The next step in the process is to make a final diagnosis. Although it's an interesting exercise to read up about specific types of spyware and try to manually diagnose the problem, this can get very time consuming. Fortunately, there are plenty of great antispyware utilities available, most of them free. Antispyware tools are a growth industry and new, commercial applications are appearing all the time, just like antivirus software. This lesson covers the best of breed: Spybot Search & Destroy and HijackThis.

Spybot is an all-purpose antispyware tool, and has been voted both CNET Best Anti-Spyware utility and one of the CNET Top 10 programs on Download.com. It can fix both Web browser-based spyware and application-based spyware, as well as remove usage tracks from applications and immunize your computer against future infection. To install, just download the setup application and follow the wizard steps. Make sure you select Yes when Spybot asks whether it should perform an online update -- this ensures the data files used to detect spyware are up to date.

When Spybot loads, the front screen has three main options available:

• Check for Problems
• Recovery
• Search for Updates

Click Check for Problems to get Spybot started on scanning your computer; you may be unpleasantly surprised at what it finds! When the scanning process is complete, Spybot displays a list of all the spyware it found. Figure 2-4 shows some scan results.

Figure 2-4: Spybot scan results.

Enlarge image

If you do even a small amount of Web browsing or have a few common applications installed, your scan results will probably look quite similar to Figure 2-4. The central window contains a list of all the spyware categories found. Click one and the right (yellow) window displays any known information about the item.

You may notice a "DSO Exploit" entry in your scan results. This is a known bug in the current version of Spybot, and can be safely ignored. The Spybot team have promised to fix it in the next release!

As in Figure 2-4, Spybot highlights some items in green and some in red. The green items are usage trackers, so look at those first. Pick any green item in your list, and click the + symbol to its left to expand the item. A list of all the usage tracks relating to this item appears underneath, showing the exact Registry keys that do the tracking. You may be surprised at exactly what some applications store usage tracks of! If you're sharing your computer and want to maintain your privacy, deleting these values is a good idea. The green items aren't serious spyware risks, so leave them unchecked.

Next, locate a red item and expand it. If your computer is truly spyware-free, all of your red items will be tracking cookies. Tracking cookies are interesting examples of the issues with adware systems. You've probably never visited the Web sites that show up as storing tracking cookies on your computer. However, you've probably visited other Web sites that use advertisement syndication from these listed Web sites; therefore, your browsing history is being tracked.

Tracking through Advertisements

What's very concerning is when different Web sites use the same advertisement syndication system, enabling the advertisement syndicate owner to track your browsing to completely unrelated and different Web sites. As a simple example, imagine that you browse to a pet shop Web site, followed by a dog owner information Web site, and finally to a dog food vendor's Web site. If all those Web sites use the same advertisement syndication system, someone can very quickly figure out that you own a dog! Apply the same process to visiting a credit card company, a loan company, and a debt management organization and the consequence of tracking through advertisements becomes more concerning.

If the worst has happened and you're infected with spyware or malware, Spybot shows these items too. Make a note of any items listed that aren't tracking cookies and keep it safe. Before you move on to the next stage, you need to perform some Web browser specific checks using HijackThis, as discussed in the following section.