Anti-spyware: The New Frontier in the Security Software Market

By Larry Seltzer  |  Posted 2004-12-10 Print this article Print

Opinion: What took the big security software companies so long? Spyware detection belongs with all the other malware scanning.

So Roger Thompson thinks that spyware is the next great menace to computer users? Not surprising since hes been in the business of fighting spyware for a while, much longer than most of the security software establishment. Thompson was vice president of product development at PestPatrol when CA bought that company just a few months ago. Just a week before he wrote about the urgency of the problem for eWEEK, and I had talked to him about it long before that.

Read Thompsons guest commentary "We Must Beat Spyware."
CA is ahead of the curve here, but its been obvious for a while that it made no sense for anti-spyware to exist as an application separate from other malware scanning systems, either on the client or at the perimeter. Once we accept it as just another type of malware it becomes obvious that the established companies should be offering it, and from there that they should be buying the anti-spyware companies.

And a wacky market it is. Sure, there are respectable companies like PestPatrol and Webroot, but there are a hundred disreputable ones selling useless or stolen code, sometimes even acting as adware distribution vehicles. An excellent site to follow for this phenomenon is Spyware Warriors Rogue/Suspect Anti-Spyware page. I especially recommend the footnotes to the product reports.

Take a look at the names of these products. Theres no end to the variations you can come up with for SpyThis and AdThat, and the marketing all sounds the same too. And it gets worse: As PC Magazine has found in its reviews (such as this one), these products, even the good ones, dont always do a good job. Thats because theres so much of it and it is often spread through sleazy commercial products.

I once asked someone at Symantec why their threat tracking systems dont track adware and spyware, and I got a weary look and a "How should we do it?" Its a really hard problem.

All these problems—the difficulty, the confusion over a hundred competitors, the rogue products—are all reasons why protection against spyware needs to be sold by well-known brands, not one-man fly-by-nights.

A little clarification is needed here, and indeed it should be standard language in any spyware article: What we casually call "spyware" encompasses a number of categories of malware, only some of which are actual spyware. Keyloggers, for example, are a real problem, but I suspect this is the sort of threat that the anti-virus companies do handle well. What most people run into more often is adware, usually surreptitiously installed, that pops up windows with ads.

For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog. Smaller companies are trying to bring spyware protection to the enterprise. Look at Webroots and Blue Coats products for example. If the McAfees and Trends and Symantecs dont come up with real products for this, and for consumers, theyre doing us all a disservice, because Roger Thompson is right. The problem is for real.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. More from Larry Seltzer
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel