Spyware and adware are rivaling viruses as online pests, but not only consumers are concerned: vendors and ISPs, who field the brunt of complaints, are gearing up for a fight.
"In the past 8 months we've counted 40 million incidents of nonviral 'malware' and since March, 11.4 million cases have been detected," said Bryson Gordon, senior manager in charge of antivirus vendor McAfee's line of consumer products and services. Like many antivirus vendors, McAfee has added spyware protection. "With 4.2 million Web dialers, nonviral threats are very serious concerns for consumers."
Gordon joined a panel of vendors and experts on spyware, adware, and privacy at a US Federal Trade Commission workshop on Monday. Participants aimed to define and understand the security risks and industry costs of such programs, which are proliferating.
Nonviral threats were the number one reason consumers called Dell's tech support last year, said Maureen Cushman, one of three primary legal contacts for Dell's consumer business segment.
"They represented 12 percent of all tech support," she said. "Data shows that spyware calls are longer and require much more troubleshooting. Usually the complaint is that the computer is performing slowly. This slowness is often perceived as a hardware problem, which hurts our brand."
Consumers do not understand the differences among adware, spyware, worms, and viruses, and the lack of knowledge costs ISPs huge amounts of money, said Austin Hill, executive vice president and cofounder of Zero-Knowledge. The company works with ISPs on security issues.
"The typical 25-minute calls mean a difference in cost of $15. That can wipe out an ISP's entire margin," Hill said. "People call their ISP angry and frustrated that their Internet is doing something unexpected. They assume it is the ISP's fault. Some are moving away from broadband and back to dial-up because they feel they didn't have the same problems with dial-up."
Consumers are at a greater disadvantage at fighting spyware than businesses, panelists agreed. That's because companies usually have technology departments that can address spyware problems.
"It is worth paying someone to fix it I've talked to people who think they need a new computer because their machines are so loaded with this stuff," Gilroy said. But the average consumer searching Google for anti-spyware software will find a bewildering selection of thousands of possibilities, he added.
"But what they don't realise is that a ton of those companies are actually spyware," he said. "The typical consumer solution can be harmful itself."
Roger Thompson, vice president of product development at PestControl, suggested part of the problem is a new type of hacker.
"Viruses are normally written by one of two types of guys. One of those guys usually grows up, gets a job or a girlfriend and they stop. But guess what? The adware type is backed by a whole company. This is profit-driven, so when will they stop?"
"There is a new type of motivation," he went on. "It's not to show off to friends. Now it is to send out spam, phishing scams, Internet worms, and to hijack pages for profit."
But adware "is trying to be a legitimate application," Thompson said, answering critics and skeptics.
Gordon agreed with Thompson, but cautioned that the increasing dissemination of adware will make it a target for hackers and viruses.
"With more than 100 million installations of adware, and we see those numbers increasing, I guarantee we see virus writers taking notice," Gordon said.