Laura Garcia Manrique, group product manager of Symantec,
recently told me, "Spyware has become the spam of 2005." She's right. Spyware is the fear factor of the moment--it probably got you to click to this column, for example--but unlike spam, whose definition most people agree on, spyware is vaguely defined. This reveals itself in the competing products: some antispyware apps block more cookies, ad-serving software, and privacy-violating software than a competitor. And because of that fluidity in definition, spyware producers are now suing antispyware vendors over their classifications. Bottom line: You can't be sure that any given antispyware tool will catch what you want it to and ignore what it should, so you'll need to run more than one.
A definition, first
One generally agreed upon definition of spyware states that it is software that tracks personal information about you and transmits that information to third parties. I'd go further and add that spyware also installs itself along with software that you knowingly want to install on your PC. Additionally, spyware transmits data about your surfing habits to third parties. In other words, spyware behaves a lot like a Trojan horse.
Spyware is the fear factor of the moment--it probably got you to click to this column, for example--but unlike spam, whose definition most people agree on, spyware is vaguely defined.
We know how to handle Trojan horses. But unlike the antivirus industry, which identifies and removes malicious Trojan horses, the antispyware vendors do not yet share samples of newly discovered spyware with their competitors. Nor are there independent third parties to test and verify whether a given antispyware app even does what it says it does.
There was such a body, briefly. The Consortium of Anti-Spyware Technology vendors (COAST) was a group founded by PestPatrol (now part of Computer Associates), Webroot (makers of SpySweeper), and Aluria (makers of Spyware Eliminator). Among its goals, the consortium attempted to standardize the meaning of spyware, adware, and the more positive sounding "ad-supported software." Ad-supported software sponsors applications, such as the free version of Opera. Another goal of COAST was to sanction software as spyware-free with its seal of approval. But the process of taming various advertisers seeking to expose their products to as many eyes as possible proved impossible. In its 16 months of existence, COAST expanded to include newer members that tended to play fast and loose with issues of privacy and disclosure. By the beginning of February 2005, the founding members of COAST had all resigned, ending, for the moment, the promise of industry self-regulation.
It's because of this fluidity of what is and what is not spyware, and the money to be made by redirecting Internet users, that spyware producers are now suing antispyware vendors over their classifications.
Don't look for legislation to resolve matters, either. Like the ill-fated Can-Spam law that attempted to remove spam, I place little hope in the antispyware bill moving through Congress. The Spy Act, authored by California congresswoman Mary Bono and passed overwhelmingly by the House of Representatives last year, authorizes the Federal Trade Commission to police violations and impose fines of up to $3 million upon violators. Unfortunately, the Spy Act is in danger of becoming weak and ineffective as it moves toward the U.S. Senate. Just as the direct marketing associations lobbied to have Can-Spam watered down, special interests have succeeded in carving out many new exceptions within the revised Spy Act.
Too much latitude, perhaps
It's because of the fluidity of what is and what is not spyware, and the money to be made by redirecting Internet users, that spyware producers are now suing antispyware vendors over their classifications. One company, iDownload, recently sent cease-and-desist orders to several antispyware vendors, saying, in part, that the vendors were making disparaging remarks about its products. I suggest you read Brian Livingston's Windows Secrets column for the details. Such lawsuits are becoming more common. Last year TrekEight sued Symantec after Symantec listed Spyware Nuker as adware. Previously, Gator, a company known to serve up ads on infected PCs, also filed suit against several antispyware vendors in an attempt to clear its name. Gator has since changed its name to Claria. Finally, one company, MaxTheater, even stands accused of intentionally driving customers to its Spyware Assassin product for a free scan. The free scans often find spyware on desktops that are otherwise clear. The FTC has barred Spyware Assassin from continuing to make its deceptive claims.
Unfortunately there's no single magic bullet to remove spyware from your PC. For a holistic approach, I recommend ZoneAlarm Internet Security 5.5--the firewall will keep spyware from broadcasting any personal data about you, and the antispyware features within ZoneAlarm will clean your hard drive. In addition, because no one antispyware database is complete, I do recommend running Spybot Search and Destroy, Lavasoft Ad-aware SE, and/or Microsoft Antispyware (Beta)--all of which are free to download.
What is your preferred method of removing spyware? Do you use more than one antispyware app? If so, which? Talk back to me.