Last month the Federal Trade Commission underscored its new OnGuardOnline.gov initiative against online fraud and ID theft by going after a New Hampshire company whose business model apparently includes surreptitiously downloading spyware bundled with anonymizing peer-to-peer software.
The company's founder, Walter Rines of Stratham, N.H., denies any wrongdoing, pointing to a disclosure deeply buried in the user agreement and an uninstall tool that, the FTC claims, actually adds more software. Whether a judge later decides if Rines' Odysseus Marketing plan is legitimate or if the company should be shuttered, the move signals the government's increased role in hunting down parties behind one of IT security's biggest headaches: spyware.
It's a significant link in that chain, too, for the feds to ramp up its search for spyware promoters, according to an online SearchSecurity.com survey conducted last month. Fifty-two percent of 304 IT professionals said the government should regulate spyware. Some 24% thought the government should stay out of it, while almost as many weren't sure. Those still uncertain could lean towards government intervention if these pursuits do shut down sites and land more malicious code writers behind bars.
Government employees, by the way, represented the biggest demographic taking the survey. One in five serves in IT at the local, state or federal level.
"Government is supposed to be about protecting the people, not controlling them and not subjugating them to anything," said one of those surveyed, an information systems manager and network engineer named George Kincer, who works for a 210-employee department within the state of Tennessee. "And I think both the state and federal levels have failed to recognize the problem and to deal with it.
"Now the failure could be the result of good lobbying," Kincer added, hinting at the influence of well-moneyed constituents with a stake in how spyware is defined. "And it could be a case of people just not recognizing what's going on soon enough."
Kincer said two years ago he tried to get his legislators to propose antispyware legislation and no one seemed interested. Voters in other states pushed similar initiatives, but the vagaries surrounding so-called illegal programs drew bill-busting criticism. However, much has changed since then, with spyware more sinister and its economic impact easier to discern. Time's now ripe, the seasoned systems manager believes, to insist on a stronger response from government, beginning with establishing legal parameters and acceptable behavior in the Internet community.
Until then, that responsibility falls largely on consumers through common sense (don't download or open anything from an untrusted source) and employees abiding by enterprise acceptable use policies. SearchSecurity.com survey respondents tended to have a written policy that prevented or limited freeware, P2P, toolbars and other suspicious downloads. In fact, the ratio of those with a written policy to those without ran 2-to-1.
Now, whether employees follow the company's rules is another matter entirely.
Among the more surprising findings in the SearchSecurity.com survey was the high number of readers who claimed their users aren't aware of spyware's dangers. Almost 47% believes a majority of users were clueless. Another 40.5% gave users credit for at least knowing the dangers, while 12.8% weren't sure.
Those numbers buck a new Trend Micro survey of 1,200 international users that found 87% were aware of spyware and the risks the malicious code pose. Forty percent of U.S. workers had encountered spyware, compared to 23% in Germany and 14% in Japan. The same company, however, also discovered in the results that workers took more risks online while at work, believing the company had more technical safeguards in place to prevent infestations. Such brazen behavior obviously undermines security administrators' efforts, especially their acceptable use policies.
Consumers are again asking the infrastructure owners, particularly Internet service providers, to step up and help block spam and spyware. But their contributions are still controversial.
Meantime, the government's judicial arm must wield more weight -- and results, survey respondents say. "They've only prosecuted so few virus writers and hackers that until they clamp down on these spyware people, it's only going to get worse," said Dana Wood, a computer and network specialist with Dinshaiwa, a power-tool company based near Portland, Oregon.
Kincer believes improvements are coming. He has some simple advice for those in the trenches grappling with spyware on their systems. "Have patience. Have faith. Things are getting better."
Note: This story originally appeared on SearchSecurity.com.