I feel very sorry for Windows/IE users. Not only are they susceptible to all kinds of spyware/malware, but the protection they buy may not be protecting them at all. I am talking about commerical spyware removal and protection tools.
Tools such as Computer Associates’ PestPatrol™, Webroot’s Spysweeper, and Sunbelt Software’s CounterSpy, are designed to protect computers (ok, Windows computers), but defining what to protect against may be a bigger problem to begin with.
Spyware programs act much like anti-virus definitions, or even an email blacklist. What is on the list is what gets protected against. What is not, does not. How a program gets on that list may be subject to some debate.
For example, PestPatrol has a list of criteria a program needs to meet before it is included on a “scrub list.” This list is quite lengthy, but still subject to interpretation on the part of the company. Other anti-spyware vendors claim they don’t use limiting criteria, but I think that is bunk. A malicious program gets on the list somehow, and that somehow has to be based on some criteria, that is unless these vendors put ALL software on their definition lists, and require vendors to prove themselves off (which we all know does not happen). Before you laugh at the thought, remember that firewalls like ZoneAlarm have challenge systems built in – no software on your machine gets access to the internet until you give it permission to, so this is not such a far fetched concept.
Unfortunately, this whole list concept seems ripe for abuse. I wonder how much money or coercion it takes for a anti-spyware vendor to either take a piece of code off the list, or tweak the rules so someone can get around them. With the threats against spyware vendors and critics continuing, it seems money could easily stand in the way.
And that doesn’t bode well for Windows users. This is, by the way, a primarily Windows issue (which is exacerbated by using Internet Explorer). Until permissions for writes to the drive and registry, as well as the freeway memory resource allocation, are restricted without workaround, this problem is going to persist. That is, unless we continue to see record results out of Apple and RedHat, at which time we will know people have just gotten sick of all the computer threats they have to deal with day in and day out, and move to a UNIX-like platform where those threats are severely diminished.
You can read The Chaotic World of Defining Spyware from eWeek, if you want the long version.