With spyware threatening corporate networks, whether it be adware hogging bandwidth or malicious code logging personal data, network executives are being forced to define their defensive strategies.

Lots of tools and software have hit the market recently, and network executives are left to decide which weapon works best - typically less-expensive gateway-based filters or more-expensive but possibly more-effective desktop software or, even more costly a combination of the two.

The Network World Clear Choice Test of enterprise spyware (page 52) suggests the gateway approach might be the best starting point for IT managers wanting to shore up defense quickly.

A gateway can filter out spyware at least as well as desktop software, based on the test of 18 products. Tester Barry Nance found gateways easier to administer than desktop machines. Plus, "users can't fool with it," as they might with their desktop software, Nance says.

Analysts weighing the pros and cons of the basic strategies also point out that the cost to install a gateway in many instances is going to be low in comparison with installing anti-spyware software on the desktop.

"The cateway alternative works reasonably well to reduce the impact of spyware, is less expensive to operate and maintain than desktop mitigation, consumes fewer overall resources and is readily controlled," says a security report titled "Enterprise Strategies for Defending Against Spyware" from Burton Group.

But Burton Group's stance toward anti-spyware gateways comes with several provisos. One is that organizations might want to deploy anti-spyware software on desktops if they have a substantial number of mobile desktops that can become infected. Burton Group urges IT managers buying for desktops to make sure anti-spyware products integrate with other technologies, such as network admission controls and anti-virus defense.

Using both gateway and desktop software anti-spyware will increase protection but clearly adds costs that could be hard to justify under a tight budget, a Burton Group report notes. "The added cost and inconvenience of running redundant systems may not be justifiable for the low-risk systems associated with spyware," the report says.

In all, Burton Group says any organization that considers its network environment "low-risk" may want to forgo buying anti-spyware protection at all (see graphic). That's because the anti-spyware market is still young. Industry consolidation is expected to occur quickly

There are an estimated 35,000 species of spyware, with more spawned every day But security vendors don't have the same name or classification systems. At Symantec, whose traditional strength has been anti-virus, the Trojans, bots and worms are classified as "malicious code." But "spyware" is simply "any program you probably don't want on your machine," whether it be dialers or adware, says Symantec's director of security response, David Cole.

He notes this definition is different from that accepted by the "pure play" anti-spyware product vendors without the antivirus background, which classify bots, Trojans and keyloggers as spyware.

In any case, detection mechanisms for these thousands of disputed spyware types can be expected to improve. The Network World test, for example, found a top detection and eradication rate to be at 90%, achieved by the McAfee Secure Web Gateway

Few expect demand for spyware products to stay small for long. Radicati Group, a consultancy estimates the market is at about $100 million today and will rise to more than $1 billion in the next four years.

Users agree they'll be spending more whatever strategy they choose. Although his budget is strained by other IT expenditures, including an e-commerce overhaul, Erik Goldof, IT systems manager at HoneyBaked Ham, says the spyware threat is big enough that he's trying to determine which protection would be best for his company

"Spyware steals CPU, and multiple adware products on the desktop bring it to a halt," at the specialty foods supplier in Norcross, Ga., Goldof says. "What gives them the right to do this!"

Even public schools now feel an urgency about combating spyware.

The Northern Buckeye Educational Council, in Archbold, Ohio, provides technology support and Internet services to 37 K-12 public-school districts in the state. Duane Baker, CTO for the group, says IT administrators found it appalling to discover that schoolchildren's laptops were infested with spyware, which relayed children's Web activity to unknown sources. "These kids click on things and they get it," Baker says.

Student laptops were becoming so clogged with spyware they downloaded - Claria's adware Gator is well-known to Ohio officials - the state's network saw bandwidth congestion, while officials felt growing concern that children's personal data might be stolen by some spyware code.

"We just don't think this is even legal under the Family Educational Rights and Privacy Act," Baker says. Because students are minors, it's doubtful the law would recognize a legal right to consent to download adware anyway, he says.