Spyware affects both PC performance and network security. For example, adware programs that serve pop-ups or track user Web activity can drag down a PC's operating speed or cause programs to fail. Such problems inevitably generate help desk calls from irate users. Other spyware is plain malicious and may leak sensitive information or render the machine vulnerable to remote control.
Traditional anti-virus products can, to some extent, handle the security risks. Desktop anti-virus software can catch known Trojans and keystroke loggers that arrive via e-mail or are discovered on the hard disk during a scheduled scan. Both anti-virus and anti-spy software use signatures to catch these malicious programs.
However, there are three reasons why anti-virus products have been slow off the mark to explicitly address spyware. First, spyware is often delivered via the Web rather than over e-mail. Sometimes spyware can insert itself through browser vulnerabilities. The Download.Ject Trojan, for example, loaded itself onto PCs by exploiting a bug in Internet Explorer. Most adware programs are bundled with free games, peer-to-peer programs, or utilities such as weather monitoring tools that are installed by the user, so traditional anti-virus scanners won't catch them during download.
Second is how spyware is defined. While Trojans and keystroke loggers are clearly malicious and usually illegal, adware exists in a gray area.
"There's a liability issue with spyware," says Bob Hansmann, product marketing manager at Trend Micro. "A lot of companies [that make user tracking programs] call what they do a legitimate marketing practice."