Uncovering Spyware

To effectively battle spyware, IT departments must first understand what they're dealing with

Martin Garvey, Contributor

March 18, 2005

3 Min Read
InformationWeek logo in a gray background | InformationWeek

1-800-Contacts Inc., another online retailer and backer of the Utah anti-spyware law, uses software tools to see if its affiliates employ spyware. If they do, the contact-lens retailer removes those affiliates from its referral program, says Clint Schmidt, online marketing director. "As the brand equity leader, we have the most to lose from spyware as others piggyback on our brand awareness," he says.

While spyware is malicious and harmful, says Michael Overly, a technology attorney at law firm Foley & Lardner, adware can be a marketing tool that online advertisers use to serve targeted advertisements. But there's plenty of adware installed without users' consent, and Overly says that's illegal under California's Comprehensive Computer Data Access and Fraud Act. "There are no statistics that I'm aware of on this, but a good portion of adware we encounter is problematic under the law," he says.

The law firm is considering starting a consortium of businesses that would donate legal funds to go after companies that illegally use adware and spyware as part of their marketing practices. "We see that this affects most every type of company today," Overly says.

One of the worries about adware is that few people believe the information about their surfing habits will remain anonymous. "Most people don't trust that the information collected about them online will be kept private," Overly says. "They don't believe the information about what Web sites they surf and what books or pages they read won't be connected back to them."

Adware proponent Claria Corp., which publishes advertising messages from companies and agencies to tens of millions of consumers who agree to receive advertising based on their online behavior, admits that finding middle ground between its efforts and spyware might take some time. "The proposed HR 29 federal bill would allow [online] tracking and ads as long as we provide information and let customers change their minds," says Scott Eagle, chief marketing officer at Claria. "And users are getting more savvy about what they download."

Anti-spyware tools aren't perfect, but they help. The Denver Health & Hospital Authority expects to save more than $170,000 annually in help-desk costs by using a policy-control appliance from Blue Coat Systems Inc. to keep spyware and adware off of 4,000 PCs. "Before, we had about 200 spyware intrusions per month on each machine," chief technology officer Jeffrey Pellot says. Now the problem has been mostly eliminated, he says.

Behavioral-based approaches to spyware defense hold future promise, says Gartner analyst Avivah Litan. "Software that looks for unusual behavior, such as specific open ports or a process that's logging keystrokes or programs that are trying to hide, is much more effective than [today's] signature-based anti-spyware," she says.

Benjamin Edelman, an independent researcher and graduate student of economics at Harvard University, calls the techniques used to install spyware "ripe for investigation." It's not just Web-site operators that are part of the problem, but also companies that distribute online advertising and those whose products and services are featured in pop-up ads, he says.

"Money is still being pumped in, and users are still being tricked," Edelman says. He has researched spyware for four years and says it's getting worse. Many PC users and system administrators agree.

--with Eric Chabrow, John Foley, George V. Hulme, and TechWeb's Gregg Keizer

Read more about:

20052005

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights