I've been virus free for a few years now, and always put the same FREE protection on every PC i build. With the exception of the user bringing in a Trojan (and it's subsequent removal)none of the machines have been ifected.

Avast Anti Virus - auto updates, can eat cpu when continually downloading

AVG Anti Virus - auto updates, less resource hungry

AVG Anti Rootkit - manual update

Spybot Search & Destroy - manual update - very good but only scans 'C'.

Super Anti Spyware - auto updates, scans all partitions/drives

Spyware Blaster - updates windows 'bad site' list - manual update

Zone Alarm firewall

Look, when it's cold outside, you can:

1) Try to save some money and wrap discarded newspapers and plastic bags all over you, and still freeze your ass off, or

2) Pony up the dough for a decent jacket and be warm and cozy, albeit maybe a little less wealthy.

Every objective comparison shows that Spybot S&D, the new Lavasoft free product, and Windows Defender all get their pants handed to them by the current storm of spyware out there.

Spend the money (I mean we're talking like 20-30 bucks here) and get Spyware Doctor, Spy Sweeper, or - yes I am being serious - Norton 2007 or beyond (newly re-coded).

Trust me, even if you save one re-install or one case of identity theft, it's money well spent.

You cheap bastards!

Google Pack [pack.google.com] offers a free working version of Spyware Doctor, called "Spyware Doctor Starter Edition".
Another free antispware program that I would recommend is:
Iobit's "Advanced WindowsCare V2":
http://majorgeeks.com/Advanced_WindowsCare_d4991.html

The only way to "secure" Windows fully is to make sure it is not connected to your network or to the Internet. This gives you reasonable security, provided you do not install anything *ever* that gives Windows a way to transmit information off the system. 

Keep in mind, Windows will still put secret GUIDs and other identifiers in all the documents you create/edit on the machine. So care must be taken to make sure all documents in your organization do not ever reside on a Windows machine that can talk to the outside world.

If you are going to connect Windows to the Internet, a reverse firewall offers a a reasonable illusion of security. This firewall must be on its own hardware, preferably Linux-based. Allow no ports out except for SSH. And every application you wish to use on the Windows box you will set up the appropriate SSH tunnel so it can communicate out. The way to make sure Windows does not use this SSH connection behind your back is to authenticate the SSH session using a hardware token. While this is not 100% reliable, it is much more reliable than any sort of password.

The reverse firewall should also do the following:

-- contain a hosts file with IP addresses for all the sites you will need to access (DNS is completely unsecure due to DNS proxying by all the major backbone providers).

-- whitelist the IP addresses you are going to access so no other IP addresses can be accessed. Use a reliable whitelist that is created using global path analysis.

Keep in mind that many sites you believe are legitimate sites are already proxied. You think the real IP of the site is one thing, but in reality, that is a proxy. That proxy is often a server that can function as a receiver for files from a Windows machine. This proxy will also contain "new instructions" for a Windows machine to follow -- i.e. return a synopsis of all documents that contain the words "destroy" and "Microsoft" or "NSA" or "Mossad" or "NWO", etc.

The moral of the story is once you plug in a cable into your Windows machine that connects to the outside, that machine and everything it connects to must now be considered unsecure. 

In short, there is no way to secure a Windows box. That is why we switched to Linux.

...is that they inflict even more complexity on your bloated Dimdows system. That means more configurations you have to manage, more ways for things to malfunction, and even more ways for your system to become vulnerable.

Security-through-complexity (did I just invent a new phrase?) is a loser's game. Better to use a system that is inherently more secure to begin with, where it's simpler to be sure that you really are secure. That means a Unix/Linux system. Just so long as it's not Apple's one.

if youre a gamer and you are running firefox, youre doing it wrong. if the reason for this has to be explained to you, youre not doing your homework.

No mention of the AVG Antipyware? Its good, free also and is actually just rebadged Ewido anti-spyware. Which AVG bought out a while back!!


The Free AVG Antispyware snuck by you when you weren't looking. I have used Spyware Doctor from the google pack and it removes as well as detects as far as I am aware. I have had issues with updating Adaware 2007 so have stopped using it, but it is probably how I am using my network, so your usage may vary.

BOClean is not annoying at all, and has been effective for me, it doesn't look at cookies and stuff like that.

I didn't see anything about WinPatrol by BillP. This is a great tool.

Spybot and Adaware are not that effective anymore, there are newer tools that do a better job. Check out:

AVG AntiSpyware
Asquared Free (EMSI Software)
Superantispyware.

Other useful utilities for infected PC's are smtifraudFix and ComboFix. 

A handy site is http://hijackthis.de. You can run hijackthis, and paste your log file into the site and it will identify what is safe and is not safe.

Other useful sites:
www.bleepingcomputer.com
www.castlecops.com


You forgot to mention that Spyware Doctor is Free in Google Pack. Search for Google Pack and untic everything else and install Spyware Doctor Only. Also check FREE ThreatFire from PC Tools. Its the best Behavioural AntiSpyware technology outhere.

Nice article for those that didn't know it already..

But I'd just want to add one thing. Actualy UNDERLINE it, since you've mentioned it already.

SKIP THE RESIDENT PROTECTION OF SPYBOT S&D!!!
Why? First, it will be nagging EVERY time you install ANYTHING (anything that changes registry, and let's face it, that's 95% of software and 100% of drivers).
What's more disturbing is that even if you click "Allow" it doesn't do it or doesn't do it right, because several applications didn't install or uninstall correctly, and I couldn't get ATI driver to load either.

So please, disable it while installing, or if you've made that mistake already than open Spybot S&D, go to Mode -> Advanced, and under Tools->Resident turn off TeaTimer (system protection). I haven't had any problems with IE component so far (SDHelper), so you may leave that on and check it yourself.

Otherwise, I agree completely with tools described above, Adaware + Spybot is nice combo. I also use Spywareblaster (it does same thing as Spybot's immunize, but I run them both, just in case one Spybot misses something.. it's not actively running anyway).

Oh, and one more thing.. About Defender. If you notice that your computer gets slow out of the blue, check your processes. I forgot the name of the actual process, but you can try Googling for it a bit, and point is that Defender sometimes gets carried away and gets CPU to 100%. To be fair, I've had it for months and even forgot that I have it altogether, but after few incidents in same day, and after finding out it's Defender's fault, I've had to uninstall it :/

There, I hope that this addition to your article can help others :D

you forgot from that list a lot of nice tools from Sysinternals (*cough* which got hijacked^H^H^H^H^H^H^H^H bought by MS *cough*)

Autoruns - does way more than Mike Lin's Startup Control panel does, it even looks at logon handlers and other stuff, and can be used to validate digital signatures on all files that are run at system start/logon/etc.
http://www.microsoft.com/technet/sysinternals/Utilities/Autoruns.mspx

Rootkit Revealer - scans for rootkits or other hidden nasties on the system.
This is the tool that first revealed the Sony BMG rootkit and ignited the flame under their collective behinds.
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx
(PS. xp comes by default with a few stupid null terminated registry key... it will always show up in the scan even on a freshly installed system). 

Process Explorer - a task manager on steroids, you can even look at what executable threads are associated with a running process, what security context does it use and a whole lot of other interesting stuff.
http://www.microsoft.com/technet/sysinternals/Security/ProcessExplorer.mspx


PS Exec - a nice tool, it is mainly designed to launch programs on remote network stations, but its power can be used locally too. It is practically the equivalent of sudo in windows. You can use it to launch programs while stripping them of administrative rights. Useful for launching browsers/instant messengers without administrative privileges while working from an administrative account.
http://www.microsoft.com/technet/sysinternals/Security/PsExec.mspx

i use it as:
C:\WINDOWS\psexec.exe -l -d -belownormal "C:\Program Files\Mozilla Firefox\firefox.exe"
this launches Firefox without administrative privileges, and as a below normal process priority thread.
Add NoScript, Flashblock, AdBlock Plus, Mouse Gestures and TabMix Plus to this and Firefox becomes an even better browser :)

for a one-stop download of everything released by Sysinternals, they offer a convenient all-in-a-single-file download, the Sysinternals Suite. It has 68 tools in total these days.
http://www.microsoft.com/technet/sysinternals/Utilities/SysinternalsSuite.mspx