Adware infections hold steady, but targeted trojans on rise.
The face of spyware is changing as adware infection rates level off and targeted Trojans and system monitors become more prevalent. So says the latest version of Webroot Softwares State of Spyware report.
According to the latest findings, which are based in part on results gleaned anonymously from the free Spy Audit tool on Webroots Web site (www.webroot.com),adware infections dropped to 5.5 instances of adware per infected PC, down 6.9 percent and 6.1 percent in the first and second quarters, respectively. Fifty-five percent of computers scanned had some form of adware infection, according to the report.
Webroot officials trace this improvement to several factors. A critical mass of adware infestations on an infected system will debilitate the computer to unusable levels, requiring the user to fix the problem.
The downturn is also the result of improved behavior by direct marketing companies based in the United States. Adware vendors, attempting to come into compliance with the many anti-spyware bills currently before federal and state governments, are cleaning up their act somewhat. Vendors are playing nicer by providing easier-to-comprehend EULAs (end-user license agreements) and improved removal tools.
For instance, TRUSTes new Trusted Download Program certifies and whitelists applications that conform to these criteria. TRUSTe promises financial rewards for companies with compliant software, speculating that advertisers will pay top dollar for a certified installation.
Adware and spyware infestations will not abate because of legislative or organizational actions alone, however. Many miscreants will continue to infest U.S. systems from locations offshore.
On the flip side, Trojan infections on enterprise-based computers increased in the third quarter to 1.5 instances per infected machine (up from 1.2 in the second quarter). System monitors held steady at 1.2 instances per infected machine. Trojan infections on consumer machines are also upto 1.7 instances per infected machine.
Users infected with stealthier system monitors or Trojan programs are not likely to recognize the presence of the threat, particularly as new spyware technologies begin to leverage root-kit technologies that may evade traditional anti-virus detection. These applications are designed to steal confidential information, so this development is worrisome, indeed.
In a direct shot across the bow of anti-virus companies, Webroots vice president of threat research, Richard Stiennon, claimed that anti-virus products that perform some measure of spyware detection are particularly poor at detecting and cleaning Trojans and system monitorsas low as 20 to 40 percent effective at what should be their core competency.
Although Ive never completely bought into the gaudy detection numbers provided by vendors touting their own products, these numbers give me great pause. This summer, eWEEK Labs tests upheld the assertion that anti-virus companies have a lot of work left to do when it comes to spyware detection and cleaning . Locking down systems may be your best bet for shutting out these threats .
The State of Spyware report can be downloaded from www.webroot.com/land/sosreport-2005-q3.php.
Technical Analyst Andrew Garcia can be reached at email@example.com.
Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at firstname.lastname@example.org.