UwS: What is it & How does it get on my Computer?

Arpan SinhaCyber Security

UwS (pronounced as “ooze”) is an unwanted software, which according to Google’s defining list of characteristics has the following properties:

  • It deceivingly promises something which it never meets.
  • It tricks the user to install itself, or some other program.
  • It hides its principal motive under some other functions.
  • It unexpectedly modifies the user’s system.
  • It is very difficult to remove.
  • It transmits user’s private data without their permission.
  • Its presence is not disclosed, and generally bundles itself with other software.

Now that we know what is an UwS, and what are its properties, let’s see how such software is disseminated.

For a UwS to get on your system, there are quite a number of ways but all these ways include the tactic of deception. Commonly, these tactics include misleading advertisements disguised as “download” buttons, “install” buttons, “play” buttons, etc; unwanted ad-injections; misleading descriptions about what a particular software does, which once the user downloads modifies the system unexpectedly; pop-up messages related to what the user searches; and many more.
Deceiving advertisements disguised

Deceiving ads disguised as “install” and “continue” buttons. (Image source: Google Online Security Blog)

There are various steps taken by leading security agents, but still there is a lot to be taken care of. Apart from these steps taken, we should also adopt some methods to avoid such attacks, such as:
  • Before clicking on any link, check whether it is redirecting to desired location or not. When you hover the cursor over the link, the status bar on the bottom shows a link. If this is the desired one, click on it.
  • Whenever you download any software, download it from a trusted source.
  • Check the extension of your download. If you’re downloading a PDF file, or a word file and it shows .exe, cancel the downloading process.
  • Install plugins for Adblocks, etc.

Google’s Online Security Blog states “Given the complexity of the UwS ecosystem, the involvement of players across the industry is key to making meaningful progress in this fight. This chain is only as strong as its weakest links: everyone must work to develop and enforce strict, clear policies related to major sources of UwS.

If we’re able, as an industry, to enforce these policies, then everyone will be able to provide better experiences for their users. With this in mind, we’re very pleased to see that the FTC recently warned consumers about UwS and characterizes UwS as a form of malware. This is an important step toward uniting the online community and focusing good actors on the common goal of eliminating UwS.
We’re still in the earliest stages of the fight against UwS, but we’re moving in the right direction. We’ll continue our efforts to protect users from UwS and work across the industry to eliminate these bad practices.”