Spyware will be one of the top security threats business-technology professionals face this year. Last week, Microsoft joined a number of vendors jumping into the anti-spyware market with the beta release of its Windows AntiSpyware application.
Microsoft estimates that one-third of PC crashes can be attributed to spyware infections, says Amy Carroll, director of Microsoft's security business unit. Dell has placed the number of tech support calls attributed to spyware at around 15%.
Spyware and adware have become as much, if not more, of a problem than viruses, says Mark Sidden, IT director at textile provider Unifi Inc. "Most of the antivirus applications are fairly mature. That's not true yet with spyware solutions," he says. "The spyware problem caught security vendors off-guard. It'll be a year or more before the tools are probably ready for large businesses."
But the push is on. McAfee Inc. and Symantec Corp. added enhanced anti-spyware features to their security applications last year, while Computer Associates acquired anti-spyware vendor PestPatrol Inc. last summer. Webroot Software Inc. recently released software to help businesses rid their systems of spyware. And in the first half of this year, patch-management software maker Shavlik Technologies LLC will unveil its anti-spyware application designed for businesses.
Windows AntiSpyware, based on technology Microsoft acquired when it bought Giant Company Software Inc. in December, detects and removes known spyware threats from PCs, Carroll says. The application will protect users from more than 50 techniques that Web sites and malicious apps use to plant spyware on PCs. Microsoft won't say if it will begin charging for Windows AntiSpyware after the beta program. "We want to get the beta out there to focus on customer feedback," Carroll says, adding that specific decisions about the final product haven't been made.
Microsoft also will release a malicious-software-removal tool on Jan. 11. The software will help users remove viruses and worms such as Blaster and Download.Ject from infected PCs. The virus- and worm- cleaning tool will be updated monthly or as needed if a fast-spreading outbreak occurs, Carroll says.
There has been a lot of speculation about if and how Microsoft would begin selling antivirus security software for what Merrill Lynch projects will be a $395 million market this year. In June 2003, Microsoft bought the intellectual property and technology assets of Romanian antivirus company GeCAD Software Srl. Before that, Microsoft acquired Israeli security software startup Pelican Security, which developed software that determines the behavior of applications and stops malicious activity.
Industry analysts are skeptical that Microsoft will immediately target Windows AntiSpyware for business use. "The initial impact will be purely consumer and home offices, but by 2006 small and midsize businesses could begin using Microsoft," Gartner analyst John Pescatore says. "It won't be until after Longhorn ships that enterprises begin to take a look at Microsoft as a security provider."
If Microsoft is to succeed at becoming a trusted provider of security software, the company will have to overcome the perception held by many that it's scrambling to fix a problem created by the security flaws in its own software. "They're sending out a program to fix their own programs," says Glenn Wright, senior telecommunications technologist for the Delaware department of technology and information. Says Wright: "You don't want a bug to fix a bug."