1. Mozilla Firefox browser (plus Adobe's Macromedia FlashPlayer) for safer browsing.
2. ToniSoft EasyCleaner cleans out dangerous hidden surprises in Temporary Internet Files.
3. Trend Micro's CWShredder removes troublesome CWS malware. If it finds CWS, you should
    also deinstall Microsoft Java and replace it with Sun Java to help prevent new infections.
4. Sygate Personal Firewall is excellent and free. Alas, Symantec bought it and discontinued it.
5. SpywareBlaster closes down lots of holes, and only needs to be run occasionally.
6. Microsoft's Windows Defender (not for 98 or ME) is free, but expect an ownership check.
7. Webroot Spy Sweeper has a trial version that is great for initial cleanup, and for purchase.
8. Spybot Search & Destroy was one of the first spyware detectors. It is very good and free.
9. Lavasoft Ad-Aware is an outstanding spyware detector, and is free for home use.
10. Belarc Advisor tells you how good your updates have really been. Always update!
11. Sysinternals RootkitRevealer (experts only!) helps identify NT/2000/XP/2003 rootkits.
(Or: If you want everything at once and don't mind somewhat older versions, go here.)

Q1: Why do you suggest multiple spyware scanners? Isn't one good scanner enough?
A1: You cannot remove all spyware by using just one scanner. Each scanner finds different
       types of dangerous and not-so-dangerous spyware. More importantly, any one malware
       scanner can be targeted specifically by malware to make it ineffective. Hitting such malware
       from multiple directions with a variety of tools thus provides better overall protection.

Q2: How good is Microsoft Defender?
A2: Microsoft Defender was previously called Microsoft AntiSpyware, which in turn was based
       on an very good small-company product called GIANT AntiSpyware. Towards the end of
       the Microsoft AntiSpyware name, the product had fallen noticeably behind all the other
       detectors listed here. I have heard that Defender is an improvement. I only run Defender
       after the other tools listed here, and those provide sufficiently good coverage that so far
       I have not picked up anything major using Defender. Also, please be fully aware that like
       many Microsoft downloads these days, you will be asked to let a scanner program look
       over all of your hardware and software before the Microsoft site lets you download the
       Defender product. That usually works fine unless you have done major surgery on your
       computer, such as replacing the motherboard. If you fall into that category, please be aware
       if you should fail the prerequisite download scan, your will system will be permanently
       banned from receiving critically important security patches from Microsoft. Reinstalling
       Windows from disks can fix this, but unfortunately, most off-the-shelf Windows systems
       no longer include full installation disks. So: Some caution, please, if you are one of those
       who likes to do major hardware upgrades on Windows systems.

Q3: How important is the firewall?
A3: After a good initial cleaning, your next most important security task is to set up a solid
       firewall. Not putting up a good firewall after a thorough cleaning is like tossing out known
       criminals from your premises, then not bothering to put up any doors or walls to keep them
       from returning the first time your turn your back. My favorite firewall was Sygate Pro. Alas,
       in November 2005 Symantec bought Sygate Pro and -- sigh -- immediately discontinued it.
       (My thanks to S.K. for noticing that event.) What is particularly distressing I am not aware
       of any comparison that ranks the Symantec firewall product as highly as Sygate Pro. My
       own experiences back it 2004 tended to confirm that, since at that time the number of
       successful break-ins I saw dropped dramatically when I switched from Symantec's firewall
       to the Sygate Pro. The free home version of Sygate is still readily available and quite good,
       but it is not a powerful as the Pro version was. I am now testing others such as Armor2net.

Q4: Is running a good software firewall enough?
A4: No. While a software firewall is vital, it is not sufficient by itself to protect your computer.
       You will also need hardware-level assistance to help isolate your system better from the
       Internet. That it not all that difficult for most users, since if you have computers at home
       that talk to each other and share a single Internet connection, you probably already have
       the kind of hardware isolation needed. It is called a router -- more specifically, a Network
       Address Translator, or NAT router. A router helps protect your computer by functioning
       like a one-way mirror, one that keeps unknown Internet denizens from seeing your home
       systems unless you specifically request request information from them first. (Obviously,
       if you fall for a fake-email phishing scam and make just such a request, all bets are off.
       That is a large part of why phishing is becoming both more common and more tricky.)
       Many of the new generations of cable modems, DSL modems, and wireless access
       points have routers built in, so it is possible that you already have what you need. If you
       are absolutely sure you don't already have a router between your computers and the
       Internet, you should consider buying a stand-alone router even if you only have one PC.

Q5: I have a router and firewall... and teenage kids. Should I be worried?
A5: Yes! The average teenager these days attracts malware like a magnet attracts nails.
        Worse, once malware gets into your home network, the hidden-from-the-Internet kind
        of protection that your router hardware was providing simply evaporated. After all, it
        does not do much good to hid in a bank vault if the robber is already in there with you.
        One solution for network-savvy users is to add a second "cascaded" router to isolate
        your computer from the rest of your home network in much the same way that the first
        router hides you from the Internet. Setting up cascading routers can tricky, though, so
        don't try this strategy unless you are already familiar with how to set up such networks.

Q6: I have a wireless system that worked right out of the box. Should I be worried?
A6: Yes! The default settings for the average wireless system are nothing less than appalling
        from the viewpoint of keeping malware and attackers out of your system. At the very
        least, shut off the feature that broadcasts your network name. Instead, create a network
        name that is more like a long password -- cryptic and non-intuitive -- and hand-code it
        into your wireless access point and your computers. Enable encryption so that you are
        not broadcasting everything in the clear, preferably using the highest level available on
        your systems and access point (AES is good). Finally, use MAC filters to tell your
        wireless access point to allow only your computers to use it. You can still be broken
        into if someone spoofs (fakes) your MAC address, but at least you will make it a lot
        harder for them to get even to that point.

Q7: Should I run lots of security applications (and other applications) all the time?
A7: No. In fact, in general it's a really good idea to keep your execution "footprint" -- that
        is, the number of applications in memory and running at the same time -- down to the
        the smallest size possible. Why? Because every application that you run continuously
        represents another set of potential holes by which spyware and other forms of malware
        can potentially get in. Such attacks can be very worrisome, since no amount of updating
        your Windows operating system software can protect you from a really bad whole in a
        major application. Since security applications usually run in a privileged mode, they
        can actually become significant security risks in their own right when malware users
        know how to target them.

Q8: What are rootkits, and what can I do about them?
A8: Rootkits -- or, more specifically, malware applications  written using rootkits -- are
        forms of malware that undercut the most basic features of your operating system,
        such as the ability to see a file or write a certain word to the screen. They can be
        very nasty, and can irreversibly damage your operating system. A triad (my own
        term for a type of malware configuration I first encountered back in 2004) is an
        especially dangerous combination of three forms of malware: a keylogger that
        records everything you type, a remote terminal application that allows a remote
        user to access your computer as if your computer were his own, and a rootkit
        application programmed specifically to hide itself and the other two members of
        the triad from ordinary forms of inspection, including from spyware checkers. My
        first name for these hard-to-detect triads was shivas. The methods I describe
        here are intended to give ordinary users a fighting chance at detecting and
        removing triads, mostly by attacking them repeatedly from many different angles
        until something breaks and they become visible to removal tools.