Anti-spyware Spending Set To Skyrocket

According to Framingham, Mass.-based IDC, the need to search out and destroy spyware will drive anti-spyware software revenues from $12 million in 2003, to $31 million in 2004, to $305 million in 2008. This is great news for vendors already in the space- such as Webroot and Computer Associates-owned PestPatrol--as well as for the anti-virus firms just now entering the marketplace.

The big boost in spending is due, said IDC's Brian Burke, a research manager for the firm, to the rapid rise in spyware on systems and the trend of its "destructive effects [escalating] from home PC nuisance to serious corporate dilemma." By IDC's estimate, more than two out of every three consumer computers are infected with some sort of spyware. On Wednesday, anti-spyware vendor Webroot estimated that business PCs are infected at nearly the same rate as consumers' PCs.

Spyware is the term given to software that installs and operates without the user's knowledge--sometimes added to a PC if the user simply browses to a Web site--then collects surfing data or, in some cases, spies on keystrokes or system activity to hijack financial information or log-on passwords.

Even though much of what's classified as spyware is benign, it can still wreak havoc with everything from the desktop and corporate-network performance to employee productivity. "[And] it crosses the boundary between security and system management by deluging help desks with a siege of employee complaints about pop-up advertisements, applications failures, and poor PC performance," said Burke in a statement.

Some PC vendors, for instance, blame spyware for the rise in support calls. As recently as October, Dell executives said spyware accounted for 15 percent of its support calls, a dramatic uptick from 2003's measly 2 percent.

Spyware's becoming more than just a consumer problem, added Burke. "More malicious spyware can easily infiltrate corporate firewalls," he said. "These programs make their way into the corporate intranet under the guise of less-threatening network traffic and, once in, they can wreak havoc."

Richard Stiennon, the director of Webroot's threat research team, noted that spyware could easily be aimed at corporations rather than spewed willy-nilly across the Web. "Some virus attacks today target particular corporations; there's no reason why spyware couldn't be used in the same way to steal intellectual property or financial information."

Burke warned that the most malicious types of spyware--programs that track keystrokes or scan hard drives or change system settings--could lead to the theft of employee identities, corruption of data, and even the stealing of company trade secrets.

In a recent IDC survey, enterprise users labeled the plague as the fourth-greatest threat to their company's security,

"Dealing with spyware is like the game 'Whack-A-Mole,' where a never-ending series of problems keep reoccurring," said Chris Christiansen, an IDC vice president.

The plague will drive customers toward anti-spyware products that are more comprehensive, Christiansen added. In the end, however, it's more likely that spyware defenses will simply be rolled into already-in-place defenses than remain separate software. "Client solutions will gain substantial market success, but we also believe that spyware will quickly become a key feature in anti-virus products, security suites, and server-based gateways."

That's already happening. Computer Associates, for instance, has announced plans to integrate its acquired PestPatrol technology with its eTrust anti-virus titles, and McAfeerecently rolled out an add-on to its enterprise-oriented VirusScan product line.

"This rapidly growing market has become one of the hottest topics within the past year," said Christiansen.