Description: Threatfire provides real-time protection against spyware and other malicious threats. It employs sophisticated behavior-based technology that can determine a threat based what it does within your system, and is therefore well suited for unknown or brand new "zero-day" threats. It is also low on resource consumption.

If there’s something that I am constantly on the look-out for it would be a freeware anti-spyware program that (a) is low (or medium-low) on computer resource consumption, (b) provides real-time protection, and (c) does a good job at protecting against unknown threats. From what I’ve seen and read about Threatfire, it might be just that program.

I’ve been using this program for just over a week now, running in conjunction with an anti-virus program (AVG free edition), and no other antispyware product. Aside from this period of living with and observing the program, my primary source of info comes from an excellent PCMagazine review of Threatfire and research I’ve done on this program in various other places.

The main strength of this program is its behavior-based (heuristic) detection of malware, and at that it does a better job than many signature based security programs. The difference between behavior based and signature based detection is that the former determines that a program is malicious based on observing its behavior and what it is doing within your system, making it ideal for intercepting threats that are too new or too rare to have been detected by the makers of anti-malware software. In contrast, signature-based detection is where a security program is told what to look out for through periodic updates to its database. Here are some more notes on this program:
Read more »

Rating: 5 pick

Version tested: 1.7.0.7502

Description: Returnil creates a virtual system on your machine that completely mirrors your actual setup. It is designed to take the risk out of exposing your machine to all manner of software, websites, downloads, or anything else that might have adverse effects on your machine or infect it with malware. Once restarted, your system will revert back to its original state and all changes to your primary partition will disappear. It’s free for home users.

Don’t let this whole “virtualization” business put you off; aside from having a name that sounds like a pharmaceutical, Returnil is a very simple software to use that works really well. You can think of it as a system-wide “undo” function; once you turn it on, you can do whatever you want with your system; all changes to your primary partition will be temporary and will disappear when you restart the computer.

Here’s how to use this software:

1. Install Returnil: a very simple process. The only decision that is out of the ordinary is the option to create a virtual partition (the program will not need this partition, but you might; see point #4 below). During installation you can also set a master password to restrict access to the program.
2. Turn Returnil’s protection on, when you need to; no actual changes will occur on your primary partition once this happens; from this point onward everything occurs on a “virtual” copy of your system.
3. Do what you need to do: e.g. surf those dodgy internet sites, or install that piece of software that you want to test, or open the files you need to open, etc.
4. Save your data: you will have to save any files you are working with someplace other than the primary partition (e.g. a secondary partition, a thumbdrive, or upload your files on the internet, etc.) Or let Returnil create a virtual partition for you; its purpose is precisely to provide a place for you to save your data when protection mode is turned on, and you can set any size you want for it that you have space for on your hard drive. Any files/data saved on the primary partition will eventually be lost.
5. Restart the system: this is the only way ro turn Returnil’s protection off. Once this happens, any changes that happened when system protection was on will be gone; your system will look exactly the way it looked before you started.
   Read more »

Rating: 5

Version tested: 1.1.0.42

[Note: this review was written by my friend Mohammed Raei from Amman, Jordan; see his personal blog here - The Freewaregenius]

Description: AVG Anti-Rootkit Free is a program that scans your computer for rootkits and removes them.

Trojans, keyloggers, and worms can sometimes hide from conventional Anti-virus software inside "rootkits", rendering them useless in the face of such threats. This is where AVG Anti-Rootkit Free comes in. This is a very small and fast program that you should run before you do a virus scan, because virus killers do not detect or protect from rootkits. Once you ensure that your computer is free from rootkits your antivirus software can take it from there and prevent the installation of future rootkits.

I was able to run a standard scan in under 4 min and an in depth scan in about 14 min on my 5 years old Athlon XP 2000. I was not able to find any rootkits on my system, so I cannot comment too much on its efficacy. Suffice it to say that I now feel much more confident that my computer is free of rootkits than I was before.
Read more »

Rating: 5 

Version tested:  2.0.62

Description: Arovax Shield is a free memory-resident program that offers protection against malicious software such as spyware, adware, browsers hijacks, trojans, viruses, worms, keyloggers, and other malware. It functions as a kind of a ‘firewall’ for the system/registry.

Most real-time antispyware protection software scans for traces of known code and/or applications that receive or send data over the internet. Other antispyware ‘immunizers’ prevent infection by modifying the places in the registry where the spyware would normally reside. Arovax Shield takes a little bit different approach in that it it does NOT scan your hard drive or memory for traces of code but keeps on the lookout for the different actions that malicious code typically performs in order to install itself on a computer; it will then foil these attempts, thereby preventing the successfull installation of malware. To quote the Avorax website “It blocks programs that attempt to launch automatically at Windows startup, prevents browser hijacking, protects the Registry, and stops various other stealthy installation techniques.” Read more »

Rating: 5 

Version tested:  3.5.1

Spyware Blaster is NOT a memory-resident antispyware program that continually scans for Spyware. What it is is an “immunizer” that prevents spyware from being installed. It modifies your system/registry in a way that tricks malicious websites into thinking that the spyware is already installed, thereby preventing its installation. It works with both IE and Firefox.

What this means, essentially, is that in you can use Spyware Blaster in conjunction with a memory resident scanner such as Spyware Terminator without using more of your PC’s resources. Highly recommended for added protection. Read more »

Rating:  pick

Version tested:  1.5.00.740 

This is one of the most exciting free programs I’ve come across in a while. Finally a very good antispyware program that you can install and forget, knowing that you have effective real time protection with automatic live updates.

This might not sound so revolutionary but it is, because most good freeware antispyware programs, including well known titles such as Spybot Search & Destroy, Ad-Aware, and Spyware Blaster do not feature automatic updates unless you switch to the paid version. For me this always meant that there really isn’t a good freeware antispyware, and that a better option would be the (commercial) SpySweeper or Spyware Doctor. Until now, that is. Read more »