Digg this story   Add to del.icio.us  
Profitware
Kelly Martin, 2004-11-26

Some of the largest anti-virus companies have virtually ignored the spyware problem because there is no profit incentive for them to do otherwise. Meanwhile, spyware companies make millions.

The lure of big money can do funny things to people. It has spawned everything from white collar greed shown in the Enron scandal to the incestuous kind of corporate infighting you see in reality shows like Donald Trump's The Apprentice.

Money, investment capital and research has brought to science and technology many wonderful, incredible things, in fact too many to even mention. But today the lure of big money is also the underlying cause of the global spam epidemic, the dramatic rise in financial "phishing" scams, and the plague of a new kind of software that we have all come to universally hate: spyware.

We know that dubious companies are earning millions of dollars giving it to you, and on the other side it's also costing companies millions to remove it. Spyware companies are installing software on your Windows computer via fundamental design flaws in the operating system - an integral component of it known as Internet Explorer - that have virtually no functional limits. This is software that you don't want, didn't agree to have installed, is potentially malicious, and yet can be extremely difficult to remove. That's a virus to me.

The problem with spyware, and the way it has evolved, is that it's no longer a relatively harmless type of software that just tracks your clicks and reports back to whoever is listening. Spyware has grown, changed, and become more nasty: slowing computers until they're unusable, logging keystrokes, installing full Trojan horses, redirecting children to porn sites. Once thought to be benign adware that gets installed when you visit a website, now when you visit a website almost anything can be installed on your computer including trojans - through vulnerabilities in ActiveX, Javascript, Java and Internet Explorer. Many spyware companies are actively using these nefarious techniques to install their software, the same approach used by traditional viruses. This new kind of threat is known as the spyware virus, and should be treated the same as every other virus. So what are the major anti-virus companies doing about it?

Ignoring spyware

Leading up to today, some of the largest anti-virus companies have virtually ignored the spyware problem because there is no profit incentive for them to do otherwise. Why bundle anti-spyware technology into your anti-virus product if your corporate customers, who provide the bulk of your revenues, aren't willing to pay any more for the product? Note that most of the major AV programs already offer some rudimentary spyware detection, but there's a big difference between detection and prevention/removal. To top it off, the best standalone anti-spyware products on the market today are available free of charge. Where's the motivation to develop something better?

This is an unfortunate reality, as spyware is now so endemic to the security industry that it's a major mistake for any company to underestimate it. Part of the problem, and the cloak under which the AV companies can hide, is in the definition of the virus itself: there are traditional viruses, email viruses, polymorphic viruses, worms, Trojans, multimedia viruses, and so on. There's no end. But where is the spyware virus in that definition? Let's not mince words or get lost in a word game either: spyware viruses like CoolWebSearch, and there are others, are often just as harmful and difficult to remove (if not more) than a traditional virus or worm that seeks only to propagate itself to survive.

The most frightening aspect of the spyware virus is that it is malware pushed and promoted by companies, not individuals. These are legal entities who survive by continually testing and evading the boundaries of the law. Too often these corporations reside in countries, especially the U.S., where the legal system is so outdated or backwards that it has been much too slow to address the problem.

How bad is the problem? If you're still browsing the web with IE, it's bad. Real bad. Ben Edelman wrote an article recently showing that a visit to just one website can result in no less than 16 distinct programs being installed on a Windows computer. Just one website! That's ridiculous. There's even a video showing the infection in detail, for those of you who enjoy horror flicks.

Internet Explorer might be an inseparable part of the Windows operating system now, according to Microsoft, but users would do well to permanently switch to an alternative browser like Firefox to avoid these kinds of problems altogether. Yes, you've heard this many times before but it needs to be said again. Instead of having to manage two or three new desktop anti-spyware applications in the enterprise - because no single application will catch all kinds of spyware - it's far easier to deploy a single new browser to every desktop via automated desktop management tools, so you can manage the updates as well.

The anti-virus industry seems to be predicting that spyware and viruses will merge into one of the same problem over the next few years. Why is it, then, that we have to wait that long for them to properly address the problem? When are the AV vendors finally going to step up to the plate?


Kelly Martin has been working with networks and security since 1986, and he's editor for SecurityFocus, Symantec's online magazine.
    Digg this story   Add to del.icio.us  
Comments Mode:
Profitware 2004-11-27
Anonymous (1 replies)
True, but... 2004-12-01
Anonymous
Profitware 2004-11-27
WP
Profitware 2004-11-28
Anonymous (1 replies)
Profitware 2004-12-01
Anonymous
Profitware 2004-11-29
Anonymous
Profitware 2004-11-29
Seed
Profitware 2004-11-29
Anonymous
Good article, but I don;t agree 2004-11-30
Nick Braak (1 replies)
Good article, but I don;t agree 2004-12-07
Anonymous
Profitware 2004-11-30
Anonymous
Profitware 2004-11-30
Anonymous
Pointless Hype 2004-12-08
Anonymous


 

Privacy Statement
Copyright 2010, SecurityFocus