Spywares Real, but Anti-Spywares an Illusion

Opinion: Hats off to Symantec and other vendors who aren't trying to create a new, artificial category of software. Spyware and adware should be blocked by existing software.

The anti-spyware software business has a bottom-up background, having originated from small companies and freeware efforts even in the face of a large and well-equipped security software industry.

What were the anti-virus vendors doing all that time? The term "spyware," as addressed by anti-spyware software, has been applied to actual spyware such as keyloggers, various Trojan horses, adware that monitors your browsing and pops up ads, and even cookies. To a larger extent than is generally acknowledged, anti-virus software was detecting many of these threats, especially the actual spyware and Trojan horses. But it has generally let the adware slip through.

Now the anti-virus vendors are all taking it seriously. On Monday, Symantec announced that it is adding spyware (meaning adware and all that) protection to some of its enterprise security products, specifically Symantec Client Security 3.0, Symantec anti-virus Corporate Edition 10.0, and the Symantec Network Security 7100 Series Intrusion Prevention appliances. The 7100 protection is supposed to be available now; the other products will ship in March.

History shows that such protection will be extended through the product line, including their consumer products, before too long. If Symantec continue to take this approach, and it sounds like it will, then hats off to the company for having the decency to put this protection where it belongs, in its existing product line of anti-virus and other threat protection products. Panda Software also appears to be integrating its adware and spyware protection into its basic product line.

Other companies are perpetuating the historical divide between anti-virus and anti-spyware software, and its a completely phony distinction. Prominent among these are Computer Associates and McAfee (in both its consumer and corporate products). CA has a bundle available with its anti-virus program and the McAfee enterprise product works as an add-in module. Sometimes the distinctions between products can be confusing; the Web page for McAfee VirusScan says that it "identifies spying and pop-up ad programs," but its clear that it alone does not integrate the functions of McAfee antispyware.

/zimages/5/28571.gifClick here to read more about enterprise anti-spyware systems, including reviews of three anti-spyware products.

Anyway, the distinction is basically phony. I get some back talk from vendors when I make this argument and the best counterargument Ive heard is that adware is sometimes ambiguous in nature. Consider that nobody but a virus researcher would want to install a virus or worm, but there are people who want to install that shopping program or search bar even though its a bad idea. And Im sure that there are legitimate programs that perform activities, such as overriding the home page or default search page of Internet Explorer, which are deemed suspicious by anti-spyware programs. While its reasonable for an anti-virus program to silently block all attempts for a virus to run, with some adware and similar threats you may want to give the user a foreground option to make a decision.

This doesnt mean that you need a whole new program with a whole new annual subscription fee to do it. The behavior of the program is very similar and its inefficient and unfair to the user to separate it out. Ill give CA a pass for a while because it just bought the PestPatrol product line and perhaps the company just needs time to integrate it.

Its been clear for a long time that the era of the small anti-spyware company is coming to an end and that the larger security companies with established anti-virus product lines and installed bases were in the best position to subsume the anti-spyware market. This may take a tad longer in the consumer market, depending on who the OEMs and retailers want to make deals with, but I have a hard time believing that enterprises will be suckered into spending separate money on anti-spyware software and subscriptions when they have perfectly capable threat protection in place. Vendors better watch out.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

More from Larry Seltzer