanted software for analysis. This network helps identify programs to add to our definition library.
New forms of potentially unwanted software are developed and distributed rapidly. As a result, Microsoft reserves the right to adjust, expand, and update its criteria for analysis without prior notice or announcements.
Microsoft has created a worldwide network where you can submit potentially unwanted software for analysis. Participants in the network play a key role in helping identify new suspicious programs quickly. After analysis, Microsoft creates definitions for programs that meet the criteria, and makes them available to all users through Microsoft antimalware software.
If you believe you have been negatively affected by potentially unwanted software, download and install Microsoft antimalware software. If the potentially unwanted software persists, you can report the problem to Microsoft.
Microsoft researchers use the following categories to determine whether to add a program to the definition library, and what classification type, risk level, and recommendation to give it:
Unwanted behavior: The software runs unwanted processes or programs on your computer, does not display adequate disclosures about its behavior or obtain adequate consent, prevents you from controlling its actions while it runs on your computer, prevents you from uninstalling or removing the program, or makes misleading or inaccurate claims about the state of your computer.
Advertising: The software delivers out-of-context advertising that interferes with the quality of your computing experience, regardless of whether you consented to this behavior or not.
Privacy: The software collects, uses, or communicates your information without your explicit consent.
Consumer opinion: Microsoft considers input from individual users as a key factor in helping to identify new unwanted behaviors and programs that might interfere with the quality of your computing experience.
Unwanted behavior: lack of choice
You must be notified about what is happening on your computer, including what a program does and whether it is active.
Software that exhibits lack of choice may:
Fail to provide prominent notice about the behavior of the program and its purpose and intent
Fail to clearly indicate when the program is active, and may attempt to hide or disguise its presence
Install, reinstall, or remove software without your permission, interaction, or consent
Install other software without a clear indication of its relationship to the primary program
Falsely claim to be a program from Microsoft.
Unwanted behaviors: lack of control
You must be able to control programs on your computer. You must be able to start, stop, and otherwise revoke authorization to a program.
Software that exhibits lack of control may:
Open browser windows without authorization
Redirect or block searches, queries, user-entered URLs, or access to other sites without clear notification and consent
Modify or manipulate webpage content without your consent
Unwanted behaviors: installation and removal
You must be able to start, stop, and otherwise revoke authorization to a program. Programs should obtain your consent before installing, and the program must provide a clear and straightforward way for you to install, uninstall, or disable it.
Software that exhibits a poor installation experience may:
Software that exhibits a poor removal experience may:
Present confusing or misleading prompts or pop-ups when attempting to uninstall software
Fail to use standard install/uninstall features, such as Add/Remove Programs
Unwanted behaviors: computer performance
You must be able to expect that the actions a system maintenance or optimization program takes towards system performance are actually beneficial. You should be able to maintain the overall quality of your computing experience.
Software that impairs computer performance may:
Display exaggerated claims about the system's health
Make misleading or inaccurate claims about files, registry entries, or other items on the system
Decrease computer reliability
Programs that promote a product or service outside of their own program can interfere with your computing experience. You should have clear choice and control when installing programs that open advertisements.
The advertisements that are opened by these programs must:
The program that creates these advertisements must:
You want to maintain control over your information. You expect to determine how your information is collected, used, and shared with others.
Some types of programs can also have an impact on your privacy. These include, but are not limited to:
Note: Monitoring programs are not necessarily malicious. For example, parental controls can feature keystroke monitors, but these programs can pose a risk to your privacy if you don't expect or know about their presence.
Malware is the general name for programs that perform unwanted actions on your PC. This can include stealing your personal information, locking your PC until you pay a ransom, using your PC to send spam, or downloading other malware.
Most software that we classify as malware falls into one of the following categories:
Backdoor trojan: A type of trojan that gives a malicious hacker access to and control of your PC. This means they may be able to tell your PC what to do or monitor what you do online. A bot is a type of backdoor trojan.
Downloader: A type of trojan that downloads other malware onto your PC. The downloader needs to connect to the Internet to download the files.
Dropper: A type of trojan that installs other malware files onto your PC. The other malware is included within the trojan file. This is different to a downloader, which needs to connect to the Internet to download other files.
Exploit: A piece of code that uses software vulnerabilities to access information on your PC or install malware. For more information, see our page on exploits.
Hacktool: A type of tool that can be used to allow and maintain unauthorized access to your PC.
Macro virus: A type of virus that spreads through infected documents such as Microsoft Word or Excel documents. The virus is run when you open an infected document.
Obfuscator: A type of malware that hides its code and purpose to make it more difficult for security software to detect or remove it.
Password stealer: A type of malware that is used steal your personal information, such as user names and passwords. It often works along with a keylogger that collects and sends information about what keys you press and websites you visit to a malicious hacker.
Ransomware: A type of malware that can stop you from using your PC, or encrypt your files so you can’t use them. You may be warned that you need to pay money, complete surveys, or perform other actions before you can use your PC again. For more information, see our ransomware page.
Rogue security software: Software that pretends to be an antivirus program but doesn't actually provide any security. This type of software usually gives you a lot of alerts about threats on your PC that don't exist. It also tries to convince you to pay for its services. Our rogue security software page has more information.
Trojan: A type of malware. A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give a malicious hacker access to your PC.
Trojan clicker: A type of trojan that can use your PC to "click" on websites or applications. They are usually used to make money for a malicious hacker by clicking on online advertisements and making it look like the website gets more traffic than it does. They can also be used to skew online polls, install programs on your PC, or make potentially unwanted software appear more popular than it is.
TrojanSpy: A program that collects your personal information, such as your browsing history, and uses it without adequate consent.
Virtool: A detection that is used mostly for malware components, or tools used for malware-related actions, such as rootkits.
Worm: A type of malware that spreads to other PCs. Worms may spread using one or more of the following methods: email programs, instant messaging programs, file-sharing programs, social networking sites, network shares, removable drives with Autorun enabled, and software vulnerabilities.