 Fight Back Computerworld Spyware Survey: Methodology and Detailed Results Sidebar: Plugging the Windows Hole Spyware's Pyramid Scheme or Anatomy of a Plague |  | | |
Corporate IT organizations aren't the only ones worried about spyware. With most attacks aimed directly at Windows, Microsoft responded in the past year with the release of Windows XP Service Pack 2 and other patches designed to close some of the more glaring security holes through which spyware writers insert their applications on users' machines.
Pop-ups are now blocked. So-called drive-by downloads, where users could pick up spyware simply by viewing a Web page in Internet Explorer, are much more difficult to pull off. And other exploits, such as dialog boxes that won't take no for an answer, are gone.
Earlier this year, Microsoft acquired antispyware software maker Giant Company Software Inc. Its product, rechristened Microsoft Windows AntiSpyware, was released as a free beta on Jan. 16, and it already has about 20 million users, says Paul Bryan, director of product management for client security. An enterprise version is planned.
Although Microsoft was criticized last summer for downgrading its suggested action for some adware programs it detects from "quarantine" to "ignore," Windows AntiSpyware has "pretty good preventive capabilities," says Gartner analyst John Pescatore.
So is Windows a harder target? Not really. Most of Windows SP2's security improvements have been "circumvented" by adware developers, claims Thor Larholm, senior security researcher at PivX Solutions Inc. in Newport Beach, Calif.
Pescatore agrees. "It's still possible to go to a Web site, click on something and get a browser help object installed," he says. Adware developers are not only moving forward with new techniques, but they're also exploiting newly discovered vulnerabilities.
Larholm has already run into one new technique. "In the last couple of months, we've seen a surge in the amount of spyware that uses rootkit technology to hide its presence from antispyware products," he says.
Bryan concedes that there's only so much Microsoft can do. Windows Vista, due next year, will bring other improvements, such as the disabling of ActiveX controls by default and user account protection that requires standard users to get admin credentials before they can install an application. But spyware is a moving target. "What you see is a morphing of spyware over time," Bryan says. "It's getting trickier and more challenging to deal with."