MAY 03, 2004 (COMPUTERWORLD) - Consumers have been using spyware-detection and -removal programs for some time, but the technology has yet to catch on for corporate use. One reason is that the tools are still maturing. Free spyware tools such as Spybot Search & Destroy are popular with consumers but don't meet corporate procurement standards.

"A lot of the [antispyware] stuff I've seen can't go through the regular supply chain process the [company] would like to see," says Sean, a security engineer at a large financial services firm. He has good reason to be cautious: Earlier this year, the Web site of one free antispyware program disappeared after allegations that the software was actually installing spyware.

Both free and commercial antispyware programs use signatures to detect spyware and require regular updates to stay current. Because defining which programs are legitimate and which are spyware is a gray area, some programs don't include signatures for any program that includes an enterprise license agreement, and administrators must decide which discovered programs should be quarantined or removed. This allows antispyware vendors to avoid lawsuits from vendors of adware and commercial surveillance and remote administration programs. Others identify everything and let the user decide.

"Unless something is clearly a remote-access Trojan, it's our mission to let people know what's on their PC without actually saying it's good or bad," says Roger Thompson, vice president of development at PestPatrol Inc.

On the commercial side, the choices are still limited. "Other than PestPatrol and Lavasoft [Ad-aware], there are not many enterprise-suitable packages," says Gartner Inc. analyst John Pescatore. But even these programs don't yet offer a centralized administration and management console. Meanwhile, makers of corporate antivirus products have been slow to include antispyware features in their offerings.

Symantec Corp.'s recently released Symantec AntiVirus Corporate Edition 9.0 includes signatures for "expanded threats" including spyware. Network Associates Inc. has a stand-alone consumer product and has added some spyware signatures, which it calls "unwanted programs," into VirusScan Enterprise 7. But neither product currently removes spyware, and neither one detects any program with an end-user license agreement. Says Candace Worley, product manager for McAfee VirusScan, "If it has an enterprise licensing agreement, we do not include it in the DAT file." That means some adware, remote admin tools, commercial surveillance tools and other spyware programs that may or may not be legitimately installed will remain undetected.

Ultimately, Pescatore expects consolidated security tools to emerge. "Enterprises can't afford a console for spyware, a console for antivirus, and console for [desktop] firewalls," he says. And as with antivirus programs, he says, antispyware tools need to move beyond signature-based technology to a behavior-based detection model to stay ahead of the game. The only other viable alternative is to lock desktops down completely so the user can never install anything. But for most companies, he says, "we know that's not going to work."