Before classifying a programs as a PUA, senior researchers at ESET's threat research lab examine a program to determine if it belongs in this category. Each examination is done on a case-by-case basis, so there are no specific guidelines we can offer about how a program should or should not behave. That said, the link to the Anti Spyware Coalition that Arakasi forwarded is a great introduction to the subject, as is the StopBadware coalition's Badware guidelines for software applications. You might also find the following ESET white paper helpful as well: Problematic, Unloved and Argumentative: What is a potentially unwanted application (PUA)? It's a little old (no mention of Android apps, for example) but still contains useful information.