Webroot: Good News and Bad

Adware infections hold steady, but targeted trojans on rise.

The face of spyware is changing as adware infection rates level off and targeted Trojans and system monitors become more prevalent. So says the latest version of Webroot Softwares State of Spyware report.

According to the latest findings, which are based in part on results gleaned anonymously from the free Spy Audit tool on Webroots Web site (www.webroot.com),adware infections dropped to 5.5 instances of adware per infected PC, down 6.9 percent and 6.1 percent in the first and second quarters, respectively. Fifty-five percent of computers scanned had some form of adware infection, according to the report.

Webroot officials trace this improvement to several factors. A critical mass of adware infestations on an infected system will debilitate the computer to unusable levels, requiring the user to fix the problem.

The downturn is also the result of improved behavior by direct marketing companies based in the United States. Adware vendors, attempting to come into compliance with the many anti-spyware bills currently before federal and state governments, are cleaning up their act somewhat. Vendors are playing nicer by providing easier-to-comprehend EULAs (end-user license agreements) and improved removal tools.

For instance, TRUSTes new Trusted Download Program certifies and whitelists applications that conform to these criteria. TRUSTe promises financial rewards for companies with compliant software, speculating that advertisers will pay top dollar for a certified installation.

Adware and spyware infestations will not abate because of legislative or organizational actions alone, however. Many miscreants will continue to infest U.S. systems from locations offshore.

On the flip side, Trojan infections on enterprise-based computers increased in the third quarter to 1.5 instances per infected machine (up from 1.2 in the second quarter). System monitors held steady at 1.2 instances per infected machine. Trojan infections on consumer machines are also up—to 1.7 instances per infected machine.

Users infected with stealthier system monitors or Trojan programs are not likely to recognize the presence of the threat, particularly as new spyware technologies begin to leverage root-kit technologies that may evade traditional anti-virus detection. These applications are designed to steal confidential information, so this development is worrisome, indeed.

In a direct shot across the bow of anti-virus companies, Webroots vice president of threat research, Richard Stiennon, claimed that anti-virus products that perform some measure of spyware detection are particularly poor at detecting and cleaning Trojans and system monitors—as low as 20 to 40 percent effective at what should be their core competency.

Although Ive never completely bought into the gaudy detection numbers provided by vendors touting their own products, these numbers give me great pause. This summer, eWEEK Labs tests upheld the assertion that anti-virus companies have a lot of work left to do when it comes to spyware detection and cleaning . Locking down systems may be your best bet for shutting out these threats .

The State of Spyware report can be downloaded from www.webroot.com/land/sosreport-2005-q3.php.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.