Tag Archives: malware

Spotify Advice for IT Managers

It isn’t easy being an IT manager. You have to watch out for all sorts of dumb users just waiting to click on the wrong kind of web link, install some piece of malware, or accidentally rm -rf his My Documents folder. Now they want to stream music to their desktops using Spotify, the peer-to-peer application that you’re sure will give you no end of grief.

You may have a policy that forbids users to install 3rd-party “non business-related” applications on their desktop machines. If this is the case then your staff are forced to use alternatives to Spotify. These alternatives are either web-based services or locally stored MP3s.

But before you update your IT policies to ban the Spotify app, you may be surprised to hear that it’s just as safe and a lot less bandwidth-heavy than the alternatives.


  • Assumption 1: You have employees working in an office environment with internet access that’s not locked down.
  • Assumption 2: You don’t outright ban all music listening, since the Suits realize that allowing staff to listen to music while they work can help them become more productive.


Storing Copyrighted Files

You probably turn a blind eye to all the MP3 files stored on your user’s workstations. Maybe you’re fine with the departmental shared drive of music too. But you can be fairly certain that some of those files were obtained from file-sharing sites and contain copyrighted material. You’ve heard about that IT manager who got the blame for all those pirated copies of MS Office installed on his user’s machines; well much the same can happen with copyrighted music. Having illegal music on your corporate network could lead to prosecution and a criminal record.

And that’s saying nothing of the storage space used by all those MP3s.



You’ve probably read that Spotify uses peer-to-peer technology to stream music to its users. As an IT-manager you won’t have the knee-jerk response that this is “bad” because that’s what pirates use and instead you understand the underlying technology and what it means. Your staff who use Spotify will be sourced to upload packets of music (since they’re part of a wider p2p network), so you might see an increase in upload bandwidth. But you’re more likely to be concerned with download bandwidth and that’s where Spotify wins big time.

Back at the start of 2010, the IT department at Oxford University banned Spotify (and Skype, and BBC TV’s iPlayer) citing “consumption of significantly more bandwidth than traditional downloads” as the reason. I’m not sure what those traditional downloads were, but a bit of analysis suggests Spotify’s download bandwidth requirements beat every alternative hands-down.

Because Spotify is a standalone app, it has its own dedicated cache (a user listens to a song, it gets cached). The user probably listens to that song again, maybe a day later and it’s still in the cache. So there’s no double-download. Other web-based music streaming sites need to share the web browser’s cache, so every time a user listens to a song it probably needs to be downloaded again. There are many stats that show people tend to listen songs they like more than once, so using Spotify over other web-based apps should save you some serious download bandwidth.



Unlike all other music streaming services, Spotify runs as a desktop client app instead of in a web browser. Spotify.exe is rigorously checked and verified virus-free before each update is rolled out by Spotify, but even so there was a report back in 2009 of McAfee flagging and blocking spotify.exe as being potentially harmful. This was of course proved to be a false positive (the bane of any software startup) and has not happened again since.

There was also an incident in March 2011 when it was found that a Flash ad in Spotify contained malware that attempted to install fake antivirus software on unprotected machines. Again this made the headlines in the tech press at the time, but anyone with an ounce of computer nouse would realize that:

  • The Flash malware was the same that’s embedded in ads throughout many pages around the web and was not particularly specific to Spotify.
  • Users on Spotify Premium or Spotify Unlimited were unaffected, since ads are not served to them.
  • Anti-virus software running on user’s machines would have intercepted this malware anyway.

Of course the bad press Spotify received for this rogue Flash ad is something they are absolutely keen to avoid happening again, so the loopholes exploited have been firmly closed.



Consider adding Spotify to your list of approved apps because:

  • Spotify is no more prone to malware than a web page. If you’re still concerned, approve the use of Spotify Unlimited or Spotify Premium and not Spotify Free
  • You can be sure all the music files on your user’s workstation’s are legal
  • It’ll probably take up a little more upload bandwidth than the alternatives, but its caching means that download bandwidth should be drastically less