As adware and spyware companies hoping to do business in the United States clean up their act in response to the Internet Spyware Prevention Act (I-SPY) recently passed by the House of Representatives, anti-spyware vendors are trying to stay ahead of a growing onslaught of malicious software developed outside of U.S. jurisdiction.
“I think the spyware industry is going to split into two groups,” said Mike Healan, editor of SpywareInfo.com. “Youll see those trying to at least appear legitimate because of the recent outcry and the House bill, and more malicious developers creating spyware thats much sneakier and harder to remove.”
While this ensures a continued market for anti-spyware vendors, it puts them in a tough spot of trying to determine who is legitimate while simultaneously cracking increasingly difficult programs.
Anti-spyware vendor Aluria Software of Lake Mary, Fla., is attempting to do both. The company recently certified adware vendor WhenU Inc. as “Spyware SAFE” while continuing its development of spyware definitions.
Rick Carlson, president of Aluria, said that by leading companies that want to get out of the spyware market into the legitimate ad market, Aluria can help clean up the industry.
“Companies see that theres no future in conducting business the way they traditionally have,” Carlson said. “Weve been contacted by many spyware vendors asking how they can become certified, and I think some of them will actually move in that direction.”
Richard Stiennon, vice president of threat research at Boulder, Colo.-based Webroot Software, an Aluria competitor, agreed. “Theres been an encouraging sign that they want to work with the anti-spyware companies to comply with definitions for spyware,” he said.
At the same time, Stiennon characterized Alurias move to certify WhenU as “dicey,” because if users end up considering it spyware, it doesnt matter how the company has defined it. “Ultimately, its playing with the enemy,” he said.
. Adware”> H.R. 4661, the Internet Spyware Prevention Act of 2004 (I-SPY), has gone a long way toward drawing the distinction between spyware and adware, but despite Congress efforts, Stiennon called spyware a “huge growth industry” because illegitimate firms are often outside of U.S. lawmakers grasp. “The sheer amount of money theyre making is fueling its growth,” he said.
Webroot now tracks roughly 80 new variations of existing spyware, and 20 new identifiable pieces of spyware each week. Some of the most vicious programs not only track user behavior but also collect credit card numbers, Social Security numbers and other personal information. Its been estimated that CoolWebSearch, one of the most prolific spyware programs in the world, has 300 to 400 variants alone.
How are anti-spyware companies tackling these developments?
“Basically, theyre throwing programmers at the problem,” said SpywareInfo.coms Heanan, who gives anti-spyware companies access to the spyware he discovers.
The vendors first must infect a system with the spyware, determine its causes and identify it. Then, they write definitions that will in some cases detect when a program tries to install itself on a users PC, or determine if a program already resides there and remove it. Those definitions typically are pushed to users who, like anti-virus customers, pay a subscription to receive updates.
“Eighty to 90 percent of computers have some form of spyware on them, and the software vendors are in a constant battle to keep up with spyware guys,” said Rich Mogull, research director at analyst firm Gartner Inc. of Stamford, Conn. “Next-generation solutions will have more active blocking, rather than just detecting and cleaning.”
Mogull also said he expects anti-virus vendors to start taking the threat more seriously as well and develop solutions as part of their services. Anti-virus firm McAfee Inc., for instance, offers McAfee AntiSpyware software as a separate product.
In the enterprise market, Mogull tells clients to block the spyware at the proxy server, before it ever reaches employee desktops. Web proxy vendors such as Blue Coat Systems Inc. and Websense Inc. offer these solutions.
Meanwhile, Microsoft Corp. took a step in protecting users with Windows XP SP2, which the company says will thwart some of the methods used to install software on consumers machines without their consent, mainly through Internet Explorer pop-up blockers and Windows download blockers.
But not even the entrance and commitment of the worlds largest software maker will completely eradicate spyware.
“This will never be perfect,” Gartners Mogull said. “People will always be stupid enough to click on these things to install them.”