Why Spyware is Replacing Viruses
Version 2005-05-30. Copyright 2005 by Terry Bollinger.

Where's the Real Problem?
I recently analyzed a laptop computer for a friend, and found 104 traces of minor spyware -- which qualifies it as the cleanest Windows system I've seen yet in terms of spyware infections. The system had zero viruses.

In one of my own systems, I deinstalled my virus checker months ago, and have been relying instead on Trend Micro's excellent online virus checker, Housecall (but see Note 1). After delaying several weeks from using Housecall again due to hacker attacks that made using IE too risky to use, I ran it again and found no viruses. During the same period I have had repeated serious hacker attacks that have attempted (and in some cases briefly succeeded) in placing hardcore spyware back onto my system, and before that I had found literally thousands of traces of spyware on my various home systems, back when I had been relying only on virus checkers for cleaning my systems.

On other systems it has been the same story: Hundreds to thousands of spyware traces, and few or no viruses. While most TV, radio, and magazine ads harp on and on about the danger of viruses, the blunt reality is that on most home and small business computers, it is the spyware that is exploding while viruses are dropping down to the noise level.

In short: I don't think we're not in Kansas anymore, Toto... with Kansas being that place where the viruses once thrived.

What Happened?
I would like to propose that this switch from viruses to spyware is both real and inevitable, and the reason is money.

A question can help explain the situation: Quick, why exactly do virus writers write viruses?

Did you find yourself hesitating there? Followed by something like, "to that they show they can," or "to flaunt their power?" Did you notices that when you get right down to it, it really is a bit hard to explain why someone would write a virus whose only purpose is to show the world that you can "get away with it." Sure, some people will do it, but it's not exactly a blockbuster motive for the vast majority of coders, even in the hacker world. It has, at best, a strong flavor of defiant teenagers trying to show how important they are to an oblivious world.

The "Maturing" of Virus Writers
Now, another question: Quick, why do spyware writers write spyware?

Now that one's a lot easy, if you are familiar with the history of spyware. They do it to make money.

More specifically, softcore spyware (mostly adware) is very specifically targeted at making money through advertising. Hardcore spyware, the kind that flaunts the law and launches no-holds-barred attacks against you and your systems, is more complex. However, hardcore spyware is very much about acquiring power, resources, and, when possible, hard cash.

In short, the teenage-like pranks of the virus writers of old are being replaced by a much more specific and easy to understand motive, which is to make money. I mean this more literally than you might think, since viruses often really are written by teenagers who don't need to worry much about money and support. As such young virus writers get older, the need to prove themselves decreases and the need for real-world income increases. A certain number of them will inevitably succumb to the temptation to apply their earlier virus-writing skills to more profitable undertakings and... Voila! a spyware writer is born.

The Eclipsing of Viruses
The bottom line of this argument is quite simple: Viruses will fade -- and in fact have already largely faded -- as the thrill of producing software that does nothing more than show off programming skills declines. Viruses will be replaced by a new generation of highly networked malware whose only purpose is to steal, build power, and remove cash from your wallet -- in short, spyware. The skills of spreading viruses will be applied not to showing off programming skills, but to building powerful distributed networks of stolen computer resources that have enough to hack into poorly protected systems and then make them part of that same network, Borg style. Once they are large enough, such networks will then get on with their real business of stealing you and your friends blind, both in terms of valuable data and in terms of real cash from bank accounts and transfers.

The Wild West of Cyberspace
There is an analogy that helps explain what is going on here: the fastest-gun ethic of the old American west. Increasingly, and often with out it being adequately recognized by authorities or computer users, cyberspace is being taken over by the electronic equivalent of the fastest guns. That is, the true rulers of the common person's cyberspace are increasingly whichever spyware writers can write the most powerful, most devious, and most treacherous software for removing you from your rights, property, and finances. Large corporations with dedicated security resources -- hired gunfighters with special expertise in how to use their own weapons -- often can fight off these desperados, but the average person at home or in a small busines is often almost defenseless, even if they have their own guns.

An Unstable Situation
Obviously, this is not a stable situation. As an informal guess, there are likely hundreds of thousands of Windows PCs and laptops around the world that are more under the control of spyware networks than they are under the control of their own owners. As the fastest guns duke it out in cyberspace, one of the more immediate consequences is that such systems simply freeze up and stop working, either because they have been fully taken over or because they are victems of spyware networks fighting with each other to control them. If you find that implausible, trying this: Ask yourself and your friends if you have seen any cases of PCs that mysteriously stopped working, yet still seem to be exchanging data furiously over their DSL connections. Ask around for anyone who has had a mysterious bill appear on their bank account, such as the person who asked my son what to do about th $400 bill that had been charged on dialup connection for locations she never heard of. Look at your own PC or laptop as you use it, and ask whether those mysterious pauses you keep getting while typing or using the Internet are really normal. In most cases, they are not. People have become so accustomed to Windows computers slowing down, getting "old," blue screening without reason, and exhibiting all sorts of odd behaviors that they do not realize that none of these are normal. A Windows system that is fully free of spyware is almost frighteningly stable. Once you have seen and used a truly spyware-free Windows systems, you begin to realize just how much you were overlooking -- and you will likely never again trust the odd behaviors seen in most untreated Windows PCs.

What is Needed
More than anything else, the computer and communications industries need to realize what is happening is cyberspace, and start taking it very seriously. A heartening trend is Microsoft's recent acquisition of GIANT AntiSpyware, which was a perceptive purchase that bodes well for Windows to provide some serious protection against spyware.

In the long term, however, we need the entirety of cyberspace to move to something more akin to the rule of law, instead of to the rule of the fastest gun. This is not an easy transition, and it's not clear that we even know how to do it. But knowing we need to get there is the first step.


Note 1: Although Housecall is a great product, it requires ActiveX and thus can be used only through the always-risky Microsoft Internet Explorer browser. For this reason, Housecall should be used only after you have thoroughly cleaned your system of spyware, installed a solid firewall, and used Windows Update to update both Windows and Internet Explorer. For a solid and easy-to-use firewall, I recommend the outstanding and free-for-home-use Sygate Personal Firewall. If you have a history of persistent hacker attacks, you may need the additional protection features of the for-purchase (roughly US$50 or less) Sygate Personal Firewall Pro, which I have so far found to be much better than the free version at stopping more subtle but increasingly common forms of hacker attacks used to install spyware on your system.