Richard Stiennon, vice president of threat research at Webroot Software, the firm behind SpySweeper anti-spyware tools, says the amount of snooping software is growing, though many internet users are currently unaware of the danger.

"Like spam threatened the online network and affected email use, so spyware is hampering the browsing experience," says Stiennon. "We are tracking 150 new pieces of spyware every week and that's not counting the 50 to 60 morphed software tools already out there. It seems like all spyware is written just to take advantage of Microsoft weaknesses so we are waiting to see the first kind that exploits the JPEG vulnerabilities."

Stiennon warns that unless firms do more to protect their systems, sensitive information could be intercepted, and companies could also face prosecution for failing to guard data in compliance with various corporate governance laws. "By exploiting most of the Internet Explorer vulnerabilities, spyware can take over web pages and generally re-direct users. In the worst cases it can lead to the taking of personal information, potentially putting firms at risk of breaching compliance with rules such as Safe Harbor [for data exchange with foreign countries], the UK Data Protection Act and Sarbanes-Oxley [a corporate governance law for firms listed in the US]," says Stiennon. "It is just as easy to be infected in this way as it is with a simple re-direct and you would have a real problem claiming that you had done everything you could to comply with best practices if you let something like that happen."

Stiennon argues that there is a requirement for consumer and enterprise versions of anti-spyware tools, because the two groups have different needs. "There are free [anti-spyware] tools available, and in some instances within the enterprise the IT professional will suggest that these are used to clean up isolated incidents, but when someone like the chief executive is involved, and if his machine is compromised, then they will look for a proper [enterprise] solution," he says.

Stiennon says that one difficulty for IT managers is that it is hard to estimate the true extent of the spyware threat, but adds that they cannot afford to be complacent. "There are a lot of enterprise problems but I only have anecdotal evidence of how many," Stiennon adds. "At a recent event I asked the audience how many had suffered with a spyware problem and every hand went up. In a recent survey Webroot found that up to 65 percent of 271 respondents had some kind of [anti-spyware] solution in place, but 98 percent of these admitted it was a free tool [rather than a stronger product designed to guard enterprises]."

Stiennon believes most users are still unaware of the impact spyware can have on systems. "Often you will get someone calling to say that their PC is running slow and they need a new one, when their existing PC just needs cleaning up. You'll find that there will be so many different pieces of [spyware and similar] software on their machine that it just slows down."

Get IT news on the move with our Pocket Edition.

About Richard Stiennon

Richard Stiennon is vice-president of threat research for anti-spyware tools vendor Webroot Software.

Before joining Webroot, he was vice-president of research at analyst company Gartner, where he covered security topics.

Stiennon joined Gartner from PricewaterhouseCooper's Technical Risk Services group.