There are over 530 commercial spy programs, with about 5 brand new ones appearing each month. Commercial monitoring spyware includes keyloggers, email redirectors, screen recorders and more. It should not to be confused with advertising spyware or simply, adware.
Aladdin eSafe Content Security Response Team found that 15 percent of the spyware threats they examined are designed to steal passwords and log keystrokes, while also attempting to steal logged-on user names, the hash of administrator passwords, instant messaging usage and email addresses.
A quote from the CSRT study specifically says that "Fifteen percent of spyware threats send private information gathered from the end user currently logged on to the infected system: logging the user's keystrokes, logged-on user name, hash of administrator passwords, email addresses, contacts, instant messengers login and usage, and more." This is more than enough capability for an identity theft to take place.
SpyCop founder Grey McKenzie commented "Free firewalls and spy scanners are easier for spyware writers to get their hands on, because they don't have to pay anything. They have more opportunity to find weaknesses and design their spyware to get around them -- especially the Windows XP built in firewall. Avoid the free personal firewalls -- go for something more substantial such as Agnitum Outpost Pro."
A good firewall will help stop a spy program from phoning home, however a dedicated commercial spy scanner is required to find and eradicate the threats from a system.