Some of the largest anti-virus companies have virtually ignored the spyware problem because there is no profit incentive for them to do otherwise. Meanwhile, spyware companies make millions.
"...a visit to just one website can result in no less than 16 distinct programs being installed on a Windows computer."
Money, investment capital and research has brought to science and technology many wonderful, incredible things, in fact too many to even mention. But today the lure of big money is also the underlying cause of the global spam epidemic, the dramatic rise in financial "phishing" scams, and the plague of a new kind of software that we have all come to universally hate: spyware.
We know that dubious companies are earning millions of dollars giving it to you, and on the other side it's also costing companies millions to remove it. Spyware companies are installing software on your Windows computer via fundamental design flaws in the operating system - an integral component of it known as Internet Explorer - that have virtually no functional limits. This is software that you don't want, didn't agree to have installed, is potentially malicious, and yet can be extremely difficult to remove. That's a virus to me.
Leading up to today, some of the largest anti-virus companies have virtually ignored the spyware problem because there is no profit incentive for them to do otherwise. Why bundle anti-spyware technology into your anti-virus product if your corporate customers, who provide the bulk of your revenues, aren't willing to pay any more for the product? Note that most of the major AV programs already offer some rudimentary spyware detection, but there's a big difference between detection and prevention/removal. To top it off, the best standalone anti-spyware products on the market today are available free of charge. Where's the motivation to develop something better?
This is an unfortunate reality, as spyware is now so endemic to the security industry that it's a major mistake for any company to underestimate it. Part of the problem, and the cloak under which the AV companies can hide, is in the definition of the virus itself: there are traditional viruses, email viruses, polymorphic viruses, worms, Trojans, multimedia viruses, and so on. There's no end. But where is the spyware virus in that definition? Let's not mince words or get lost in a word game either: spyware viruses like CoolWebSearch, and there are others, are often just as harmful and difficult to remove (if not more) than a traditional virus or worm that seeks only to propagate itself to survive.
The most frightening aspect of the spyware virus is that it is malware pushed and promoted by companies, not individuals. These are legal entities who survive by continually testing and evading the boundaries of the law. Too often these corporations reside in countries, especially the U.S., where the legal system is so outdated or backwards that it has been much too slow to address the problem.
How bad is the problem? If you're still browsing the web with IE, it's bad. Real bad. Ben Edelman wrote an article recently showing that a visit to just one website can result in no less than 16 distinct programs being installed on a Windows computer. Just one website! That's ridiculous. There's even a video showing the infection in detail, for those of you who enjoy horror flicks.
Internet Explorer might be an inseparable part of the Windows operating system now, according to Microsoft, but users would do well to permanently switch to an alternative browser like Firefox to avoid these kinds of problems altogether. Yes, you've heard this many times before but it needs to be said again. Instead of having to manage two or three new desktop anti-spyware applications in the enterprise - because no single application will catch all kinds of spyware - it's far easier to deploy a single new browser to every desktop via automated desktop management tools, so you can manage the updates as well.
The anti-virus industry seems to be predicting that spyware and viruses will merge into one of the same problem over the next few years. Why is it, then, that we have to wait that long for them to properly address the problem? When are the AV vendors finally going to step up to the plate?