Spyware: Time for the law?

Anti-spyware vendors have come in from the cold. Now it's down to the industry to wake up and start addressing the problem
Written by Leader , Contributor on

Just like the new WEEE man sculpture that was unveiled across the river from ZDNet UK Towers this morning, the Infosecurity Europe security conference had a feeling of the recycled about it this year.

Same old companies peddling the same old fears, products and solutions, though we did notice one notable addition this year: the anti-spyware vendors who came in from the cold April showers. Let's be in no doubt here; they are sorely needed. Spyware in all is guises has been around for a good decade but only in the past year have we seen the established players even begin to address it.

Our own downloads channel here at ZDNet UK, which is fed by downloads.com (owned by ZDNet's parent company CNET Networks), has for some time banned spyware. This week we brought in a zero-tolerance policy and have extended the ban to cover adware too.

Why did we do this? Because you tell us that bundled adware is unacceptable, no matter how harmless it might be. Our own IT Priorities research tells us that spyware now ranks just behind viruses and network security in your security concerns — and ahead even of authentication. It's not just spyware, hijackers, Trojan horses and Trojan cookies you want rid of; you do not want adware either.

Just how badly some people don't want adware we illustrated on Thursday when New York attorney general Eliot Spitzer filed a lawsuit against Web marketer Intermix Media. Spitzer charges Intermix with being a source of adware and spyware programs that hinder e-commerce and cybersecurity.

It has taken the industry a while to appreciate the scale of the problem. This year at Infosec some of the established antivirus companies had added spyware-killing to the list of features on their products, but the industry as a whole needs to go further. For a start, we need an industry-wide definition that can lead to a self-certification process so people know what they are getting. Of course there will always be propagators of spyware who will disregard any industry self-regulations, for which there we have two further approaches: a proper, integrated approach to dealing with their malware by established antivirus and network security companies, or the law.

If the industry continues is laggardly approach, then the law may be the only real option.

Editorial standards