One sign of an infection in your computer is when it is slow to boot up...slow to open and use applications and slow to browse the internet. When a remote controlling zombie bot-net takes over your computer, you are not the only one using it! See ZOMBIES for disturbing news of this growing threat. [There are other reasons your PC is slow, see Sluggish.]

There is a dangerous and growing menace worldwide with web gangs intent on infiltrating your home computer for their malicious purposes. See Domestic and International Threats to National Security.

AntiVirus and AntiSpyware protection is both preventative and reactive. A good program provides a shield and monitors files that you access over the internet, attached in emails or access on external media like CDs, floppy diskettes or memory sticks. When a threat is detected, you are alerted and the file access is halted. Automatic scans are also scheduled to regularly search your hard disk files for suspicious files that you may have but have not yet been access to activate. 

There are 3 basic types of antivirus software techniques used today:

• Heuristic scanning systems - which do not identify specific malware but block emails based on their behavior, looking at the capabilities and activities of files within a PC or by scanning email servers. Heuristic scanning has worked well in stopping spreading threats but has a reputation of producing a lot of false positives.
• A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, software analyses the sandbox for any changes, which might indicate a virus. Because of performance issues, this type of detection normally only takes place during on-demand scans.
• Signature-based antivirus approaches that scan for already identified threats.

At this time, the heuristic and sandbox types aren't strong contenders for your security baseline. That said, make sure you use a good Anti-Virus application and make sure it is set to automatically look for and update itself to the latest signature data.

Many Antivirus programs also protect against spyware as well.

Key Criteria: Track record in ability to detect all viruses, how often it auto updates, cost, full featured, memory requirements – especially on a system with <256mb installed.

Considerations: Make sure your antivirus program is regularly updated for the latest signature and configured to provide the optimum security settings.  

1. RECOMMENDED AntiVirus Program:

I recommend ZONEALARM Security Suite 7.0 with antivirus and antispyware protection - besides firewall and other features. Zonealarm is rated tops by many evaulations. All the features in this suite provide comprehensive protection. This version's antivirus component is powered by Kaspersky Labs (previously the suite used an antivirus engine from Computer Associates). According to CheckPoint, Kaspersky's hourly signature releases "ensure that users have the industry's most rapid protection against emerging attacks." The new AV engine will catch more and more varied threats, yet signature updates remain small. See ZONELABS ZoneAlarm web site.

"We still recommend ZoneAlarm Internet Security Suite 7.0 as your best and most economical Internet security suite." CNET editors' review 5/16/06 

Suggestions:

• if you're permanently connected to a network or frequently share files with others, configure your anti-virus and program to run in the background and scan files "on access" Anti-Virus Info
• never open unexpected, unknown email attachments, even those from trusted sources; save all attachments to disk and scan for viruses & Trojans first Anti-Virus Programs
• download software only from trusted sources; virus-scan all downloaded software
• scan all removable media (floppies, ZIPs, etc.) from other people for viruses
• turn on "Macro Virus Protection" in Office 97; set "Macro Virus Protection" to "High" in Office 2000; select "Prompt to save Normal template" in Word
• update your anti-virus and anti-Trojan programs frequently and regularly (both the "engine" and virus definition files) Anti-Virus Updates
• create an anti-virus emergency boot disk, keep it current, and store it in a safe place so you may boot up with it in case you get a virus infection that makes inoperative your anti-virus program
• finally, you must run the antivirus scan as the administrator of your computer to be able to fully scan all the hard drive folders. A Limited User Account will not be able to access certain system and other user account folders to perform a full scan.

Configure your Antivirus program to run scheduled scans automatically. Have the scans automatically run daily, during low or non-use hours. Although antivirus scanning can be performed while logged in as a limited account, you need to be logged in as admin to remove any infection that has embedded anything into the protected operating system or program settings or files. Scanning as an admin also scans all locations for multiple accounts that scanning as a single account holder will not have access to. So you should weekly -  log in as the admin - and let a scheduled scan occur, such as overnight.

Keep your Antivirus Program updated with the latest detection signatures as well as upgraded and patched when new versions are released.

An out of date virus scanner is only marginally better than no virus scanner at all

Virus scanners work by comparing the data on your computer against a collection of virus "signatures". Each signature is characteristic of a particular virus, and when the scanner finds data in a file, email, or elsewhere that matches the signature, it concludes that it's found a virus. However, a virus scanner can only scan for the viruses it knows about. It's vital that you keep your virus scanner's signature file up to date, as new viruses are created every day.

Typically, a new virus will do the greatest amount of damage during the early stages of its life, precisely because few people will be able to detect it. Once word gets around that a new virus is on the loose and people update their virus signatures, the spread of the virus falls off drastically. The key is to get ahead of the curve, and have updated signature files on your computer before the virus hits.

Virtually every maker of anti-virus software provides a way to get free updated signature files from their website. In fact, many have "push" services, in which they'll send notification every time a new signature file is released. Use these services. Also, keep the virus scanner itself—that is, the scanning software—updated as well. Virus writers periodically develop new techniques that require that the scanners change how they do their work. Polymorphic viruses will change themselves each time they infect a file. So signature scans alone are not effective against these type of threats. 

There are many, many, pests and serious threats out there to shield your computer from. See CA's extensive Spyware database.

2. Upgrade to Internet Explorer 7 or use Firefox browser alternative.

Microsoft Internet Explorer 7 provides great security improvements to protect you against malware threats. See Browser for details.

3. RECOMMENDED AntiSpyware Program

Even though ZoneAlarm provides antispyware scanning, it fails to detect some spyware. I recommend Webroot Spy Sweeper because it not only provides a strong scanner to detect existing spyware, but it also offers a very effective and proactive shield to block 12 threats from effecting your system security. The newest version works well with multiple accounts and LUA limited accounts in XP.  You shouldn’t use more than one shield program that is resident in memory from startup for performance reasons.  Webroot's spyware not only blocks spyware from implanting but also scans and removes any that do. See Webroot SpySweeper web site.  Many Awards and Editor's Choice

Webroot web site claim: "While Vista (includes IE7) does offer some security enhancements, the default malware blocking application does not adequately protect you. In a competitive analysis, Webroot blocked 100% of spyware compared to only 16% on Windows Vista." Source (pdf)

Spy Sweeper Features: 

Enhanced Smart Shields: I like Spy Sweeper because it provides proactive blocking shields which defends against the most common exploits and protects known as spyware entry points. These 12 Shields prevent highly developed spyware programs from ever installing on your PC. You'll receive valuable action alerts to any changes in your computer's core functions, including startup, memory and Internet security settings. The shields summary page makes it simple to see at a glance which shields are on or off. There are 12 items that are blocked by the Smart Shields:

1. Keyloggers
2. BHO Browser Helper Objects
3. IE Security
4. Alternate Data Stream (ADS) Execution
5. Startup
6. Common Ad Sites
7. Hosts File
8. Spy Communication
9. ActiveX
10. Windows Messenger Service
11. IE Favorites
12. Spy Installation
13. Memory
14. IE Hijack
15. IE Tracking Cookies  

Enhanced Rootkit Discovery Methods: Malicious spyware uses rootkit technology to bury its files deep within your PC. Spy Sweeper finds and destroys these programs with robust rootkit discovery methods, a feature many other anti-spyware programs lack.

Easy To Use: The Spy Sweeper interface makes it easy for users of all technical abilities to stay protected. Advanced users continue to have the power to configure the program to suit their unique needs, while new users can breeze through the straightforward setup and menus.

Multiple User Protection: When you buy Spy Sweeper for your computer, its protection covers all users on that PC. The software is managed by a primary user, and all users can customize Spy Sweeper for their individual use. You enjoy maximum protection with ultimate flexibility. LUA accounts not having admin rights work well with this program. 

Action Alerts: Spy Sweeper sends clear, easy-to-understand notifications when new spyware threats are detected that require my attention and response.

Quarantined Items: When you run a sweep and items found are quarantined, Spy Sweeper does not permanently delete the found item. The quarantine process first encrypts each item, removes it from its original location (so it will no longer run), then moves it to the Quarantined folder.

If you find that a program you need will not work properly after quarantining a found item, you can restore it. If you find that all of your programs run properly after removing the found item, you can permanently delete it. This deletes the found item from the Quarantine, and you will not be able to restore the item.

If you reinstall the program or visit a Web site that has the same spy ware, it could be installed again. If you find that some items keep showing up in your sweeps, you can tell Spy Sweeper to always quarantine that item automatically. Using the Always Apply function reduces the number of items you have to evaluate during sweeps. By default (the automatic setting), Spy Sweeper sets all found items to Always Ask. This means that Spy Sweeper lists found items in the Quarantine and asks you what to do with them during a sweep.

If you find spyware on your computer that you need to keep to make another program run properly or that you always want to quarantine, you can tell Spy Sweeper to always ignore or always quarantine that item. Spy Sweeper will still detect the item and include it in its count of found items and traces, but it will not include it in the list of items to quarantine.

You can do two things to automatically handle found items: Always Quarantine or Always Ignore

Finally, the "More Details" button will send you to a website that provides further information on most spy ware and adware programs—allowing you to make the most informed decision possible about your spy ware removal.

NOTE: With ZoneAlarm firewall and Webroot Spy Sweeper shields installed on my computer, I found I could not browse to some web sites, like Drudgereport.com or Youtube.com. I finally figured it out, that when I turned off Spy Sweeper, they worked. I researched further and found out that I could leave Spy Sweeper running but just turn off the ad-blocking feature and my sites can be browsed now. I go to Shields Summary - Host File Shields - and UNCHECK the COMMON AD SITES. I am not sure if perhaps there is too much blocking of ads going on with Spy Sweeper blocking common ad sites, Internet Explorer's Tools - Pop-up Blocker, or Google Toolabar's pop-up ad blocker. But at least I can tweak Spy Sweeper and it all works fine now.

4. RECOMMENDED Symantec Norton AntiVirus

Symantec Norton's AntiVirus 7 engine is an excellent program to scan for the most difficult malware threats. I would recommend you purchase just the antivirus\antispyware program, not the internet security suite, and use it for antivirus scanning.

One prominent gold-standard testing group provides their test results of the top antivirus protection programs, summarized below:   Source 

[ZoneAlarm was not submitted to them for testing.]

Other Good Malware Protection Programs: Spybot Search and Destroy is a good free scan tool. AdAware is another very effective Spyware detection tool. Norton AntiVirus also incorporates antispyware scanning. Microsoft Defender is a free spyware scanner and shield from Microsoft.  Webroot Spy Sweeper is rated best by just about everyone. See raves.

Details about Windows Defender - free - supports XP, 2003 and Vista operating systems:

Source and download

Windows Defender can now be run by all the users who use a particular computer, whether they have administrator-level privileges or not. This helps ensure that all the people who use a computer are able to benefit from the protection features offered by Windows Defender.

Windows Defender can detect and remove more threats posed by spyware and other potentially unwanted software. Real-Time Protection, which helps prevent unwanted software from being installed, is enhanced to better monitor key points in the operating system for changes. These features help you stay productive because they help to prevent pop-ups and the performance degradation that is caused by spyware and other potentially unwanted software.

Windows Defender displays detailed information about every spyware program detected, which includes a description of the threat, where it is located on your computer, a risk rating, and a recommended action to take. This information allows you to make informed decisions about removal. You can either remove spyware permanently or temporarily disable it using the Quarantine option.

Real-Time Protection monitors critical checkpoints in Windows. These checkpoints are triggered when programs make changes to your Windows configuration. These changes can occur when you install software on your computer, or they can occur when spyware or other potentially unwanted software attempts to install on your computer.

If the Real-Time Protection system detects a change in any checkpoint, Windows Defender alerts you and provides the option for you to allow or block the change. In some cases—for example, when you install software—you can choose to allow the change in order to continue the installation process.

Defender does not defend against tracking cookies.

Windows XP Service Pack 2 or later, Windows Server 2003 Service Pack 1 or later and VISTA.

Windows Defender in Windows Vista offers additional performance and security enhancements including the ability to scan only files that have changed, to run under a security-enhanced account, and to scan files when you run them. Windows Defender will also allow you to scan files as you download them if you use Internet Explorer 7.

Spyware Infestation - My Tests with a Badly Infected PC 5/05:

I obtained a badly infected computer recently that was consumed with spyware. I used 8 antispyware/adware programs and they discovered and successfully removed 45 threats located in 614 locations (registry, infected program files, dll system files, temporary files). Spyware, Adware, a few Trojans, a Porn Dialer and a Worm were discovered. They were causing an immediate CPU utilitization rate of 100% upon Windows Start Up that would not subside. Below are the results of my tests. (I provide the program’s company name in the top chart and the program’s version I used in the bottom chart):

(Note: Since my tests, SpySubtract by Intermute is now Trend Micro Anti-Spyware)

Warning: BEWARE of fraudulent anti-Spyware programs being advertised and pushed to users, or found in Google search hits or sometimes via popup ads. Install only trusted, well-known and tested programs.

How to remove Malware Threats? Your Antivirus and AntiSpyware programs can detect most threats and disable them. Here are some additional threat detection and removal tools:

• Symantec's FREE Security Risk Removal Tools
• MS Windows Malicious Software Removal Tool – free tool installed with Windows Updates scans for major Trojans and other malware; mainly for those not updating their regular antivirus type programs and want to see if they are infected already
• McAfee Avert Labs Rootkit Detective – free scan too updated regularly
• Trojan Hunter - probably the best trojan removal tool: http://www.misec.net/trojanhunter/
  Has a liveupdate feature; costs $49 per year subscription
• Manually remove specific threats, see a list of threats and steps here: http://www.pchell.com

For advanced help in detecting and removing stubborn and serious security threats, see Malware Removal.

Spyware warrior comparisons and tests

PC World tests

ZONELABS ZoneAlarm web site

Webroot SpySweeper

CA's extensive Spyware database

Microsoft Malware Protection Center: