By Munir Kotadia, 1 April 2005 07:30
NEWS Around 90 per cent of malware found on both home and corporate PCs is spyware, according to internet security firm Panda Software.
Panda said it arrived at the figure after analysing data gathered from an online scanning utility. CTO Patrick Hinojosa said similar studies had found that around 90 per cent of computers are infested with spyware.
"Spyware is installed by many different methods and the infection is not usually visible to the user. These factors increase the infection rate for this type of malware," said Hinojosa.
Panda's findings do not surprise James Turner, security analyst at Frost & Sullivan, who said one of the difficulties when calculating spyware infestation was defining what was spyware and what was not.
"One of the things that fall into this category are cookies. You can say cookies from one particular site are spyware while cookies from another - such as Hotmail for instance - are not. There have been cases where an anti-spyware company has been taken to court by another company claiming its software is legitimate," said Turner.
He added that until anti-spyware utilities are easier to use, the majority of internet users will not be able to adequately protect themselves.
"It is hard for people to draw a line in the sand and say these cookies are okay and those are not okay. At that point it gets quite technical because the tools have not made it simple enough yet. It is still a new and emerging area," said Turner.
Munir Kotadia writes for ZDNet Australia
Comments
There are 4 comments. Join the discussion
1. Nick Cole
Cookies are always spy-ware. They are used to track information and pass it back. Such as logging into Silicon!
However site operators may well have good data usage and privacy policies but the lack of actual information about what the cookie is doing tends to make it more difficult to decide whether or not to accept them.
If the operators actually stated in the prompt why the cookie was being used clients could make a more informed choice about them. At present all we know (as long as we set privacy to prompt) is that a cookie is needed to be installed. In some instances the url may be different to the host site and therefore it is an easy choice, but how do we know whether or not the host has been hijacked, and just as importantly why do some sites have half a dozen cookies before a page is loaded?
As for other malware, it is all in breach of the computer misuse act. And any system that errs on the side of caution is better than one that allows an attack in the first place. Any organisation that issues software that may be interpreted by some as being malicious has to demonstrate that it wasn't and that is fair and reasonable. Perhaps if they were more up front about what they were trying to achieve and what their code was doing then such misinterpretations would be less likely to occur. There is such a thing as excessive commercial secrecy.
2. paul
malware has enormous consequences for society and i find it curious that little is being done to combat malware, other than the efforts of a few companies and websites.
malware wrests control from a user of a computer (or other device or system) without consent of the user, depriving the user of a basic human right, the right to self-determination.
it is puzzling that a society that prides itself on individual freedom expends little effort against malware. i would expect such a society to spearhead an international effort against malware.
one example of violation of the right of self-determination is when an unwanted pop-up appears, changing the "focus" of the computer to the pop-up, disrupting the work the computer user was doing.
another is intentionally misleading pop-up ads (such as erroneous warnings of spyware that direct to a spyware site or that direct to a site when someone clicks on the fake close window X in the corner of the pop-up) and are one way malware gets into computers.
spam causes a huge waste of time and network resources. often spam is sent through servers configured in their default "promiscuous" mode.
it is easy to find such servers on the internet and hijack them to send spam, i have done it for research, sending the spam to myself.
it takes just minutes to find 2 or 3 such servers. such server hijacking is done by spammers to cover their tracks.
Paul
3. Kate Stoney
Hi Munir,
What about cellular phone spyware ? What's the score in the US? In Europe, it is an emerging challenge for cellular operators.
regards
4. Jaap Koning
Hi Kate,
Are you the Kate Stoney, who used to live in St. germain au mont d'or?
if it is, please respond.
Jaap