In two years, spyware has gone from mere nuisance to serious concern, catching companies so off guard that many executives today still don’t know what exactly spyware is. Think of it as a computer virus that has found a purpose in life. Viruses and worms have long posed a risk to corporate security because of their potential to bring networks down or corrupt important data. Spyware, on the other hand, doesn’t just want to ruin your day, it wants to track your every movement, collect data right under your nose, and perhaps transmit sensitive corporate information outside the company. And since spyware is economically motivated (rather than being launched at the whim of bored computer geeks), its perpetrators have ample incentive to concoct new and improved versions that are consistently more difficult to eradicate.
“I’ve never seen anything evolve so quickly,” says Sam Curry, vice president, eTrust Security Management, at Computer Associates (CA). “About 15 months ago, the calls started coming in from our enterprise customers one after another. It’s been lurking for a while, but now everyone is worried about it.”
Spyware is a catchall term that refers to software applications that reside on desktop machines or laptops and that log and often transmit information about that machine’s user back to the creator of the spyware. While it’s meant to be invisible, it often gives subtle signs of its presence. Last year, for example, the IT support staff at Miami Children’s Hospital noticed something just wasn’t right with the desktop machines used by the hospital’s 650 physicians and 2,400 employees. “We had machines that experienced freak reactions,” says Alex Naveira, the hospital’s information security officer. “They were running too slow or they reacted oddly to Websites and pop-ups.” After a battery of tests, the diagnosis was clear: an acute case of spyware.
Large Dollars Behind It
Provident Bank has also felt the strangling strain on support-desk resources that spyware brings. “We had a meeting several weeks ago and spyware was all we talked about,” says Sean Wasta, senior network engineer at the $6.4 billion commercial bank. “Desktop support is noticing it cropping up on a lot of people’s workstations, and it’s taking up a lot of their time.” The company relies on Microsoft Explorer-based interfaces for many of its internal applications, he says, and the glut of spyware hiding on users’ machines often prevents these applications from working properly. Antivirus solutions haven’t helped one bit. “Spyware ends up on all our desktops even though we have all the antivirus software applications,” says Wasta.
In fact, two-thirds of IT professionals and security administrators say spyware is the top network-security threat of 2005, according to a survey by WatchGuard Technologies. Market research firm IDC predicts that the market for antispyware software will climb from $12 million in 2003 to $305 million in 2008. It also estimates that about two-thirds of the world’s computers already have some kind of spyware on them.
Forrester Research predicts that 65 percent of companies will either purchase or upgrade antispyware software this year, making it the number one security technology of 2005. And most think the spyware epidemic is nowhere near peaking. “There are large dollars behind the scenes. The denial-of-service [DOS] craze and superworms never had this much money behind them,” says CA’s Curry. “Spam was a nuisance. This is a genuine security threat, and it will get worse before it gets better.”