Some people collect Windows utilities like windshields collect bugs. But for most of us, the word “utility” is key. If we find ourselves not using the tool a few times a week, we give it the heave-ho.

Utilities change all the time — and not always for the better. Newcomers usurp entrenched old favorites. Some find themselves in the news for the wrong reasons. So you have to refresh your set of tools time and again.

Here are 15 utilities that belong in every Windows user’s bag of tricks. They’re all free for personal use, and many are free for corporate use as well.

   1. Free Windows tool No. 1: SpiderOak:  At least a dozen different products will sync files across multiple computers, tablets, and phones. SpiderOak     stands out for its “zero knowledge” approach to security. In short, there’s no way the folks at SpiderOak can look at your data; you, alone, hold the encryption key. SpiderOak offers several unique features, including automatic file versioning, with recoverable history. It allows you to set up restricted Share Rooms where only invited people can participate. Dropbox is a popular and powerful alternative, but not without its security concerns. Box and SugarSync are also worth a look, but if security’s your No. 1 concern, SpiderOak is the product to consider.

2.  Free Windows tool No. 2: SyncToy: Microsoft’s free SyncToy originated with the Windows XP PowerToy package and has been improved regularly. The latest version takes advantage of Sync Framework. To use SyncToy, pick two folders. Let’s call one Left (for reasons manifest in the screenshot) and the other Right. Here’s what you can do:

Synchronize: New files, and files changed since last sync, are copied between Left and Right folders. If a file has been renamed or deleted in one, it’s renamed or deleted in the other.

Echo: New and changed files are copied left to right, with renamed/deleted files on the left renamed/deleted on the right.

Contribute: Same as Echo, but deletions on the left are not deleted on the right.

3.  Free Windows tool No. 3: System Information for Windows: Over the years I’ve used many programs to retrieve software license keys, identify hardware, measure temperatures and fan speeds, run down memory chip details, and monitor CPU and network loads. Now, finally, I’ve found one program that does it all: System Information for Windows. This tool reports three separate types of data: (1) software, including file associations, ActiveX controls, and file name associations; (2) hardware, such as BIOS version, video and sound adapters, CPU details; (3) network, including neighborhood devices, shares, and open ports. There are hundreds of individual entries, all neatly arranged with a tree on the left of the screen.

4. Free Windows tool No. 4: Recuva: File undelete has been a mainstay PC utility since DOS. But there’s never been an undeleter better than Recuva (pronounced “recover”): fast, thorough, and free. When you throw out the Windows Recycle Bin trash, the files aren’t destroyed; rather, the space they occupy is earmarked for new data. Undelete routines scan the flotsam and jetsam and put the pieces back together. As long as you haven’t added new data to a drive, undelete (almost) always works; if you’ve added some data, there’s still a good chance you can get most of the deleted stuff back. Recuva can also be used to undelete data on a USB drive, an SD card (see screenshot), and even an MP3 player.

5. Free Windows tool No. 5: 7Zip:File archiver 7-Zip is a must-have even though Windows supports the zip format natively. Why? When Apple people send you RAR files, 7-Zip is the fast, easy, free way to handle them. 7-Zip also creates self-extracting EXE files, which can come in handy. And it supports AES-256 bit encryption. The interface rates as clunky by modern standards (see screenshot), but it gets the job done with zip, RAR, CAB, ARJ, TAR, 7z, and many lesser-known formats. It even lets you extract files from ISO CD images. A poster boy for open source, 7-Zip goes in easily, never nags, and wouldn’t dream of dropping an unwanted toolbar on your system — enlightened.

6. Free Windows tool No. 6: Image Resizer for Windows: Once upon a time, the Windows XP PowerToys project included a fabulous, simple, fast image resizer. Right-click on a photo fresh out of your camera, choose Resize Pictures, and the photo’s reduced in size to a fraction of the original. But XP came and went, and Microsoft didn’t keep the PowerToys updated. Enter Brice Lambson, a Microsoft employee with a heart of gold — and a mission to bring the free Image Resizer PowerToy to the latest versions of Windows. The updated PowerToy installs in seconds and works without a hitch. Microsoft still doesn’t support Image Resizer. But you can submit tech support questions on the download site, and they’re likely to be answered by Brice himself.

7. Free Windows tool No. 7: Auslogic Duplicate File Finder:If you’re a card-carrying member of the Ready, Shoot, Aim school of hard disk maintenance, pass this one by. But if you’re willing to carefully consider the information presented, Auslogic’s free Duplicate File Finder can help you reclaim enormous amounts of disk space. The trick with any duplicate file cleaner lies in judicious use of the gray matter between your ears. That said, Auslogic’s easy-to-use interface makes it relatively simple to find and select the files you want to delete, then stick the selected files in the Recycle Bin, where you can bring them back if need be.

8. Free Windows tool No. 8: Revo Uninstaller Freeware: Revo Uninstaller truly uninstalls programs and does so in an unexpected way. When you use Revo, it runs the program’s uninstaller and watches while the uninstaller works, looking for the location of program files and for Registry keys that the uninstaller zaps. It then goes in and removes leftover pieces, based on the locations and keys that the program’s uninstaller took out. Revo also consults its own internal database for commonly left-behind bits, then roots those out. Revo gives you a great deal of flexibility in deciding just how much you want to clean. The not-free Pro version monitors your system when you install a program, making removal easier and more complete.

9. Free Windows tool No. 9: Paint.Net :It’s hard to pick among the high-quality, free image editors. IrfanView has tremendous viewing, organizing, and resizing capabilities. GIMP ships with powerful tools and an enormous array of add-ins. FastStone lets you edit full-screen and allows screen captures. That doesn’t even brush the surface of the Picasa vs. Windows Live Photo Gallery maelstrom — a religious debate worthy of volumes. For powerful, simple-to-use photo editing, with layers, plug-ins, and all sorts of special effects, along with a compact, easily understood interface, I’ll stick with Paint.Net. Although it requires the .Net Framework, the program puts all the editing tools a nonprofessional might expect into an intuitive package.

10. Free Windows tool No. 10: Autoruns: Programs that run automatically when Windows starts bedevil everyone. This industrial-strength autostart listing tool knows all and lets you do something about it. If you’ve never used Autoruns, you’re in for a shock. Autostarting programs lurk in the most obscure corners of Windows. The Everything tab (shown in the screenshot) lists every program that starts automatically, in the order in which it is run. Click on the program to see details. Right-click and choose Search Online to look up the program on the Web, using your default browser and search engine. You can filter out the Microsoft programs, and have Autoruns show just the third-party interlopers deposited on your machine.

11. Free Windows tool No. 11: LastPass: Store all your passwords on a website. Sounds crazy, right? I’d been using AI Roboform to manage passwords for years, until I bumped into this cloud password manager. Like Roboform, LastPass keeps track of your user IDs, passwords, and other settings, then offers them to you with a click. But there’s a big difference. Roboform stores your passwords on your PC. LastPass encrypts them, then stores them in the cloud. LastPass does its AES-256 encrypting and decrypting on your PC, using a master password that you have to provide — and remember. The data stored in the cloud is encrypted, and without the key, the stored passwords can’t be broken, unless you can crack AES-256 encryption.

12. Free Windows tool No. 12: VLC Media Player:Another poster child for open source, VLC Media Player plays just about anything — including YouTube Flash FLV files — with no additional software, downloads, or headaches. Unlike other media players (notably the versatile but complex KMPlayer), VLC sports simple, Spartan controls; built-in codecs for almost every file type imaginable; and a large, vocal online support community. VLC plays Internet streaming media with a click, records played media, converts between file types, and even supports individual-frame screenshots. VLC is well-known for tolerating incomplete or damaged media files. It will even start to play downloaded media before the download’s finished.

13. Free Windows tool No. 13: Jaangle:While VLC excels at playing videos, Jaangle covers the music bases, with the best combination of tagging and library support I’ve seen. Jaangle reaches out to the Net and retrieves a huge array of ancillary information about the music. If you’re tired of seeing the same old album covers, it’s like a breath of fresh air. The tag editor’s just a right-click away. More than that, you can right-click on a song and download the Google Lyrics, right inside Jaangle. Finally, we’re seeing online music libraries used for something other than ordering more songs. With customizable options to slice and dice, reorder and reorganize, Jaangle takes a fresh approach to organizing and managing a music collection.

14. Free Windows tool No. 14: Process Explorer: The granddaddy of program monitors, Microsoft’s Process Explorer is up to Version 15. If you’ve never used this tool, you have no idea what’s going on under Windows’ covers. If you have, this version boasts new tricks and a much-needed makeover for the CPU and memory monitor. PE shows all running processes and subprocesses; with a click or mouseover, it divulges details about what’s really going on. Want to know which program has a file locked? Curious about the origin of those svchost.exe programs running on your machine? PE also tells you everything about CPU cycles, memory usage, and I/O. Best of all, PE doesn’t have an installer. It just runs — and runs well.

15. Free Windows tool No. 15: PicPick: If you’ve tried to capture fleeting images with the Windows 7 Snipping Tool, you’re in for a treat. PicPick lets you take screenshots with the key combination of your choice and doesn’t make ephemeral items on the screen run for cover. You can, depending on the key combo, capture a full screen, an active window, or a rectangular or freehand region on the screen. If you need to shoot against a single-color background, the PicPick Whiteboard lets you “erase” parts of the screen. The PicPick editor includes tools for resizing and editing, automatic file naming, and on-screen magnification. It includes a pixel ruler, a color picker, and a half-dozen other screenshooting aids.

Millions of pieces of malware and thousands of malicious hacker gangs roam today’s online world preying on easy dupes. Reusing the same tactics that have worked for years, if not decades, they do nothing new or interesting in exploiting our laziness, lapses in judgment, or plain idiocy.

But each year antimalware researchers come across a few techniques that raise eyebrows. Used by malware or hackers, these inspired techniques stretch the boundaries of malicious hacking. Think of them as innovations in deviance. Like anything innovative, many are a measure of simplicity.

Take the 1990s Microsoft Excel macro virus that silently, randomly replaced zeros with capital O’s in spreadsheets, immediately transforming numbers into text labels with a value of zero — changes that went, for the most part, undetected until well after backup systems contained nothing but bad data.

Today’s most ingenious malware and hackers are just as stealthy and conniving. Here are some of the latest techniques of note that have piqued my interest as a security researcher and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue today as ways to rip off even the savviest users.

Stealth attack No. 1: Fake wireless access points

No hack is easier to accomplish than a fake WAP (wireless access point). Anyone using a bit of software and a wireless network card can advertise their computer as an available WAP that is then connected to the real, legitimate WAP in a public location.

Think of all the times you — or your users — have gone to the local coffee shop, airport, or public gathering place and connected to the “free wireless” network. Hackers at Starbucks who call their fake WAP “Starbucks Wireless Network” or at the Atlanta airport call it “Atlanta Airport Free Wireless” have all sorts of people connecting to their computer in minutes. The hackers can then sniff unprotected data from the data streams sent between the unwitting victims and their intended remote hosts. You’d be surprised how much data, even passwords, are still sent in clear text.

The more nefarious hackers will ask their victims to create a new access account to use their WAP. These users will more than likely use a common log-on name or one of their email addresses, along with a password they use elsewhere. The WAP hacker can then try using the same log-on credentials on popular websites — Facebook, Twitter, Amazon, iTunes, and so on — and the victims will never know how it happened.

Lesson: You can’t trust public wireless access points. Always protect confidential information sent over a wireless network. Consider using a VPN connection, which protects all your communications, and don’t recycle passwords between public and private sites.

Stealth attack No. 2: Cookie theft
Browser cookies are a wonderful invention that preserves “state” when a user navigates a website. These little text files, sent to our machines by a website, help the website or service track us across our visit, or over multiple visits, enabling us to more easily purchase jeans, for example. What’s not to like?

Answer: When a hacker steals our cookies, and by virtue of doing so, becomes us — an increasingly frequent occurrence these days. Rather, they become authenticated to our websites as if they were us and had supplied a valid log-on name and password.

Sure, cookie theft has been around since the invention of the Web, but these days tools make the process as easy as click, click, click. Firesheep, for example, is a Firefox browser add-on that allows people to steal unprotected cookies from others. When used with a fake WAP or on a shared public network, cookie hijacking can be quite successful. Firesheep will show all the names and locations of the cookies it is finding, and with a simple click of the mouse, the hacker can take over the session (see the Codebutler blog for an example of how easy it is to use Firesheep).

Worse, hackers can now steal even SSL/TLS-protected cookies and sniff them out of thin air. In September 2011, an attack labeled “BEAST” by its creators proved that even SSL/TLS-protected cookies can be obtained. Further improvements and refinements this year, including the well-named CRIME, have made stealing and reusing encrypted cookies even easier.

With each released cookie attack, websites and application developers are told how to protect their users. Sometimes the answer is to use the latest crypto cipher; other times it is to disable some obscure feature that most people don’t use. The key is that all Web developers must use secure development techniques to reduce cookie theft. If your website hasn’t updated its encryption protection in a few years, you’re probably at risk.

Lessons: Even encrypted cookies can be stolen. Connect to websites that utilize secure development techniques and the latest crypto. Your HTTPS websites should be using the latest crypto, including TLS Version 1.2.

Stealth attack No. 3: File name tricks
Hackers have been using file name tricks to get us to execute malicious code since the beginning of malware. Early examples included naming the file something that would encourage unsuspecting victims to click on it (like AnnaKournikovaNudePics) and using multiple file extensions (such as AnnaKournikovaNudePics.Zip.exe). Until this day, Microsoft Windows and other operating systems readily hide “well known” file extensions, which will make AnnaKournikovaNudePics.Gif.Exe look like AnnaKournikovaNudePics.Gif.

Years ago, malware virus programs known as “twins,” “spawners,” or “companion viruses” relied on a little-known feature of Microsoft Windows/DOS, where even if you typed in the file name Start.exe, Windows would look for and, if found, execute Start.com instead. Companion viruses would look for all the .exe files on your hard drive, and create a virus with the same name as the EXE, but with the file extension .com. This has long since been fixed by Microsoft, but its discovery and exploitation by early hackers laid the groundwork for inventive ways to hide viruses that continue to evolve today.

Among the more sophisticated file-renaming tricks currently employed is the use of Unicode characters that affect the output of the file name users are presented. For example, the Unicode character (U+202E), called the Right to Left Override, can fool many systems into displaying a file actually named AnnaKournikovaNudeavi.exe as AnnaKournikovaNudexe.avi.

Lesson: Whenever possible, make sure you know the real, complete name of any file before executing it.

Stealth attack No. 4: Location, location, location
Another interesting stealth trick that uses an operating system against itself is a file location trick known as “relative versus absolute.” In legacy versions of Windows (Windows XP, 2003, and earlier) and other early operating systems, if you typed in a file name and hit Enter, or if the operating system went looking for a file on your behalf, it would always start with your current folder or directory location first, before looking elsewhere. This behavior might seem efficient and harmless enough, but hackers and malware used it to their advantage.

For example, suppose you wanted to run the built-in, harmless Windows calculator (calc.exe). It’s easy enough (and often faster than using several mouse clicks) to open up a command prompt, type in calc.exe and hit Enter. But malware could create a malicious file called calc.exe and hide it in the current directory or your home folder; when you tried to execute calc.exe, it would run the bogus copy instead.

I loved this fault as a penetration tester. Often times, after I had broken into a computer and needed to elevate my privileges to Administrator, I would take an unpatched version of a known, previously vulnerable piece of software and place it in a temporary folder. Most of the time all I had to do was place a single vulnerable executable or DLL, while leaving the entire, previously installed patched program alone. I would type in the program executable’s filename in my temporary folder, and Windows would load my vulnerable, Trojan executable from my temporary folder instead of the more recently patched version. I loved it — I could exploit a fully patched system with a single bad file.

Linux, Unix, and BSD systems have had this problem fixed for more than a decade. Microsoft fixed the problem in 2006 with the releases of Windows Vista/2008, although the problem remains in legacy versions because of backward-compatibility issues. Microsoft has also been warning and teaching developers to use absolute (rather than relative) file/path names within their own programs for many years. Still, tens of thousands of legacy programs are vulnerable to location tricks. Hackers know this better than anyone.

Lesson: Use operating systems that enforce absolute directory and folder paths, and look for files in default system areas first.

Stealth attack No. 5: Hosts file redirect
Unbeknownst to most of today’s computer users is the existence of a DNS-related file named Hosts. Located under C:\Windows\System32\Drivers\Etc in Windows, the Hosts file can contain entries that link typed-in domain names to their corresponding IP addresses. The Hosts file was originally used by DNS as a way for hosts to locally resolve name-to-IP address lookups without having to contact DNS servers and perform recursive name resolution. For the most part, DNS functions just fine, and most people never interact with their Hosts file, though it’s there.

Hackers and malware love to write their own malicious entries to Hosts, so that when someone types in a popular domain name — say, bing.com — they are redirected to somewhere else more malicious. The malicious redirection often contains a near-perfect copy of the original desired website, so that the affected user is unaware of the switch.

This exploit is still in wide use today.

Lesson: If you can’t figure out why you’re being maliciously redirected, check out your Hosts file.

Stealth attack No. 6: Waterhole attacks
Waterhole attacks received their name from their ingenious methodology. In these attacks, hackers take advantage of the fact that their targeted victims often meet or work at a particular physical or virtual location. Then they “poison” that location to achieve malicious objectives.

For instance, most large companies have a local coffee shop, bar, or restaurant that is popular with company employees. Attackers will create fake WAPs in an attempt to get as many company credentials as possible. Or the attackers will maliciously modify a frequently visited website to do the same. Victims are often more relaxed and unsuspecting because the targeted location is a public or social portal.

Waterhole attacks became big news this year when several high-profile tech companies, including Apple, Facebook, and Microsoft, among others, were compromised because of popular application development websites their developers visited. The websites had been poisoned with malicious JavaScript redirects that installed malware (sometimes zero days) on the developers’ computers. The compromised developer workstations were then used to access the internal networks of the victim companies.

Lesson: Make sure your employees realize that popular “watering holes” are common hacker targets.

Stealth attack No. 7: Bait and switch
One of the most interesting ongoing hacker techniques is called bait and switch. Victims are told they are downloading or running one thing, and temporarily they are, but it is then switched out with a malicious item. Examples abound.

It is common for malware spreaders to buy advertising space on popular websites. The websites, when confirming the order, are shown a non-malicious link or content. The website approves the advertisement and takes the money. The bad guy then switches the link or content with something more malicious. Often they will code the new malicious website to redirect viewers back to the original link or content if viewed by someone from an IP address belonging to the original approver. This complicates quick detection and take-down.

The most interesting bait-and-switch attacks I’ve seen as of late involve bad guys who create “free” content that can be downloaded and used by anyone. (Think administrative console or a visitor counter for the bottom of a Web page.) Often these free applets and elements contain a licensing clause that says to the effect, “May be freely reused as long as original link remains.” Unsuspecting users employ the content in good faith, leaving the original link untouched. Usually the original link will contain nothing but a graphics file emblem or something else trivial and small. Later, after the bogus element has been included in thousands of websites, the original malicious developer changes the harmless content for something more malicious (like a harmful JavaScript redirect).

Lesson: Beware of any link to any content not under your direct control because it can be switched out on a moment’s notice without your consent.

Stealth fallout: Total loss of control
Hackers have been using stealth methods to hide their maliciousness since the beginning days of malware. Heck, the first IBM-compatible PC virus, Pakistani Brain, from 1986, redirected inquiring eyes to a copy of the unmodified boot sector when viewed by disk editors.

When a hacker modifies your system in a stealthy way, it isn’t your system anymore — it belongs to the hackers. The only defenses against stealth attacks are the same defenses recommended for everything (good patching, don’t run untrusted executables, and so on), but it helps to know that if you suspect you’ve been compromised, your initial forensic investigations may be circumvented and fought against by the more innovative malware out there. What you think is a clean system and what really is a clean system may all be controlled by the wily hacker.