Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

So Roger Thompson thinks that spyware is the next great menace to computer users? Not surprising since he’s been in the business of fighting spyware for a while, much longer than most of the security software establishment.

Thompson was vice president of product development at PestPatrol when CA bought that company just a few months ago. Just a week before he wrote about the urgency of the problem for eWEEK, and I had talked to him about it long before that.

Read Thompson’s guest commentary “We Must Beat Spyware.”

CA is ahead of the curve here, but it’s been obvious for a while that it made no sense for anti-spyware to exist as an application separate from other malware scanning systems, either on the client or at the perimeter. Once we accept it as just another type of malware it becomes obvious that the established companies should be offering it, and from there that they should be buying the anti-spyware companies.

And a wacky market it is. Sure, there are respectable companies like PestPatrol and Webroot, but there are a hundred disreputable ones selling useless or stolen code, sometimes even acting as adware distribution vehicles. An excellent site to follow for this phenomenon is Spyware Warrior’s Rogue/Suspect Anti-Spyware page. I especially recommend the footnotes to the product reports.

Take a look at the names of these products. There’s no end to the variations you can come up with for SpyThis and AdThat, and the marketing all sounds the same too. And it gets worse: As PC Magazine has found in its reviews (such as this one), these products, even the good ones, don’t always do a good job. That’s because there’s so much of it and it is often spread through sleazy commercial products.

I once asked someone at Symantec why their threat tracking systems don’t track adware and spyware, and I got a weary look and a “How should we do it?” It’s a really hard problem.

All these problems—the difficulty, the confusion over a hundred competitors, the rogue products—are all reasons why protection against spyware needs to be sold by well-known brands, not one-man fly-by-nights.

A little clarification is needed here, and indeed it should be standard language in any spyware article: What we casually call “spyware” encompasses a number of categories of malware, only some of which are actual spyware. Keyloggers, for example, are a real problem, but I suspect this is the sort of threat that the anti-virus companies do handle well. What most people run into more often is adware, usually surreptitiously installed, that pops up windows with ads.

For insights on security coverage around the Web, check out Security Center Editor Larry Seltzer’s Weblog.

Smaller companies are trying to bring spyware protection to the enterprise. Look at Webroot’s and Blue Coat’s products for example. If the McAfees and Trends and Symantecs don’t come up with real products for this, and for consumers, they’re doing us all a disservice, because Roger Thompson is right. The problem is for real.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out’s for the latest security news, reviews and analysis.

More from Larry Seltzer