potentially unwanted application

Potentially unwanted applications include spyware and adware.

Potentially unwanted applications (PUAs) are applications that, although not malicious, can affect performance of client machines or potentially introduce security and related risks into your organization. Some applications that may be classified as PUAs may have legitimate uses, but these should be installed only with the system administrator’s knowledge and at his or her discretion.

Sophos is an active member of the Anti Spyware Coalition (ASC). When classifying PUAs, SophosLabs uses the following broad definitions, which are derived from the ASC risk model.


  • Application that often has the primary function of delivering advertising to the desktop.
  • Software that tracks internet usage and/or collects potential Personally Identifiable Information (PII) data from a user’s computer for the purposes of selling this information, or associated information, to a third party.
  • Usually unknowingly installed on systems without specific user interaction.
  • Includes Advertising Display Software and Tracking Software as defined by ASC.

System Monitors

  • Commercially or freely available software whose primary function is to monitor the use of the local computer.
  • Commonly marketed as PC surveillance software.
  • Usually installed with user interaction.
  • Of interest to corporate networks to ensure that users do not make unauthorized use of such software.
  • Applications for which some customers may want to authorize use.
  • Include Tracking Software as defined by ASC.

Remote Administration Tools

  • Commercial or freely available tools used for remotely accessing and controlling one or more computers.
  • Usually installed and used with user interaction.
  • Occasionally used legitimately in small businesses.
  • Include Remote Control Software as defined by ASC that is not classified as malware.


  • Any application whose primary function is to dial a premium rate phone number.
  • Can be installed without specific user interaction.
  • Include Dialing software as defined by ASC.

Hacking Tools

  • Applications that can be used to assist hackers to gain entry to a network, computer, or software program.
  • Examples are port scanners, password crackers, and vulnerability scanners.
  • Usually installed and used with user interaction.
  • Have been known to be used in conjunction with malicious software.
  • Can be used legitimately for assessing network security.
  • Include Security Analysis Software as defined by ASC.

Other PUAs

  • Include any software not categorized above that may be considered by a network administrator to be unsuitable for an enterprise network. For example:
    • Adware-bundled, -supported, or -affiliated software, such as P2P applications.
    • Trial versions of server applications that are commonly used in a malicious context.
    • Chat clients commonly used in a malicious context.
    • Server applications such as FTP, Telnet, IRC, or SMTP commonly used in a malicious context.