Well, Im glad to see this is turning out to be a popular thread with some intelligent discussion.

Truth be told, that is the best defense against all malware - intelligent application of what you are doing (an no blind-clicking!).

However, there are a few truths to be uncovered here: mostly that the statistics are completely irrelevant. Spyware can run the gamut from key-loggers and activity monitors to simple cookies, or even the Event Log or history cache on your system to a network Admin (or parent!).

Spyware is basically anything running on your system that monitors any of your activity, that you are not exactly aware of what it is, where it is installed, and what it is configured to do.

Unless you are responsible for a network yourself, or have a similar skillset, I would say 99.9% of ALL systems out there are infected with some kind of spyware.

Now is this all systems, or just coporate desktops? Does this include servers? What about Media Edition PC's to?

The simple truth is that surreptitious software is running around everywhere, and yes, if you use an unsecured Internet Explorer, on an unsecured Windows login account, and you dont have a proactive network administrator protecting your system and network, then you probably are infected with Spyware.

And dont count on any of the anti-spyware programs to eliminate your exposure. Not all of them consider the same things to be spyware. Each will find stuff the others didn't, and the true intrusive nature of is discovered is arguable.

I completely agree, the best defense is common sense, and dont spend money on third-party tools that should be had for free!!!

Depends on what you consider "spyware" as well of course...
If you consider Windows Update to be spyware (as some people who don't know how it works or are simply mallicious do) then every PC equipped with Windows (or ever more other OSs) has spyware on it
Many respondents to such surveys will possibly enter YES to a question like "does your PC sometimes send information over the internet by itself".
That question will then be interpreted by the people making up the survey results as "most people have spyware on their PC"...

Agreed! The practical definition of "spyware", in the sense of it being something people will need to take strong action against, is not so broad as to include ALL cookies, event logs and the like. I mean, how many of us, when launching our favorite word processors, consciously direct that the spell checker will load too? Yet, there it is, running without explicit consent, watching what you type, checking for typo's. Certainly this would not fit a practical definition of "spyware".

I really wish we could edit our comments after the fact on the blog postings. Please forgive my omissions ;-)

A good working definition would be that which comes from Wikipedia:
Clearly that definition precludes such things as spell-checkers and Update services.

An update service (especially an automated one) takes control of the user's computer without his consent and therefore under that definition constitutes spyware.
As many people believe update services send large amounts of information to the service provider who then stores all that data and uses it to determine what updates to send (when in fact what most or all do is the opposite where the service sends a list of available updates and the client determines which if any it needs) they think it's spyware under a more restrictive definition in which the spyware sends information to a remote machine without consent as well.

Many people believe cookies are spyware in fact, and are hideously monitoring all their internet activity and sending everything back all the time...

That's pedantic and misleading. Update services are neither 'malicious' nor intended to subvert operation for the benefit of a third party. They don't fit the definition given at all.

The point that myself and (I think) jwenting were making was that not everything that isn't explicitly installed or run by a person fits the definition of spyware. My point was that an overly-broad definition would include spell checkers, which is obviously not fitting. If to your understanding, my last post seems to be calling spell checkers spyware, please read it again and accept my apology if the clarity wasn't as it should have been.

Cat, WE know that but the average person reads the definition and hears the /. talk badmouthing Microsoft repeated over and over again, puts one and one together and concludes that Windows Update is spyware...

It's that simple, remember not everyone is computer litterate and many get their "information" third hand from sources which are themselves not to be trusted and/or have no expertise in the area they're advising people about.

My work role has me providing assistance to the 'average person' day after day. People from the most naive of beginners to the IT prefessionals. I've never come across anyone who has concluded that Windows Update is 'Spyware'.