Research: Spyware industry worth billions

Despite reductions in the number of computers infected by spyware applications, the troublesome software has created a billion-dollar industry that continues to plague both consumers and businesses, researchers said on Tuesday.

According to the State of Spyware Report, issued by security software maker Webroot, the number of computers infected with spyware applications remains relatively high despite growing awareness of the epidemic and modest success in controlling it. Webroot's independent research and data gathered by its Spy Audit service, which uses software designed to look for spyware, showed that 88 percent of the consumer machines in the study harbored some form of unwanted program during the first quarter of 2005.

Among businesses, Webroot found similarly overwhelming results, with spyware on 87 percent of all the corporate PCs it studied. Despite the staggering number of computers infected by spyware, Webroot said, the infection rate actually has diminished since 2004, when the software maker found an average of almost 28 spyware programs on each PC it scanned during the first quarter.

"Clearly there's a growing awareness of the spyware issue, but that has not translated into any kind of rapid decline in the programs," said David Moll, chief executive of Webroot. "When you see the lawsuits, legislation and other forms of attention being given to spyware, there's reason to hope the situation will improve, but people need to take an aggressive approach to fighting it if real progress is going to be made."

Moll cited the anti-spyware lawsuit filed last week by New York Attorney General Eliot Spitzer against Web marketer Intermix Media. Success in that case, Moll said, could increase scrutiny and pursuit of people and companies distributing the tools. However, he noted that there also is a need for more centralized industry efforts and better legislation regarding spyware from the U.S. government.

Spyware is a general term used to describe software programs that are secretly deposited on computers to track Internet usage, launch advertising programs or steal users' personal information. Among the most popular of these programs are adware, keystroke loggers and so-called system monitors.

In addition to remaining a major threat to personal and business security, Webroot said, spyware applications--specifically the types that generate pop-up advertisements, hijack home pages, redirect Web searches and use so-called DNS poisoning to steal Web traffic--generate an estimated $2 billion in revenue annually. Based on statistics published by the Internet Advertising Bureau, spyware could represent almost 25 percent of the entire online advertising industry.

The growing number of spyware attacks crafted expressly for making money, rather than for tracking Web use for marketing research or other purposes, is another emerging problem, Webroot said. The report contends that spyware exploits have "crippled" some businesses, particularly financial-services companies, in some cases by stealing customer data. Spyware infection also has slowed the growth of e-commerce by eroding consumer trust in online security.

"We can hope that the advertising industry will provide some help in trying to root out the truly malicious forms of spyware, but as long as there is an attractive return on investment on this activity for some people, this isn't going to stop anytime soon," Moll said.

Webroot said that adware continues to be the most pervasive form of spyware, with more than 50 percent of all business computers, and almost 60 percent of consumer machines, running some form of the programs. Of the devices already infected with the advertising applications, each machine averaged nearly seven different forms of the programs, according to the research.

The security software maker worked previously with Internet service provider EarthLink to generate its spyware statistics, but Webroot representatives said that relationship has ended. No details were available on the reasons for ending the partnership.

[wbenton]

I don't really buy this.

If there were such a clear awareness, the numbers of 88% and 87% respectively for PC's with spyware on them wouldn't be this high.

Thus the clear awareness must be referring to some kind of transparent or translucent ordeal which most people don't see and/or don't understand the importance of the dangers involoved with spyware.

Walt

[wbenton]

I don't really buy this.

If there were such a clear awareness, the numbers of 88% and 87% respectively for PC's with spyware on them wouldn't be this high.

Thus the clear awareness must be referring to some kind of transparent or translucent ordeal which most people don't see and/or don't understand the importance of the dangers involoved with spyware.

Walt

[Transaction7]

$2 Billion Spyware Income - Lots of Luck Getting Reform

A straight up and down vote of the voters, Congress members' employers, on banning spyware and substantially regulating and curtailing adware, on teh ballot at the next election, would pass overwhelmingly in every state, among conservatives, liberals, Republicans, Democrats, and pizza lovers. If these employees of ours, of either or both parties, gave a hoot about mere votrers, their employers, spyware and other invasions of personal and business privacy on line, and thus most adware as well, would long since have been outlawed subject to massive corporate fines and prison time for rthe individual culprits.

I'm a right-wing conservative Republican, and my liberal Democratic friends agree entirely with me on this. Members of Congress on both sides of the aisle (which too ofrten seems like a no-man's land guarded by barbed wire, land mines, and a shooting war these days) voted for have touted their computer privacy, anti-spam, and anti-syyware bills, passed and currently sponsored.

My old law school dean liked to quote Will Rogers' comment that every time Congress tells a joke, it's a law, and every time they pass a law, it's a joke.

We know that, just like the CAN-SPAM law and HIPPAA directed to protecteing medical privacy, which one of your sister sites recently pointed out has a gaping hole where the on-line storage of medical records by third party companies is concerned, and the bills currenlty pending in Congress, we're never going to get what we mere voters want and desoerve, in this or most other areas, as long as any business that acn be tapped for campaign cash by either parties can make billions by writing these laws so the politicians can brag they passed a nice-sounding bill while the bad guys get to write it and it is as full of holes as a Swiss cheese and very unfair to those it was supposed to protect.

Not everything that adds to or does not subtrract from the bottom line of some business entity and actual or potential campaign contributor qualifies as conservative the way most of us mere voters define the term. After all, that can easily be said of con artists and child pornographers.

We conservatives, and a lot of our liberal firends, both of whom are concerned about the First Amendment, or what the Supreme Court seems to think it says and means these days, which is something else altogether, both recognize a distinction between content-based and non-contact-based regulation of communications. How the First Amendment ever got stretched [not unlike the
way the Tenth Amendment got stretched beyond all recognition earlier] to cover commercial sexual conduct, or invasions into our homes and offices including altering the contents of our computers, the modern equivalent of the "persons, papers and effects" protected by the Fourth Amendment and burglary laws, etc., remains a mystery. The Supreme Court says lawyer ads can be strictly regulated and burdened with proor-approval fees and review, and lawyers don't usually come into your home or office and change your computer's inner workings or content. You may have a right to try to sell me on some lousy political or economic idea, or some no-account product or service, but who do they think has a right to invade my home and office computer surreptitiously to do so.

A lawyer with 35 years' experience, I do not think the courts should, or should be permitted to, uphold half the garbage in software licenses, including licenses to install pop-up and pop-over ads, much less adware and spyware that hihacks my computer and violates my clients' and my privacy.

Don't tell me the problem is that this stuff crosses national and state borders, either. Customs enforcement has been a virtual exception from Fourth Amendment search restrictions since the first Congress, and the Supreme Court has held that growing a bushel of wheat to feed to your own cow on a family farm, or putting a bottle of ketchup on the table at a local barbeque joint, is interstate commerce subject to pervasive federal regulation. You don't ahve to go anywhere near that far to regulate something that, instead of stopping at my snail mail box, enters my home and the seat of my expressed thoughts.

When will Congress start at least listening to (a) computer experts and, horror of horrors (b), mere voters?

[Transaction7]

$2 Billion Spyware Income - Lots of Luck Getting Reform

A straight up and down vote of the voters, Congress members' employers, on banning spyware and substantially regulating and curtailing adware, on teh ballot at the next election, would pass overwhelmingly in every state, among conservatives, liberals, Republicans, Democrats, and pizza lovers. If these employees of ours, of either or both parties, gave a hoot about mere votrers, their employers, spyware and other invasions of personal and business privacy on line, and thus most adware as well, would long since have been outlawed subject to massive corporate fines and prison time for rthe individual culprits.

I'm a right-wing conservative Republican, and my liberal Democratic friends agree entirely with me on this. Members of Congress on both sides of the aisle (which too ofrten seems like a no-man's land guarded by barbed wire, land mines, and a shooting war these days) voted for have touted their computer privacy, anti-spam, and anti-syyware bills, passed and currently sponsored.

My old law school dean liked to quote Will Rogers' comment that every time Congress tells a joke, it's a law, and every time they pass a law, it's a joke.

We know that, just like the CAN-SPAM law and HIPPAA directed to protecteing medical privacy, which one of your sister sites recently pointed out has a gaping hole where the on-line storage of medical records by third party companies is concerned, and the bills currenlty pending in Congress, we're never going to get what we mere voters want and desoerve, in this or most other areas, as long as any business that acn be tapped for campaign cash by either parties can make billions by writing these laws so the politicians can brag they passed a nice-sounding bill while the bad guys get to write it and it is as full of holes as a Swiss cheese and very unfair to those it was supposed to protect.

Not everything that adds to or does not subtrract from the bottom line of some business entity and actual or potential campaign contributor qualifies as conservative the way most of us mere voters define the term. After all, that can easily be said of con artists and child pornographers.

We conservatives, and a lot of our liberal firends, both of whom are concerned about the First Amendment, or what the Supreme Court seems to think it says and means these days, which is something else altogether, both recognize a distinction between content-based and non-contact-based regulation of communications. How the First Amendment ever got stretched [not unlike the
way the Tenth Amendment got stretched beyond all recognition earlier] to cover commercial sexual conduct, or invasions into our homes and offices including altering the contents of our computers, the modern equivalent of the "persons, papers and effects" protected by the Fourth Amendment and burglary laws, etc., remains a mystery. The Supreme Court says lawyer ads can be strictly regulated and burdened with proor-approval fees and review, and lawyers don't usually come into your home or office and change your computer's inner workings or content. You may have a right to try to sell me on some lousy political or economic idea, or some no-account product or service, but who do they think has a right to invade my home and office computer surreptitiously to do so.

A lawyer with 35 years' experience, I do not think the courts should, or should be permitted to, uphold half the garbage in software licenses, including licenses to install pop-up and pop-over ads, much less adware and spyware that hihacks my computer and violates my clients' and my privacy.

Don't tell me the problem is that this stuff crosses national and state borders, either. Customs enforcement has been a virtual exception from Fourth Amendment search restrictions since the first Congress, and the Supreme Court has held that growing a bushel of wheat to feed to your own cow on a family farm, or putting a bottle of ketchup on the table at a local barbeque joint, is interstate commerce subject to pervasive federal regulation. You don't ahve to go anywhere near that far to regulate something that, instead of stopping at my snail mail box, enters my home and the seat of my expressed thoughts.

When will Congress start at least listening to (a) computer experts and, horror of horrors (b), mere voters?

[carltornell]

There is no such thing as a free lunch

I often find the discussion on spyware and adware rather naive. People who dislike these phenomenons often like everyhing on the Internet to be free. Now, like Milton Friedman pointed out, nothing is for free: somebody eventually pays even for a free lunch. Unfortunately, the truth is that so much is free on the Internet because it is paid for by, correct, ads. What should programmers eat and drink if they didn't get paid somehow. Therefore, we should rather find a way to work with an acceptebable form of spyware and adware. If we manage to get rid of it, we'll get rid of the freeware as well.

[carltornell]

There is no such thing as a free lunch

I often find the discussion on spyware and adware rather naive. People who dislike these phenomenons often like everyhing on the Internet to be free. Now, like Milton Friedman pointed out, nothing is for free: somebody eventually pays even for a free lunch. Unfortunately, the truth is that so much is free on the Internet because it is paid for by, correct, ads. What should programmers eat and drink if they didn't get paid somehow. Therefore, we should rather find a way to work with an acceptebable form of spyware and adware. If we manage to get rid of it, we'll get rid of the freeware as well.