INQ Guide to Free Anti-Spyware
SPYWARE IS NASTY. As insidious as a virus, it sneaks onto your PC, slows it to a crawl then sits in the background watching what you do and ensuring that you get even more spam - as well as other dubious pleasures such as pop-up adverts.
Most gets unknowingly installed in the guise of something useful. For instance, you get a free program which includes adware. Often, they do tell you, but it's buried deep in the licence agreement that nobody reads anyway, for instance. Before installing a freebie, look it up on Google. See if anyone's reported problems. Sites like download.com or Tucows often have user reviews - badly written and unreliable, but they'll give you a hint. Another common vector is browser toolbars for Internet Explorer. These are usually more trouble than they're worth; avoid them. In fact, avoid Internet Explorer, but that's another story. Some "freeware" apps are ad-sponsored. It's seldom worth it - look around and you'll usually find something just as good that's genuinely free.
In the same category but more directly evil are Trojans, which pretend to be legitimate programs with the aim of stealing passwords or other confidential information.
A thoroughly infested PC will slow to a crawl and there's little you can do. Some adware does have an uninstaller, if you can find it - often they're additional add-ons. Chances are it won't work anyway. Most of the really nasty stuff simply conceals itself out of sight. About the best option is, as ever, to backup, nuke, reinstall and reload. But prevention is better than cure.
The official way
Allegedly, it's even affected His Billness himself, which is possibly why he
bought antispyware company Giant at the end of 2004. Giant Antispyware is now "
Windows
Defender and forms part of Vista, but if you're on XP, it should be your
first port of call.
It may not be the most powerful, but it's non-intrusive and it spots many of the nasties. Most of the third-party offerings warn you about non-threatening junk like browser cookies and MRU (Most Recently Used) lists, for instance, chiefly because showing lots of suspects makes them look like they're keen and really doing their job. You can safely ignore this stuff - just worry about actual programs that they find. For once, the Microsoft offering has a lead here - it doesn't sweat the small stuff because that would make the mighty Vole look bad, so it only shouts when it's important.
Tip: when you download Defender, use IE. You'll have to pass the wretched "Genuine Authentication" test, and though there's a Firefox plugin for this, why bother? (But, for once, kudos to Microsoft for giving you the option.)
Defender on Windows 2000 - it does work
There's a snag if you're still on Win2K, though. When the good ol' Vole
released the final version of Defender, it nobbled the program so that it won't
install on 2K. There's no real reason for this - it actually works just fine,
the installer just won't run. Even if you're on W2K, Defender is still a good
bet - it's small, fast, simple and doesn't nag you. (You can tell Micros~1
bought it in, can't you?) All you need to do is make a one-character change to
the installer.
First, you need to install GDI+. Download the archive, unpack it and put the single DLL in your \WINNT\SYSTEM32 directory. Next, download the installer for Defender. You'll also need a tool for opening and modifying MSI (Microsoft Installer) packages. Orca is simple and freely available.
Using Orca, open up the Defender MSI and look for the line that says "Launch Condition". It's checking for a Windows version of greater than 5, which means XP (version 5.1) or later. All you need to do is stick in an equals sign (version >= 5) so that Windows 2000 (version 5.0) passes the test too:
VersionNT >= 500
Save and exit. Now install your modified Defender, let it update itself and you're done. Honestly, it won't hurt a bit.
And the best of the rest
Spyware programs tend to be paranoid. Not only do they report every last "
recent document" and cookie as a threat to your privacy, but the resident
scanners will all too often pop up little warning boxes asking you if it's all
right for programs to make Registry changes or to install themselves to run
automatically. If you're a privacy freak or are really worried about this stuff,
fine, but most of us probably don't want to be molested with prompts all the
time. (In this sounds like you, you'd better avoid Vista.)
Incidentally, if you're annoyed by unnecessary programs which automatically run when you boot or log on, Mike Lin's Startup Control Panel is an easy way to disable them. It's not much help against stealthed spyware, but it's an easy way to turn off redundant Quicktime icons and other little resident helpers you don't actually want. It just adds an extra icon to the Control Panel, allowing you to see - and optionally disable - all the half a dozen or so different categories of auto-running programs.
There are two well-known names in free antispyware. One's a one-man effort, given away pro bono publicum, and the other's a freebie taster of a commercial product, complete with nagging.
Tip: Unlike firewalls and anti-virus, it's generally safe to run multiple anti-spyware programs at once. You just get more warnings. You probably ought to be running Defender anyway, but you might want to add another for extra protection.
Spybot Search & Destroy is the work of lone coder Patrick Kolla and he offers it for free - although he does, perfectly reasonably, request a donation if you find it useful. It's pretty good at rooting out many lurking horrors and has a handy "immunise" function that can, at least theoretically, act as a prophylactic. It comes with two optional resident bits, one to watch for suspicious registry changes and one that keeps an eye on Internet Explorer. If you have Defender installed and want a quiet life, you can skip these and save yourself a lot of scary warnings.
AdAware 2007 Free comes from German vendor Lavasoft and is the free version of a commercial product, AdAware Pro. Like Spybot it offers a very thorough scan, though if you run both scans at once, apart from being dog-slow, they can erroneously flag one another as being suspicious. Beware.
If you read our earlier articles in this series (Intro, Firewalls, Antivirus, you should remember the name PC Tools. This Australian company has various free tools and generously you can run them in business environments as well as privately. Its free product in this category is Spyware Doctor, and if you're running the companion firewall and antivirus, they'll nag you if it's not installed alongside. It's a decent enough scanner, but there is a catch - the free version will warn you about infections, but it won't remove them. You need the paid-for version for that. If you're lucky, you might never discover this restriction, but we suggest having Spybot or Adaware on hand as well.
Want a bit more manual control?
If it's too late and you're already infected,
HijackThis
could help. It's recently changed hands from its original developer, Marijn
Bellokom, over to security vendor
Trend
Micro, but it's still around, still useful and version 2 is in beta. It lets
you lift the lid on Windows and both see and manipulate what's going on
underneath: all the various Browser Helper Objects and so forth. The snag is
that it's an intimidating list and you need to be a Windows guru to spot
anything that's out of line, but take a look anyway. It's certainly informative.
Once again, sadly, although there are lots of freebies, few are open source. Spyware just doesn't happen on Unix, mostly because of strict authentication and user accounts that can't install software - and on Linux, an absence of closed-source commercial "freeware". There is an interesting offering from France, though - WinPooch. This can run as a background monitor, alerting you to suspicious activity. It also integrates with ClamWin, giving that FOSS antivirus program the ability to act as a background monitor as well as an on-de mand scanner. Worth a look if you favour open source and don't mind doing a little manual configuration, but there are reports of BSODs due to it, so exercise caution. ยต
L'Inqs
Windows
Defender
Installing
Defender on Windows 2000
Startup Control
Panel by Mike Lin.
Spybot
S &D
AdAware 2007 Free from
Lavasoft.
HijackThis
from
Trend
Micro.
WinPooch.
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
No mention of the AVG Antipyware? Its good, free also and is actually just rebadged Ewido anti-spyware. Which AVG bought out a while back!!

The Free AVG Antispyware snuck by you when you weren't looking. I have used Spyware Doctor from the google pack and it removes as well as detects as far as I am aware. I have had issues with updating Adaware 2007 so have stopped using it, but it is probably how I am using my network, so your usage may vary.
Nice article for those that didn't know it already..

But I'd just want to add one thing. Actualy UNDERLINE it, since you've mentioned it already.

SKIP THE RESIDENT PROTECTION OF SPYBOT S&D!!!
Why? First, it will be nagging EVERY time you install ANYTHING (anything that changes registry, and let's face it, that's 95% of software and 100% of drivers).
What's more disturbing is that even if you click "Allow" it doesn't do it or doesn't do it right, because several applications didn't install or uninstall correctly, and I couldn't get ATI driver to load either.

So please, disable it while installing, or if you've made that mistake already than open Spybot S&D, go to Mode -> Advanced, and under Tools->Resident turn off TeaTimer (system protection). I haven't had any problems with IE component so far (SDHelper), so you may leave that on and check it yourself.

Otherwise, I agree completely with tools described above, Adaware + Spybot is nice combo. I also use Spywareblaster (it does same thing as Spybot's immunize, but I run them both, just in case one Spybot misses something.. it's not actively running anyway).

Oh, and one more thing.. About Defender. If you notice that your computer gets slow out of the blue, check your processes. I forgot the name of the actual process, but you can try Googling for it a bit, and point is that Defender sometimes gets carried away and gets CPU to 100%. To be fair, I've had it for months and even forgot that I have it altogether, but after few incidents in same day, and after finding out it's Defender's fault, I've had to uninstall it :/

There, I hope that this addition to your article can help others :D
you forgot from that list a lot of nice tools from Sysinternals (*cough* which got hijacked^H^H^H^H^H^H^H^H bought by MS *cough*)

Autoruns - does way more than Mike Lin's Startup Control panel does, it even looks at logon handlers and other stuff, and can be used to validate digital signatures on all files that are run at system start/logon/etc.
http://www.microsoft.com/technet/sysinternals/Utilities/Autoruns.mspx

Rootkit Revealer - scans for rootkits or other hidden nasties on the system.
This is the tool that first revealed the Sony BMG rootkit and ignited the flame under their collective behinds.
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx
(PS. xp comes by default with a few stupid null terminated registry key... it will always show up in the scan even on a freshly installed system). 

Process Explorer - a task manager on steroids, you can even look at what executable threads are associated with a running process, what security context does it use and a whole lot of other interesting stuff.
http://www.microsoft.com/technet/sysinternals/Security/ProcessExplorer.mspx


PS Exec - a nice tool, it is mainly designed to launch programs on remote network stations, but its power can be used locally too. It is practically the equivalent of sudo in windows. You can use it to launch programs while stripping them of administrative rights. Useful for launching browsers/instant messengers without administrative privileges while working from an administrative account.
http://www.microsoft.com/technet/sysinternals/Security/PsExec.mspx

i use it as:
C:\WINDOWS\psexec.exe -l -d -belownormal "C:\Program Files\Mozilla Firefox\firefox.exe"
this launches Firefox without administrative privileges, and as a below normal process priority thread.
Add NoScript, Flashblock, AdBlock Plus, Mouse Gestures and TabMix Plus to this and Firefox becomes an even better browser :)

for a one-stop download of everything released by Sysinternals, they offer a convenient all-in-a-single-file download, the Sysinternals Suite. It has 68 tools in total these days.
http://www.microsoft.com/technet/sysinternals/Utilities/SysinternalsSuite.mspx
BOClean is not annoying at all, and has been effective for me, it doesn't look at cookies and stuff like that.
I didn't see anything about WinPatrol by BillP. This is a great tool.
Spybot and Adaware are not that effective anymore, there are newer tools that do a better job. Check out:

AVG AntiSpyware
Asquared Free (EMSI Software)
Superantispyware.

Other useful utilities for infected PC's are smtifraudFix and ComboFix. 

A handy site is http://hijackthis.de. You can run hijackthis, and paste your log file into the site and it will identify what is safe and is not safe.

Other useful sites:
www.bleepingcomputer.com
www.castlecops.com

You forgot to mention that Spyware Doctor is Free in Google Pack. Search for Google Pack and untic everything else and install Spyware Doctor Only. Also check FREE ThreatFire from PC Tools. Its the best Behavioural AntiSpyware technology outhere.
Look, when it's cold outside, you can:

1) Try to save some money and wrap discarded newspapers and plastic bags all over you, and still freeze your ass off, or

2) Pony up the dough for a decent jacket and be warm and cozy, albeit maybe a little less wealthy.

Every objective comparison shows that Spybot S&D, the new Lavasoft free product, and Windows Defender all get their pants handed to them by the current storm of spyware out there.

Spend the money (I mean we're talking like 20-30 bucks here) and get Spyware Doctor, Spy Sweeper, or - yes I am being serious - Norton 2007 or beyond (newly re-coded).

Trust me, even if you save one re-install or one case of identity theft, it's money well spent.

You cheap bastards!
Google Pack [pack.google.com] offers a free working version of Spyware Doctor, called "Spyware Doctor Starter Edition".
Another free antispware program that I would recommend is:
Iobit's "Advanced WindowsCare V2":
http://majorgeeks.com/Advanced_WindowsCare_d4991.html
The only way to "secure" Windows fully is to make sure it is not connected to your network or to the Internet. This gives you reasonable security, provided you do not install anything *ever* that gives Windows a way to transmit information off the system. 

Keep in mind, Windows will still put secret GUIDs and other identifiers in all the documents you create/edit on the machine. So care must be taken to make sure all documents in your organization do not ever reside on a Windows machine that can talk to the outside world.

If you are going to connect Windows to the Internet, a reverse firewall offers a a reasonable illusion of security. This firewall must be on its own hardware, preferably Linux-based. Allow no ports out except for SSH. And every application you wish to use on the Windows box you will set up the appropriate SSH tunnel so it can communicate out. The way to make sure Windows does not use this SSH connection behind your back is to authenticate the SSH session using a hardware token. While this is not 100% reliable, it is much more reliable than any sort of password.

The reverse firewall should also do the following:

-- contain a hosts file with IP addresses for all the sites you will need to access (DNS is completely unsecure due to DNS proxying by all the major backbone providers).

-- whitelist the IP addresses you are going to access so no other IP addresses can be accessed. Use a reliable whitelist that is created using global path analysis.

Keep in mind that many sites you believe are legitimate sites are already proxied. You think the real IP of the site is one thing, but in reality, that is a proxy. That proxy is often a server that can function as a receiver for files from a Windows machine. This proxy will also contain "new instructions" for a Windows machine to follow -- i.e. return a synopsis of all documents that contain the words "destroy" and "Microsoft" or "NSA" or "Mossad" or "NWO", etc.

The moral of the story is once you plug in a cable into your Windows machine that connects to the outside, that machine and everything it connects to must now be considered unsecure. 

In short, there is no way to secure a Windows box. That is why we switched to Linux.
...is that they inflict even more complexity on your bloated Dimdows system. That means more configurations you have to manage, more ways for things to malfunction, and even more ways for your system to become vulnerable.

Security-through-complexity (did I just invent a new phrase?) is a loser's game. Better to use a system that is inherently more secure to begin with, where it's simpler to be sure that you really are secure. That means a Unix/Linux system. Just so long as it's not Apple's one.
if youre a gamer and you are running firefox, youre doing it wrong. if the reason for this has to be explained to you, youre not doing your homework.
I've been virus free for a few years now, and always put the same FREE protection on every PC i build. With the exception of the user bringing in a Trojan (and it's subsequent removal)none of the machines have been ifected.

Avast Anti Virus - auto updates, can eat cpu when continually downloading

AVG Anti Virus - auto updates, less resource hungry

AVG Anti Rootkit - manual update

Spybot Search & Destroy - manual update - very good but only scans 'C'.

Super Anti Spyware - auto updates, scans all partitions/drives

Spyware Blaster - updates windows 'bad site' list - manual update

Zone Alarm firewall