Microsoft to enable PUA protection for Windows 10 users this month

Throughout the month of August 2021, Microsoft plans to enable a Windows Defender security feature for all Windows 10 users that will protect and warn them when downloading or attempting to install shady software commonly referred to as PUAs—or potentially unwanted applications.

While not overtly malicious in the same category as banking trojans, infostealers, or ransomware, PUAs are still considered malware.

Sometimes also referred to as adware, PUAs are typically distributed bundled with legitimate software or installed without the user's consent via pay-per-install schemes.

The category of PUAs usually includes apps that show intrusive ads, apps that track users and sell their data to advertisers, apps that change browser settings, apps that install root certificates to intercept web traffic, or apps that hijack browser search results, all for the profit of a third-party company.

Living in the narrow gap between malware and legitimate software, PUAs have become more rampant and intrusive as the years have gone by, taking advantage that many security firms have not prioritized adware detection, focusing on the more serious threats.

Microsoft took its first major step to make a dent in PUA distribution in May last year, with the release of the Windows 10 May 2020 (v2004) update when it added a PUA blocking feature to the Defender, the Windows 10 built-in anti-malware engine.

At the time, the feature was turned off by default, as Microsoft continued to work out on PUA detection kinks.

One year later, the OS maker is now ready to enable this feature by default for all the one billion Windows 10 users. The rollout phase, which will take place over the next two weeks, will help improve the security posture of Windows users, something that Microsoft has been criticized in the past, especially for not enabling security features by default.

Windows 10 users can check if the new Defender PUA blocking is active or not by going to Start  > Settings  > Update & Security > Windows Security > App & browser control > Reputation-based protection settings. 

Per Microsoft, the two options in the image above are explained as follows:

• Block apps will detect PUA that you've already downloaded or installed, so if you're using a different browser Windows Security can still detect PUA after you've downloaded it.
• Block downloads looks for PUA as it's being downloaded, but it only works with the new Microsoft Edge browser.