Clark Howard probably gives great financial advice, or so I would assume given that he's got a syndicated show on the topic. But great financial advice doesn't translate into malware advice. A consumer phoned into his show and detailed a phishing email he'd just received. Instead of warning the caller about the perils of logging in via links in fake banking email, Clark told the caller he'd been infected by a keylogger. He then advised him to scan his system with Spybot S&D.
Spybot S&D is a good, and free, program for what it does - mainly focused on adware and spyware. But the spyware it detects is mostly along the lines of scareware and other commercial threats. There are a little over 175000 signatures in Spybot and well over two million malware, so the math is pretty easy here.
Good call. I work for VeriSign and see plenty of both phishing and keylogging testimonies in my travels, and the difference is essential to understand (confusion over types of attacks and their proper remedies is one of the reasons that hackers continue to exploit the public at large). While Spybot is fine for what it does, phishing protection is a different matter — folks should stick to banks that use encryption technologies like extended validation ssl (if you follow a link to a log-in page and the url bar isn’t green, it’s a fake) and offer identity protection measures like two-factor authentication (which requires authentication on each log-in via a new seed code). There are a handful of banks out there offering these, and they’re definitely a great place to start as far as phishing protection goes.