It may not shock anyone that spyware infections are commonplace. However, just how rampant those infections are...
-- and their effects -- may show that their impact up to this point has been underestimated.
More than 84% of almost 2,000 frequent Internet users surveyed by the Ponemon Institute stated that their computer is infected with spyware or has been at some point in the recent past. More than 87% said it had resulted in productivity losses. Another 34% stated that they could not use previously
About 15% of spyware victims reported that they experienced monetary damages resulting from having spyware on their computer. The average loss is estimated at $49.7 incurred over the past 12 months. While this average amount is small, extrapolation to the national population of Internet users would likely result in costs of hundreds of millions of dollars. About 26% of respondents said they purchased antispyware or antivirus software as a result of spyware infections. Another 14% said they hired a computer pro to fix their desktop or laptop. The remaining cost components include complete computer replacements, and the purchase of additional security services from ISP or DSL providers.
The National Spyware Study, released today, was sponsored by Unisys Corp.'s Security Leadership Institute. Privacy advocates, ad software technologists and other experts contributed to the design of the study. Respondents consisted of 1,944 U.S. adults that self-reported spending one or more hours each day on the Internet.
Many respondents didn't have a clear understanding of the differences between adware and spyware. Almost half failed to identify this statement as correct: Both spyware and adware assist in gathering information ... and send it to other interested parties. Adware is downloaded in exchange for free software or other offers. Spyware is downloaded without your consent or awareness.
Where does it come from?
Of individuals reporting that their computers had spyware, about 97% don't recall seeing an end user licensing agreement [EULA] prior to downloading free software that likely caused the spyware infection. And 42% don't understand how adware or spyware was downloaded or unleashed on their computer.
Despite their concerns about spyware, 13% of respondents admit that they don't read the EULA prior to downloading free software. The survey also showed that the percentage of those who do not read the EULA is comparable to those that don't read privacy notices and Web policies.
More than 90% of respondents download free software on the Internet. The most common programs include music players, screen savers and games. Almost of these popular software products bundle in adware or spyware downloads.
Legislation in the offing?
In general, most respondents state that they do not want new antispyware laws if they prevent them from obtaining free software. However, they do want to see new regulations that prevent adware companies from collecting and using information that identifies individuals and their families when using the Internet.
The majority of respondents don't understand Internet economics and, especially, the ad server marketplace. Nearly half of respondents don't appear to understand how "free" software programs earn profits. Nearly one in five believe that these companies obtain payment or commissions from ad software companies for each successful download.
Most respondents don't like being tracked by adware, spyware or researchware companies on the Internet. Nearly half state that it is never acceptable to track their activities when online.
In addition to controls over "bad apple" advertisers, results suggest the need for consumer outreach to raise awareness and understanding about the risks associated with "free" software.
About the author
Dr. Larry Ponemon is chairman of Ponemon Institute, LLC – a think tank dedicated to advancing responsible information management in business and government. Ponemon is an adjunct professor of ethics and privacy at Carnegie Mellon University's CIO Institute and CyLab faculty. He is a founding member of the Unisys Security Leadership Institute.