What is spyware? Generally speaking, most people think of spyware as software that grabs or alters personal information on unsuspecting users' machines. But this overly broad and amorphous notion covers everything from adware that gathers information on browsing habits to keyloggers that steal personal information. That presents problems for the security industry.
Examining the range of activities that fall under the general and nebulous spyware umbrella underscores the dilemma:
AV tools typically quarantine or delete it when they get a signature match, but one person's spyware is sometimes another person's business model. There's real concern about legal action from "legit" adware companies.
Therefore, most AV tools have signatures only for the most egregious spyware specimens.
In particular, traditional antivirus vendors, who have, at least until recently, have been slow to jump on this threat, in part because of legal adware that users may have knowingly or inadvertently approved when they check "I agree" to some dense end-user licensing agreement when they install software or sign on for some service.
Antispyware programs, on the other hand, usually don't automatically quarantine or uninstall detected specimens. Instead, they leave the decision for deletion up to end users or administrators, somewhat alleviating the lawsuit issue. That's why we often see antispyware labeling a detected specimen as Potentially Unwanted Programs (PUPs), instead of calling it malicious code. Spyware is only potentially unwanted, and it's up to the user or administrator to make the final call.
About the author
Ed Skoudis, CISSP, is a contributing editor for SearchSecurity's sister publication, Information Security magazine. He is also cofounder of the security consultancy Intelguardians and author of Malware: Fighting Malicious Code and Hack-Counter Hack.