
The latest measures are much stronger than those passed by the House last month, which set out penalties for the fraudulent use of spyware but did not seek to regulate all software.
Under the new bill, companies would need to notify users of any software being installed on their computers and ask for their specific consent.
The bill was opposed by the software industry but passed by 368 votes to 48.
"Anything which helps to make life harder for cyber-criminals has to be a good thing in principle," Graham Cluley, senior technology consultant at Sophos, told www.vnunet.com.
"But the security industry will be looking closely at this legislation to see whether it is workable, whether it can actually be enforced and whether it succeeds in catching those committing identity theft through spyware."
Cluley added that it is essential that legislation only hits the cyber-criminals who have malicious intent, and does not prevent legitimate businesses from using the internet innovatively to benefit customers.
The legislation now goes forward to the US Senate.