Kelly Martin of Securityfocus writes about spyware in his current column which basically blasts antivirus companies (including his employer, apparently) for not providing enough protection. An excerpt:

Leading up to today, some of the largest anti-virus companies have virtually ignored the spyware problem because there is no profit incentive for them to do otherwise. Why bundle anti-spyware technology into your anti-virus product if your corporate customers, who provide the bulk of your revenues, aren’t willing to pay any more for the product?

Yet, he also asserts that spyware is costing companies millions. I disagree with the assertion that enterprises aren’t willing to pay – they will, once it becomes a big enough problem. A problem which I believe will be the big "winner" for 2005.

Heck, there are plenty of spyware solutions and companies available on the market today. Some are making good money, too. But larger companies generally let the market settle before they get in anyway; larger vendors are usually not the innovators. Heck, it also took those guys until this year to get into the spam game, and spam has been a real problem for about three years now.

But CA’s acquisition of PestPatrol is the first salvo in what will probably be another spate of acquisitions into the anti-spyware space. One of the issues, however, has got to be whether any of these solutions is actually effective in addressing the problem. False positives and negatives are still common. [I also have a problem with being told that every cookie on my machine is spyware, though that is a semantic issue, I suppose.]

Getting back to the title of this entry, I am curious whether Mr. Martin is shooting himself in his criticism of his employer… of course it could also be a plot to further demonstrate Securityfocus’ independence, or they could actually be independent.