Home » Data Protection » Malware/Cybercrime

Spyware: Scumware Out There

Security vendors big and small are in an arms race to root out spyware and other malicious code, but so far they're all losing.

Since then, McAfee and other major antivirus vendors have been struggling to figure out how to fit this type of threat into their business model. Should antispyware capabilities be a part of antivirus programs and to what extent? How can antivirus tools account for code that some users want to eliminate and others don't? What if a piece of adware is living up to the promises in its EULA but customers are still complaining? And, perhaps most important, if customers don't want to pay for separate antispyware products, how can the vendor justify the expense of building the capability into their existing software?

As the big guns try to answer these questions, smaller companies have moved onto their turf. Ad-Aware, from Lavasoft, Spybot Search and Destroy, Pest Patrol and Webroot's Spysweeper are the most popular of these programs. They operate like antivirus tools, matching lists of known malware against computer files and eradicating software that computer users don't want. Also like antivirus tools, they have to be updated and be set up to scan files. Until recently, they were marketed to home users and rarely appeared in corporate settings, and so didn't pose much of a threat to the security establishment. But now, they're making inroads to the enterprise, with versions that offer centralized control, updating and reporting features.

Webroot says that 100,000 paid seats of its Spysweeper Enterprise were installed within the first six weeks of the product being released this past June. Steve Thomas, founder and CTO of the Boulder, Colo.-based company, has been thrilled with the market's response. "We've gotten on the phone with some customers, and they'll say, We're literally rebuilding three to five machines a day because the spyware is so bad," says Thomas, whose company is privately held and turning a profit.

But products like Spysweeper are still in their infancy. CSOs report having to use several different types of antispyware tools to find some culprits, and even then they may not succeed. (I ran three programs on my computer, to no avail.) What's more, CSOs simply don't see why they should have to install a whole extra piece of software—one that needs updates and does scans—to deal with a problem that they think should be handled by antivirus tools.

That's why CSOs have been putting pressure on antivirus companies to get on top of the problem. Robert Garigue, CISO of the Bank of Montreal, says his company has warned its antivirus vendor that the next time his software licenses come up for renewal, the vendor will be assessed around new functionalities that incorporate spyware as well as spam protection. "We've been talking about this for two years with our antivirus vendors, because as far as we're concerned, how is this different from antivirus software?" Garigue says.