Spyware, the next big thing?

By Ellen Messmer, NetworkWorld.com, 08/31/04

Richard Stiennon, you may recall, is the Gartner security analyst who gained considerable attention by declaring intrusion-detection systems that simply monitor for threats are destined for the trash-heap of history as they are replaced by intrusion-prevention systems that actually block them. Well, come September, Stiennon is abandoning the research business in order to join a firm, Webroot, which he says is focused on the next big thing: spyware detection and eradication.

“I want to be on the front battle lines against the latest malicious activity,” said Stiennon, who will joins Boulder, Co.-based Webroot in the newly-created position of vice president of threat research.

Spyware has become an enormously “painful” problem for corporations, Stiennon notes, where IT departments now find themselves trying to detect and eradicate traces of spyware that are gumming up employee PCs.

“At Gartner during the last three months we became aware that 75% of helpdesk calls involve spyware,” says Stiennon.

There are currently few anti-spyware software packages aimed specifically at the business market. It was only last June that Webroot, a privately-held company with 120 employees, introduced a corporate version of its spyware detection software, SpySweeper Enterprise, says David Moll, the CEO there. The consumer version of its product is sold in Wal-Mart, Best Buy, CompUSA, Staple’s and other retail stores.

For their part, anti-virus vendors are making their first forays into spyware defense. The A/V vendors are including some anti-spyware features in their anti-virus products or outright acquiring spyware-detection software companies.

Spyware is only likely to grow as a source of concern to the corporate world. One question worthy of debate is whether the demand for anti-spyware protection could—perhaps in a surprisingly short amount of time--soon equal the demand for anti-virus. And will anti-virus software subsume anti-spyware or not?

Stiennon responds he would ask the question the other way around.
“Spyware could subsume anti-virus,” muses Stiennon. “Anti-virus is an old, established business, and the anti-virus vendors tend to take their eye off the ball.” There’s the distinct possibility, he says, that spyware detection and eradication is simply going to swallow up anti-virus.

While it’s not clear that Stiennon’s “IDS is dead” prediction has yet come true, his contention that “spyware is alive” is hard to argue.

By the way, some of the more established marketing firms—as opposed to mysterious Web sites creating spyware which come and go at a fast clip—fiercely oppose the word “spyware” being applied to anything they do.

“We just wanted to repeat ourselves and remind you that Claria’s GAIN Network ad-supported software is adware, not spyware,” said a Claria spokeswoman in an e-mail to me recently in response to questions.

She notes because users elect to use Claria’s ad-supported software, and they get full disclosure and can uninstall the Claria software, this makes it adware not spyware.

In mid-August, privately-held Claria was poised to issue an initial public offering (IPO), but then said the firm is delaying the IPO for an unspecified period of time due to “market conditions.”

Back to Security Notes

Comments

It's hard to make a distinction between adware and spyware when gobs of both types are battling for bandwidth and bringing your computer to a standstill. The trouble is, these programs do not observe any limits to their behavior and interaction. ALL such software is much more intrusive than the supplier would have you believe. "They" have turned our production machines into advertising mediums, worse than regular TV ... At least with TV you can get 10 minutes of uninterupted program. (Well, except for that little thing they are all now doing at the bottom of the screen.) But with ADWare and SPYWare, you are constantly being assaulted, and having your cpu cycles stolen.

Posted by: Brian Small on September 2, 2004 11:47 PM

I'm glad that someone is finally speaking out against spyware. Spyware is a nasty thing that needs to be eradicated quickly. What distraugths me the most is the fact that the government has done very little and is very complacent about this issue. Something needs to be done now about spyware.

Posted by: Veronica Muo on September 3, 2004 01:11 PM

As much as Spyware and Adware companies, like GAIN (I have never gained anything since my network users noticed it), I feel it is important that these companies should remember they are using the most scarce resources of our PC's. It is the prerogative of the final users to justify which programs have access to their PC resources. Therefore, Spyware and Adware programs need to find a better policy to deploy their software than at present. With regard to whether Anti-Spy will over-ride Anti-Virus, I have a reservation that we will see more of Anti-Viruses for pretty long time. I predict that we shall have more and more Anti-Viruses integrating Anti-Spy features in the future.

Posted by: Athanas on September 4, 2004 08:47 AM

As the owner of a small IT consulting company in Texas, I have seen first-hand the effects of spyware/adware on the productivity of our clients' end users. Every service call that we have gone in the last 6 months starts with an hour of basic PC clean-up (apply Windows updates, update anti-virus, and run anti-spwyare software). Quite often the problem that we were sent to diagnose disappears during that first hour, before we've began to troubleshoot the problem. We recently became a reseller for Webroot Spy Sweeper Enterprise, and we are very pleased with the centralized management of its product. Centralized patch management and anti-spyware is the mantra for our sales team, as we aim to move our clients back to proactive network management.

Posted by: David Johnson on September 13, 2004 06:02 PM

Don't open that attachment in that email. Get the email to my website http://ethicalhack.blogspot.com/ and reply to one of the topics. I need to scan that email and prob give to the us gov.

Posted by: EthicalHack on December 27, 2004 01:13 PM

Post a comment

Name:


E-mail address:


URL:


Comments:


Remember info?