Spyware Fracas Heats Up

Opinion: IT administrators hold the key to spyware's fate.

There have been a few interesting stories percolating in the spyware/anti-spyware arena during the last few weeks. We had three anti-spyware vendors drop out of COAST, an anti-spyware technology vendor consortium, after the group decided to let purported spyware vendors join the consortium.

Federal and state bills against spyware also continued to move forward—with California actually passing one—but the general consensus on these bills is that they will make the highly limited CAN-SPAM bill look like a model of effectiveness.

But by far, my favorite story was the attempt by a vendor to use legal threats to keep Web sites from referring to its products as spyware: iDownload.com, maker of the iSearch, umm, whatever, sent cease-and-desist letters to several Web sites that referred to iSearch as spyware.

The efforts and, often, threats by many makers of, uh, certain types of programs have greatly affected anti-spyware initiatives, leading some major vendors to release products that dont find the programs that users might expect an anti-spyware application to find. And this has, of course, led to some of the more amusing verbal contortions when it comes to describing these products.

Im often reminded of the old Jon Lovitz character, Dr., I mean, Sen. Tommy Flanagan from "Saturday Night Live." I can see it already: "Our application is spyware ... adware ... a PUP ... umm, a behavioral marketing tool. Yeah, thats the ticket."

Also, there are many legitimate software vendors that were hoping COAST or the legal bodies would come up with solid and definitive methods to describe what is and isnt spyware.

Ive heard many vendors of tool bar products or embedded applications say they are concerned about their products being labeled as spyware. They want to do everything the right way to prevent that.

And they have reason to be concerned. In this day of composite applications, a poorly worded law could make an embedded rendering engine illegal because these things are typically installed as part of a larger application. Or a browser tool bar that, by necessity, needs to interact with and even change some aspects of the browser could similarly end up with a scarlet letter S.

But the vendors of the, uh, potentially unwanted programs like things the way they are right now. They get to sow confusion throughout the tech community and cause even more confusion for regular users. Then the vendors claim that users dont mind their programs while the vendors hide behind license agreements the size of "War and Peace" and make programs impossible to uninstall.

For a while now, the major anti-virus vendors have been giving in to the you-know-what vendors by not removing or even flagging unwanted programs in the purported anti-spyware features they offer to regular users. Theyve been able to do this because of studies that show that the majority of users dont really understand spyware and typically leave it on their systems.

But there are potential saviors who can cut through much of this confusion and legal and verbal contortions. There is one class of users that these vendors cant put off so easily, and thats the corporate IT administrator. These administrators dont care about definitions or whether a company thinks its programs are legitimate, only about finding these programs on their users systems and having the option to remove them.

And as Technical Analyst Andrew Garcias recent review of enterprise anti-spyware products showed, if vendors want to play in the potentially lucrative anti-spyware market, theyll need to give administrators more options.

/zimages/3/28571.gifClick here for more on the enterprise anti-spyware fight.

Of course, on the plus side for the, ah, behavioral marketing vendors, administrators really dont care what these programs are identified as, as long as they can find and remove them. Maybe anti-spyware applications can refer to these programs as "super-keen-ware that you may have unknowingly installed."

But, eventually, when people see the words "super-keen-ware that you may have unknowingly installed," theyll think the same thing they do now when they see the word spyware. And then I guess the cease-and-desist letters will fly once again.

Labs Director Jim Rapoza can be reached at jim_rapoza@ziffdavis.com.

To read more Jim Rapoza, subscribe to eWEEK magazine.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.