Seeking spyware remedies 

It's time for enterprises to take the threat seriously

We’ve all been hearing a lot  lately about spyware, those nasty little apps that secret themselves onto your computer, hog resources, change your default settings, and maybe even steal personal information and send it to third parties. Despite all the talk, spyware still isn’t getting the attention it deserves in the enterprise.

Case in point: In a recent study cited in our cover story, only one-quarter of IT managers thought spyware constituted a problem. Yet another poll revealed that 92 percent of the organizations surveyed had been hit with the spyware plague at some point.

Perhaps the enterprise’s dismissive attitude stems from a basic misunderstanding. Author Michelle Delio interviewed a slew of experts, among them Kevin Harvey, of tech consultancy Forsythe, who noted that some IT folks believe spyware is “just an annoyance.” If so, he says, “they are missing the whole point. The issue is that spyware allows confidential information to be divulged efficiently and discretely.” That kind of breach represents a potential disaster for the enterprise.

Interestingly, the politicians are more spyware savvy than many IT administrators. California Gov. Arnold Schwarzenegger, for example, just signed an anti-spyware bill. Other states have similar legislation in the works. At a federal level, the Internet Spyware Prevention Act is currently wending its way through Congress. Though many applaud the sentiment, most experts believe these laws are riddled with loopholes and are not likely to be effective.

Even if the bills are tightened up, the problem won’t be fixed by legislation alone. “Most spyware — no matter how horribly it may ravage a computer and its owner’s privacy — is technically legal,” Delio says. That’s because spyware usually infests computers after users download software, such as a peer-to-peer app or IE toolbar, and agree to the EULA (end-user license agreement), without reading it. “Once they’ve clicked ‘yes’ to the EULA,” Delio says, “they’ve given permission to install the spyware,” which can then go about its dirty little business with impunity.

As is often the case, the best way to solve a software problem is to add more software. Anti-spyware utilities such as Ad-Aware and Spybot Search&Destroy have been available to end-users for some time, but enterprise-level spyware killers have been scarce — at least until recently. That’s why we asked Contributing Editor Keith Schultz to evaluate two of the leaders in this emerging category (see “Counter-spies on the LAN”). He put the software through its paces as a succession of hurricanes lashed his Florida-based offices. In the process, he learned a simple truth: Spyware may be destructive, but it’s nothing compared with Hurricane Ivan.

Nothing like a dose of Mother Nature to put matters in perspective.