It's a classic good news/bad news scenario: On one hand, the problem of spyware is not abating. The upside is that IT executives appear to be more attuned to the issue. The newfound sensitivity is reflected in a Computing Technology Industry Association (CompTIA) survey released this week.
The organization said 55 percent of the 1,070 responding organizations said the amount of spyware they encountered has increased during the past year. The survey didn't represent an overwhelming "win" for spyware, however. Indeed, the most notable result was the even spread among security topics with which IT departments are concerned: Fifty-four percent cited lack of user awareness, 49 percent cited viruses and worms, 44.2 percent referenced user abuse and 41.5 percent noted browser-based attacks.
The egalitarian nature of the survey also was evident in a question asking what issues organizations think they will face in three years. Viruses and worms led with 20 percent, followed by spyware/malware (14 percent), wireless access (9 percent), e-mail/attachments (9 percent), phishing/social engineering/ID theft (5 percent) and remote access (5 percent). It is interesting that no issue scored more than 20 percent and that the most important current issue -- spyware -- was second in the future sweepstakes.
The survey by Cisco on governmental security concerns described at InfoWolrd also paints an interesting picture. It also found that spyware, along with bots, are the most pressing concern. The survey says that 65 percent of those queried are spending more time on security mandates than one year ago, while 4 percent are spending less. Perhaps the most interesting finding is that only 51 percent are more confident than they were three years ago in their security systems, while 12 percent are less confident. The comparative skittishness may be due to a greater familiarity with the problems and their growing gravity than a decline in faith in the solutions available.
This nice overview provides a good reminder on the overlapping terms associated with spyware and related nasty code. The tech.co.uk piece begins by describing popups, which are more an annoying than malevolent use of spyware. The writer references Webroot Software findings from last year that nine out of 10 PCs were infected with spyware. He suggests that the numbers may have been inflated -- the Prevx survey cited here suggests a far more modest one in six infected PCs -- since Webroot sells anti-spyware programs. In any case, there clearly is a lot of spyware floating around. The writer notes that there is a litany of dangerous code types under the spyware umbrella, including adware, rootkits and keyloggers. These, of course, are far more dangerous than popups.
Good advice on selecting the most appropriate anti-spyware and anti-virus software -- the author joins the two -- is available at BusinessKnowledgeSource.com. The thread through the suggestions is automation. This makes sense, since people tend to forget to manually update signatures and perform scans. The writer counsels users to make sure that their vendor's signatures are updated on a regular basis, that the software downloaded into the end device automatically checks for these updates whenever the user goes online and that downloads themselves are automatic.