Our computer systems are under attack as never before.
The Internet has become a conduit for the bad along with the good.  Malware of every sort is coming in through adware, spyware, viruses, spam, pop-ups, dialers, drive-by installs, peer-to-peer networks, and more (not to mention phishing and pharming)--driven by others' dreams (our nightmares) of illicit financial gain.  Does this mean that we should give up?  Far from it.  The tools and means exist to not only keep up with the tidal wave of malware, but to ride it into a secure future.  Sure, you have to learn how to balance, but it isn't usually that difficult--and there is a sense of pride in the learning of it.  I often liken it to driving a car--driving, too, has its own dangers, but care and training can make it a lot easier and safer.

Here's a source of good information on dealing with malware in a Windows environment by a professional (to be perfectly honest, I'm just a knowlegeable amateur):  http://inetexplorer.mvps.org/Darnit.htm

Another excellent resource: Ben Edelman covers this area--especially spyware/adware issues--very well, with a clear-headed, comprehensive discussion of the ethical and legal ramifications involved.

A good list of sites and utility programs to avoid, along with other useful information: Spyware Warrior.

Is this the future of malware?  How To Use a Virus To End The Internet: A Warning.

About 15 years ago, I wrote in a software manual that an automobile driver doesn't have to know how to tear down an engine to drive a car--yet now, as then, a computer user has to know a lot more about the nuts and bolts (and gaskets--blown any lately?) of their system's hardware and software than they should be required to (though the learning curve will never be zero; it's a lot like learning to speak). This is despite the fact that computers today are, in some ways, about 500 times more powerful than they were back then.  The utilities I will discuss here use the power of the computer on itself--so instead of "tearing down the engine" to find a problem, a user can "take an X-ray" and examine the provided results or mail the results to a willing expert for evaluation.  Per the evaluation, the user can get the information needed to deal with the problem and gain some understanding in the process.

Also realize that much (though not all) of the malware listed here relies on the use of the system-default utilities Microsoft Internet Explorer and Outlook or Outlook Express in order to install itself or infect your system.  The simple expedient of using the Mozilla or Firefox browser and the Mozilla or Thunderbird e-mail client instead of the defaults will reduce your malware exposure drastically--in fact, in my opinion, no home user should ever use Outlook or Outlook Express for mail due to these flaws--and should reduce their use of Internet Explorer, as well (a business environment may differ, of course--consult your IT department if you are at work).  Admittedly, some of this has been fixed by Windows XP Service Pack 2, but if you are running Windows 98 or Windows ME (or even Windows 2000--which certainly seems to be in violation of MS's own license agreements!), you are mostly out in the cold--and winter's here.  It should also be pointed out that the Windows XP firewall is virtually worthless--for one thing, it can actually be turned off by cleverly-written malware (and the system utilities MSConfig and RegEdit can be disabled in a similar fashion).  Fortunately, there are several free software firewalls available that work pretty well--see the links below.

Malicious:
Viruses -- this includes decades-old "classics" like Brain, Michelangelo, and others that propagate by infecting floppy-disk boot-blocks, hard drive partition tables, and system files.  Some malware in this category can be spread via e-mail by opening an attachment or even by previewing an infected e-mail in unpatched versions MS Outlook or Outlook Express, but this is less common with proper patching; that's one reason why this type of malware is becoming less prevalent, or requires actual user interaction to launch.

Worms -- similar to viruses, but the action is slightly different.  Instead of infecting a file or hard drive structure, it attacks the Internet directly by passing from machine to machine; for example, the recent SQL Slammer worm infection spread across the entire Internet in just over ten minutes -- but only those machines running MS SQL Server and related software were infected, not Unix, Linux, or Mac OS machines.  The more-recent MS Blaster worm and its relatives affect systems running Windows 2000 or XP; even though information on the exploit and its official patch had already been available for weeks, the majority of systems were unpatched at the time of the worm's release.  There is even some evidence (still in dispute) that this worm contributed to the Lake Erie Loop blackout.  Recent statistics indicate that, even now, a computer connected to the Internet will be attacked by a Blaster-related worm within one second of going on-line.

Macros -- These are program fragments that propagate via e-mail or MS Word documents--the document appears normal, but alters program settings to spread itself.  They are written in some form of programming language, usually some dialect of MS Visual Basic.  The most famous example is Melissa.

Scripts -- These are, like macros, small programs --except these are free-standing and usually written in text; not only are such programs relatively easy to write, but very easy to modify.  One sense of the pejorative term script kiddie is used to describe someone who releases a modified script as a "new" virus or worm.  These are usually spread by e-mail to users.  Another type of script is used to attack servers.  An example of the latter is an exploit that happened at the University of Texas at Austin, where a simple script sent a list of semi-random Social Security numbers to the campus network server --each one that matched returned a name --and there were over 55,000 matches!

Trojans -- Just as the Trojan Horse of legend was brought into the city by unsuspecting citizens, these programs can be installed by a user who thinks they are a legitimate program, or are installed in the background by a worm or virus.  Trojans include (but are not limited to):

System monitors -- programs which track disk & file activity, Internet access, and other system actions.   One class of monitors are keyloggers--these monitor users' keyboard activity, log keystrokes, then send the activity file to a third party.  Of course, such a file can contain credit card numbers or other sensitive information.  Another type are backdoors--programs like Back Orifice which allow a remote hacker to access your machine and read, delete, or alter files as s/he sees fit--even crash your machine or erase your hard drive.

Dialers -- Often associated with pornographic content, dialers can route your dial-up Internet connection through a 900 or overseas phone number without warning, often for rates of $2-$4 per minute or more!
Note: Dialers, keyloggers, backdoors, and other Trojans are not usually found by virus scanners.   Spyware-adware tools are used for this purpose.

Social Engineering -- While not strictly malware, it goes hand-in-hand with it and can have many of the same effects or aid in its spread.  For example, a recent e-mail in Europe promised free World Cup tickets--it worked amazingly well and the included virus spread like wildfire.  In regards to computer security, the term was probably first used in conjunction with the exploits of Kevin Mitnick, a well-known "hacker" who actually has fairly minimal computer skills, but was an expert at getting someone to give up useful information; for example, finding a username on a system, contacting a technical support person for that system, and pretending to be that user who had "lost" his password.  Especially just before lunchtime or the end of the day, a naive (or harried) technician was likely to give up that information, which could allow Mitnick easy access that was hard to trace.  This technique has since been used, for example, via an official-looking AOL instant message or an authentic-looking fake e-mail from a bank or credit card company in order to get a user to give up passwords, PIN numbers, and credit card information.  When combined with ID spoofing, it is known as phishing and has been very convincing at times, especially abetted by flaws in Internet Explorer, not all of which have been patched at this time.

Intrusive:
Adware -- software that either contains advertising or downloads it from the Internet, which overlaps with spyware--software that monitors your system usage and sends information out to a third party without your knowledge.  Some adware is more acceptable than others--the free versions of WeatherBug and the Opera browser, for example, are relatively benign.  However, adware is sometimes abusive--personal information is being harvested to send the user tailored advertising or to create a database of salable information, or the user's browser is hijacked.  An example of this type of intruder is Claria (formerly known as Gator or GAIN), FunWebProducts is another.  When downloading free software such as screensavers or smilies, read the end-user license agreement (EULA) carefully for other software that might be installed (now or in the future) with your "free" stuff--you may be surprised.

Browser Hijackers -- This type of malware sets your browser to point to websites of its choice instead of yours and/or routes searches through its search engine to pump up page hits.  Hijackers often install settings via the Windows Registry that set things back their way even if you reset them.  Lop and CoolWebSearch are well-known examples.

Extreme pop-ups -- I'm not talking here about the run-of-the-mill advertising pop-ups, but the in-your-face pop-ups, especially those with pornographic content.  It's possible to click on a link (accidentally from a search engine, for example, or through trickery) and get a dozen windows opening in quick succession--and closing one just gets you another; or worse, mouse trapping--In this case, the web page runs a script that acts to disable the browser's back button or, more rarely, the window's close button.  Websites have been prosecuted for mouse trapping in the past, but it still happens once in a while. 

Advertising pop-ups or pop-unders -- I must admit to having mixed feelings about these; after all, a site has to be able to support itself, and pop-ups and pop-unders DO help pay the bills.  There are times, though, when they just plain get in the way.

Bloatware -- Excess baggage attached to otherwise useful software.  Netscape 7.2 is a good example--It's basically Mozilla 1.7.2 packaged with extra software used to promote AOL.  The best approach for this is simple avoidance.  A little research goes a long way.

Messenger spam -- not to be confused with the instant-messaging services such as ICQ, AOL Instant Messenger, Yahoo! Instant Messenger, or MSN Messenger, this is a network alert service for Windows 2000 and XP that has been taken over by spam.  Since it is not needed by normal users, I recommend shutting it off with the Gibson Research utility Shoot the Messenger (see below for the link).

The tools:
In order to be able to help you across the Internet, we have to have some information.  Fortunately, there are several tools that will make this easier--but if you knew how to use these tools in the first place, you probably wouldn't need our help!  This section is intended to acquaint you with the tools that you will need and give you enough knowledge to begin to use them.  Along the way, you will, we hope, learn something in the process--and go a long way in not only helping us help you, but learning how to help yourself, as well.  What's a user to do?  Fight back!  The tools that follow are freely available and are free or donation-requested.

Tools don't do the work on their own, but they also don't always need the most skilled hands to make them work.  The best tools only need a little guidance to get what the user needs out of them.  This section is intended to help provide that guidance, as well.  An understanding of the information outlined here will go a long way toward helping a user help themselves.  It is intended to be a work-in-progress; useful user feedback will lead to improvements, so please feel free to comment if you have something useful to add or to clarify the presentation.

The first tool is regular backups of your hard drive.  If you don't know how to do this, you should learn.  No anti-spyware tool is foolproof or perfect--and some malware may not be removable by normal methods, or the Windows Registry may become corrupted.  There are free backup programs available; watch for my article on this subject, coming soon.

When removing spyware-adware, keyloggers, dialers, and backdoors:
Always make sure to update the data files to Ad-Aware or Spybot - Search & Destroy (both A-A and S-S&D update themselves when you install them), or make sure that you have the newest version available in the case of tools like HijackThis and CWShredder before running any program of this type!  Since spyware and adware writers are always morphing (modifying) their software in an attempt to get around these tools, using an out-of-date utility or data-file can cause serious problems.  It's a known fact that no one tool does it all, so I run more than one checker on my Windows systems and recommend that you do the same.

Ad-Aware -- available in both paid and free versions, this spyware/adware checker is easy to use and quite effective.  Many users run both Ad-Aware and Spybot - Search & Destroy for a maximum-security cross-check (just not at the same time). http://www.LavaSoft.nu

Spybot - Search & Destroy -- a free (donation-suggested) spyware/adware checker.  It's at least the equal of the $40 commercial program Pest Patrol.  It checks for spyware, adware, keyloggers, backdoors, trojans, and more.  The provided link includes background information, news, and a discussion forum as well. http://www.safer-networking.org

Microsoft Windows AntiSpyware (Beta) -- the availability of this program shows that even Microsoft now acknowledges the severity of the problem.  Formerly a product of Giant Software, this free program is no longer a good tool in the arsenal against malware, due to recent changes in the detections this program uses (Claria now defaults to ignore, for example).  I can no longer recommend its use.

Shoot the Messenger -- a Windows NT/2000/XP tool from Gibson Research that turns off the Windows Messenger network-alert pop-up service (not to be confused with the MSN Messenger instant-message service).   Though sometimes useful in a business-network environment, normal home users don't need this service; it's mostly a conduit for spam.  http://www.grc.com/stm/shootthemessenger.htm

DCOMbobulator -- a Windows NT/2000/XP tool from Gibson Research that explicitly turns off the DCOM/RPC service that the Blaster worm and its kin exploit when attacking your system.  See my article XP Out-of-the-Box for how these two utilities are especially useful for securing a system before downloading patches (though this is less of a problem since Service Pack 2). http://www.grc.com/dcom

SpywareBlaster -- blocks malware installation; it's not a removal tool, nor does it run in the background--it works by changing system settings--it helps keep adware and spyware off your PC by blocking ActiveX for known malware, including drive-by installs.  Install this once you're clean.  Updates are available on a regular basis.
http://www.snapfiles.com/get/spywareblaster.html

SpywareGuard -- provides a real-time protection solution against spyware.  From the provider description: "It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.  If this is the case, it initially blocks access to the file and then allows the user to select an action.  SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates.  It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns.  The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer, and others."  http://www.snapfiles.com/get/spywareguard.html

Please use the following power tools carefully.  They are intended to be very powerful and/or quite specific, learn as much as possible about your problem before you apply them:
HijackThis--This is a very powerful tool that should only be used in conjunction with a knowledgeable support team.  Fortunately, there are several such resources available on the Internet, including a site that I'm associated with, TechTalkForums.  With this program, you can examine the Windows Registry startup list,  running processes, and some settings in detail, then fix many problems interactively (once you know how).  The linked page features quick-start details; excellent for beginners, but use this tool only after running Spybot-S&D and Ad-aware--and, unless you know exactly what you are doing, don't make any changes until you consult with an expert.  Note: as of this writing, the HijackThis download button does not work.  Use one of the listed Other Download Locations instead, for example:  http://www.lurkhere.com/~nicefiles/HijackThis1991.exe

StartDreck -- "enLIGHTs you what windows loads during startup!  It shows you a... long list of Windows AutoStart methods."  An amazingly deep startup analyzer that can tell what services and programs are being launched at startup.  A good tool to aid analysis of especially difficult malware infestations.  http://www.niksoft.at/download/startdreck.htm

CWShredder -- a tool specifically keyed to the (extremely nasty) browser hijacker CoolWebSearch.  CWShredder is now owned and supported by InterMute.  The stand-alone free version can be downloaded from: http://www.intermute.com/spysubtract/cwshredder_download.html

LSPFix -- a free utility to repair a specific type of problem associated with certain Internet software, especially New.net  (NEWDOTNET) and WebHancer.  This type of software is known as a Layered Service Provider or LSP, a piece of software that is inserted into the Windows TCP/IP handler like a link in a chain.  However, due to bugs in the malware-installed LSP software or incomplete removal of the software, this chain can get broken, rendering the user unable to access the Internet: http://www.cexx.org/lspfix.zip

WinSock2 Fix (Win 98/98SE/Me only) -- another LSP-related repair tool: http://www.bu.edu/pcsc/internetaccess/winsock2fix.html

Firewall:
Either version of the Windows XP firewall is virtually worthless, due to having intentional holes (for example: little or no outbound filtering, so Windows can "phone home" to MS without interference).  These free software firewalls are mostly a matter of personal choice.  They are especially recommended if you are running a broadband (DSL or cable) Internet connection, but dial-up users may find them useful, as well.

ZoneAlarm free version-- http://www.zonelabs.com/store/content/company/zap_za_grid.jsp

Kerio Personal Firewall--http://www.kerio.com/us/kpf_home.html

Sygate Personal Firewall--http://smb.sygate.com/products/spf_standard.htm

Anti-Virus:
Grisoft AVG Free--Runs in the background or on demand.  Now version 7 with support forums.  One of the better virus checkers (in my opinion)--effective, low resource use, and it's free for personal use: http://free.grisoft.com

AntiVir® Personal Edition--another popular freebie: http://www.free-av.com

avast! Home Edition--yet another free-for-home-use anti-virus with a good track record:
http://www.avast.com/eng/avast_4_home.html

Privacy enhancement:
In a very real sense, every installation of Windows XP includes spyware in and of itself--by default, it needlessly sends information and statistics back to Microsoft on a regular basis from every Internet-connected PC.  XP Anti-Spy helps to easily disable most of these "phone home" functions to reduce the amount of your system and/or personal data being sent to Microsoft without your knowledge (German page, English available).

Pop-ups / pop-unders:
Normally, I use both the Mozilla and Firefox browsers (under both Windows and Linux).  Mozilla is the open-source basis for the current Netscape Navigator, but without the AOL bloatware.  In addition to tabbed browsing (which I like very much) it features a built-in pop-up/pop-under stopper.  I don't usually use MS Internet Explorer (IE), unless I have to (some sites, especially most MS sites, force you to use it).  Note: version 8 of the Netscape browser is based on Firefox and integrates access to the Internet Explorer rendering engine, so IE can be called when needed--primarily by ActiveX.

Unfortunately, you must continue to use IE for some functions (for example, the Yahoo! Launch music player requires it, not to mention Windows Update).  For these, get the free (donation-suggested) Maxthon (formerly MyIE2), a front-end for Internet Explorer which adds tabbed browsing and many other features.  If you don't use Maxthon, the Google Toolbar works well, with its form-fill and popup-stopper functions.