Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Classifying Spyware

Defining Potentially Unwanted Software Classifications
Check Point develops security products designed to protect computers and users from various threats to security, privacy, and system availability. In order to provide effective protection against these threats, Check Point products detect, prevent operation, and remove Spyware, Adware, and other types of "Potentially Unwanted Software."

Potentially Unwanted Software applications are categorized based upon the behaviors that are exhibited by the applications, assertions made by the publisher, and the distribution method of the software.

Potentially Unwanted Software are classified into one or more of the following categories based on the behaviors, traits, and other factors listed in the table below.

Classification Threat
Adware Any program that runs on a computer with the purpose to present advertising to users without any additional benefit to the computer or user.
Browser Plugins Any type of program or code that has potentially unwanted software characteristics but only execute when a web browser is running.
Commercial Remote Access Tools Commercially developed software for which a fee is paid that is typically used for remote system access and control.
Dialers Any program which causes a computer modem or telephone system to dial out without prompting the user on each instance and accurately reflecting the financial impact to the user for allowing the call.
Hacker Tools Any computer program or code whose primary purpose is to determine the presence of, or circumvent computer security controls.
Keystroke Loggers Any program which records the keyboard usage of a computer system without explicitly requesting permission from the local user each time the program is executed.
Other Any software or program which exhibits the traits or behaviors associated with potentially unwanted software which does not fit into any of the other categories.
Screen Loggers Any program which captures information, text, or other content that is displayed on the screen without conspicuously notifying the user each time.
Tracking Cookies Any web browser cookie which is used for the purpose of tracking the web page access activities of the user that is not sent from the web site to which the user directed their web browser.
Trojan Horse Any web browser cookie which is used for the purpose of tracking the web page access activities of the user that is not sent from the web site to which the user directed their web browser.
Worms Any program or code which attempts to self-propagate to other computer systems or propagate with the assistance of users while misrepresenting its purpose or behavior; or offering no benefit to the system owner or user.

Check Point carefully analyzes all programs to determine what types of, if any, undesirable behaviors a program may have. Check Point maintains a list of characteristics that are indicative of Potentially Unwanted Software. The following list represents the most common undesirable characteristics used in analysis:

  • Malicious
    • Sends unsolicited emails
    • Sends unsolicited instant messages
    • Changes browser homepage
    • Changes browser search page
    • Uses a dial-up modem without explicit consent from the user
    • Initiates an Internet connection
    • Uses computing resources without knowledge of user/owner
    • Displays ads that can not be closed without closing the browser or shutting down the computer
    • Changes method used to access the Internet
    • Changes browser bookmarks or favorites
    • Disables or alters system security settings
    • Logs keystrokes
    • Disables anti-spyware, anti-virus, or other security applications
  • Deceptive
    • Offers option to decline install, but when selected installs anyway
    • Automatically reinstalls or re-enables software that was uninstalled or disabled by the authorized user
    • Notifies users that software installation is required to view, play, or use content when it isn't actually required
    • Misrepresents the true software publisher
    • Requests or requires personally identifiable information and misrepresents who is requesting the information
    • The party responsible for displaying advertisements is not conspicuous
  • Information Collection
    • No (complete) disclosure of information collected before collection begins
    • No option for owner/user to consent to information collection
    • Uses personally identifiable information to display or send advertising
    • Collects information about web pages visited and sends the information to the software publisher or a 3rd party without explicit consent by the user
    • Collects personally identifiable information
    • Information collection disclosure statement is not conspicuous
    • No clear disclosure of what specific information is collected
    • No clear disclosure of why the information is collected and how it will be used
    • Information collection program does not include uninstall function or program

Disputing and Reporting Mis-Classifications
Any entity that owns the rights to a computer program may dispute any Potentially Unwanted Software classification in writing.