Adware is software that displays advertisements to generate revenue for its creators — usually without the user's full understanding or consent. The most common form: free software that bundles ad-supported components or browser toolbars during installation. Adware ranges from mostly-harmless ad-supported software (where the user knowingly trades ads for free use) to clearly malicious browser hijackers and tracking adware that exfiltrate data. In 2026, adware is often classified as a Potentially Unwanted Program (PUP) or Potentially Unwanted Application (PUA) — not strictly malware but unwanted enough that endpoint protection products flag and remove it.

Six common categories: (1) **Pop-up adware** — generates pop-up windows during browsing, (2) **Browser hijackers** — change homepage, default search engine, install unwanted toolbars (Ask, Conduit, Babylon historically), (3) **Ad injectors** — modify web pages to insert ads on legitimate sites, (4) **Mobile adware** — Android-specific, generates ads outside the app, drains battery (HiddenAds, Bread), (5) **Click fraud adware** — generates fake clicks on advertiser pages, harming the ad ecosystem, (6) **Tracking adware** — collects browsing history, keystrokes, location to build profiles for targeted ads. Modern endpoint protection categorises most of these as PUP/PUA — not full malware but unwanted.

Five notable cases: (1) **Fireball (2017)** — affected 250M+ devices globally; Chinese marketing company Rafotech distributed via bundled installers; turned browsers into ad-revenue machines, (2) **Genieo (2014-2018)** — macOS adware bundle popular with download sites, (3) **DealPly** — long-running browser hijacker, (4) **Conduit Search** — once-prevalent toolbar; rebranded multiple times, (5) **HiddenAds family (Android, ongoing)** — apps published to Google Play (caught in waves of 2020-2025), generated ads outside the app. The line between adware and malware blurs — many 'adware' campaigns evolved into pure malware once detection improved.

**Adware** is one category within the broader PUP/PUA classification. PUP (Potentially Unwanted Program) and PUA (Potentially Unwanted Application) are umbrella terms used by anti-malware vendors for software that's annoying or undesirable but not strictly malicious — bundled toolbars, system optimisers with deceptive marketing, free VPNs with weak privacy practices, browser hijackers, aggressive ad networks. Antivirus products treat PUP/PUA differently from malware: detection is opt-in (Microsoft Defender's PUA Protection setting), warnings rather than auto-quarantine, and uninstall guidance rather than removal. The category exists because users sometimes *intend* to install ad-supported software in exchange for free use.

Six common vectors: (1) **Software bundling** — most common; free software installers offer to install additional 'recommended' programs, often pre-checked, (2) **Deceptive ads / fake software** — fake 'system speed boosters', 'driver updaters' that download adware, (3) **Compromised free software downloads** — non-official sources (CNET historically, Softonic, third-party 'crack' sites) bundle adware in installers, (4) **Browser extensions** — appear useful but inject ads or hijack search; sometimes published to official browser stores, (5) **Mobile sideloading** — apps from non-Google-Play sources, (6) **Drive-by downloads** — compromised websites silently installing browser components. Defence: download from official sources only, use 'Custom Install' (uncheck bundled offers), modern endpoint protection with PUA detection enabled.

Stepwise removal: (1) **Uninstall via Settings → Apps** (Windows) or **Applications folder** (macOS) — look for unfamiliar names, recently installed, (2) **Reset browsers** — Chrome/Edge/Firefox have 'reset to defaults' that removes hijackers, extensions, search engine changes, (3) **Run modern endpoint protection** — Microsoft Defender (with PUA Protection enabled), Malwarebytes (specialised in PUP/adware), AdwCleaner (free, by Malwarebytes), (4) **Clear browser data** — cookies, cache, site permissions, (5) **Check Task Scheduler / startup items** — adware often persists via scheduled tasks, (6) **Check browser extensions** — remove unfamiliar ones from chrome://extensions, edge://extensions, about:addons. Mobile: Android — uninstall suspicious apps, check Special Access > Notifications/Display over other apps; iOS — adware is rare but check installed configuration profiles.

Eight controls: (1) **Download from official sources** — vendor websites, Microsoft Store, Mac App Store, Google Play, never third-party 'crack' sites, (2) **Always 'Custom Install'** — uncheck bundled offers; never click 'Express' or 'Recommended', (3) **Read installer screens** — adware bundlers hide consent in fine print, (4) **Browser hardening** — Chrome with HTTPS-only, ad blockers (uBlock Origin), strict permission settings, (5) **Endpoint protection with PUA detection** — Microsoft Defender, CrowdStrike, SentinelOne all detect PUA, (6) **DNS filtering** — Cloudflare 1.1.1.1 for Families, Quad9, NextDNS block known ad/tracking domains, (7) **Don't install browser extensions casually** — review permissions, prefer well-known publishers, (8) **Mobile**: stick to Google Play/App Store, audit app permissions, disable installation from unknown sources.