The Truth About Spyware

Spam and Spyware are both on my Internet axis of evil, along with viruses, comment spam, phishing, and DNS hacking.

I wrote a couple days ago that the truth about spam is that it has become managable and is not the problem it was a couple years ago.  Not everyone agrees with me on that, but I feel pretty comfortable making that statement.

The truth about spyware is that its still a big problem.  It’s where spam was two years ago.  There are tools to manage spyware.  Some of them are very good. But its unclear to me and to most users what is spyware and what is not.  So we run a spyware tool and whatever it finds on our computer, we take off. 

That’s where spam was two years ago.  The filters were blocking everything that came near the definition of spam and we ended up with a lot of "false positives" (email we want that doesn’t get through).

So what’s going to happen?  I think we need to look no farther than the spam wars to find out what is going to happen with spyware.  We are already half way there.  We’ve got the tools in abundance.  I have three on my machine already; SpySweeper, AdAware, and the new Microsoft Anti-Spyware tool (which used to be called Giant until it was bought by Microsoft).

I downloaded and ran Microsoft’s Anti-Spyware software yesterday.  The thing I liked most about it was that it didn’t lump everything it found together in the "bad" column.  It determined what was really bad, somewhat bad, and not so bad.  It gave me the choice about what to remove and what not to remove.

There are things on my computer that many tools determine are Spyware that are fine with me.  Just like I may get email that many people would consider spam that I am fine with.  There is no simple definition of Spyware that everyone can agree on.

Take cookies for example.  I rarely remove cookies from my machine unless they are associated with something I know I don’t want to be part of.  Most cookies bring me great benefit and I want them to stay on my computer.  But most spyware removal software suggests the removal of cookies.  That’s not right.

Another example is researchware.  There are a host of companies, including Comscore, our portfolio company, NetRatings, HitWise, Compete, and several more, that build opt-in panels of Internet users who allow them to monitor Internet usage that is then reported on an aggregated basis as market research data. This data is critical to every Internet business today and its a very large and important market.  Users who participate in these panels are often compensated for their participation in one way or another.  Most spyware removal software takes the researchware client off the computer.  That’s not right either.

Real spyware, like autodialers, credit card sniffers, keystroke capture, etc is really bad.  We know its bad and we are eager to get it off our computers.  It’s like porn spam and drug spam.

So the spam wars were all about figuring out how to determine what was bad and what was not.  It played out in the market and in congress.  And, though some would disagree, I believe we have achieved a good balance today. 

On the legislative front, we have the Can Spam act which outlines what is truly bad behavior and allows spammers to be sued and locked up for their outrageous acts.

And in the marketplace, we have a group of companies that sit between the mailers and the spam filters and arbitrate what gets through.  We have an company in our portfolio, Return Path, that is a leader in this market with their Delivery Assurance business. We have another company, Bigfoot Interactive, that sends email for  marketers and also provides services to insure that legitimate email gets through.  There are "white list" products like Bonded Sender and Habeas in the marketplace that produce data about senders and white list the good ones.  There are "black list" products too that showcase the really bad senders.

I believe we are headed quickly towards a similar model in the spyware world.

Congress is moving quickly on spyware legislatoin.  The House should pass its spyware bill any day now, called HR 29.  It passed last year but did not get through to the Senate and needs to be passed again.  That bill needs some work but is generally a good piece of legislation.  It does not make a strong enough distinction between the bad stuff and the good stuff and the Senate will have to rework it to protect things like cookies, which all major publishers rely on for registration and ad serving, and researchware, and probably a few more things I don’t even know about.

And the market will need to develop the third parties who will mediate between the publishers and market research firms who are legitimate and the spyware software vendors.  White lists and black lists and numerous other products and services will come into the market to provide this mediation.

In summary, the market works in the long run.  Bad guys who do bad things get caught eventually.  And the marketplace builds systems and businesses that provide protection for consumers from this bad stuff and ensure that legitimate business doesn’t suffer in the process.

I wish spam and spyware were never invented.  But now that they exist, I am happy that there is a way to manage them that allows the Internet to continue to exist in its open form which is the biggest benefit of all.