Spyware Report Raises Broader Questions

Amid complaints from consumers and privacy advocates alike that spyware has reached epidemic status, EarthLink and Webroot Software yesterday released the third iteration of their SpyAudit Report. The report, which seeks to chart the onset of spyware on consumer PCs, found that in the first six months of 2004, users of the EarthLink/Webroot SpyAudit detection programs discovered nearly 55 million instances of spyware in the 2.07 million scans they conducted. That's an average of 26.5 instances per scan.

"[Spyware is] where spam was two or three years ago," warns Webroot founder and CTO Steve Thomas.

While all agree with Thomas's contention, industry pundits immediately questioned the survey's methodology, wondering whether its expansive definition of exactly what constitutes spyware may have inflated the end figures.

"They're classifying adware cookies as spyware, which is an unfortunate misuse of the term," says Trevor Hughes, executive director of the Network Advertising Initiative. "Cookies are not spyware." He points out that of the 54.8 million instances of spyware reported by the audit, 42.6 million of those were adware cookies.

"In the federal debate right now [about spyware], everybody has recognized that cookies shouldn't be on the table," asserts Hughes. "There are amazingly robust consumer controls in all of the Internet browsers to protect people from that. EarthLink is doing a disservice to the marketplace by suggesting that there are 55 million pieces of spyware out there when the real problem lies in system monitors and Trojan horses."

The SpyAudit Report uncovered 332,809 system monitors and 366,961 Trojan horses during the first six months of the year, or nearly three instances per SpyAudit scan.

Thomas concedes that cookies are "sort of on the fringe" between noxious tracking mechanisms and helpful Web tools. He notes that the study distinguished between cookies that are used for tracking and those that are not (which were not counted as instances of spyware). "What you can't lose sight of is that adware is not just a benign application anymore," he stresses. "Some of it is truly malicious."

Beyond the debate over the survey's definition of spyware, Thomas, Hughes, and cyberspace attorney and Executive Director of WiredSafety Parry Aftab agree that the spyware epidemic is likely to get worse before it gets better. The reason for this is simple: the cost to marketers is negligible. There are no expenses for postage or printing, and even a mere 1 percent response rate can mean a sound return on investment.

To attack the spyware scourge, Aftab believes consumers must make it clear that they won't purchase products and services from companies who insist on marketing to them in an underhanded manner. "It's the new spam. If people had spoken up about spam a few years ago, we wouldn't have the problems we're seeing now," she says. "They hide the information about this on page 22 of the 'I accept' or 'I agree' page for downloading software, which is really disingenuous."

Education efforts such as a joint effort between Marvel Comics and WiredSafety could give the anti-spyware push a more effective short-term boost than anything the government might do. The Federal Trade Commission is planning to hold hearings within a few months, but is said to be hoping for self-regulation in lieu of government action.

"People are going to have to do some careful thinking," Aftab says. "If there's legislation, it has to make the right distinctions, like between spyware and parental-monitoring software."

An EarthLink representative did not return a call for comment

Next story loading loading..