Congress is considering anti-spyware legislation, and while the intent of our legislators is laudable, it is doubtful that Congress can pass an effective, enforceable anti-spyware bill.
First, spyware is difficult to define legally. Second, even if we can define spyware legally, legislation will not protect us against spyware from companies outside Congress jurisdiction.
A more reliable cure for the spyware scourge is software from anti-spyware vendors. This is one instance where were better off letting the free market address a problem, rather than having government try to protect us.
The anti-spyware vendor that is able to most accurately define and block spyware for corporate clients—at a reasonable price—will find a significant number of customers willing to pay for its products.
However, some spyware developers are suing to stop anti-spyware vendors from selling their software.
The spyware companies want anti-spyware vendors to remove the spyware companies names from their spyware lists for various frivolous reasons.
This is akin to drug dealers suing the police for impinging on their right to make a living.
Roger Thompson, director of Malicious Content Research at Computer Associates, told me that CA gets about two cease-and-desist letters a month from spyware vendors.
He said such notices do not intimidate him because he is backed by CAs legal resources. However, he said, those tactics have succeeded in intimidating smaller anti-spyware vendors, including Thompsons company, PestPatrol, before CA bought it last year.
As for a definition of spyware, buyers and sellers can decide on that, just as the market defines viruses and worms.
Hypothetically, an anti-Microsoft zealot could write an anti-virus software application and add Windows XP and Microsoft Office to its virus list. Would such a product sell many copies? No.
So, too, with anti-spyware vendors. They can decide what spyware is based on their perception and let customers decide if they agree.
As long as anti-spyware companies act in good faith with their spyware definitions, they dont have to worry about frivolous lawsuits from spyware companies trying to protect their turf.
Spyware can ravage corporate IT resources. It can cause serious data security problems, and it has led to financial losses due to downtime, the cleanup of infected systems and legal issues.
Spyware companies malevolence is evident in their misuse of the law.
Spyware vendors attempts to stop anti-spyware companies from selling software that users urgently need for protection shows that they hold the public in contempt.
You have every right to buy the most aggressive anti-spyware software you can, and vendors have every right to sell it.
Ben Rothke, CISSP, is a New York-based security consultant with ThruPoint Inc. and the author of “Computer Security: 20 Things Every Employee Should Know.” He can be reached at [email protected]. Free Spectrum is a forum for the IT community and welcomes contributions. Send submissions to [email protected].