Anti-Spyware: The New Frontier in the Security Software Market

By Larry Seltzer  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

Opinion: What took the big security software companies so long? Spyware detection belongs with all the other malware scanning.

So Roger Thompson thinks that spyware is the next great menace to computer users? Not surprising since he's been in the business of fighting spyware for a while, much longer than most of the security software establishment.

Thompson was vice president of product development at PestPatrol when CA bought that company just a few months ago. Just a week before he wrote about the urgency of the problem for eWEEK, and I had talked to him about it long before that.

Read Thompson's guest commentary "We Must Beat Spyware."

CA is ahead of the curve here, but it's been obvious for a while that it made no sense for anti-spyware to exist as an application separate from other malware scanning systems, either on the client or at the perimeter. Once we accept it as just another type of malware it becomes obvious that the established companies should be offering it, and from there that they should be buying the anti-spyware companies.

And a wacky market it is. Sure, there are respectable companies like PestPatrol and Webroot, but there are a hundred disreputable ones selling useless or stolen code, sometimes even acting as adware distribution vehicles. An excellent site to follow for this phenomenon is Spyware Warrior's Rogue/Suspect Anti-Spyware page. I especially recommend the footnotes to the product reports.

Take a look at the names of these products. There's no end to the variations you can come up with for SpyThis and AdThat, and the marketing all sounds the same too. And it gets worse: As PC Magazine has found in its reviews (such as this one), these products, even the good ones, don't always do a good job. That's because there's so much of it and it is often spread through sleazy commercial products.

I once asked someone at Symantec why their threat tracking systems don't track adware and spyware, and I got a weary look and a "How should we do it?" It's a really hard problem.

All these problems—the difficulty, the confusion over a hundred competitors, the rogue products—are all reasons why protection against spyware needs to be sold by well-known brands, not one-man fly-by-nights.

A little clarification is needed here, and indeed it should be standard language in any spyware article: What we casually call "spyware" encompasses a number of categories of malware, only some of which are actual spyware. Keyloggers, for example, are a real problem, but I suspect this is the sort of threat that the anti-virus companies do handle well. What most people run into more often is adware, usually surreptitiously installed, that pops up windows with ads.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Smaller companies are trying to bring spyware protection to the enterprise. Look at Webroot's and Blue Coat's products for example. If the McAfees and Trends and Symantecs don't come up with real products for this, and for consumers, they're doing us all a disservice, because Roger Thompson is right. The problem is for real.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out eWEEK.com's for the latest security news, reviews and analysis.

More from Larry Seltzer

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...