How worried are you about Spyware?

Everyone seems to be talking about Spyware these days.  I’d like to know how big a problem Spyware is for readers of this blog.  Is Spyware a top 3 concern of yours?


Comments (27)

  1. Mike Kolitz says:

    Absolutely. I’m not worried about it infecting me personally, but we’ve got an entire network of PCs (over 2500) to watch over, and it is definitely one of the biggest concerns we have.

  2. John says:

    I don’t worry so much for myself as I do for people in my family who don’t know how to protect themselves.

  3. Don says:


    The spyware/rootkit/trojan protection space is incredibly important and the products are simply not in the league of, say, Norton AntiVirus.

    I just spent three days with a 5 machine network completely shut down due to (I hope) a false positive from one of the spyware scanners. The problem is, if it’s a sophisticated rootkit then it’s designed to actively hide from scanners, so I don’t really have any way to know if the initial infection report was a false positive or if the infection was/is real and is simply now more effectively hidden from the scanner. All I know is that I was getting reports of an infection and now I’m not, which is an extremely troubling state to be in.

  4. Christopher Hota says:


    I’m a network administrator for a department of the University of XXXXXXXX – XXXXXX XXXX, and was previously a network admin for the University of XXXXXXXXX – XXXXXXXXX. (Note, I’m talking about Windows+AD+Ghost, etc; not Routers+Switches+Topology, etc).

    I can say that Spyware (and other types of malware) is a HUGE problem. We have started combating with a three-pronged approach:

    1) Having a strongly-worded Network Usage policy with "teeth."

    2) User education (ha ha).

    3) A complex GPO with Software Restriction Policies (names, hashes, certificates) applied to the domain.

    Of course, 1 and 2 aren’t that effective, as you may well imagine, but do give us something to fall back on when we confront the odd indignant network user.

    The third choice is effective, but only if you keep on top of it (new stuff is coming out all the time). At both places, we ended up hiring student labor to go out and actively download as much crapware as they could, and then add all that to the GPO. Students in the IS department are the best for this, as they’re usually on top of the hottest p2p programs, etc.

    Users are usually mollified when they hear what "spyware" is, especially faculty who are doing super-secret (HIPAA & FERPA) research.

    So to answer your question, yes, *anything* that creates an opening that might be a vector for attack on my machines is looked-out-for. I would say it is in my top 3.

  5. William Walter Gates V says:

    Spyware is my top concern. The destruction of data is one thing but the migration of data from the system is it on to one which should have the data is inexcusable.

    I would like to be better protection from microsoft in this respect. If it requires less automation from the Operating system for certain tasks, so be it.

  6. Vermyndax says:

    Spyware is flat-out the top most security problem. I recently moved to a different job because I was so tired of dealing with uneducated users who installed spyware. Spyware was one of the sole reasons for quitting. If I have my way, I’ll never do desktop support again because of it.

  7. Anderson Imes says:

    Absolutely. This kind of thing is a headache. It is first and foremost wrong that their makers intentionally place resource-consuming applications on a user’s PC without their expressed permission. It is secondly wrong, in my opinion, to ‘collect research information’ without my consent.

    These types of applications are a burden on Administrators and users. Spyware is a source of an invasion of privacy and often will cause an unknowing user’s PC to become slow with the loss in resources (programmers making malicious programs aren’t interested in resource conservation? you must be joking!) and can (in the case of my parents) wish to purchase a new PC to replace their current apparently slow machine – even though it’s plenty fast.

  8. Chris Haaker says:

    Very. Easily a top three. I would estimate 1-2 laptops and/or desktops are re-imaged a week due to suspected spyware issues. There needs to be an Enterprise-level spyware program to deal with this. The AV vendors simply have not responded fast enough with a good enough product. Sunbelt-software has an enterprise version in Beta and Webroot has released one as well but I am told it is simply the consumer version with an admin console added on. CA’s Pest Patrol is weak as far as the "management of clients" is concerned.

    Nothing to honk the horn about so far . . .

  9. Chris Haaker says:

    So when can we expect to see Microsoft Anti-Virus or Microsoft Spyware Stopper? 🙂

  10. Jeff Parker says:

    Spyware is the biggest problem out there. I spent 6 hours on Thanksgiving working on a family PC trying to get rid of a spyware. I am no dummy either, Safe, Mode MSConfig, Registry Editing, Stopping services, 6 Hours trying to track down how I could keep deleting it and it keep reinstalling itself. Following Guide on Norton which aparently is outdated, Using Adaware, tracking it down. Finally Installing Mozilla and changing the Icon to look like IE will get me by until christmas when I return to give it another attempt. This spyware makes surfing the web with IE impossible even on a XP SP2 machine. Go to google type in something to search for, get 20 pop up adds related to what you search for. Go to MSN search same thing, something is in there somewhere. And Can not be removed how much time is wasted world wide by spyware.

    For me no I never get spyware then again I do not click on the install things on every page I go to. SP2 has helped to eliminate them some but it still is a major nusance.

  11. Kristoffer Henriksson says:

    Definitely. Have you seen your relative’s computers lately? It ain’t pretty.

  12. Bill Canning says:


    I can say with total honesty that I have no idea what our product groups may be cooking up related to this topic.


  13. Bill Canning says:


    I think I am starting to get a feel that Spyware is bugging security people pretty bad (I figured it was, but you know what they say about assuming!).

    I have, however, noticed that most of the comments have focused on personal systems and home users. What about your organizations: Is Spyware causing major headaches at work?

  14. T Haug says:

    Huge problem. While the amount of spyware that I get personally is near nil, the fact that as a IT professional that I can get any is a concern. If seasoned computer users can get spyware, what hope does the rest of the computer using public have? I’m also exremeley worried about the rest of the users in my office, and the people that I know. I’ve had machines come back unusable since they run so slow and open 5,000 popups, all spyware related.

    And the other major problem that I see with spyware is that unlike a typical virus, which with a competent anti-virus app frequently updated, we can stop viruses in their tracks. But, spyware (and to the same extent, spam), we have a much less chance of stopping it proactively. All of our spyware problems are reactive, meaning we are infected and don’t know it most of the time.

  15. Dave says:

    Everyone who even deploys web applications should be concerned about it. We have users who call all the time because our web application has stopped working for them. Or demanding to know why when they click a link within our application, a new window opens trying to sell them cheap mortgages. Its usally stuff like IWon causing the problem. Our customer staff has been educated on helping users remove spyware, so should yours.

  16. Mike Kolitz says:

    Bill – it’s not a terrible problem in our organization, but it is a problem. Our users don’t run as local admins (well, most of them don’t), just as power users so that helps mitigate some of the issues, but we’ve had to open up certain holes to get apps to run correctly. This opens us up more than we’d like to be, and doesn’t do anything to mitigate the malware apps that are using exploits to do priv. esc.

    We do have some machines getting infected by malware, but the numbers are small… at least, the ones we know of. The problem is that the typical tools like AdAware et al. really aren’t corporate quality. There’s no easy, reliable way to deploy them, and no good way to get reports back from them.

    There needs to be a real, honest to goodness enterprise quality malware detection and elimination tool (pest patrol is close, but still has it’s problems).

  17. Jeff Parker says:

    Just got an email in on a subscription email CNET top 10 downloads this week from

    Spyware removal tools are Number 1,2 and 7 in the top 10 downloads this week. Winzip has spent 400+ weeks at number one on thier downloads list, dethroned by spyware removal tools.

    So is spyware a problem? it is more of a demand to get rid of it than to unzip anything.

  18. Howard Hoy says:

    Everybody that works in the IT field always has at least one good spyware removal story or should I say nightmare.

  19. Matt says:

    Very much so. Maybe not top 3, but it is a big concern. I’ve had to clean computers with 900+ spyware…

  20. James Geurts says:

    I personally don’t worry about it very much. Granted, I don’t do tech support and I’m the primary user on my machine.

    That said, if I had to share a machine and/or support one that is connected to the internet, it would be a PITA. In fact, I would think about installing KDE or some other non-Windows GUI, if possible, as an alternative.

    Maybe I’m obtuse, but I don’t hear about spyware problems from the linux/mac communities.

  21. Anonymous Coward says:

    Spyware scene is quite scary. An educated user/admin can take certain precautions but for a normal user it’s almost hopeless. Out of the box PCs come with a gazillion junk programs pre-installed that can be exploited. Some well reputed companies install spyware alongwith their software (SBC Yahoo! DSL used to do this).

    Why do you ask? What’s MS doing in order to imporve protection against spyware?

  22. Bill Canning says:

    I have asked the question because there has been a general conversation on my team about how big a problem Spyware is. It is pretty clear that Spyware is a big problem for home users (my home, too: my kids will click on ANYTHING!) That said, I was wondering if there were major problems inside organizations.

    Your feedback has been very interesting.

  23. James Geurts says:

    I have to admit that I was very interested to see that the VirtualPC guy just loads an image, for his kids to surf the internet with. That way, when they get spyware/virus installed, he can just revert to the saved image.

  24. Jason says:

    Spyware is definitely in the top three for me. But, it is a distant third right now, behind Knowledge Management and Asset Management.

    Right now, we are equipping users with programs like LavaSoft AdAware so that they can run the tool on their systems on a regular basis to help combat the problem, but it is not enough…

  25. Kris says:

    Just so my vote counts. For someone who does a lot of online banking, it is a big concern for me. I used to use IE for everything and just recently had been attacked where IE makes some random connections to websites other than the one I am connected to and couldnt get it cleaned up with all the shareware spyware tools. I finally had to switch to Firefox. I hope MS takes this seriously.

  26. Gert Van Gool says:

    For me personally, no problems. Only things I get are these tracking cookies …

    But when I’m at university ( it’s bugging that on ALL the pc’s is spyware. And I’m only a student there, so I can imagine how are admins must feel.

    At my dad’s school the problem is even bigger (he is principal of a elemantary school) All the teachers there have spyware installed. Once a teacher was looking for poems for Father’s Day and all she was getting were these porn sites.

    It’s consuming all my spare time to keep that network clean (and I’m not getting paid for it 🙁 )

  27. Tommy Akin says:

    I’m extremely concerned about data-mining & tracking spyware, as MOST users, EVEN IN MILITARY environments, have NO clue what or why it’s there. I have found recently that most civilian (GS) and contract IT employees (Unnamed US Pacific Base) aren’t even checking for it, and ignore client complaints of "slow" nodes! Complacent or Ignorant? The security "barn door" is wide open, Ladies & Gents! All the firewalls, routers & passwords won’t protect your data anymore!

    As an "aware" IT Professional, I run Ad-Aware on our network and have migrated to the FireFox Browser. We went from 250-300+ adware instances a week to <5, and no pop-ups at all.

    "The Price of Freedom Is Eternal Vigilence"

    It’s like Global Warming; if we continue to ignore it long enough……..

    So, that’s my 2 cents worth.