Notice: This blog is no longer updated. You may find a broken link or two

You can follow my new adventures @mikeonwine

Ok, so “desktop software”. I’d say there are three main types: Legitimate, Sketchy and Spyware. Legitimate advertising sponsored desktop software would include programs like Weatherbug or AOL Instant Messenger. Sketchy are most of the ‘toolbars’ that you can download for your browser, e.g. Smiley Central. Spyware are the programs that don’t even have an End User License Agreement (EULA). These could be spread via a virus, internet explorer Active-X controls that don’t require confirmation, or various other methods.

Here’s the thing. Of the three types, there is no damn reason to ever install anything but the first. Sure, you can get “cool smileys”, but what the vast majority of people don’t realize is that if you install the toolbar, you will soon be bombarded with popups. The business model is beautiful, offer some ‘free’ product, make the user agree to some complex legal agreement and then make free money! Popups make crazy cash, especially if they’re tied to your browsing behavior (e.g. show a Travelocity popup when you’re browsinng Expedia)!! Say you’re average desktop software gets on average $10-$20 CPM (CPM -> price you get for every 1000 ads you show). Now lets say your average toolbar will show you 10 ads per day, and in an average year you use your computer for at least 300 days. So, they get to show you 3000 ads in that period, netting them somewhere between $30 and $60! Think of the software you could buy for $60, some cool games, useful productivity things, or even some ‘cool’ things. True, you’re not actually paying the money, but wouldn’t you rather just spend the cash and not get 3k ads on your desktop?

Ok — so how bad is it? Well — thankfully there’s a State of Spyware report that is issued quarterly. Are you ready for it?

87% of consumer machines in the United States are infected with spyware, yes not Eight POINT seven, but EIGHTY SEVEN
Average number of programs on each machine is 29.5 … yes TWENTY-NINE POINT FIVE

Ok, so the report doesn’t specify the number of desktop machines in the United States… but lets just say it’s 100 million.

So… some math:
100,000,000 *.87 * 29.5 = 2,566,500,000 instances of spyare just in the united states.

Lets say each infected machine generates $30-60 in revenue per year — this implies that the industry is worth somewhere between $2.5 to $5 BILLION.

Wow… I’m in the wrong industry. According to MSNBC my math isn’t far off, they quote $2 billion, or 11% of all online spend goes to spyware.

Lawyer sleuths out mystery around ‘Winfixer’

Video of “end user experience” posted on Youtube: Fraudware Special Report:

Proving the link to the alleged perpetrators, their connections to Winfixer all the way through to the effects on Ochoa’s computer will be very difficult, she said.

“Forensics is everything,” she said.

This is very very true. If you look at my ‘Errorsafe‘ page, you see that the whois registration for each domain varies widely. This is a great step and I wish them the best of luck in tracking down the responsible parties and shutting down their operations.

Someone pointed me to an interesting blog post from StatCounter, that discusses how they were approached by an advertiser to place a ‘spyware’ cookie. What is a spyware cookie? It’s funny, I’ve always thought of “Spyware” as “Shitty desktop software that installs without user consent.” Which is, in fact, exactly what this wikipedia article says about it:

Spyware is computer software that collects personal information about users without their informed consent. The term, coined in 1995 but not widely used for another five years, is often used interchangeably with adware and malware (software designed to infiltrate and damage a computer respectively).

Interestingly enough, this entry has a strikingly different definition:

any software that covertly gathers information about a user while he/she navigates the Internet and transmits the information to an individual or company that uses it for marketing or other purposes

Ok, so I”m getting confused as hell. So next I did a Google Search for “spyware cookie” and clicked on the first entry and found this page.

Spyware Cookies are Intrusive
A spyware cookie is any cookie that crosses the line from helpful to intrusive. Spyware cookies are not interested in making your surfing experience better; the sole interest is to gather free marketing data to promote a sale of a product or service. Spyware cookies are placed on your machine by a consortium of websites that track your movement from one website to another.

Spyware cookies can track your every click and record all information you enter into non-encrypted online forms [...]

So I don’t know where the jackass from “” got his education in online technology, but a cookie is a text file. I will personally pay someone $100 if they explain to me how a TEXT file can track your every click and record all information you enter into non-encrypted online forms. But really, what IS the proper definition? Well, I don’t like any of the three above, so why not throw in an academic’s perspective while we’re at it — namely here’s a quote from Ben Edelman’s site:

[...]“spyware” software — programs that monitor user activities, and transmit user information to remote servers and/or show targeted advertisements. As distinguished from the design model anticipated by’s definition of adware (“any software application in which advertising banners are displayed while the program is running”), these spyware programs run continuously and show advertisements specifically responding to the web sites that users visit. Companies making programs in this latter category include Gator (recently renamed Claria), WhenU, and 180Solutions. Other spyware programs include keystroke recorders, screen capture programs, and numerous additional software systems that surreptitiously monitor and/or transmit users’ activities.

Wow, similar, but yet again, different! Ok, so since everyone and their mother seems to define spyware, I will too! I see a couple key themes: shitty, intrusive, advertising, personal information, communication, uberpowerful. So here goes!

Spyware, an uberpowerful software application that provides rather shitty and intrusive advertising on a desktop computer which communicates your personal information to some shady 14 year old in a basement in Oklahoma.

Spread the word! I won’t be the one to put this on wikipedia, but I dare someone to try! In all seriousness though — if we as an industry can’t get together an actually define what ‘spyware’ is, how can we stop it?